Routing network traffic packets through a shared inline tool
First Claim
1. A method comprising:
- receiving, at a first input network port of a network device, a network packet from a source network node and destined for a destination network node, the destination and source network nodes being external to the network device;
recording an association between the first input network port and a signature of the network packet;
routing the network packet, without modifying contents of the network packet, through a first tool port of the network device to an external inline tool, after recording the association;
receiving the network packet from the external inline tool through a second tool port of the network device;
in response to receiving the network packet from the external inline tool, identifying a first output network port as a port through which to send the network packet, based on the association, and based on a pairing relationship between the first input network port and the first output network port that identifies the first output network port of the network device as being paired with the first input network port; and
sending the network packet to the destination network node through the first output network port of the network device.
4 Assignments
0 Petitions
Accused Products
Abstract
Introduced herein is a technology for a network switch device to route network packets through a inline tool, without introducing additional information to the network packets. The technology records an association between an input network port and a signature (e.g., source MAC address) of the network packet, before forwarding the packet to the inline tool. When receiving the packet back from the inline tool, the network device recognizes that the packet signature is associated with the input network port, and that the input network port is paired with a particular output network port. Thus, the network device identifies the output network port for sending the packet, without modifying contents of the packet.
-
Citations
23 Claims
-
1. A method comprising:
-
receiving, at a first input network port of a network device, a network packet from a source network node and destined for a destination network node, the destination and source network nodes being external to the network device; recording an association between the first input network port and a signature of the network packet; routing the network packet, without modifying contents of the network packet, through a first tool port of the network device to an external inline tool, after recording the association; receiving the network packet from the external inline tool through a second tool port of the network device; in response to receiving the network packet from the external inline tool, identifying a first output network port as a port through which to send the network packet, based on the association, and based on a pairing relationship between the first input network port and the first output network port that identifies the first output network port of the network device as being paired with the first input network port; and sending the network packet to the destination network node through the first output network port of the network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A network device comprising:
-
a plurality of pairs of network ports through which to receive and transmit network packets between network nodes, the network nodes being external to the network device, wherein for each individual pair, the network device routes all network packets received from one network port of the individual pair to another network port of the individual pair; a plurality of tool ports through which to communicate with an inline tool external to the network device; a switching fabric coupled to each of the network ports and each of the tool ports; and a processing circuit coupled to the network ports and the tool ports, the processing circuit configured to control the network device to; receive, at a first network port of the network device, a network packet from a source network node and destined for a destination network node; generate a signature of the network packet based on the contents of the network packet; add to a data structure an entry indicative of an association between the first network port and the signature of the network packet, before the network packet is routed to the inline tool; route the network packet, without modifying contents of the network packet, through a first tool port of the network device to the inline tool; receive the network packet from the inline tool through a second tool port of the network device; in response to receiving the network packet from the inline tool, generate a signature of the network packet based on the contents of the network packet; identify the generated signature with the signature of the entry in the data structure; identify a second network port as being connected to the destination network node based on the association, and based on a fact that the first and second network ports belong to a pair; and send the network packet to the destination network node through the second network port. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory machine-readable medium storing machine-executable instructions, execution of which by a processing system causes the processing system to perform operations comprising:
-
receiving, at a first network port of a network device, a network packet from a source network node and destined for a destination network node, both the destination and source network nodes being external to the network device; adding an entry in a data structure stored in the network device, the entry recording an association between the first network port and a signature of the network packet, before routing the network packet to an external inline tool; routing the network packet to the external inline tool without modifying contents of the network packet; receiving the network packet from the external inline tool; in response to receiving the network packet from the external inline tool, identifying a second network port of the network device as a port which to send the network packet, based on the association between the first network port and the signature of the network packet and a pairing relationship between the first and second network ports; and sending the network packet to the destination network node through the identified second network port. - View Dependent Claims (20, 21, 22, 23)
-
Specification