199 results about "Port mirroring" patented technology

A switch that facilitates remote port mirroring is described. The switch can include an encapsulation mechanism and a forwarding mechanism. The encapsulation mechanism can be configured to encapsulate a copy of a first packet in a second packet, thereby preserving header information (e.g., a VLAN identifier and / or a TRILL header) of the first packet. The forwarding mechanism can be configured to forward the first packet using header information of the first packet, and forward the second packet using header information of the second packet. The second packet can be received at a destination switch which extracts the first packet from the second packet, and sends the first packet on a port which is coupled to a network analyzer.

A system and method for nearly in-band search indexing. A network switch (or other intermediate network device) is configured to provide port mirroring so that data access requests directed to a storage system are forwarded to both the storage system and to a search appliance. The search appliance collects index information from the received data access requests to update a search index. As the search appliance is nearly in-band, i.e., not directly in-line of the data access request path, no increase of latency occurs for processing data access requests by the storage system.

A computer system implements hot mirroring for main system memory. That is, the computer system permits a user to hot plug a new memory board into the system and the system will respond by switching to a mirrored memory mode in which write cycles are performed to both memory boards (new and old). Once a new board is hot plugged into the system, the contents of the old board are copied over, in a background mode, to the new board so that both boards will have the same data. Because this background copying process may take a non-trivial amount of time and may detrimentally interfere with other system traffic, the system a user to exert control over the relative speed of the background copying so as to trade-off the time it takes to switch over to the mirroring mode versus the impact on on-going system behavior.

To analyze traffic at an application level, a stream according to TCP or SCTP is required to be reconstructed and to be analyzed. When a packet is transferred to analyzing equipment using a port mirroring function with which a router and a switch are provided, transferred traffic volume increases and exceeds the throughput of the analyzing equipment. As only a part of packets configuring a stream is transferred to the analyzing equipment in transfer to the analyzing equipment using a packet sampling function, analysis at the application level is impossible. To solve the problem, when a packet communication unit recognizes a stream start packet, samples a stream initiated by the packet on a condition and at a rate respectively determined beforehand and generates a condition for copying the packet based upon information of both ends of the stream included in the packet, packets sampled in units of stream can be transferred to the analyzing equipment.

An Ethernet switch includes a plurality of network ports, wherein visibility of data packets traffic is configured by loading port-mirroring related configuration data from a configuration memory device into the Ethernet switch upon power-on reset. As a result, no manual configuration by a user is required, and the hardware cost of the Ethernet switch is reduced. The Ethernet switch is further configured to enable pass-through of Power over Ethernet (PoE) inline power between two selected network ports. A USB connector is further included and adapted for the Ethernet switch to receive input power from a USB port of a USB host device and for the Ethernet switch to send and receive data packets to and from the USB host device.

A system monitors packet data communications passing a network hub or port mirror, for example running on a network server or an appliance or as a set of distributed processes. A processor effects a programmed network probe method as a passive listener or sniffer. Packet data is selectively processed based on message protocol, content, addressing and similar criteria. Selected packets are re-assembled without packet formatting. Data servers temporarily store the content of selected data messages in a buffer for reference, and can index and permanently store data messages in an archive . A console and communication processes enable selection criteria to be set and revised, can be used to access stored messages, and provides alarms, logs and reports. The system enables monitoring of communications for compliance with policies, security watching and the like, without disrupting regular operations on the network.

A stackable multi-port communication device for a packet-based data communication system, having a multiplicity of physical ports for the reception and dispatch of data in the form of packets, includes switch logic for selecting for a packet at least one destination selected from a multiplicity of ports which include a logical port common to a specified group of said physical ports. A cascade trunk logic, coupled to the switch logic, is used for determining, for the dispatch of a packet directed to said logical port, a selected port of said group of said physical ports; and a remote monitoring logic is used for forwarding a copy of the packet. The remote monitoring logic stores an indication of all the physical ports on the unit from which the copy may be forwarded by the remote monitoring logic and prevents the forwarding of the copy of the packet to any physical port which corresponds to the port selected by the cascade logic for the dispatch of said packet, whereby a packet which is forwarded from any of the specified group of physical ports is not duplicated by the remote monitoring logic.

A system for mirroring dropped packets by extending port mirroring. Networking devices, such as firewalls and routers drop some packets during data transmission due to various security issues, congestion and errors in the packets. The dropped packets are mirrored at a user-specified destination port by extending port mirroring. The mirrored packets can then be further analyzed by external traffic analyzers. The analysis can be helpful in finding out any mismatch between firewall rules and security policies at firewalls. Moreover, the analysis can also be helpful in finding out the extent of loss of useful data in dropped packets at forwarding devices such as routers, bridges, switches, firewalls etc.

The invention discloses a method and a system for managing a remote concentrated image, wherein the method is applied to a system comprising a centralized management center and one or a plurality of data centers, and the method comprises the following steps of: receiving a image flow rate which is from the data center and is sent through a GRE ( Generic Routing Encapsulation) tunnel by a router of the centralized management center, searching a next-hop route in a VPN (Virtual Private Network) instance corresponding to the GRE tunnel and sending the image flow rate to a corresponding VLAN (Virtual Local Area Network) interface on an exchanger of the centralized management center; and after the exchanger of the centralized management center receives the image flow rate through the VLAN interface, sending the image flow rate to monitoring equipment through the VLAN interface connected with the monitoring equipment. The invention realizes the three-layer network realization of the monitoring and the management of the remote concentrated image.

The invention discloses a method and a system to monitor a network flow rate abnormality, and solves the problem that the prior exchanger image technology is adopted to monitor the flow rate abnormality to cause the problems such as exchanger performance loss, data package lose, etc. The method comprises the steps that: first of all, the flow rate abnormality port in the exchanger is positioned through a coarse granularity monitoring way, then the image port of the exchanger is automatically adjusted, and the abnormality port flow rate is copied to the image port, finally, a fine granularity monitoring way is adopted to analyze the image port flow rate to get the flow rate abnormality reason. The invention improves the traditional exchanger image technology, only when the flow rate is abnormal, the exchanger image is triggered, the exchanger image function is not used within most of the time, so the load is not increased to influence the exchanger function; in addition, the image port is adjusted through the way which is dynamic and has an aim, thereby avoiding the circumstance that a plurality of ports are imaged to one port to cause the package to be lost.

The invention discloses a IP network video quality detecting and evaluating system and method. The system comprises at least one video source collecting module, a video quality measuring probe and a video network quality evaluating server, wherein the video quality measuring probe is connected with all video source collecting modules via communication; the video network quality evaluating server is connected with the video quality measuring probe via communication; the video source collecting module is used for obtaining a real-time video source through exchanger port mirror image mode; the video quality measuring probe is formed by network quality testing agent software and used for respectively measuring data of a network transmission layer and a code stream layer so as to obtain parameters affecting the video communication quality; and the video network quality evaluating server is used for periodically giving an evaluation report of the network quality according to the parameters and carrying out assistant positioning on the fault affecting the network quality. According to the invention, the evaluation report of the network quality can be periodically obtained according to the corresponding relation between the collected data and the video quality; meanwhile, the assistant positioning can be carried out on the fault affecting the network quality.

A cluster computing system, comprises: a production host group; a standby host group coupled to the production host group by a network; and a remote mirror coupled between the production host group and the standby host group, the remote mirror including a production site heartbeat storage volume (heartbeat PVOL) and a standby site heartbeat storage volume (heartbeat SVOL) coupled by a remote link to the heartbeat PVOL, with the production host group configured to selectively send a heartbeat signal to the standby host group by use of at least one of the network and the remote link. A method of checking for failure in a cluster computing system, comprises: generating a heartbeat signal from a production host group; selectively sending the heartbeat signal to the standby host group from the production host group by use of at least one of a network and a remote link; and enabling the standby host group to manage operations of the cluster computing system if an invalid heartbeat signal is received by the standby host group from the production host group.

The invention discloses a time-triggered Ethernet exchange controller and a control method thereof. The exchange controller comprises a bus interface module which is used for realizing data exchange between an external bus and an on-chip bus; a port mirroring module which is used for carrying out data debugging; an exchange port module which is used for carrying out key data analysis on received data frames; and a clock solidifying module which is used for restoring a synchronous data frame clock solidifying points. The exchange controller also comprises a TT frame transmission moment calculation module, a TT exchange control module, a BE exchange control module and a clock synchronization module connected with the clock solidifying module. According to the exchange controller and the method, legality judgment and traffic management are carried out on data through the exchange port module; the TT frame transmission moment calculation module finishes hardware real-time calculation of a TT frame transmission moment, and the data transmission moment configuration is simplified. Through combination of a virtual link and time slot division and through adoption of multi-priority scheduling and time slot locking technologies, the clock synchronization module realizes time compression processing in a pipeline mode, and fault isolation and recovery are supported.

Systems and methods for sinking port mirrored from one or more identified flows of data to any node in a network are provided. Moreover, the network is configured to convey the mirrored data to the sink, without the need for any facilities expressly dedicated for this purpose. The present invention removes the requirement to co-locate the sink port within the same logical node. The present invention uses a mirrored flow configured as a provisioned layer two point-to-point connection, such as a Switched Permanent Virtual Circuit (SPVC), Pseudo-Wire (PWE3), a Virtual Local Area Network (VLAN) cross-connect, Provider Backbone Bridging—Traffic Engineering (PBB-TE), and the like. The node with the mirrored port is configured to create copies of the appropriate set of packets (i.e., ingress, egress packets, or both based on provisioning and based on the identified flow), and to forward the packets to the sink port through the provisioned point-to-point connection.

A wavelength selective switch architecture for ROADMs for switching the spectral channels of a multi-channel, multi-wavelength optical signal between input and output ports employs a biaxial MEMS port mirror array for optimal coupling efficiency and ITU grid alignment, an anamorphic beam expander for expanding input optical signals to create an elongated beam profile, a diffraction grating for spatially separating the spectral channels, an anamorphic focusing lens system, an array of biaxial elongated channel MEMS micromirrors, a built-in Optical Channel Monitor, and an electronic feedback control system. The bi-axial channel micromirrors are rotatable about one axis to switch spectral channels between ports, and are rotatable about an orthogonal axis to vary the coupling of the spectral channel to an output port and control attenuation of the spectral signal for complete blocking or for a predetermined power level. The architecture affords hitless switching, near notchless operation, ITU channel alignment, high passband, stability over a broad temperature range, and minimum insertion loss through the optimal optical coupling efficiency enabled by the feedback control system.

The invention relates to an identification and supervision system platform for mobile Internet information contents, in particular to an identification and supervision platform for pornographic images and videos and inappropriate contents on wireless application protocol (WAP)-based mobile media. The platform comprises at least one image acquisition detection master server and at least one image acquisition detection slave server. A WAP service data mirror port mirrors WAP service data from a code division multiple access (CDMA) or global system for mobile communication (GSM) network, and transmits the WAP service data to the image acquisition detection master server and the image acquisition detection slave server. The image acquisition detection master server and the image acquisition detection slave server are connected with a background database and a monitoring terminal through an internal data network. A system software architecture comprises an acquisition control layer, a data auditing layer, a data management layer and a data presentation layer. By the identification and supervision platform for the pornographic images on the WAP-based mobile media, a problem about the identification and supervision of the massive pornographic images and videos and inappropriate contents on mobile Internet is solved by a bypass monitoring method at a WAP gateway for the first time.

A computer system implements hot mirroring for main system memory. That is, the computer system permits a user to hot plug a new memory board into the system and the system will respond by switching to a mirrored memory mode in which write cycles are performed to both memory boards (new and old). Once a new board is hot plugged into the system, the contents of the old board are copied over, in a background mode, to the new board so that both boards will have the same data. Because this background copying process may take a non-trivial amount of time and may detrimentally interfere with other system traffic, the system a user to exert control over the relative speed of the background copying so as to trade-off the time it takes to switch over to the mirroring mode versus the impact on on-going system behavior.

The invention discloses a network flow predicating system and flow predicating method based on a neural network, and belongs to the technical field of a computer. The network flow predicating system comprises a data collecting module, a data preprocessing module and a network flow predicating module, wherein a data collection sub module realizes real-time collection of various flow information in the network in a network mode based on port mirroring; the data preprocessing module respectively stores collected data and performs normalization processing on the collected data, so that the sample data value is between 0 and 1; pure data is provided for the predicating module. The flow predicating module determines the topological structure and the network parameter of a neural network for flow predication according to collected IP network flow data; a neural network method is used for predication; the predication result is obtained. The system and the method have the advantages that the monitoring detection and analysis can be performed on various backbone networks; network abnormal events in the network can be monitored and detected in real time; the advanced early warning on the network abnormal conditions is realized.

The invention discloses a remote port mirroring realization system and a method, which are applied to the field of data communication. The remote port mirroring realization system comprises a source switch mirroring unit, an intermediate switch data transmission unit and a destination switch port mirroring unit, wherein the source switch mirroring unit processes monitoring message through a reflection port and a reflection port strategy and forwards the processed monitoring message to an intermediate switch; the intermediate switch data transmission unit is responsible for transmitting the monitoring message which is transmitted to the intermediate switch from a mirroring source switch through a generic routing encapsulation (GRE) tunnel to a mirroring destination switch; and the destination switch port mirroring unit is used for completing local port mirroring from a GRE tunnel incoming port to a mirroring destination port. Compared with the prior art, the remote port imaging can be realized without requiring a mirroring function from a switch chip support port to a GRE tunnel interface and convenience is brought to the analysis of messages which cross the remote switch of a three-layer network.

The invention provides a method for implementing the mirroring of heterotypic ports, which can monitor heterotypic ports with the aid of software based on the existing router hardware frame. The line of wide area network such as E1, CE1 or T1 is mirrored to the Ethernet type interface, and the package of data header is changed without changing the content of the data packet to convert the message header of the PPP, Frame-Relay or HDLC protocol of the data link layer into the Ethernet type message header, thereby allowing the PC accessing to the Ethernet interface to analyze the data packet by using the common packet-capturing software. The invention is implemented by updating the router software only without using the extra hardware and special analysis equipment, thereby saving the costs. Additionally, the flexible and versatile monitoring modes are realized upon the various parameter configurations of the port mirroring software.

The invention provides a method for distributing a multi-channel port mirroring mixed data stream. The method includes distributing the data stream according to port numbers of a transmission layer of the TCP / IP (transmission control protocol / internet protocol) and an application layer protocol; and then modifying mac (medium access control) addresses according to a result of hash computation for a source IP (internet protocol), a result of hash computation for a target IP or a result of hash computation for the source IP and the target IP. Accordingly, the purpose of distributing the multi-channel port mirroring mixed data stream is achieved, and multi-replication traffic issuing and the purpose of processing the same data stream in multiple modes are supported. The invention further provides a corresponding device for distributing the multi-channel port mirroring mixed data stream. The device supports distribution of the multi-protocol, multi-replication and multi-channel port mirroring mixed data stream, and is flexible in configuration, and the number of devices for processing each protocol can be adjusted according to the protocol and traffic of the data stream. The method and the device have the advantages of capability of effectively utilizing the computing power, high performance, traffic equilibrium and the like.

A method of mirroring packets in a network. The method assigns an Internet protocol (IP) multicast address to an overlay network for transmitting mirrored packets. The method connects a set of monitoring data compute nodes (DCNs) to the overlay network for receiving the mirrored packets. The method adds the monitoring DCNs to an IP multicast group for the overlay network. The method associates a port of a mirrored DCN to the overlay network for packet mirroring. The method duplicates each packet received or transmitted at the port as a mirrored packet. The method encapsulates each mirrored packet with the IP multicast address of the overlay network. The method transmits each encapsulated packet on the overlay network.

The invention belongs to the technical field of data acquisition and processing, and particularly relates to a data acquisition method and device, a storage medium and a switch. The method comprises the following steps: receiving a network data message sent by each gateway server; according to a pre-configured port mirror image mapping rule, performing port mirror image mapping on the network datamessage sent by each gateway server to obtain a to-be-acquired network data message; and sending the to-be-acquired network data message to a target acquisition terminal corresponding to a predetermined sending port through the predetermined sending port, so that the target acquisition terminal acquires the to-be-acquired network data message. Through the embodiment of the invention, no matter how many gateway servers are, all the network data messages which need to be acquired and are forwarded by the gateway servers can be gathered through one predetermined sending port and sent to the target acquisition terminal for acquisition processing, so that the data acquisition cost is saved.

The invention discloses an HLS flow real-time monitoring and alarming system based on switch port mirroring. The HLS flow real-time monitoring and alarming system based on the switch port mirroring comprises a switch port mirroring data collecting module, a network sniffing module, a monitoring and analyzing module and an alarming module. The HLS flow real-time monitoring and alarming system can directly copy transmitted data from an original switch to a server for monitoring and analyzing, analyzes IP data packets, monitors and analyzes and can simultaneously detect audio-video contents and network transmission parts, so that the HLS flow real-time monitoring and alarming system can be configured on multiple key nodes to achieve multilayer monitoring; after a fault alarm occurs, a user can locate the fault part at first time and quickly solves the fault. The HLS flow real-time monitoring and alarming system based on the switch port mirroring does not need special apparatuses, does not need to change the original system structure, does not affect the existing service system structure, does not need to rewire and does not need to add a network apparatus, and the 50% required bandwidth can be reduced.

Systems and methods for sinking port mirrored data to any node in a network are provided. Moreover, the network is configured to convey the mirrored data to the sink, without the need for any facilities expressly dedicated for this purpose. The present invention removes the requirement to collocate the sink port within the same logical node. The present invention uses a mirrored flow configured as a provisioned layer two point-to-point connection, such as a Switched Permanent Virtual Circuit (SPVC), Pseudo-Wire (PWE3), a Virtual Local Area Network (VLAN) cross-connect, Provider Backbone Bridging-Traffic Engineering (PBB-TE), or the like. The provisioned point-to-point connection is configured between the mirrored port to a sink port. The node with the mirrored port is configured to create copies of the appropriate set of packets (i.e. ingress or egress packets or both based on provisioning), and to forward the packets to the sink port.

An integrated processor-controlled router and switch fabric architecture provides connectivity between local area network (LAN) ports of an Ethernet switch serving a plurality of local area network users and a wide area network (WAN) port that provides connectivity with the internet. The integrated switch fabric treats the processor interface back to the router as though it were a regular LAN port; as a result, all incoming (WAN-to-LAN) traffic and all outgoing (LAN-to-WAN) traffic relative to the processor interface can be mirrored to any LAN port of the Ethernet switch.

The invention discloses virtual machine port speed limitation and mirror methods in a private cloud. An IAAS cloud computing platform for the private cloud already has the leading security and stability and plays a large role in the field of cloud data centers; the platform implements network traffic bandwidth limitation of a virtual machine based on a network technology of an openvswitch, and copies a message of a designated port to another port connected with a network monitoring device on a switch using a function provided by an SPAN via a route information message of the virtual machine for network monitoring and trouble removal to realize a traffic mirror method.

The invention discloses a network traffic anomaly detection method based on a historical time point taking method, comprising the following steps: 1, deploying port mirroring routes at network trafficcollection points to capture full-traffic data packets to form a network traffic time series data source; 2, performing behavior feature statistics of network traffic on the network traffic time series data source by using a fixed time window to form network behavior time series feature vectors; 3, taking the Witt vector of each network behavior time series feature vector as input, selecting historical data by using the historical time point taking method, and cumulatively calculating abnormal deviation values by using an quantitative method of absolute changes, relative changes and trend changes respectively; and 4, cumulating the abnormal deviation values by using an evidence cumulating method, setting a threshold according to the abnormal deviation data distribution trend, and making an anomaly decision on the state of the current time window network behavior. The method reduces the calculation cost while continuously monitoring threat events and trends of the network, and improvesthe accuracy of network abnormal behavior monitoring.

Some embodiments can determine an internal virtual network identifier and / or an internal policy identifier for a packet based on a port on which the packet was received and / or one or more fields in the packet. The system can then process and / or forward the packet based on the internal virtual network identifier and / or the internal policy identifier. Some embodiments can perform remote port mirroring. Some embodiments can map a first set of QoS bits in a packet to a second set of QoS bits for use in a Transparent Interconnection of Lots of Links (TRILL) packet which encapsulates the packet. Some embodiments can efficiently support multiple multicast trees and for performing network layer multicasting in TRILL networks. Some embodiments can flood packets on a per-virtual-network basis.