199 results about "Port mirroring" patented technology

A switch that facilitates remote port mirroring is described. The switch can include an encapsulation mechanism and a forwarding mechanism. The encapsulation mechanism can be configured to encapsulate a copy of a first packet in a second packet, thereby preserving header information (e.g., a VLAN identifier and/or a TRILL header) of the first packet. The forwarding mechanism can be configured to forward the first packet using header information of the first packet, and forward the second packet using header information of the second packet. The second packet can be received at a destination switch which extracts the first packet from the second packet, and sends the first packet on a port which is coupled to a network analyzer.

To analyze traffic at an application level, a stream according to TCP or SCTP is required to be reconstructed and to be analyzed. When a packet is transferred to analyzing equipment using a port mirroring function with which a router and a switch are provided, transferred traffic volume increases and exceeds the throughput of the analyzing equipment. As only a part of packets configuring a stream is transferred to the analyzing equipment in transfer to the analyzing equipment using a packet sampling function, analysis at the application level is impossible. To solve the problem, when a packet communication unit recognizes a stream start packet, samples a stream initiated by the packet on a condition and at a rate respectively determined beforehand and generates a condition for copying the packet based upon information of both ends of the stream included in the packet, packets sampled in units of stream can be transferred to the analyzing equipment.

An Ethernet switch includes a plurality of network ports, wherein visibility of data packets traffic is configured by loading port-mirroring related configuration data from a configuration memory device into the Ethernet switch upon power-on reset. As a result, no manual configuration by a user is required, and the hardware cost of the Ethernet switch is reduced. The Ethernet switch is further configured to enable pass-through of Power over Ethernet (PoE) inline power between two selected network ports. A USB connector is further included and adapted for the Ethernet switch to receive input power from a USB port of a USB host device and for the Ethernet switch to send and receive data packets to and from the USB host device.

A system monitors packet data communications passing a network hub or port mirror, for example running on a network server or an appliance or as a set of distributed processes. A processor effects a programmed network probe method as a passive listener or sniffer. Packet data is selectively processed based on message protocol, content, addressing and similar criteria. Selected packets are re-assembled without packet formatting. Data servers temporarily store the content of selected data messages in a buffer for reference, and can index and permanently store data messages in an archive . A console and communication processes enable selection criteria to be set and revised, can be used to access stored messages, and provides alarms, logs and reports. The system enables monitoring of communications for compliance with policies, security watching and the like, without disrupting regular operations on the network.

The invention discloses a method and a system to monitor a network flow rate abnormality, and solves the problem that the prior exchanger image technology is adopted to monitor the flow rate abnormality to cause the problems such as exchanger performance loss, data package lose, etc. The method comprises the steps that: first of all, the flow rate abnormality port in the exchanger is positioned through a coarse granularity monitoring way, then the image port of the exchanger is automatically adjusted, and the abnormality port flow rate is copied to the image port, finally, a fine granularity monitoring way is adopted to analyze the image port flow rate to get the flow rate abnormality reason. The invention improves the traditional exchanger image technology, only when the flow rate is abnormal, the exchanger image is triggered, the exchanger image function is not used within most of the time, so the load is not increased to influence the exchanger function; in addition, the image port is adjusted through the way which is dynamic and has an aim, thereby avoiding the circumstance that a plurality of ports are imaged to one port to cause the package to be lost.

The invention discloses a IP network video quality detecting and evaluating system and method. The system comprises at least one video source collecting module, a video quality measuring probe and a video network quality evaluating server, wherein the video quality measuring probe is connected with all video source collecting modules via communication; the video network quality evaluating server is connected with the video quality measuring probe via communication; the video source collecting module is used for obtaining a real-time video source through exchanger port mirror image mode; the video quality measuring probe is formed by network quality testing agent software and used for respectively measuring data of a network transmission layer and a code stream layer so as to obtain parameters affecting the video communication quality; and the video network quality evaluating server is used for periodically giving an evaluation report of the network quality according to the parameters and carrying out assistant positioning on the fault affecting the network quality. According to the invention, the evaluation report of the network quality can be periodically obtained according to the corresponding relation between the collected data and the video quality; meanwhile, the assistant positioning can be carried out on the fault affecting the network quality.

A cluster computing system, comprises: a production host group; a standby host group coupled to the production host group by a network; and a remote mirror coupled between the production host group and the standby host group, the remote mirror including a production site heartbeat storage volume (heartbeat PVOL) and a standby site heartbeat storage volume (heartbeat SVOL) coupled by a remote link to the heartbeat PVOL, with the production host group configured to selectively send a heartbeat signal to the standby host group by use of at least one of the network and the remote link. A method of checking for failure in a cluster computing system, comprises: generating a heartbeat signal from a production host group; selectively sending the heartbeat signal to the standby host group from the production host group by use of at least one of a network and a remote link; and enabling the standby host group to manage operations of the cluster computing system if an invalid heartbeat signal is received by the standby host group from the production host group.

The invention discloses a time-triggered Ethernet exchange controller and a control method thereof. The exchange controller comprises a bus interface module which is used for realizing data exchange between an external bus and an on-chip bus; a port mirroring module which is used for carrying out data debugging; an exchange port module which is used for carrying out key data analysis on received data frames; and a clock solidifying module which is used for restoring a synchronous data frame clock solidifying points. The exchange controller also comprises a TT frame transmission moment calculation module, a TT exchange control module, a BE exchange control module and a clock synchronization module connected with the clock solidifying module. According to the exchange controller and the method, legality judgment and traffic management are carried out on data through the exchange port module; the TT frame transmission moment calculation module finishes hardware real-time calculation of a TT frame transmission moment, and the data transmission moment configuration is simplified. Through combination of a virtual link and time slot division and through adoption of multi-priority scheduling and time slot locking technologies, the clock synchronization module realizes time compression processing in a pipeline mode, and fault isolation and recovery are supported.

A wavelength selective switch architecture for ROADMs for switching the spectral channels of a multi-channel, multi-wavelength optical signal between input and output ports employs a biaxial MEMS port mirror array for optimal coupling efficiency and ITU grid alignment, an anamorphic beam expander for expanding input optical signals to create an elongated beam profile, a diffraction grating for spatially separating the spectral channels, an anamorphic focusing lens system, an array of biaxial elongated channel MEMS micromirrors, a built-in Optical Channel Monitor, and an electronic feedback control system. The bi-axial channel micromirrors are rotatable about one axis to switch spectral channels between ports, and are rotatable about an orthogonal axis to vary the coupling of the spectral channel to an output port and control attenuation of the spectral signal for complete blocking or for a predetermined power level. The architecture affords hitless switching, near notchless operation, ITU channel alignment, high passband, stability over a broad temperature range, and minimum insertion loss through the optimal optical coupling efficiency enabled by the feedback control system.

The invention relates to an identification and supervision system platform for mobile Internet information contents, in particular to an identification and supervision platform for pornographic images and videos and inappropriate contents on wireless application protocol (WAP)-based mobile media. The platform comprises at least one image acquisition detection master server and at least one image acquisition detection slave server. A WAP service data mirror port mirrors WAP service data from a code division multiple access (CDMA) or global system for mobile communication (GSM) network, and transmits the WAP service data to the image acquisition detection master server and the image acquisition detection slave server. The image acquisition detection master server and the image acquisition detection slave server are connected with a background database and a monitoring terminal through an internal data network. A system software architecture comprises an acquisition control layer, a data auditing layer, a data management layer and a data presentation layer. By the identification and supervision platform for the pornographic images on the WAP-based mobile media, a problem about the identification and supervision of the massive pornographic images and videos and inappropriate contents on mobile Internet is solved by a bypass monitoring method at a WAP gateway for the first time.

A computer system implements hot mirroring for main system memory. That is, the computer system permits a user to hot plug a new memory board into the system and the system will respond by switching to a mirrored memory mode in which write cycles are performed to both memory boards (new and old). Once a new board is hot plugged into the system, the contents of the old board are copied over, in a background mode, to the new board so that both boards will have the same data. Because this background copying process may take a non-trivial amount of time and may detrimentally interfere with other system traffic, the system a user to exert control over the relative speed of the background copying so as to trade-off the time it takes to switch over to the mirroring mode versus the impact on on-going system behavior.

The invention discloses a network flow predicating system and flow predicating method based on a neural network, and belongs to the technical field of a computer. The network flow predicating system comprises a data collecting module, a data preprocessing module and a network flow predicating module, wherein a data collection sub module realizes real-time collection of various flow information in the network in a network mode based on port mirroring; the data preprocessing module respectively stores collected data and performs normalization processing on the collected data, so that the sample data value is between 0 and 1; pure data is provided for the predicating module. The flow predicating module determines the topological structure and the network parameter of a neural network for flow predication according to collected IP network flow data; a neural network method is used for predication; the predication result is obtained. The system and the method have the advantages that the monitoring detection and analysis can be performed on various backbone networks; network abnormal events in the network can be monitored and detected in real time; the advanced early warning on the network abnormal conditions is realized.

The invention discloses a remote port mirroring realization system and a method, which are applied to the field of data communication. The remote port mirroring realization system comprises a source switch mirroring unit, an intermediate switch data transmission unit and a destination switch port mirroring unit, wherein the source switch mirroring unit processes monitoring message through a reflection port and a reflection port strategy and forwards the processed monitoring message to an intermediate switch; the intermediate switch data transmission unit is responsible for transmitting the monitoring message which is transmitted to the intermediate switch from a mirroring source switch through a generic routing encapsulation (GRE) tunnel to a mirroring destination switch; and the destination switch port mirroring unit is used for completing local port mirroring from a GRE tunnel incoming port to a mirroring destination port. Compared with the prior art, the remote port imaging can be realized without requiring a mirroring function from a switch chip support port to a GRE tunnel interface and convenience is brought to the analysis of messages which cross the remote switch of a three-layer network.

The invention provides a method for distributing a multi-channel port mirroring mixed data stream. The method includes distributing the data stream according to port numbers of a transmission layer of the TCP/IP (transmission control protocol/internet protocol) and an application layer protocol; and then modifying mac (medium access control) addresses according to a result of hash computation for a source IP (internet protocol), a result of hash computation for a target IP or a result of hash computation for the source IP and the target IP. Accordingly, the purpose of distributing the multi-channel port mirroring mixed data stream is achieved, and multi-replication traffic issuing and the purpose of processing the same data stream in multiple modes are supported. The invention further provides a corresponding device for distributing the multi-channel port mirroring mixed data stream. The device supports distribution of the multi-protocol, multi-replication and multi-channel port mirroring mixed data stream, and is flexible in configuration, and the number of devices for processing each protocol can be adjusted according to the protocol and traffic of the data stream. The method and the device have the advantages of capability of effectively utilizing the computing power, high performance, traffic equilibrium and the like.

A method of mirroring packets in a network. The method assigns an Internet protocol (IP) multicast address to an overlay network for transmitting mirrored packets. The method connects a set of monitoring data compute nodes (DCNs) to the overlay network for receiving the mirrored packets. The method adds the monitoring DCNs to an IP multicast group for the overlay network. The method associates a port of a mirrored DCN to the overlay network for packet mirroring. The method duplicates each packet received or transmitted at the port as a mirrored packet. The method encapsulates each mirrored packet with the IP multicast address of the overlay network. The method transmits each encapsulated packet on the overlay network.

The invention discloses an HLS flow real-time monitoring and alarming system based on switch port mirroring. The HLS flow real-time monitoring and alarming system based on the switch port mirroring comprises a switch port mirroring data collecting module, a network sniffing module, a monitoring and analyzing module and an alarming module. The HLS flow real-time monitoring and alarming system can directly copy transmitted data from an original switch to a server for monitoring and analyzing, analyzes IP data packets, monitors and analyzes and can simultaneously detect audio-video contents and network transmission parts, so that the HLS flow real-time monitoring and alarming system can be configured on multiple key nodes to achieve multilayer monitoring; after a fault alarm occurs, a user can locate the fault part at first time and quickly solves the fault. The HLS flow real-time monitoring and alarming system based on the switch port mirroring does not need special apparatuses, does not need to change the original system structure, does not affect the existing service system structure, does not need to rewire and does not need to add a network apparatus, and the 50% required bandwidth can be reduced.

Systems and methods for sinking port mirrored data to any node in a network are provided. Moreover, the network is configured to convey the mirrored data to the sink, without the need for any facilities expressly dedicated for this purpose. The present invention removes the requirement to collocate the sink port within the same logical node. The present invention uses a mirrored flow configured as a provisioned layer two point-to-point connection, such as a Switched Permanent Virtual Circuit (SPVC), Pseudo-Wire (PWE3), a Virtual Local Area Network (VLAN) cross-connect, Provider Backbone Bridging-Traffic Engineering (PBB-TE), or the like. The provisioned point-to-point connection is configured between the mirrored port to a sink port. The node with the mirrored port is configured to create copies of the appropriate set of packets (i.e. ingress or egress packets or both based on provisioning), and to forward the packets to the sink port.

An integrated processor-controlled router and switch fabric architecture provides connectivity between local area network (LAN) ports of an Ethernet switch serving a plurality of local area network users and a wide area network (WAN) port that provides connectivity with the internet. The integrated switch fabric treats the processor interface back to the router as though it were a regular LAN port; as a result, all incoming (WAN-to-LAN) traffic and all outgoing (LAN-to-WAN) traffic relative to the processor interface can be mirrored to any LAN port of the Ethernet switch.

The invention discloses virtual machine port speed limitation and mirror methods in a private cloud. An IAAS cloud computing platform for the private cloud already has the leading security and stability and plays a large role in the field of cloud data centers; the platform implements network traffic bandwidth limitation of a virtual machine based on a network technology of an openvswitch, and copies a message of a designated port to another port connected with a network monitoring device on a switch using a function provided by an SPAN via a route information message of the virtual machine for network monitoring and trouble removal to realize a traffic mirror method.

The invention discloses a network traffic anomaly detection method based on a historical time point taking method, comprising the following steps: 1, deploying port mirroring routes at network trafficcollection points to capture full-traffic data packets to form a network traffic time series data source; 2, performing behavior feature statistics of network traffic on the network traffic time series data source by using a fixed time window to form network behavior time series feature vectors; 3, taking the Witt vector of each network behavior time series feature vector as input, selecting historical data by using the historical time point taking method, and cumulatively calculating abnormal deviation values by using an quantitative method of absolute changes, relative changes and trend changes respectively; and 4, cumulating the abnormal deviation values by using an evidence cumulating method, setting a threshold according to the abnormal deviation data distribution trend, and making an anomaly decision on the state of the current time window network behavior. The method reduces the calculation cost while continuously monitoring threat events and trends of the network, and improvesthe accuracy of network abnormal behavior monitoring.

Some embodiments can determine an internal virtual network identifier and/or an internal policy identifier for a packet based on a port on which the packet was received and/or one or more fields in the packet. The system can then process and/or forward the packet based on the internal virtual network identifier and/or the internal policy identifier. Some embodiments can perform remote port mirroring. Some embodiments can map a first set of QoS bits in a packet to a second set of QoS bits for use in a Transparent Interconnection of Lots of Links (TRILL) packet which encapsulates the packet. Some embodiments can efficiently support multiple multicast trees and for performing network layer multicasting in TRILL networks. Some embodiments can flood packets on a per-virtual-network basis.