摘要:
In an embodiment of the invention, a method and system for a per-port penalty queue system in a network device includes: selecting a state for a port in the network device; wherein the selected state comprises either a normal state or a restricted state; wherein the normal state permits a packet received at the port to be copied to a first queue; and wherein the restricted state causes the packet to be copied to a penalty queue which has lower priority than the first queue or causes the packet to not be copied to a queue. In another embodiment of the invention, a method and system permit using the port state for modifying a forwarding decision for a packet, so that the penalized packet will use a sub-optimal or less optimal routing path to the packet destination. In another embodiment of the invention, a method and system permit using the port state as a search key into an access control list (ACL) operation related to packet forwarding decisions or packet filtering decisions.
摘要:
In an embodiment of the invention, a method and apparatus for hardware throttling of network traffic, includes: receiving a packet; and preventing the packet from being copied, based on a rate field value associated with a new address in the packet information in the packet. The packet is not copied even if a copy rule is triggered.
摘要:
In one embodiment of the invention, a method for prioritizing network packets, includes: comparing a packet with at least one copy rule; and if the packet matches the copy rule, then buffering the packet in a queue. The method further includes: processing the packet after buffering the packet in the queue.
摘要:
One embodiment disclosed relates to a method for mirroring of select network traffic. A data packet is received by a network device. A determination is made as to whether a designated aspect of the packet matches a flagged entry in a look-up table on the network device. If a match is found, then copy of the packet is sent to an associated mirror destination. Another embodiment disclosed relates to a networking apparatus. The apparatus includes at least an operating system, a look-up table, and a mirroring engine. The operating system includes routines utilized to control the apparatus, and the look-up table includes selection information for mirror sources. The mirroring engine forwards copies of selected packets to a corresponding mirror destination. Another embodiment disclosed relates to a method of selecting packets to mirror that includes checking state information relating to the network traffic against dynamic mirroring criteria.
摘要:
One embodiment disclosed relates to a method for remote mirroring of network traffic. A data packet to be remotely mirrored is received by an entry device. The entry device is pre-configured with a destination Internet Protocol (IP) address to which to mirror the data packet. An IP header is generated and added to IP encapsulate the data packet. The IP header includes the aforementioned destination IP address. The IP-encapsulated packet is forwarded to an exit device associated with the destination IP address. Subsequently, the exit device may decapsulate the IP-encapsulated packet to reproduce the original data packet.
摘要:
One embodiment disclosed relates to a method for remote mirroring of network traffic. A data packet to be remotely mirrored is received by an entry device. The entry device is pre-configured with a destination address to which to mirror the data packet. The packet to be mirrored is encrypted. An encapsulating header is generated and added to encapsulate the encrypted packet. The encapsulating header includes the aforementioned destination address. The encapsulated packet is forwarded to an exit device associated with the destination address, where the packet may be decapsulated, and then decrypted, before being sent out of a port. In another embodiment, the entry and exit devices are remotely configured with encryption and decryption keys, respectively.
摘要:
In one embodiment of the invention, a method for prioritizing network packets, includes: comparing a packet with at least one copy rule; and if the packet matches the copy rule, then buffering the packet in a queue. The method further includes: processing the packet after buffering the packet in the queue.
摘要:
A system for performing an input processing function on a data packet. The system has an input port to which a first processor is coupled, which determines an attribute of the data packet, and a memory coupled to the first processor having a number of queues. The data packet is assigned to one of the queues based upon the attribute determined, which may be an indicator of a priority characterizing said data packet. Input processing is thus performed in a fixed amount of time, deferring variable latency operations until after the input memory.
摘要:
A method for testing a network device having modules for receiving and sending data packets in a network includes generating in the network device at least one internal data structure associated with a data packet received by the network device from the network. A predefined action on the network device is then preformed responsive to the internal data structure indicating that the data packet satisfies a predefined condition.
摘要:
Systems, methods, and devices are disclosed that provide packet protection for header modification. One method includes receiving a packet to a computing device. The method includes apply error checking techniques independently to different portions of the packet.