公开(公告)号：US10116528B2

公开(公告)日：2018-10-30

申请号：US14873896

申请日：2015-10-02

申请人： IXIA

发明人： Kristopher Raney

IPC分类号： H04L12/26 ,  H04L12/46

摘要： Systems and methods are disclosed that provide direct network traffic monitoring within virtual machine (VM) platforms operating in virtual processing environments. The disclosed embodiments in part provide direct network packet monitoring through client packet monitor applications that run within client VM platforms to obtain packet traffic and to forward this traffic directly to tool packet monitor applications operating within tool VM platforms. Further, the tool VM platforms can receive multiple incoming streams of network packets from various client VM platforms, and these incoming streams can change over time due to changes in the number of client VM platforms running within the virtual processing environment. Preferably, the network packet streams are communicated using encapsulation tunnels and related encapsulation headers, such as GRE tunnels using GRE identifiers in related encapsulation headers. These tunnels can be used to selectively forward particular packet streams to particular destination tool VM platforms.

公开(公告)号：US20180176182A1

公开(公告)日：2018-06-21

申请号：US15380061

申请日：2016-12-15

申请人： IXIA

发明人： Kristopher Raney ,  Dennis J. Cox ,  Santanu Paul

IPC分类号： H04L29/06

CPC分类号： H04L63/0263 ,  H04L63/0218 ,  H04L63/0254 ,  H04L63/0281 ,  H04L63/10 ,  H04L63/1408

摘要： Methods and systems are disclosed that provide active firewall control for network traffic sessions within virtual processing platforms. Client agent instances run within virtual machine (VM) platforms (e.g., hypervisor, container, etc.) within virtual processing environments and enforce access, proxy, and/or other firewall rules with respect to network traffic sessions for application instances also running within the VM platforms. For certain embodiments, the agent instances collect information about applications and services running within the VM platforms and use this collected information to automatically enforce firewall rules. Additional disclosed embodiments redirect packets from “bad” network sources to a proxied application instance that interacts with the “bad” network source. This proxied interaction allows an agent instance monitoring the proxied session to analyze and assess the actual activity by the “bad” network source without putting the original data or network service at risk. Other features and variations are also be disclosed.

公开(公告)号：US20170099195A1

公开(公告)日：2017-04-06

申请号：US14873896

申请日：2015-10-02

申请人： IXIA

发明人： Kristopher Raney

IPC分类号： H04L12/26 ,  H04L12/46

CPC分类号： H04L43/028 ,  H04L12/4633

摘要： Systems and methods are disclosed that provide direct network traffic monitoring within virtual machine (VM) platforms operating in virtual processing environments. The disclosed embodiments in part provide direct network packet monitoring through client packet monitor applications that run within client VM platforms to obtain packet traffic and to forward this traffic directly to tool packet monitor applications operating within tool VM platforms. Further, the tool VM platforms can receive multiple incoming streams of network packets from various client VM platforms, and these incoming streams can change over time due to changes in the number of client VM platforms running within the virtual processing environment. Preferably, the network packet streams are communicated using encapsulation tunnels and related encapsulation headers, such as GRE tunnels using GRE identifiers in related encapsulation headers. These tunnels can be used to selectively forward particular packet streams to particular destination tool VM platforms.

公开(公告)号：US20180176189A1

公开(公告)日：2018-06-21

申请号：US15380143

申请日：2016-12-15

申请人： IXIA

发明人： Santanu Paul ,  Kristopher Raney ,  Dennis J. Cox

IPC分类号： H04L29/06 ,  H04L12/26 ,  H04L29/08

CPC分类号： H04L63/0428 ,  H04L41/046 ,  H04L43/026 ,  H04L43/04 ,  H04L63/0263 ,  H04L63/0471 ,  H04L63/061 ,  H04L67/14 ,  H04L67/2814

摘要： Methods and systems are disclosed that provide in-session splitting of network traffic sessions for monitoring of traffic between network clients and network servers. This in-session splitting is based upon monitoring traffic sessions for one or more events and then initiating a proxied session based upon detection of the one or more events. For further embodiments, the creation of the proxied session is implemented based upon detection of a request for a secure link within the session traffic, and the proxied session is then implemented such that original session participants are not aware of the proxied session. The encrypted secure communications between the network client and the network server are split into two connections that decrypted and re-encrypted so that the contents of the secure link can be analyzed to identify network threats and/or other desired network related activities.

公开(公告)号：US09838277B2

公开(公告)日：2017-12-05

申请号：US14750248

申请日：2015-06-25

申请人： IXIA

发明人： Kristopher Raney

IPC分类号： G06F15/167 ,  H04L12/26 ,  H04L29/08 ,  H04L29/06

CPC分类号： H04L43/028 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L41/5054 ,  H04L41/5087 ,  H04L43/0876 ,  H04L43/12 ,  H04L67/1097 ,  H04L67/32 ,  H04L67/38

摘要： Systems and methods are disclosed to provide packet copy management for service chain processing within virtual processing systems. A packet manager virtual machine (VM) controls access to shared memory that stores packet data for packets being processed by service chain VMs operating within a virtual processing environment. For certain embodiments, the packet manager VM is configured to appear as a destination NIC (network interface controller), and virtual NICs (vNICs) within the service chain VMs are configured to process packet data using pointers to access the packet data within the shared memory. Once packet data is processed by one service chain VM, the next service chain VM within the service chain is able to access the processed packet data within the shared memory through the packet manager VM. Once all service chain processing has completed, the resulting packet data is available from the shared memory for further use or processing.

公开(公告)号：US20160308766A1

公开(公告)日：2016-10-20

申请号：US14688110

申请日：2015-04-16

申请人： IXIA

发明人： Scott Register ,  Kristopher Raney

IPC分类号： H04L12/741 ,  H04L12/723

CPC分类号： H04L45/745 ,  H04L43/028 ,  H04L45/42 ,  H04L45/50

摘要： Unified mapping tables with source/destination labels for packet forwarding systems are disclosed. In certain embodiments, local source/destination records are stored, and information from these local source/destination records are exchanged. Source/destination records from different packet forwarding systems are then combined to form unified mapping tables. Source records include general labels, descriptions of packet sources, and packet parameters to identify the source packets. Destination records include general labels, descriptions of packet destinations, and packet parameters to identify the packet destinations. The general source/destination labels are human-readable generalized descriptors that allow users/administrators of packet forwarding systems to more easily configure and define filters that determine how packets are forwarded by the packet forwarding systems. A management component can also be used as part of a central management system to receive local source/destination records and to form a master unified mapping table that can be accessed by the different packet forwarding systems.

摘要翻译： 公开了具有用于分组转发系统的源/目标标签的统一映射表。 在某些实施例中，存储本地源/目的地记录，并且交换来自这些本地源/目的地记录的信息。 然后组合不同数据包转发系统的源/目标记录，形成统一的映射表。 源记录包括通用标签，数据包源的描述和标识源数据包的数据包参数。 目的地记录包括通用标签，分组目的地的描述以及用于标识分组目的地的分组参数。 一般来源/目的地标签是人类可读的广义描述符，其允许分组转发系统的用户/管理员更容易地配置和定义过滤器，以确定分组转发系统如何转发分组。 管理组件也可以用作中央管理系统的一部分，用于接收本地源/目的地记录，并形成可由不同数据包转发系统访问的主统一映射表。

公开(公告)号：US10178003B2

公开(公告)日：2019-01-08

申请号：US15379966

申请日：2016-12-15

申请人： IXIA

发明人： Kristopher Raney ,  Matthew R. Bergeron

IPC分类号： G06F15/173 ,  H04L12/26 ,  H04L12/46 ,  H04L29/06

摘要： Metadata associated with client application instances running in virtual machine (VM) platforms within virtual processing environments is collected by monitor applications also running within the VM platforms. The instance metadata is transmitted to and received by a monitor control platform which in turn stores the instance metadata within a monitor instance registry. The instance metadata is updated through solicited or unsolicited updates. The instance metadata is used to identify groups of application instances, and these groups are used to determine targets instances for monitoring or management actions based upon later detected network events such as network security or threat events. Further, trust scores can be determined for components of the metadata stored in the instance registry, and composite trust scores can be generated and used to identify on or more groups of application instances.

公开(公告)号：US10171425B2

公开(公告)日：2019-01-01

申请号：US15380061

申请日：2016-12-15

申请人： IXIA

发明人： Kristopher Raney ,  Dennis J. Cox ,  Santanu Paul

IPC分类号： H04L29/06

摘要： Methods and systems are disclosed that provide active firewall control for network traffic sessions within virtual processing platforms. Client agent instances run within virtual machine (VM) platforms (e.g., hypervisor, container, etc.) within virtual processing environments and enforce access, proxy, and/or other firewall rules with respect to network traffic sessions for application instances also running within the VM platforms. For certain embodiments, the agent instances collect information about applications and services running within the VM platforms and use this collected information to automatically enforce firewall rules. Additional disclosed embodiments redirect packets from “bad” network sources to a proxied application instance that interacts with the “bad” network source. This proxied interaction allows an agent instance monitoring the proxied session to analyze and assess the actual activity by the “bad” network source without putting the original data or network service at risk. Other features and variations are also be disclosed.

公开(公告)号：US20180241699A1

公开(公告)日：2018-08-23

申请号：US15455215

申请日：2017-03-10

申请人： IXIA

发明人： Kristopher Raney

IPC分类号： H04L12/939 ,  H04L12/26 ,  H04L12/24

CPC分类号： H04L49/552 ,  H04L41/0668 ,  H04L43/04 ,  H04L43/0876 ,  H04L43/10 ,  H04L43/12

摘要： Systems and methods are disclosed for packet deduplication for network packet monitoring in virtual processing environments. Tap agents are installed and run with respect to network applications operating with virtual processing environments. These tap agents capture packet traffic associated within these network applications, and deduplication rules are applied so that duplicate packet capture is avoided at the tap agents themselves. In particular, deduplication rules are applied to tap agents where two network applications for which packets are being captured are talking to each other so that one of the tap agents is set to the designated agent for packet capture. Without this designation, packets captured at by the two associated packet agents would represent the same packet flow from both ends thereby leading to duplicate packet capture.

公开(公告)号：US20180176106A1

公开(公告)日：2018-06-21

申请号：US15379966

申请日：2016-12-15

申请人： IXIA

发明人： Kristopher Raney ,  Matthew R. Bergeron

IPC分类号： H04L12/26 ,  H04L12/46

CPC分类号： H04L43/08 ,  H04L12/4641 ,  H04L43/04 ,  H04L43/12 ,  H04L67/42

摘要： Systems and methods are disclosed for instance based management and control for virtual machine (VM) platforms in virtual processing environments. Metadata associated with client application instances running in VM platforms are collected by monitor applications also running within the VM platforms. The instance metadata is transmitted to and received by a monitor control platform which in turn stores the instance metadata within a monitor instance registry. The instance metadata is updated through solicited or unsolicited updates. The instance metadata is used to identify groups of application instances, and these groups are used to determine targets instances for monitoring or management actions based upon later detected network events such as network security or threat events. Further, trust scores can be determined for components of the metadata stored in the instance registry, and composite trust scores can be generated and used to identify on or more groups of application instances.