Disclosed herein are a device identification apparatus and method based on network behavior. The device identification apparatus includes one or more processors, and execution memory for storing at least one program that is executed by the one or more processors, wherein the at least one program is configured to collect packet data of a device connected to a network through port mirroring and extract behavior features from the packet data, analyze the behavior features and then generate unique information based on a previously created detection model, and extract an identification number corresponding to the unique information from a database and then identify the device.

The present disclosure discloses a data transmission protection method, a data transmission protection device, a data transmission protection system and a computer readable storage medium, the method includes: encapsulating a packet header for a data flow to be transmitted at an ingress node to form an encapsulated data flow, where the packet header includes a control word and a flow identification; copying the encapsulated data flow to obtain a copied data flow, and transmitting the encapsulated data flow and the copied data flow together; and recovering the data flow at a terminating node according to the control word and the flow identification.

This disclosure describes techniques for improved port mirroring over Ethernet Virtual Private Network (EVPN) Virtual eXtensible Local Area Network (VXLAN). For example, a method includes receiving, by a first network device of a plurality of network devices of a leaf and spine network configured with an Ethernet Virtual Private Network and from a second network device of the plurality of network devices, an extended routing message including information indicating the second network device is connected to an analyzer, and wherein the plurality of network devices is configured with a Virtual Local Area Network (VLAN) for which the analyzer is configured to analyze packets. The method also includes configuring, within forwarding information of the first network device and in response to receiving the extended routing message advertised by the second network device, a next hop that specifies packets associated with the VLAN are to be forwarded to the second network device.

Aspects include receiving, at an input/output (I/O) processor, a transport control word (TCW) that includes an instruction to perform physical port mirroring. It is identified, by the I/O processor, a first port to be mirrored and a second port to perform the mirroring. The second port is a physical port on a host bus adapter (HBA). In response to outbound data being sent to the first port for transmission to a first target device and to the instruction specifying outbound port mirroring, the I/O processor sends a copy of the outbound data to a second target device via the second port. In response to receiving inbound data at the first port and to the instruction specifying inbound port mirroring, a copy of the inbound data is transmitted to the second target device via the second port.

Systems, computer-readable media, and methods are disclosed for parallel data processing for service function chains with network functions spanning multiple servers. An example system includes a first server hosting a first network function of a service function chain, a second server hosting a second network function of the service function chain, a mirror function deployed in a first switch to replicate a plurality of packets received by the system and to send respective copies of the plurality of packets to the first network function and to at least one of the second network function and a third network function of the service function chain, and a merge function deployed in a second switch to merge respective outputs of the first network function and the at least one of the second network function and the third network function.

The present disclosure provides a A method and a device for data processing. The method includes acquiring at least two pathways of communication messages, where the at least two pathways of communication messages are messages intercepted in a bypass manner from messages transmitted by a service processing system to an external system; and the service processing system does not execute logic of record storage; processing the at least two pathways of communication messages, and determining communication messages to-be-stored from the at least two pathways of communication messages processed; and according to the at least two pathways of communication messages, storing the communication messages to-be-stored in a database.

Systems and methods of configuring, managing and ensuring security compliance of Virtual Network Slices that transit through physical networks, virtual networks (SDN), cloud networks, radio access networks, service provider networks, and enterprise networks are identified. The methods include user side security validation methods while attempting to use a network slice for a specific service, and security validation of physical or virtual networks and the associated transit network elements. The methods disclose enriching the Security Certificates with policy parameters and the associated procedures that transit elements are required to assure for security compliance. Additionally, methods for incorporating a mobile native security platform in Wireless Mobile Network (4G/5G) that supports generating X.509 Certificates enhanced with policy requirements, validating allowed/disallowed list of transit network vendor devices, virtual network appliances are identified.

Disclosed is a network security monitoring device, which is included in a network comprising a first entity, a second entity, a switching device provided between the first entity and the second entity, and the network security monitoring device connected to the switching device. The device comprises the port for obtaining at least one mirrored packet for at least one packet transmitted and received between the first entity and the second entity on the basis of mirroring from the switching device, and a processor for determining whether a security problem has occurred for a network associated with the first entity and the second entity on the basis of at least some of information included in the at least one mirrored packet.

Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments. In some embodiments, the parameter collecting circuit performs computations on the parameter values that it collects and distributes the result of the computations once it has processed all the parameter values distributed by the first set of machines. The computations are aggregating operations (e.g., adding, averaging, etc.) that combine corresponding subset of parameter values distributed by the first set of machines.

An example network manager receives, from a conductor switch of a switch stack, an active configuration. The network manager determines, based on the active configuration, switch model types for a plurality of switches of the switch stack. The network manager determines, based on the switch model types and the active configuration, a number of ports of the plurality of switches of the switch stack and a current configuration of each port of each switch of the switch stack. The network manager updates a device configuration element of a network management user interface to display the current configuration of each port of each switch of the switch stack in a manner that indicates that the switch stack is a single logical switch.