The network switch architecture permits modifications to the network topology in real time without the need for manual intervention. In this architecture, a switching core is capable of switching data paths directly from the ingress or egress of the switching core to alternate destination ports in real time, either under software or hardware control.

A copy unit (11c) copies packets received from a network. A compression unit (11d) compresses the payload of each of the copied packets and transfers each of the compressed packets to a security apparatus (20a). A storage unit stores filter information identifying the attack packet detected by the security apparatus, and a discarding unit (11a) uses the filter information to discard the attack packet. The storage unit stores an assignment rule designating a processing method for each predetermined flow of the network traffic, and an assignment unit (11b) uses the assignment rule to assign each of the packets received from the network to a copy unit (11c) or to another security apparatus (20b), for each of the predetermined flows.

The present disclosure relates to a SDN-based method for mirroring packets, wherein a SDN controller is coupled to an upper layer application and at least one data switching exchange respectively, and the method including: a) the upper layer application sends a mirroring instruction to the SDN controller through a first northbound interface of the SDN controller; b) the SDN controller generates a second flow table based on the mirroring instruction and a first flow table sent by a first data switching exchange; wherein the first data switching exchange initiates transmission of the packets, the first flow table encapsulates the packets, and the second flow table includes at least an action command corresponding to the mirroring instruction; and c) a second data switching exchange extracts the packets from the second flow table, and mirrors the packets to the designated node based on the action command.

A network information transmission system. The network information transmission system includes a packet handling device including a control plane configured to open a remote direct memory access (RDMA) connection with a destination external to the network information transmission system, an encapsulator configured to encapsulate one or more packets traversing the packet handling device, producing one or more encapsulated packets, and a transmitter configured to transmit the one or more encapsulated packets, via the RDMA connection, to the destination external to the network information transmission system. Related apparatus and methods are also described.

A method and system for providing robust streaming of data from a multi-core die is disclosed. The techniques include using a high bandwidth memory (HBM) device as retransmit buffers for large amounts of data to ensure robust communication in relatively high round trip-transmission time (RTT) transmission. Another technique is supporting two or more Ethernet ports between components to both transmit the same data packets on the two ports to insure robustness. Another technique is to use sequence numbers and send data packets from the different ports in a round robin fashion and reorder the packets upon receipt of an external device. Another technique is dynamically adding and removing paths for data packets between devices with multiple ports based on the quality of the path.

Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments. In some embodiments, the parameter collecting circuit performs computations on the parameter values that it collects and distributes the result of the computations once it has processed all the parameter values distributed by the first set of machines. The computations are aggregating operations (e.g., adding, averaging, etc.) that combine corresponding subset of parameter values distributed by the first set of machines.

A network management apparatus includes a first controller, a memory, and a second controller. The first controller configured to operate a first virtual machine including a first container monitoring the mirror packet and a virtual switch transferring the mirror packet. The memory configured to store a destination information of the miller packet and an address corresponding to the first container in association with each other. The second controller configured to cause the virtual switch to perform an operation to transmit the address corresponding to the first container from the virtual switch and cause the virtual machine to perform an operation to transfer the mirror packet to the first container from the first virtual machine, using the address corresponding to the first container when the virtual machine receives the mirror packet from the virtual switch and requests address resolution for the destination information of the mirror packet.

Port synchronization is provided for multicast on an Ethernet segment (ES) in which a device (CE) is multihomed to at least two devices (PE1 and PE2) of a VLAN. Such example embodiments may do so by providing computer-implemented method for use in a first device belonging to an Ethernet virtual private network (EVPN) and an Ethernet segment (ES), the ES including a second device and a third device, the second device also belonging to the EVPN, the third device being multihomed to the first device and the second device via the ES, and the first and second devices having snooping enabled for multicast group messages, the computer-implemented method comprising: (a) detecting, on a first interface of the first device, from the third device via the ES, a multicast query message, wherein the multicast query message is not detected by the second device via the ES; (b) marking the first interface of the first device as a multicast router port; (c) generating a message identifying the ES and including information encoding that the multicast query message was detected on the ES; and (d) sending, via the EVPN, the message generated to the second device so that the second device will mark an interface, on the ES, with the third device, as a multicast router port.

This disclosure describes techniques for improved port mirroring over Ethernet Virtual Private Network (EVPN) Virtual eXtensible Local Area Network (VXLAN). For example, a method includes receiving, by a first network device of a plurality of network devices of a leaf and spine network configured with an Ethernet Virtual Private Network and from a second network device of the plurality of network devices, an extended routing message including information indicating the second network device is connected to an analyzer, and wherein the plurality of network devices is configured with a Virtual Local Area Network (VLAN) for which the analyzer is configured to analyze packets. The method also includes configuring, within forwarding information of the first network device and in response to receiving the extended routing message advertised by the second network device, a next hop that specifies packets associated with the VLAN are to be forwarded to the second network device.

Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments. In some embodiments, the parameter collecting circuit performs computations on the parameter values that it collects and distributes the result of the computations once it has processed all the parameter values distributed by the first set of machines. The computations are aggregating operations (e.g., adding, averaging, etc.) that combine corresponding subset of parameter values distributed by the first set of machines.