A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.

In one embodiment, a network device, includes ports to serve as ingress ports and egress ports, a memory to store received network packets, a switch fabric, a controller to monitor queues of the egress ports and make a decision to drop at least a network packet of the received network packets, the network packet having a first destination address associated with a first network node, and mirroring circuitry to encapsulate the network packet with an encapsulation header including a second destination address different from the first destination address, and feedback the encapsulated network packet into a processing pipeline of the received network packets within the network device at a point in the processing pipeline that is prior to egress port assignment, wherein the switch fabric is configured to forward the encapsulated network packet to the packet analyzer responsively to the second destination address in the encapsulation header.

A repeater device in a communication network includes a microcomputer configured to determine whether the repeater device will function as a mirroring switch that generates and transfers a mirror frame, or as a mirror-transfer switch that transfers the mirror frame. When the repeater device functions as a mirror switch and performs port mirroring, the repeater device adds monitor port and destination port information of the mirroring switch to the mirror frame. When the repeater device functions as a mirror-transfer switch, the repeater device adds sender port and destination port information of the mirror-transfer switch to the mirror frame. A monitor device in the communication network uses information in the mirror frame to identify a mirror source device in the network.

A mirror packet control device includes a processor that detects a notification of a completion of movement of a first virtual machine from another device to the mirror packet control device. The processor refers, upon the detection of the notification, to first correspondence information to identify a transmission source that transmits a first mirror packet to the first virtual machine. The first correspondence information includes a first item associating first identification information of the first virtual machine with second identification information of the transmission source. The processor transmits a first deletion instruction to the transmission source. The first deletion instruction instructs deletion of a second item included in second correspondence information stored in the transmission source. The second item associates the first identification information with identification information of a first port of the transmission source through which the first mirror packet is transmitted to the first virtual machine.

Distinct sets of non-stationary data seen on a switch in data communication with one or more of computerized units in a network, are mirrored via two switch ports, which include a first port and a second port. A dual analysis is performed while mirroring said distinct sets of data. First data obtained from data mirrored at the first port are analyzed (e.g., using a trained machine learning model) and, based on the first data analyzed, the switch is reconfigured for the second port to mirror second data, which are selected from non-stationary data as seen on the switch (e.g., data received and/or transmitted by the switch). The second data mirrored at the second port is analyzed (e.g., using a different analysis scheme, suited for the selected data).

A multi-endpoint adapter device includes a plurality a duplicator device that is coupled to the network port and the plurality of endpoint subsystems that are each configured to couple with a respective processing subsystem. The duplicator device receives, via the network port, a data payload and determines that the data payload is to be provided to each of a first processing subsystem via a first endpoint subsystem that is included in the plurality of endpoint subsystems, and a second processing subsystem via a second endpoint subsystem that is included in the plurality of endpoint subsystems. The duplicator device then duplicates the data payload to provide a first duplicated data payload and a second duplicated data payload. The duplicator device then provides the first duplicated data payload to the first endpoint subsystem and provides the second duplicated data payload to the second endpoint subsystem.

The present disclosure discloses a data transmission protection method, a data transmission protection device, a data transmission protection system and a computer readable storage medium, the method includes: encapsulating a packet header for a data flow to be transmitted at an ingress node to form an encapsulated data flow, where the packet header includes a control word and a flow identification; copying the encapsulated data flow to obtain a copied data flow, and transmitting the encapsulated data flow and the copied data flow together; and recovering the data flow at a terminating node according to the control word and the flow identification.

This disclosure describes various methods, systems, and devices related to mirrored traffic forwarding in a hybrid network. An example method includes receiving, from a source forwarder in a source network, a mirrored data packet. A session of the mirrored data packet may be identified based on a header of the mirrored data packet. A destination forwarder in a destination network may be identified based on the session. The destination network may be different than the source network. The mirrored data packet may be forwarded to the destination forwarder.

Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments. In some embodiments, the parameter collecting circuit performs computations on the parameter values that it collects and distributes the result of the computations once it has processed all the parameter values distributed by the first set of machines. The computations are aggregating operations (e.g., adding, averaging, etc.) that combine corresponding subset of parameter values distributed by the first set of machines.

Disclosed are an apparatus and method of monitoring Ethernet communication for a vehicle and a vehicle including the same. The apparatus includes a traffic statistics data acquisition unit configured to acquire traffic from each of ports of an Ethernet switch, a database (DB) configured to store communication information between controllers connected to the Ethernet switch, a switching path check unit configured to check a switching path of the Ethernet switch, and a monitoring unit configured to calculate a reference value of normal traffic for each port, between ports, and for each traffic flow of the Ethernet switch based on communication information between the controllers and a switching path, to compare the calculated reference value of the normal traffic with traffic acquired from each port of the Ethernet switch, and to monitor whether a communication state of the Ethernet switch is abnormal.