Apparatus including a network switch which includes switching circuitry to switch packets, packet drop decision circuitry to identify a packet that is to be dropped, packet duplication circuitry to duplicate the packet that is to be dropped, producing a first packet and a second packet, and packet exporting circuitry to export the first packet to a memory external to the switch via direct memory access (DMA). Related apparatus and methods are also provided.

An information processing apparatus includes: a memory that stores association information associating a first address of a first container assigned beforehand with a second address of a second container assigned beforehand; and a processor coupled to the memory. The processor detects first information from one of containers; sets, when the address in the first information matches the first or second address, the container including the matching address and a port of a virtual machine specified by the first information in association with each other in the association information; duplicates second information passing through a first port associated with the first container by referring to the association information; and forwards the duplicated second information destined for a second port associated with the second container.

A method including providing a network switch, including switching circuitry, packet drop decision circuitry, packet duplication circuitry, and packet exporting circuitry, and performing the following in the network switch: switching packets in the switching circuitry, identifying a packet that is to be dropped in the packet drop decision circuitry, duplicating the packet that is to be dropped in the packet duplication circuitry, producing a first packet and a second packet, exporting the first packet to a tail-drop packet buffer in the packet exporting circuitry, and exporting the second packet to a cyclic packet buffer in the packet exporting circuitry. Related apparatus and methods are also provided. The abstract is not intended to be limiting.

In the present invention, unauthorized access from outside a facility to a device disposed inside the facility is detected by effectively using the output from a mirror port of a network switch. A gateway device has: a monitored data acquisition unit for saving in a monitored data storage unit, as monitored data, packet data that is outputted from a mirror port of a switch, the packet data being outputted from a device being monitored; an unauthorized access detection unit for detecting unauthorized access by determining whether the monitored data is abnormal on the basis of a comparison between the monitored data and assessment rules; and an unauthorized access notification unit for notifying a server of a monitoring center, which is connected to an external network via an external communication unit, that unauthorized access has been detected.

A multi-endpoint adapter device includes a plurality a duplicator device that is coupled to the network port and the plurality of endpoint subsystems that are each configured to couple with a respective processing subsystem. The duplicator device receives, via the network port, a data payload and determines that the data payload is to be provided to each of a first processing subsystem via a first endpoint subsystem that is included in the plurality of endpoint subsystems, and a second processing subsystem via a second endpoint subsystem that is included in the plurality of endpoint subsystems. The duplicator device then duplicates the data payload to provide a first duplicated data payload and a second duplicated data payload. The duplicator device then provides the first duplicated data payload to the first endpoint subsystem and provides the second duplicated data payload to the second endpoint subsystem.

A network switch includes multiple ports that serve as ingress ports and egress ports for connecting to a communication network, and processing circuitry. The processing circuitry is configured to receive packets via the ingress ports, select one or more of the packets for mirroring, create mirror copies of the selected packets and output the mirror copies for analysis, mark the packets for which mirror copies have been created with mirror-duplicate indications, and forward the packets to the egress ports, including the packets that are marked with the mirror-duplicate indications.

In one embodiment, a network device, includes ports to serve as ingress ports and egress ports, a memory to store received network packets, a switch fabric, a controller to monitor queues of the egress ports and make a decision to drop at least a network packet of the received network packets, the network packet having a first destination address associated with a first network node, and mirroring circuitry to encapsulate the network packet with an encapsulation header including a second destination address different from the first destination address, and feedback the encapsulated network packet into a processing pipeline of the received network packets within the network device at a point in the processing pipeline that is prior to egress port assignment, wherein the switch fabric is configured to forward the encapsulated network packet to the packet analyzer responsively to the second destination address in the encapsulation header.

A relay device in a communication network includes: a configuration determination unit determining whether a configuration frame is received; a comparison unit; first and second configuration units; and a configuration transfer unit. The comparison unit determines whether the propagation number at reception time is equal to the total number of target devices in a configuration frame. When the propagation number is not equal to the total number, the first configuration unit sets a port in the transfer destination information to the mirror output port. When the propagation number is not equal to the total number, the configuration transfer unit outputs the updated configuration frame from the mirror input port. When the propagation number is equal to the total number, the second configuration unit sets a port in the transfer destination information to the mirror output port.

Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments. In some embodiments, the parameter collecting circuit performs computations on the parameter values that it collects and distributes the result of the computations once it has processed all the parameter values distributed by the first set of machines. The computations are aggregating operations (e.g., adding, averaging, etc.) that combine corresponding subset of parameter values distributed by the first set of machines.

A network element includes circuitry and multiple ports. The multiple ports are configured to connect to a communication network. The circuitry is configured to receive multiple packets from the communication network via one or more input ports, and store the received packets in a buffer of the network element, to schedule transmission of the packets stored in the buffer to the communication network via one or more output ports, and in response to a request to provide a snapshot of at least a portion of the buffer, to mirror for transmission, via one or more dedicated ports, only a part of the portion that was received in the network element prior to the request.