In one embodiment, a traffic analysis service receives payload data from packets sent by a sensor tag in a network. The service forms a payload signature for the sensor tag, based on the payload data. The payload signature is indicative of one or more bytes in the payload that vary across the packets. The service identifies a portion of the payload data as potentially including a sensor measurement, based on the payload signature. The service uses a machine learning classifier to assign a sensor measurement type to the identified portion of the payload data.

Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments. In some embodiments, the parameter collecting circuit performs computations on the parameter values that it collects and distributes the result of the computations once it has processed all the parameter values distributed by the first set of machines. The computations are aggregating operations (e.g., adding, averaging, etc.) that combine corresponding subset of parameter values distributed by the first set of machines.

A computer-implemented method of grouping network traffic metadata includes, based on a selected dimension of the network traffic metadata received from a network router, obtaining a statistic about a flow of network traffic metadata received over an interval for each instance of multiple instances of the dimension. The method further includes distributing the network traffic metadata into a plurality of groups for network traffic metadata from the smallest possible number of instances of the selected dimension to be distributed to each group, with the flow of network traffic metadata distributed optimally for a criteria regarding the statistic amongst the plurality of groups for minimizing cardinality of each group of the plurality of groups with respect to unselected dimensions of the network traffic metadata and providing each group to a columnar database for storage of the network traffic metadata distributed into each group in a different partition of the columnar database.

Examples describe a manner of scheduling packet segment fetches at a rate that is based on one or more of: a packet drop indication, packet drop rate, incast level, operation of queues in SAF or VCT mode, or fabric congestion level. Headers of packets can be fetched faster than payload or body portions of packets and processed prior to queueing of all body portions. In the event a header is identified as droppable, fetching of the associated body portions can be halted and any body portion that is queued can be discarded. Fetch overspeed can be applied for packet headers or body portions associated with packet headers that are approved for egress.

A method includes obtaining a first plurality of encrypted traffic flows traversing a communication network, performing a first classification, wherein a result of the first classification identifies a traffic type associated with each encrypted traffic flow of the first plurality of encrypted traffic flows, and wherein the first classification is based on a traffic pattern of the each encrypted traffic flow, performing a second classification, wherein a result of the second classification identifies a traffic type associated with each server name indication from which the first plurality of encrypted traffic flows is associated, and wherein the second classification is based on the result of the first classification, and performing a third classification identifying a traffic type associated with each encrypted traffic flow of the first plurality of encrypted traffic flows, wherein the third classification is based on a combination of the results of the first classification and the second classification.

In one embodiment, a traffic analysis service receives payload data from packets sent by a sensor tag in a network. The service forms a payload signature for the sensor tag, based on the payload data. The payload signature is indicative of one or more bytes in the payload that vary across the packets. The service identifies a portion of the payload data as potentially including a sensor measurement, based on the payload signature. The service uses a machine learning classifier to assign a sensor measurement type to the identified portion of the payload data.

Systems and methods for efficiently storing a distributed ledger of records. In an exemplary aspect, a method may include generating a record comprising a payload and a header, wherein the payload stores a state of a data object associated with a distributed ledger and the header stores a reference to state information in the payload. The method may further comprise including the record in a trunk filament comprising a first plurality of records indicative of historic states of the data object, wherein the trunk filament is part of a first lifeline. The method may include identifying a jet of the distributed ledger, wherein the jet is a logical structure storing a second lifeline with a second plurality of records. In response to determining that the first plurality of records is related to the second plurality of records, the method may include storing the first lifeline in the jet.

Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments. In some embodiments, the parameter collecting circuit performs computations on the parameter values that it collects and distributes the result of the computations once it has processed all the parameter values distributed by the first set of machines. The computations are aggregating operations (e.g., adding, averaging, etc.) that combine corresponding subset of parameter values distributed by the first set of machines.

Examples describe an egress port manager that uses an adaptive jitter selector to apply a jitter threshold level for a buffer, wherein the jitter threshold level is to indicate when egress of a packet segment from the buffer is allowed, wherein a packet segment comprises a packet header and wherein the jitter threshold level is adaptive based on a switch fabric load. In some examples, the jitter threshold level is to indicate a number of segments for the buffer's head of line (HOL) packet that are to be in the buffer or indicate a timer that starts at a time of issuance of a first read request for a first segment of the packet in the buffer. In some examples, the jitter threshold level is not more than a maximum transmission unit (MTU) size associated with the buffer. In some examples, a fetch scheduler is used to adapt an amount of interface overspeed to reduce packet fetching latency while attempting to prevent fabric saturation based on a switch fabric load level, wherein the fetch scheduler is to control the jitter threshold level for the buffer by forcing a jitter threshold level based on switch fabric load level and latency profile of the switch fabric.

A high performance packet stream storage method. Original packet data from data traffic transmitted over a network is collected. Collected original packet data is written in a memory. Metadata from the collected original package data is extracted and metadata is written in the memory. The original packet data and the metadata is stored in a storage unit.