Embodiments are directed to a packet capture ring that provides a single network tap for packet capture and a series of processors (or appliances) for handling serialization and search request processing in a confederated and highly scalable manner. One such appliance (a primary appliance) maintains a tap port to the network. Each packet capture appliance has a locally attached repository that stores raw packets and a juxtaposed index that allows for retrieval of those packets. The primary appliance sends a single copy of encapsulated packets in opposite directions around the ring to its descendants. A designation is made across the system as to a currently designated appliance for servicing requests for indexing and storage of captured packets. This current designation shifts from appliance to appliance in the system, as a previously designated appliance has its storage capacity filled.

Embodiments of the present invention relate to an architecture that uses hierarchical statistically multiplexed counters to extend counter life by orders of magnitude. Each level includes statistically multiplexed counters. The statistically multiplexed counters includes P base counters and S subcounters, wherein the S subcounters are dynamically concatenated with the P base counters. When a row overflow in a level occurs, counters in a next level above are used to extend counter life. The hierarchical statistically multiplexed counters can be used with an overflow FIFO to further extend counter life.

A network interface includes a processor, memory, and a cache between the processor and the memory. The processor secures a plurality of buffers for storing transfer data in the memory, and manages an allocation order of available buffers of the plurality of buffers. The processor returns a buffer released after data transfer to a position before a predetermined position of the allocation order.

A network device determines whether a utilization threshold is reached, the utilization threshold associated with memory resources of the network device, the memory resources including a shared memory and a reserved memory. Available memory in the shared memory is available for any egress interfaces in a plurality of egress interfaces, and the reserved memory includes respective sub-pools for exclusive use by respective egress interfaces among at least some of the plurality of egress interfaces. First packets to be transmitted are stored in the shared memory until a utilization threshold is reached, and in response to determining that the utilization threshold is reached, a second packet to be transmitted is stored in the reserved memory.

Embodiments are directed to a packet capture ring that provides a single network tap for packet capture and a series of processors (or appliances) for handling serialization and search request processing in a confederated and highly scalable manner. One such appliance (a primary appliance) maintains a tap port to the network. Each packet capture appliance has a locally attached repository that stores raw packets and a juxtaposed index that allows for retrieval of those packets. The primary appliance sends a single copy of encapsulated packets in opposite directions around the ring to its descendants. A designation is made across the system as to a currently designated appliance for servicing requests for indexing and storage of captured packets. This current designation shifts from appliance to appliance in the system, as a previously designated appliance has its storage capacity filled.

Embodiments of the present invention relate to an architecture that uses hierarchical statistically multiplexed counters to extend counter life by orders of magnitude. Each level includes statistically multiplexed counters. The statistically multiplexed counters includes P base counters and S subcounters, wherein the S subcounters are dynamically concatenated with the P base counters. When a row overflow in a level occurs, counters in a next level above are used to extend counter life. The hierarchical statistically multiplexed counters can be used with an overflow FIFO to further extend counter life.

A device that is configured to generate reports to send to a server comprises at least one processor configured to generate the reports. Upon loss of connection, generated reports are stored in a buffer in memory of the device, capable of storing k reports. The first generated report is stored in a first part of the buffer, a most recently generated report is stored in a second part of the buffer, while the remaining reports are stored in a third part of the buffer. When the third part is full, a sampling algorithm is used to select the k2 reports to store in the third part.

A technique for processing messages in a message-based communication scenario is described. In the communication scenario, messages are received from an input message stream, multiplied and forwarded to multiple message consumers, and persisted together with at least one of a time stamp and a message identifier in a persistent storage for later replay to the message consumers. A method aspect of this technique comprises detecting a replay triggering event associated with a message consumer. The method aspect further comprises, in response to detecting the replay triggering event, creating a replay function for the message consumer. The replay function is configured to receive persisted messages from the persistent storage and to send the persisted messages to the message consumer.

From received data packets intended for a target virtual machine of a virtualization system, a destination network address of the target virtual machine is determined, and a current write buffer pointer is identified that points to a buffer associated with the identified target virtual machine corresponding to the destination network address. If the identified write buffer pointer indicates that the buffer has sufficient available space to accept the data packets, and if the associated buffer has sufficient available space, the data packets are placed in the associated buffer in buffer data locations according to a calculated new write buffer pointer value, and a wakeup byte data message is sent to a designated socket of the target virtual machine. Generally, the target virtual machine detects the wakeup byte data message at the designated socket and, in response, retrieves the data packets from the associated buffer in accordance with the new write buffer pointer value.

The present disclosure generally discloses a data plane configured for processing function scalability. The processing functions for which scalability is supported may include charging functions, monitoring functions, security functions, or the like.