Systems, computer-readable media, and methods are disclosed for parallel data processing for service function chains with network functions spanning multiple servers. An example system includes a first server hosting a first network function of a service function chain, a second server hosting a second network function of the service function chain, a mirror function deployed in a first switch to replicate a plurality of packets received by the system and to send respective copies of the plurality of packets to the first network function and to at least one of the second network function and a third network function of the service function chain, and a merge function deployed in a second switch to merge respective outputs of the first network function and the at least one of the second network function and the third network function.

Apparatus including a network switch which includes switching circuitry to switch packets, packet drop decision circuitry to identify a packet that is to be dropped, packet duplication circuitry to duplicate the packet that is to be dropped, producing a first packet and a second packet, and packet exporting circuitry to export the first packet to a memory external to the switch via direct memory access (DMA). Related apparatus and methods are also provided.

This disclosure describes various methods, systems, and devices related to mirrored traffic forwarding in a hybrid network. An example method includes receiving, from a source forwarder in a source network, a mirrored data packet. A session of the mirrored data packet may be identified based on a header of the mirrored data packet. A destination forwarder in a destination network may be identified based on the session. The destination network may be different than the source network. The mirrored data packet may be forwarded to the destination forwarder.

A method and system for providing robust streaming of data from a multi-core die is disclosed. The techniques include using a high bandwidth memory (HBM) device as retransmit buffers for large amounts of data to ensure robust communication in relatively high round trip-transmission time (RTT) transmission. Another technique is supporting two or more Ethernet ports between components to both transmit the same data packets on the two ports to insure robustness. Another technique is to use sequence numbers and send data packets from the different ports in a round robin fashion and reorder the packets upon receipt of an external device. Another technique is dynamically adding and removing paths for data packets between devices with multiple ports based on the quality of the path.

A network management apparatus includes a first controller, a memory, and a second controller. The first controller configured to operate a first virtual machine including a first container monitoring the mirror packet and a virtual switch transferring the mirror packet. The memory configured to store a destination information of the mirror packet and an address corresponding to the first container in association with each other. The second controller configured to cause the virtual switch to perform an operation to transmit the address corresponding to the first container from the virtual switch and cause the virtual machine to perform an operation to transfer the mirror packet to the first container from the first virtual machine, using the address corresponding to the first container when the virtual machine receives the mirror packet from the virtual switch and requests address resolution for the destination information of the mirror packet.

Disclosed herein are a device identification apparatus and method based on network behavior. The device identification apparatus includes one or more processors, and execution memory for storing at least one program that is executed by the one or more processors, wherein the at least one program is configured to collect packet data of a device connected to a network through port mirroring and extract behavior features from the packet data, analyze the behavior features and then generate unique information based on a previously created detection model, and extract an identification number corresponding to the unique information from a database and then identify the device.

Described embodiments provide systems and methods for upgrading user space networking stacks without disruptions to network traffic. A first packet engine can read connection information of existing connections of a second packet engine written to a shared memory region by the second packet engine. The first packet engine can establish one or more virtual connections according to the connection information of existing connections of the second packet engine. Each of the first packet engine and the second packet engine can receive mirrored traffic data. The first packet engine can receive a first packet and determine that the first packet is associated with a virtual connection corresponding to an existing connection of the second packet engine. The first packet engine can drop the first packet responsive to the determination that the first packet is associated with the virtual connection.

Aspects include receiving, at an input/output (I/O) processor, a transport control word (TCW) that includes an instruction to perform physical port mirroring. It is identified, by the I/O processor, a first port to be mirrored and a second port to perform the mirroring. The second port is a physical port on a host bus adapter (HBA). In response to outbound data being sent to the first port for transmission to a first target device and to the instruction specifying outbound port mirroring, the I/O processor sends a copy of the outbound data to a second target device via the second port. In response to receiving inbound data at the first port and to the instruction specifying inbound port mirroring, a copy of the inbound data is transmitted to the second target device via the second port.

Aspects include includes receiving, at an input/output (I/O) processor, a transport control word (TCW) that includes an instruction to perform virtual port mirroring. The I/O processor identifies a first port to be mirrored and a virtual port to perform the mirroring. The virtual port is a first memory location in a memory. In response to outbound data being sent to the first port for transmission to a first target device and to the instruction specifying outbound port mirroring, the I/O processor stores a copy of the outbound data in the first memory location. In response to inbound data being received at the first port and to the instruction specifying inbound port mirroring, a copy of the inbound data is stored at the first memory location.

A method and system for providing robust streaming of data from a multi-core die is disclosed. The techniques include using a high bandwidth memory (HBM) device as retransmit buffers for large amounts of data to ensure robust communication in relatively high round trip-transmission time (RTT) transmission. Another technique is supporting two or more Ethernet ports between components to both transmit the same data packets on the two ports to insure robustness. Another technique is to use sequence numbers and send data packets from the different ports in a round robin fashion and reorder the packets upon receipt of an external device. Another technique is dynamically adding and removing paths for data packets between devices with multiple ports based on the quality of the path.