What technology area does this patent fall under?

Primary CPC classification H04L67/10. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 09 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Hybrid cloud network monitoring system for tenant use

US10944811B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10944811-B2
Application number	US-201715846133-A
Country	US
Kind code	B2
Filing date	Dec 18, 2017
Priority date	Dec 22, 2014
Publication date	Mar 9, 2021
Grant date	Mar 9, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM.

First claim

Opening claim text (preview).

We claim: 1. A method for monitoring network traffic in a cloud computing system, the method comprising: receiving the network traffic at a first port of a distributed virtual switch associated with a target virtual machine (VM) executing in a first host computer in the cloud computing system, wherein the distributed virtual switch includes the first port and a second port, wherein the first port of the distributed virtual switch is located in the first host computer connected to the target VM executing in the first host computer and the second port of the distributed virtual switch is located in a second host computer connected to an intermediate VM executing in the second host computer; transmitting the network traffic from the first port of the distributed virtual switch to the target VM executing in the first host computer and a copy of the network traffic from the first port associated with the target VM to a first network interface of the intermediate VM executing in the second host computer in the cloud computing system through the second port of the distributed switch associated with the intermediate VM via an encapsulated port mirroring session; processing the copy of the network traffic at the intermediate VM to be routed to a traffic monitoring device, including decapsulating packets of the network traffic received via the encapsulated port mirroring session by the intermediate VM; and forwarding the decapsulated packets of the network traffic from a second network interface of the intermediate VM to the traffic monitoring device through a second distributed virtual switch that connects the second host computer to a third host computer, which includes the traffic monitoring device, wherein the second network interface of the intermediate VM is not configured to receive any network traffic over the second distributed virtual switch. 2. The method of claim 1 , wherein transmitting the copy of the network traffic includes transmitting the copy of the network traffic through a tunnel across the distributed virtual switch that supports point-to-point transmission of encapsulated data. 3. The method of claim 2 , wherein transmitting the copy of the network traffic includes encapsulating the copy of the network traffic with a tunnel header as encapsulated network traffic to transmit the copy of the network traffic through the tunnel across the distributed virtual switch to the first network interface of the intermediate VM. 4. The method of claim 3 , wherein the port mirroring session comprises an Encapsulated Remote Switched Port Analyzer (ERSPAN) session configured to encapsulate captured Layer-2 network traffic at the first port of the distributed virtual switch using Layer-3 packets. 5. The method of claim 1 , wherein processing the copy of the network traffic at the intermediate VM includes adding an address of the traffic networking device to the decapsulated packets of the network traffic to forward the network traffic to the traffic network device. 6. A non-transitory computer-readable medium containing program instructions for monitoring network traffic in a cloud computing system, wherein execution of the program instructions by one or more processors of at least one computer systems causes the one or more processors to perform steps comprising: receiving the network traffic at a first port of a distributed virtual switch associated with a target virtual machine (VM) executing in a first host computer in the cloud computing system, wherein the distributed virtual switch includes the first port and a second port, wherein the first port of the distributed virtual switch is located in the first host computer connected to the target VM executing in the first host computer and the second port of the distributed virtual switch is located in a second host computer connected to an intermediate VM executing in the second host computer; transmitting the network traffic from the first port of the distributed virtual switch to the target VM executing in the first host computer and a copy of the network traffic from the first port associated with the target VM to a first network interface of the intermediate VM executing in the second host computer in the cloud computing system through the second port of the distributed virtual switch associated with the intermediate VM via an encapsulated port mirroring session; processing the copy of the network traffic at the intermediate VM to be routed to a traffic monitoring device, including decapsulating packets of the network traffic received via the encapsulated port mirroring session by the intermediate VM; and forwarding the decapsulated packets of the network traffic from a second network interface of the intermediate VM to the traffic monitoring device through a second distributed virtual switch that connects the second host computer to a third host computer, which includes the traffic monitoring device, wherein the second network interface of the intermediate VM is not configured to receive any network traffic over the second distributed virtual switch. 7. The computer-readable medium of claim 6 , wherein transmitting the copy of the network traffic includes transmitting the copy of the network traffic through a tunnel across the distributed virtual switch that supports point-to-point transmission of encapsulated data. 8. The computer-readable medium of claim 7 , wherein transmitting the copy of the network traffic includes encapsulating the copy of the network traffic with a tunnel header as encapsulated network traffic to transmit the copy of the network traffic through the tunnel across the distributed virtual switch to the first network interface of the intermediate VM. 9. The computer-readable medium of claim 8 , wherein the port mirroring session comprises an Encapsulated Remote Switched Port Analyzer (ERSPAN) session configured to encapsulate captured Layer-2 network traffic at the first port of the distributed virtual switch using Layer-3 packets. 10. The computer-readable medium of claim 6 , wherein processing the copy of the network traffic at the intermediate VM includes adding an address of the traffic networking device to the decapsulated packets of the network traffic to forward the network traffic to the traffic network device. 11. A cloud computing system, comprising: a plurality of host computers with hardware resources; a target virtual machine (VM) executing on a first host computer and an intermediate VM with first and second network interfaces executing on a second host computer; a traffic monitoring device; and a distributed virtual switch supported by the plurality of host computers, wherein the distributed virtual switch includes a first port and a second port, wherein the first port of the distributed virtual switch is located in the first host computer connected to the target VM executing in the first host computer and the second port of the distributed virtual switch is located in the second host computer connected to the intermediate VM executing in the second host computer, the distributed virtual switch being configured to receive network traffic at the first port associated with the target virtual machine (VM), and transmit the network traffic from the first port of the distributed virtual switch to the target VM executing in the first host computer and a copy of the network traffic from the first port associated with the target VM to the first network interface of the intermediate VM executing in the second host computer through the second port of the distributed switch associated with the intermediate VM via an encapsulated port mirroring session, wherein the intermediate VM is configured to process the received copy of th

Assignees

Vmware Inc

Inventors

Classifications

H04L43/20
the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV · CPC title
H04L43/062
related to network traffic · CPC title
H04L43/12
Network monitoring probes · CPC title
H04L67/10Primary
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
H04L12/4633
Interconnection of networks using encapsulation techniques, e.g. tunneling · CPC title

Patent family

Related publications grouped by family.

View patent family 56130773

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10944811B2 cover?: Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and …
Who is the assignee on this patent?: Vmware Inc
What technology area does this patent fall under?: Primary CPC classification H04L67/10. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 09 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).