What technology area does this patent fall under?

Primary CPC classification H04L43/0894. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Jun 23 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Hybrid cloud network monitoring system for tenant use

US2016182336A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016182336-A1
Application number	US-201414579911-A
Country	US
Kind code	A1
Filing date	Dec 22, 2014
Priority date	Dec 22, 2014
Publication date	Jun 23, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM.

First claim

Opening claim text (preview).

We claim: 1 . A method for monitoring network traffic in a cloud computing system, the method comprising: receiving a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system; instantiating a decapsulating VM having a first network interface and a second network interface, wherein the decapsulating VM is inaccessible to the first tenant organization; establishing an encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM; decapsulating, by execution of the decapsulating VM, a plurality of packets comprising captured network traffic received via the encapsulated port mirroring session; and forwarding the captured network traffic via the second network interface of the decapsulating VM to a sniffer VM. 2 . The method of claim 1 , wherein the encapsulated port mirroring session comprises an Encapsulated Remote Switched Port Analyzer (ERSPAN) session configured to encapsulate captured Layer-2 network traffic at the tenant port using Layer-3 packets. 3 . The method of claim 1 , wherein decapsulating the plurality of packets comprising the captured network traffic received via the encapsulated port mirroring session further comprises: extracting the captured network traffic from the plurality of packets comprised of Layer-3 packets, wherein the captured network traffic comprises Layer-2 packets; and modifying a destination MAC address of the captured network traffic to be a MAC address associated with the sniffer VM. 4 . The method of claim 1 , wherein the first VM is executing on a first host and the decapsulating VM is executing on a second host inaccessible to the first tenant organization. 5 . The method of claim 1 , wherein the sniffer VM is managed by the first tenant organization and includes a network traffic analyzer application. 6 . The method of claim 1 , wherein forwarding the captured network traffic via the second network interface of the decapsulating VM to the sniffer VM further comprises: transmitting the captured network traffic to the sniffer VM via a virtual distributed switch shared by the decapsulating VM and the sniffer VM. 7 . The method of claim 1 , further comprising: launching a plurality of sending threads executing in parallel with one another, each sending thread corresponding to one of a plurality of sniffer VMs, wherein each sending thread forwards captured network traffic via the second network interface of the decapsulating VM to the corresponding sniffer VM. 8 . A non-transitory computer-readable medium comprising instructions executable by a host computer in a cloud computing system, where the instructions, when executed, cause the host computer to carry out a method for monitoring network traffic in the cloud computing system, the method comprising: receiving a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system; instantiating a decapsulating VM having a first network interface and a second network interface, wherein the decapsulating VM is inaccessible to the first tenant organization; establishing an encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM; decapsulating, by execution of the decapsulating VM, a plurality of packets comprising captured network traffic received via the encapsulated port mirroring session; and forwarding the captured network traffic via the second network interface of the decapsulating VM to a sniffer VM. 9 . The computer-readable medium of claim 8 , wherein the encapsulated port mirroring session comprises an Encapsulated Remote Switched Port Analyzer (ERSPAN) session configured to encapsulate captured Layer-2 network traffic at the tenant port using Layer-3 packets. 10 . The computer-readable medium of claim 8 , wherein decapsulating the plurality of packets comprising the captured network traffic received via the encapsulated port mirroring session further comprises: extracting the captured network traffic from the plurality of packets comprised of Layer-3 packets, wherein the captured network traffic comprises Layer-2 packets; and modifying a destination MAC address of the captured network traffic to be a MAC address associated with the sniffer VM. 11 . The computer-readable medium of claim 8 , wherein the first VM is executing on a first host and the decapsulating VM is executing on a second host inaccessible to the first tenant organization. 12 . The computer-readable medium of claim 8 , wherein the sniffer VM is managed by the first tenant organization and includes a network traffic analyzer application. 13 . The computer-readable medium of claim 8 , wherein forwarding the captured network traffic via the second network interface of the decapsulating VM to the sniffer VM further comprises: transmitting the captured network traffic to the sniffer VM via a virtual distributed switch shared by the decapsulating VM and the sniffer VM. 14 . The computer-readable medium of claim 8 , wherein the method further comprises: launching a plurality of sending threads executing in parallel with one another, each sending thread corresponding to one of a plurality of sniffer VMs, wherein each sending thread forwards captured network traffic via the second network interface of the decapsulating VM to the corresponding sniffer VM. 15 . A cloud computing system, comprising: a plurality of host computers, each of which is configured to execute one or more virtual machines (VMs) therein; and a management server configured to manage resources of the cloud computing system, wherein the plurality of host computers and the management server are programmed to carry out a method for monitoring network traffic in the cloud computing system, the method comprising: receiving a request to capture network traffic of a tenant port of a first VM executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system; instantiating a decapsulating VM having a first network interface and a second network interface, wherein the decapsulating VM is inaccessible to the first tenant organization; establishing an encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM; decapsulating, by execution of the decapsulating VM, a plurality of packets comprising captured network traffic received via the encapsulated port mirroring session; and forwarding the captured network traffic via the second network interface of the decapsulating VM to a sniffer VM. 16 . The system of claim 15 , wherein the encapsulated port mirroring session comprises an Encapsulated Remote Switched Port Analyzer (ERSPAN) session configured to encapsulate captured Layer-2 network traffic at the tenant port using Layer-3 packets. 17 . The system of claim 15 , wherein decapsulating the plurality of packets comprising the captured network traffic received via the encapsulated port mirroring session further comprises: extracting the captured network traffic from the plurality of packets com

Assignees

Vmware Inc

Inventors

Classifications

H04L12/4633
Interconnection of networks using encapsulation techniques, e.g. tunneling · CPC title
H04L43/0894Primary
Packet rate · CPC title
H04L67/10Primary
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
H04L43/20
the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV · CPC title
H04L43/12
Network monitoring probes · CPC title

Patent family

Related publications grouped by family.

View patent family 56130773

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016182336A1 cover?: Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and …
Who is the assignee on this patent?: Vmware Inc
What technology area does this patent fall under?: Primary CPC classification H04L43/0894. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Jun 23 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).