公开(公告)号：US10051006B2

公开(公告)日：2018-08-14

申请号：US15147125

申请日：2016-05-05

Applicant: IXIA

Inventor： Scott Register ,  Shardendu Pandey ,  Glenn Chagnot ,  Deepesh Arora

IPC: H04L29/06 ,  H04L12/26

Abstract: Latency-based timeouts are used for concurrent security processing by multiple in-line network security tools. A network system forwards secure network packets to the tools and uses latency-based timeouts with respect to the return of processed packets from the tools. Initially, the network system measures processing latencies for the tools and sets at least one timeout threshold based upon the processing latencies. The network system then receives an input packet from a network source, generates a timestamp, concurrently sends an output packet to the tools based upon the input packet, tracks return packets from the tools, and determines whether a timeout has occurred with respect to the timeout threshold based upon a difference between the timestamp and a current timestamp. If a timeout does not occur, a secure packet is forwarded to a network destination. If a timeout does occur, return packet tracking for the input packet is ended.

公开(公告)号：US10278087B2

公开(公告)日：2019-04-30

申请号：US15721073

申请日：2017-09-29

Applicant: Ixia

Inventor： Bogdan Ţenea ,  Robin Lee O'Connor ,  Shardendu Pandey ,  Alan Richard Schwenk

IPC: H04W8/02 ,  H04W24/08 ,  H04L12/26 ,  H04L12/46

Abstract: The subject matter described herein includes methods, systems, and computer readable media for correlating, load balancing and filtering tapped GTP and non-GTP packets. One method for correlating, load balancing and filtering tapped GTP and non-GTP packets includes receiving GTP packets tapped from a plurality of GTP network tap points. The method further includes receiving non-GTP packets tapped from at least one non-GTP network tap point. The method further includes correlating GTP packets with non-GTP packets for a particular subscriber. The method further includes forwarding the GTP packets and non-GTP packets correlated for the particular subscriber to a network monitoring tool.

公开(公告)号：US20170324778A1

公开(公告)日：2017-11-09

申请号：US15147125

申请日：2016-05-05

Applicant: IXIA

Inventor： Scott Register ,  Shardendu Pandey ,  Glenn Chagnot ,  Deepesh Arora

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/20 ,  H04L43/0864 ,  H04L43/106 ,  H04L43/16

Abstract: Latency-based timeouts are used for concurrent security processing by multiple in-line network security tools. A network system forwards secure network packets to the tools and uses latency-based timeouts with respect to the return of processed packets from the tools. Initially, the network system measures processing latencies for the tools and sets at least one timeout threshold based upon the processing latencies. The network system then receives an input packet from a network source, generates a timestamp, concurrently sends an output packet to the tools based upon the input packet, tracks return packets from the tools, and determines whether a timeout has occurred with respect to the timeout threshold based upon a difference between the timestamp and a current timestamp. If a timeout does not occur, a secure packet is forwarded to a network destination. If a timeout does occur, return packet tracking for the input packet is ended.

公开(公告)号：US20160323166A1

公开(公告)日：2016-11-03

申请号：US14699056

申请日：2015-04-29

Applicant: IXIA

Inventor： Shardendu Pandey ,  Scott Register

IPC: H04L12/26 ,  H04L12/741

CPC classification number: H04L43/087 ,  H04L43/04 ,  H04L43/12

Abstract: Signature-based latency extraction systems and related methods are disclosed for network packet communications. Disclosed embodiments generate packet signatures (e.g., hash values) for packets received with respect to points within a network packet communication system. For each received packet, its packet signature is compared to packet signatures stored for previously received packets. If no match is found, the packet signature and a timestamp associated with the newly received packet are stored within one or more packet data tables. If a match is found, then the difference between the timestamp associated with the newly received packet and a timestamp stored with the matching packet signature are used to determine a latency value. The latency values can then be used to determine a variety of latency-related parameters for the network infrastructure being measured, and classification information can also be used to generate latency-related histograms. A variety of embodiments can be implemented.

Abstract translation: 公开了基于签名的延迟提取系统和相关方法用于网络分组通信。 公开的实施例针对网络分组通信系统内的点接收到的分组生成分组签名（例如，哈希值）。 对于每个接收的分组，将其分组签名与为先前接收的分组存储的分组签名进行比较。 如果没有找到匹配，则将分组签名和与新接收的分组相关联的时间戳存储在一个或多个分组数据表中。 如果找到匹配，则使用与新接收到的分组相关联的时间戳与使用匹配分组签名存储的时间戳之间的差异来确定等待时间值。 然后可以使用等待时间值来确定正在测量的网络基础设施的各种等待时间相关参数，并且分类信息也可以用于生成延迟相关的直方图。 可以实现各种实施例。

公开(公告)号：US10333896B2

公开(公告)日：2019-06-25

申请号：US15147174

申请日：2016-05-05

Applicant: IXIA

Inventor： Scott Register ,  Shardendu Pandey ,  Glenn Chagnot

IPC: H04L29/00 ,  H04L29/06 ,  G06F16/901 ,  H04L12/761 ,  H04L12/26

Abstract: Systems and methods provide concurrent security processing for multiple network security tools. An input packet is received at a network packet forwarding system from a network packet source, and the network packet forwarding system concurrently sends an output packet based upon the input packet to multiple security tools. Return packets are received based upon the output packet from the security tools after their respective security processing. Once return packets are received from each of the security tools, the network packet forwarding system forwards a secure packet to a packet destination. If a timeout occurs before all return packets are received, the network packet forwarding system can assume that the original packet was unsafe and discard information stored for the input packet. If security tools are configured to modify packets, these modifications can also be tracked.

公开(公告)号：US09800482B2

公开(公告)日：2017-10-24

申请号：US14699056

申请日：2015-04-29

Applicant: IXIA

Inventor： Shardendu Pandey ,  Scott Register

IPC: H04L12/26

CPC classification number: H04L43/087 ,  H04L43/04 ,  H04L43/12

Abstract: Signature-based latency extraction systems and related methods are disclosed for network packet communications. Disclosed embodiments generate packet signatures (e.g., hash values) for packets received with respect to points within a network packet communication system. For each received packet, its packet signature is compared to packet signatures stored for previously received packets. If no match is found, the packet signature and a timestamp associated with the newly received packet are stored within one or more packet data tables. If a match is found, then the difference between the timestamp associated with the newly received packet and a timestamp stored with the matching packet signature are used to determine a latency value. The latency values can then be used to determine a variety of latency-related parameters for the network infrastructure being measured, and classification information can also be used to generate latency-related histograms. A variety of embodiments can be implemented.

公开(公告)号：US20190098522A1

公开(公告)日：2019-03-28

申请号：US15721073

申请日：2017-09-29

Applicant: Ixia

Inventor： Bogdan Tenea ,  Robin Lee O'Connor ,  Shardendu Pandey ,  Alan Richard Schwenk

IPC: H04W24/08 ,  H04L12/26

Abstract: The subject matter described herein includes methods, systems, and computer readable media for correlating, load balancing and filtering tapped GTP and non-GTP packets. One method for correlating, load balancing and filtering tapped GTP and non-GTP packets includes receiving GTP packets tapped from a plurality of GTP network tap points. The method further includes receiving non-GTP packets tapped from at least one non-GTP network tap point. The method further includes correlating GTP packets with non-GTP packets for a particular subscriber. The method further includes forwarding the GTP packets and non-GTP packets correlated for the particular subscriber to a network monitoring tool.

公开(公告)号：US20170324708A1

公开(公告)日：2017-11-09

申请号：US15147174

申请日：2016-05-05

Applicant: IXIA

Inventor： Scott Register ,  Shardendu Pandey ,  Glenn Chagnot

IPC: H04L29/06 ,  H04L12/761 ,  H04L12/26 ,  G06F17/30

CPC classification number: H04L63/0227 ,  G06F16/9014 ,  H04L43/0864 ,  H04L45/16 ,  H04L63/20

Abstract: Systems and methods provide concurrent security processing for multiple network security tools. An input packet is received at a network packet forwarding system from a network packet source, and the network packet forwarding system concurrently sends an output packet based upon the input packet to multiple security tools. Return packets are received based upon the output packet from the security tools after their respective security processing. Once return packets are received from each of the security tools, the network packet forwarding system forwards a secure packet to a packet destination. If a timeout occurs before all return packets are received, the network packet forwarding system can assume that the original packet was unsafe and discard information stored for the input packet. If security tools are configured to modify packets, these modifications can also be tracked.