US Pat. No. 9,813,357

FILTRATION OF NETWORK TRAFFIC USING VIRTUALLY-EXTENDED TERNARY CONTENT-ADDRESSABLE MEMORY (TCAM)

Gigamon Inc., Santa Clar...

1. A method of utilizing ternary content-addressable memory (TCAM) distributed across network appliances within a network
traffic visibility fabric, the method comprising:
receiving a first data packet at a first ingress port of a first network appliance and a second data packet at a second ingress
port of the first network appliance;

tagging, by the first network appliance, the first data packet with a first identifier based on the first ingress port;
tagging, by the first network appliance, the second data packet with a second identifier based on the second ingress port;
determining, by the first network appliance, whether each of the first data packet and the second data packet should be filtered
using a first set of filtering rules stored within the first network appliance or a second set of filtering rules stored within
a second network appliance,

wherein said determining is based on the identifier with which the first data packet and the second data packet are tagged;
upon determining that the first data packet should be filtered using the first set of filtering rules,
applying, by the first network appliance, a first filtering rule of the first set of filtering rules to the first data packet,
wherein the first filtering rule is determined based on the first identifier with which the first data packet is tagged; and
transmitting, by the first network appliance, the first data packet to the second network appliance; and
upon determining that the second data packet should be filtered using the second set of filtering rules,
transmitting, by the first network appliance, the second data packet to the second network appliance; and
applying, by the second network appliance, a second filtering rule of the second set of filtering rules to the second data
packet,

wherein the second filtering rule is determined based on the second identifier with which the second data packet is tagged.

US Pat. No. 9,674,192

SECURITY ACCESS FOR A SWITCH DEVICE

Gigamon Inc., Santa Clar...

1. A method for providing user access to a network switch appliance, comprising:
receiving from a user a request to access a configuration item for the network switch appliance, the network switch appliance
configured to pass packets received from a network to a network monitoring instrument, the configuration item including a
network port of the network switch appliance configured to receive the packets from the network and an instrument port of
the network switch appliance configured to pass the packets to the networking monitoring instrument, the network port being
a different port from the instrument port;

obtaining access level assignment information associated with the user for the configuration item from an access information
dataset including access information for a plurality of users corresponding to the network port and/or the instrument port,
wherein the access information dataset includes a first set of access levels associated with the network port and a second
set of access levels associated with the instrument port; and

determining, using a processing unit, an access level associated with the user for the configuration item for the network
switch appliance based on information regarding the user and the access level assignment information.

US Pat. No. 9,413,859

SYSTEMS AND METHODS FOR PROCESSING PACKETS

Gigamon Inc., Santa Clar...

1. A network switch apparatus, comprising:
a plurality of network ports configured to receive packets;
a plurality of instrument ports configured to communicate with respective network monitoring instruments;
a non-transitory medium storing a plurality of rules, each of the rules being expressly associated with at least one of the
plurality of network ports, the plurality of rules including a particular rule expressly associated with at least one but
not all of the plurality of network ports;

a packet duplication module configured to
identify a network port, in the plurality of network ports, as the network port that received a packet;
identify the particular rule of the plurality of rules, based on identification of the network port that received the packet
and the express association between the particular rule and the network port that received the packet;
determine a number of copies of the packet to make, based on the particular rule; and copy the packet according to the determined
number of copies to provide multiple packets that are identical to each other;
a tagging module configured to tag the multiple packets with different respective identifiers, wherein the multiple packets
comprise an original VLAN tag, and wherein different respective identifiers comprise an additional outer VLAN tag to obtain
tagged packets; and

a processing unit coupled to the plurality of instrument ports;
wherein the processing unit is configured to determine whether a first one of the tagged packets satisfies a first criterion,
and whether a second one of the tagged packets satisfies a second criterion; and

wherein the processing unit is also configured to process the first one of the tagged packets in a first manner if the first
one of the tagged packets satisfies the first criterion, and process the second one of the tagged packets in a second manner
if the second one of the tagged packets satisfies the second criterion.

US Pat. No. 9,912,575

ROUTING NETWORK TRAFFIC PACKETS THROUGH A SHARED INLINE TOOL

Gigamon Inc., Santa Clar...

1. A method comprising:
receiving, at a first input network port of a network device, a network packet from a source network node and destined for
a destination network node, the destination and source network nodes being external to the network device;

recording an association between the first input network port and a signature of the network packet;
routing the network packet, without modifying contents of the network packet, through a first tool port of the network device
to an external inline tool, after recording the association;

receiving the network packet from the external inline tool through a second tool port of the network device;
in response to receiving the network packet from the external inline tool, identifying a first output network port as a port
through which to send the network packet, based on the association, and based on a pairing relationship between the first
input network port and the first output network port that identifies the first output network port of the network device as
being paired with the first input network port; and

sending the network packet to the destination network node through the first output network port of the network device.

US Pat. No. 9,674,053

AUTOMATIC TARGET SELECTION

Gigamon Inc., Santa Clar...

1. A method of identifying targets for monitoring, comprising:
obtaining a user-defined filter map, the user-defined filter map having one or more filter rules for matching against network
traffic when the user-defined filter map is used by a network system to process the network traffic; and

determining a set of one or more targets by a processing unit based at least in part on the user-defined filter map, wherein
the processing unit comprises a target selection module configured to access a list of available targets from a database,
and select the one or more targets from the list of available targets based at least in part on the user-defined filter map,
wherein the target selection module is configured to select the one or more targets from the list of available targets based
on:


wherein V represents the list of available targets.

US Pat. No. 9,077,656

PACKET SWITCH METHODS AND SYSTEMS

GIGAMON INC., Santa Clar...

1. A packet switch configured to be connected to a traffic production network and a network monitoring instrument, the packet
switch comprising:
a network port to be connected to the traffic production network, wherein the packet switch is an out-of-band device with
respect to the traffic production network, and the network port is configured to receive packets from the traffic production
network;

an instrument port for communication with the network monitoring instrument; and
a computer-readable medium containing computer-executable instructions to operate the packet switch, comprising instructions
to:

establish a logical connection between the network port and the instrument port based on a network flow; and
forward packets received from the traffic production network through the network port to the instrument port based on the
packets belonging to the network flow.

US Pat. No. 9,184,995

TRAFFIC VISIBILITY IN AN OPEN NETWORKING ENVIRONMENT

Gigamon Inc., Santa Clar...

1. A method of monitoring network traffic, comprising:
accessing a network that includes a controller and a switch device having a flow table, wherein the controller is communicatively
coupled to the switch device, and is configured to program a behavior of the switch device through an openflow protocol; and

obtaining information regarding the programmed behavior of the switch device;
wherein the act of obtaining the information is performed by a network appliance that is communicatively coupled to the network,
and that is separate from the controller configured to program the behavior of the switch device, the network appliance being
configured to provide traffic visibility utilizing the openflow protocol.

US Pat. No. 9,794,193

SOFTWARE DEFINED VISIBILITY FABRIC

Gigamon Inc., Santa Clar...

1. A fabric manager comprising:
a memory unit storing information regarding a plurality of nodes, the information indicating characteristics that represent
packet processing efficiency and packet processing intelligence for each of the nodes of the plurality of nodes, wherein the
plurality of nodes includes a first node and a second node, and the characteristics indicate that the first node is at a first
level of a hierarchy of packet processing intelligence and at a second level of a hierarchy of packet processing efficiency,
the second node is at a second level of the hierarchy of packet processing intelligence and at a first level of the hierarchy
of packet processing efficiency, the first level of the hierarchy of packet processing intelligence corresponding to more
processing complexity than the second level of the hierarchy of packet processing intelligence, and the first level of the
hierarchy of packet processing efficiency corresponding to lower resource usage than the second level of the hierarchy of
packet processing efficiency;

a processing unit having a service chain creation module configured to create a service chain by connecting some of the plurality
of nodes via virtual links based on the information indicating the characteristics that represent packet processing efficiency
and packet processing intelligence for each of the nodes;

wherein the some of the plurality of nodes represent respective network components of an auxiliary network configured to obtain
packets from a traffic production network; and

wherein the service chain is configured to control an order of the network components represented by the some of the plurality
of nodes packets are to traverse.

US Pat. No. 9,379,816

TRANSCEIVERS WITH CONFIGURABLE INTEGRATED CIRCUIT

Gigamon Inc., Santa Clar...

1. A transceiver, comprising:
an optical interface for detachably coupling to an optical transmission device;
an optical-electrical conversion unit coupled to the optical interface;
a programmable logic device communicatively coupled to the optical-electrical conversion unit, the programmable logic device
including programmable logic; and

an electrical interface communicatively coupled to the programmable logic device, wherein the electrical interface is configured
for detachably coupling to a network switch appliance via an electrical transmission device;

wherein the programmable logic device is configured to:
receive user-specified program instructions; and
reconfigure the programmable logic to perform packet processing according to the user-specified program instructions;
wherein packet processing includes: packet filtering, packet slicing, time stamping, port labeling, packet masking, packet
modification, packet stripping, packet de-duplication, or a combination thereof.

US Pat. No. 9,455,957

MAP SHARING FOR A SWITCH DEVICE

Gigamon Inc., Santa Clar...

35. A method of implementing map sharing for a network switch appliance, the network switch appliance having a plurality of
network ports and a plurality of instrument ports, the method comprising: receiving a first input for creating a map for the
network switch appliance, wherein the map includes one or more packet processing rules, and wherein the act of receiving the
first input is performed by a processor; receiving a second input for prescribing a map sharing privilege for the map, wherein:
the second input includes a parameter for setting a level of the map sharing privilege; the level is selected from at least
two levels that include a first level and a second level; the map is viewable by a user to which the map is shared if the
map sharing privilege is set to be the first level; and the map is viewable, editable, and deletable by a user to which the
map is shared if the map sharing privilege is set to be the second level; and storing the map and the map sharing privilege
in association with the map in a machine-readable non-transitory storage medium;
receiving a third input representing a request to access the map; and
determining whether to allow the access to the map based on the level of the map sharing privilege.

US Pat. No. 9,231,889

PACKET SWITCH AND METHOD OF USE

Gigamon Inc., Santa Clar...

1. A packet switch device for providing visibility of traffic in a network, comprising:
a housing;
a processing unit located in the housing;
a first network port communicatively coupled to the processing unit, wherein the first network port is configured to communicate
with the network;

a second network port communicatively coupled to the processing unit, wherein the second network port is configured to communicate
with the network;

at least one instrument port communicatively coupled to the processing unit, the at least one instrument port configured to
communicate with a first network monitoring instrument;

wherein the processing unit is configured to support a predetermined movement of packets from one or both of the first and
second network ports to the at least one instrument port; and

wherein the network is configured to transmit network traffic from a first node to a second node, the second node being an
intended recipient of the network traffic transmitted from the first node, and wherein the packet switch device is not a part
of the network, and wherein the packet switch device is configured to receive a copy of the network traffic from tapping the
network for processing by the processing unit.

US Pat. No. 10,142,130

MULTI-PATH ARRANGEMENT OF REDUNDANT INLINE-BYPASS SWITCHES

Gigamon Inc., Santa Clar...

1. An inline-bypass switch appliance, comprising:a first communication interface configured to receive a packet from a second inline-bypass switch appliance;
a second communication interface through which to send packets to a first inline tool for processing; and
a controller configured to receive a state signal indicative of an interaction of the packet with the second inline-bypass switch appliance, wherein the controller is configured to provide the packet to the first inline tool based on the state signal indicating that the second inline-bypass switch appliance did not process the packet using a second inline tool associated with the second inline-bypass switch appliance, and the controller is configured to transmit the packet to a third communication interface, bypassing the first inline tool, based on the state signal indicating that the second inline-bypass switch appliance processed the packet using the second inline tool.

US Pat. No. 9,674,074

SYSTEMS AND METHODS FOR STOPPING AND STARTING A PACKET PROCESSING TASK

Gigamon Inc., Santa Clar...

1. A method comprising:
receiving a plurality of packets at an ingress port of a network switch appliance from a plurality of nodes on a computer
network, wherein the plurality of packets include duplicate packets;

repeatedly determining, by the network switch appliance, a workload of the network switch appliance;
if the workload is below a first prescribed threshold:
performing, by the network switch appliance, a packet de-duplication processing task on the received packets to identify and
discard the duplicate packets; and

internally forwarding, according to a user-configurable transmission scheme, the received packets, not including the discarded
duplicate packets, to an egress port of the network switch appliance for transmission to an external network monitoring instrument
and

if the workload is above the first prescribed threshold:
suspending the packet de-duplication processing task; and
internally forwarding, according to the user-configurable transmission scheme, the received packets, including the duplicate
packets, to the egress port of the network switch appliance for transmission to the external network monitoring instrument;

wherein the user-configurable forwarding scheme is not part of the packet de-duplication processing task and is independent
of an outcome of said determining the workload; and

wherein the user-configurable forwarding scheme defines transmission within the network switch appliance of at least some
of the received packets from the ingress port to the egress port of the network switch appliance, the egress port communicatively
coupled to the external network monitoring instrument.

US Pat. No. 9,077,689

INTELLIGENT PACKET SLICING

GIGAMON INC., Santa Clar...

1. A method for processing a packet, comprising:
obtaining a packet from a network, the obtained packet having at least a packet header, one or more packet fields, and a first
data payload;

determining one or more protocols used by the obtained packet;
based on the determined one or more protocols, determining a position of the first data payload; and
creating a modified packet based on the determined position of the first data payload, wherein the act of creating the modified
packet comprises removing or masking the first data payload based on the determined position of the first data payload.

US Pat. No. 10,164,908

FILTRATION OF NETWORK TRAFFIC USING VIRTUALLY-EXTENDED TERNARY CONTENT-ADDRESSABLE MEMORY (TCAM)

Gigamon Inc., Santa Clar...

1. A non-transitory computer-readable storage medium storing instructions, execution of which by a processor causes the processor to perform operations comprising:identifying a set of filtering rules to be used to filter data packets representing traffic in a computer network;
distributing the set of filtering rules amongst a first network appliance and a second network appliance;
monitoring space available in the first network appliance;
determining that space has become consumed in the first network appliance; and
in response to said determining,
causing exportation of a filtering rule from the first network appliance to the second network appliance.

US Pat. No. 10,063,671

SYSTEMS AND METHODS FOR PROCESSING PACKETS

Gigamon Inc., Santa Clar...

1. A method to efficiently distribute data traffic to a plurality of network monitoring instruments, the method comprising:receiving a packet on a network port;
in response to receiving the packet on the network port, copying the packet to produce a plurality of packets without analyzing the packet by creating a number of packets equal to a number of criteria in a plurality of criteria, wherein each criterion in the plurality of criteria corresponds to exactly one network monitoring instrument in the plurality of network monitoring instruments monitoring the network port;
in response to copying the packet, tagging each packet in the plurality of packets with a different unique identifier to produce a plurality of unique tagged packets, each of which is unique among the plurality of unique tagged packets, each said unique identifier representing a correspondence between a unique tagged packet and exactly one criterion in the plurality of criteria, each criterion including an action that includes mapping the packet to a port of a network monitoring instrument in the plurality of network monitoring instruments, wherein at least two of the plurality of unique tagged packets have the different unique identifier, and wherein each said unique identifier includes a Virtual Area Network (VLAN) tag;
for each unique tagged packet in the plurality of unique tagged packets, determining whether the unique tagged packet matches the criterion having the correspondence to the unique tagged packet, without determining whether the unique tagged packet matches a remainder of criteria in the plurality of criteria; and
in response to determining that the unique tagged packet matches the criterion having the correspondence to the unique tagged packet, performing the action associated with the criterion.

US Pat. No. 9,825,835

SYSTEMS AND METHODS FOR IMPLEMENTING A TRAFFIC VISIBILITY NETWORK

Gigamon Inc., Santa Clar...

1. A method of packet processing comprising:
operating a plurality of network appliances as a cluster, wherein two or more of
the plurality of network appliances in the cluster are communicatively coupled to each other via a first network;
receiving a packet from a second network by one of the network appliances in the cluster, the second network including a transmitting
node that transmits the packet and a receiving node that is an intended recipient of the packet;

determining a state of a source associated with the packet;
processing the packet based on the state of the source using two or more of the network appliances in the cluster;
and passing the packet from one or more of the network appliances in the cluster to one or more network monitoring tools,
the one or more network monitoring tools being configured to perform packet analysis and not being the intended recipient
of the packet, wherein said passing the packet includes, if the determined state of the source has a first state value, then
passing the packet to a first subset of the one or more network monitoring tools, and if the determined state of the source
has a second state value, then passing the packet to a second subset of the one or more network monitoring tools.

US Pat. No. 9,722,955

BUFFERED SESSION FILTERING FOR INLINE BYPASS APPLICATION

Gigamon Inc., Santa Clar...

1. A switch appliance, comprising:
a first network port for communication with a first node, the first network port configured to receive a packet;
a second network port for communication with a second node;
a first instrument port for communication with a first inline tool;
a buffer; and
a processing unit coupled to the first network port, the second network port, the first instrument port, and the buffer;
wherein the processing unit is configured to determine whether a packet processing state has been set as an inline-tool processing
state or a bypass state;

wherein the processing unit is configured to pass the packet to the second network port for transmission to the second node,
and also to store a copy of the packet in the buffer, if the packet processing state has not been set as the inline-tool processing
state nor the bypass state.

US Pat. No. 9,391,925

PACKET SWITCH METHODS AND SYSTEMS

Gigamon Inc., Santa Clar...

1. A method comprising:
receiving a plurality of packets at a network port of a network switch appliance, the network switch appliance including a
first instrument port coupled to a first network monitoring instrument that is external to the network switch appliance, wherein
the network switch appliance operates out-of-band with respect to a traffic production network, the plurality of packets including
a first packet received by the network switch appliance from the traffic production network; and

passing the first packet to the first instrument port, based on the packet belonging to a certain network flow.

US Pat. No. 9,225,669

PACKET SWITCH AND METHOD OF USE

Gigamon Inc., Santa Clar...

25. A method for providing visibility of traffic in a network performed by a packet switch device, comprising:
receiving packets at one or both of a first network port and a second network port at the packet switch device by tapping
the network;

passing the packets to at least one instrument port at the packet switch device, wherein the at least one instrument port
is communicatively coupled with a network monitoring instrument that is external to the packet switch device and is in communication
with the packet switch device via the at least one instrument port; and creating a filter by the packet switch device based
on a network event detected by the network monitoring instrument the filter being for packet filtering by the packet switch
device and having a filter criteria for matching against a portion of one of the packets received by the packet switch device.

US Pat. No. 9,219,700

NETWORK SWITCH WITH TRAFFIC GENERATION CAPABILITY

Gigamon Inc., Santa Clar...

1. A packet switch system, comprising:
a packet switch appliance having a plurality of network ports to receive packets, each of the network ports to receive packets
from a different one of a plurality of network nodes external to the packet switch system, and a plurality of instrument ports,
each configured to communicate with a different one of a plurality of network monitoring tools external to the packet switch
system, wherein the packet switch appliance is configured to perform packet transmission according to a user-configurable
transmission scheme, and wherein the packet switch appliance enables each of the following to be selected as the user-configurable
transmission scheme:

a) packet transmission from any specified one of the plurality of network ports to any specified one of the plurality of instrument
ports;

b) packet transmission from any specified one of the plurality of network ports to any specified two or more of the plurality
of instrument ports;

c) packet transmission from any specified two or more of the plurality of network ports to any specified one of the plurality
of instrument ports; and

d) packet transmission from any specified two or more of the plurality of network ports to any specified two or more of the
plurality of instrument ports;

wherein the user-configurable transmission scheme can vary from packet to packet;
a storage system to store the packets; and
an integrated circuit configured to retrieve the packets from the storage system and retroactively transmit the packets to
one or more of the plurality of instrument ports, for a transmission to a corresponding one or more of the plurality of network
monitoring tools, according to one or more of said transmission schemes a), b), c) or d) as previously configured and as applicable
for each packet.

US Pat. No. 10,057,143

AUTOMATIC TARGET SELECTION

Gigamon Inc., Santa Clar...

1. A method comprising:obtaining, by a processing device, a user-defined filter map, the user-defined filter map including a plurality of filter rules for matching against network traffic when the user-defined filter map is used by a network system to process the network traffic on a network that includes a plurality of targets;
determining, by the processing device, a subset of the plurality of targets on the network, wherein the subset is to be monitored by the network system based on the user-defined filter map, wherein said determining includes identifying, by the processing device, the targets of the plurality of targets whose ingress/egress traffic can potentially result in a match with the filter rules; and
selecting, for monitoring by the network system, the targets identified in said identifying, and excluding from monitoring by the network system each of the plurality of targets that was not identified in said identifying.

US Pat. No. 9,860,616

REDUCTION OF NETWORK CONNECTIVITY GAPS EXPERIENCED BY INLINE NETWORK APPLIANCES

Gigamon Inc., Santa Clar...

1. A method for reducing loss of network traffic when a network appliance is switched from a bypass state to a pass-through
state, the method comprising:
receiving an optical signal that includes the network traffic at an ingress port of the network appliance;
splitting the optical signal into a first portion and a second portion;
directing the first portion of the optical signal to a switching fabric and the second portion of the optical signal to an
optical switch that is coupled to an egress port of the network appliance;

determining that a network path of the network appliance is in the bypass state;
continually determining power intensity of the first portion of the optical signal; and
responsive to determining that the power intensity of the first portion of the optical signal exceeds a specified threshold,
switching the network path from the bypass state to the pass-through state by connecting the optical switch to a first path,
to cause the optical switch to receive at least some of the first portion of the optical signal from the switching fabric,

modifying a logical connectivity state of the network appliance from bypass to pass-through, and
storing the logical connectivity state in a memory of the network appliance.

US Pat. No. 9,584,413

SYSTEMS AND METHODS FOR DETERMINING INPUT AND OUT INTERFACES OF A NETWORK DEVICE AND COPIES OF A SAME PACKET GOING THROUGH THE NETWORK DEVICE

Gigamon Inc., Santa Clar...

1. A method performed by a network device that taps to a network having a routing device, comprising:
receiving a first packet tapped from the network;
determining a first information regarding an input interface of the routing device based on a destination address of the first
packet by comparing the destination address of the first packet with a source address of a discovery protocol packet, wherein
the first information is determined using a processing unit;

receiving a second packet tapped from the network;
determining a second information regarding an output interface of the routing device based on a source address of the second
packet, wherein the second information is determined using the processing unit;

determining a first CRC for the first packet;
determining a second CRC for the second packet; and
comparing the first CRC with the second CRC at the network device to determine whether the first packet and the second packet
are the same.

US Pat. No. 9,769,049

MONITORING VIRTUALIZED NETWORK

Gigamon Inc., Santa Clar...

1. A method of monitoring virtualized network, comprising:
receiving information regarding the virtualized network along with a packet having a header at a port of a network switch
appliance, the virtualized network contained within one or more physical hosts supporting a virtualized environment, wherein
the network switch appliance is configured to receive the packet in an out-of-band configuration; and

using the received information to determine whether to process the packet according to a first packet processing scheme or
a second packet processing scheme, wherein said using the received information includes determining to process the packet
using the first packet processing scheme in an event a header of the packet matches the received information and process the
packet using the second packet processing scheme in an event the header does not match the received information;

wherein the first packet processing scheme involves performing header stripping to remove the header of the packet, the header
being part of the packet when the packet is received at the port, and performing packet transmission to one of a plurality
of instrument ports at the network switch appliance after the header stripping, each of the instrument ports configured for
communicatively coupling to a network monitoring instrument; and

wherein the second packet processing scheme involves performing transmission of the packet having the header to one of the
plurality of instrument ports at the network switch appliance without performing any header stripping.

US Pat. No. 10,009,263

NETWORK SWITCH DEVICE FOR ROUTING NETWORK TRAFFIC THROUGH AN INLINE TOOL

Gigamon Inc., Santa Clar...

1. A method comprising:receiving, at a first network port of a network device, a packet from a first network node external to the network device, the packet being destined for a second network node external to the network device; and
routing the packet, without modifying the packet, from the first network port to a first tool port of the network device for transmission to an external inline tool, wherein routing the packet from the first network port to the first tool port includes applying a MAC address learning mechanism to the packet received at the first network port, wherein the MAC address learning mechanism associates a MAC address corresponding to the packet with the first network port, and not applying a packet forwarding mechanism to the packet received at the first network port, and subsequently routing the packet from a second tool port of the network device to a second network port of the network device for transmission to the second network node, and wherein routing the packet to the second network node includes not applying the MAC address learning mechanism to the packet received at the second tool port and applying the packet forwarding mechanism to the packet received at the second tool port, wherein the packet forwarding mechanism is a mechanism for forwarding packets based on MAC addresses associated with the first network port.

US Pat. No. 9,960,953

BYPASS SWITCH FOR REDUNDANT IN-LINE NETWORK SWITCH APPLIANCE

Gigamon Inc., Santa Clar...

1. A network switch appliance comprising:a switching fabric; and
a bypass switch communicatively coupled to the switching fabric;
wherein the network switch appliance has a first state and a second state; and
wherein the bypass switch is configured to:
when the network switch appliance is in the first state, complete a communication path between a tool and a node on a computer network via the switching fabric; and
when the network switch appliance is in the second state, complete a communication path between the tool and the node on the computer network via a second network switch appliance, bypassing the switching fabric;
the tool, node, and the second network switch appliance each being external to the network switch appliance.

US Pat. No. 10,142,210

IN-LINE TOOL PERFORMANCE MONITORING AND ADAPTIVE PACKET ROUTING

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a first packet, via a network port of a network switch appliance, from a source node on a computer network, the first packet destined for a destination node on the computer network;
forwarding the first packet, by the network switch appliance, to an in-line tool for processing via a first route;
storing, by the network switch appliance, information associated with the first packet as an entry in a key-value data structure, the entry including:
a source node identifier associated with the source node as a key; and
a payload data identifier and first timestamp as values associated with the key, the first timestamp based on a time of forwarding the first packet to the first packet to the in-line tool;
receiving the first packet, by the network switch appliance, from the in-line tool after the processing;
identifying, by the network switch appliance, the first packet received from the in-line tool as the same first packet forwarded to the in-line tool based on the entry in the key-value data structure; and
measuring, by a processor in the network switch appliance, a latency in network traffic through the in-line tool based on a difference between the first timestamp and a second timestamp, the second timestamp based on a time of receiving the first packet from the in-line tool.

US Pat. No. 9,843,460

MULTI-PATH ARRANGEMENT OF REDUNDANT INLINE-BYPASS SWITCHES

Gigamon Inc., Santa Clar...

1. An inline-bypass switch system, comprising:
a first inline-bypass switch appliance having a first bypass component, a second bypass component, a first switch coupled
to the first bypass component and the second bypass component, a first controller, and a communication interface; and

a second inline-bypass switch appliance having a third bypass component, a fourth bypass component, a second switch coupled
to the third bypass component and the fourth bypass component, and a second controller;

wherein the first controller in the first inline-bypass switch appliance is configured to provide one or more state signals
that is associated with a state of the first inline-bypass switch appliance;

wherein the communication interface is configured to output the one or more state signals for reception by the second inline-bypass
switch appliance; and

wherein the second controller in the second inline-bypass switch appliance is configured to control the second bypass component
based at least in part on the one or more state signals.

US Pat. No. 9,571,393

SYSTEMS AND METHODS FOR PROCESSING PACKETS TAPPED FROM A NETWORK

Gigamon Inc., Santa Clar...

1. A method performed by a network device that taps to a network having a routing device, comprising:
determining a first information regarding an input interface of the routing device for a packet using a processing unit by:
receiving a first packet tapped from the network; and
determining the first information based on a destination address of the first packet by comparing the destination address
of the first packet with a source address of a discovery protocol packet;

determining a second information regarding an output interface of the routing device for the packet using the processing unit;
determining whether the packet belongs to a user-defined category based on one or more mapping formation defined at the network
device; and

storing the packet, the first information regarding the input interface of the routing device, the second information regarding
the output interface of the routing device, and information regarding the user-defined category in a non-transitory medium
in association with each other.

US Pat. No. 9,906,401

NETWORK VISIBILITY APPLIANCES FOR CLOUD COMPUTING ARCHITECTURES

Gigamon Inc., Santa Clar...

1. A system for monitoring virtualized traffic, the system comprising:
an agent that, when in operation, is hosted by a virtual machine and configured to
monitor virtualized traffic traversing the virtual machine, and
forward the virtualized traffic to an ingress endpoint of a first tunnel; and
a network visibility appliance configured to
receive the virtualized traffic at an egress endpoint of the first tunnel, and
forward at least a portion of the virtualized traffic to an ingress endpoint of a second tunnel for transmission to a network
tool.

US Pat. No. 10,027,677

SECURITY ACCESS FOR A SWITCH DEVICE

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a request, from a user, to implement a configuration item for a network switch appliance, the configuration item relating to a network port of the network switch appliance configured to receive packets from a network and an instrument port of the network switch appliance configured to pass received packets a network monitoring instrument;
ascertaining, by a processor, an access level associated with the user for the configuration item for the network switch appliance based on information regarding the user and access level assignment information,
wherein the access level assignment information includes a first set of access levels associated with the network port and a second set of access levels associated with the instrument port; and
authorizing or denying implementation of the configuration item based on the ascertained access level associated with the user.

US Pat. No. 10,659,392

REDUNDANT INLINE-BYPASS SWITCH

Gigamon Inc., Santa Clar...

1. A method comprising:receiving, at a network appliance, a plurality of packets and a state signal from another network node that is external to the network appliance and that is coupled to a source node, the state signal being indicative of a state of the other network node;
forwarding the plurality of packets by the network appliance based on the state signal, wherein the forwarding includes:
in response to the state signal being indicative of a first state, forwarding a first packet within the first network switch appliance to a communication component in the network appliance without sending the first packet to an inline tool that is external to the network appliance, the communication component being configured to transmit the packets onto a network connection for communication to a destination node, and
in response to the state signal being indicative of a second state, forwarding a second packet by the network appliance to the inline tool and subsequently receiving the second packet at the communication component of the network switch appliance from the inline tool; and
transmitting the plurality of packets, including the first packet and the second packet, by the communication component of the network appliance, onto the network connection for communication to the destination node.

US Pat. No. 10,057,170

INTELLIGENT DROPPING OF PACKETS IN A NETWORK VISIBILITY FABRIC

Gigamon Inc., Santa Clar...

1. A method for selectively dropping data packets received by a visibility fabric of a computer network, the method comprising:receiving a first data packet at a first ingress port of a network appliance of the visibility fabric and a second data packet at a second ingress port of the network appliance;
identifying a first flow map for the first data packet and a second flow map for the second data packet;
identifying a first traffic priority of the first flow map and a second traffic priority of the second flow map;
continually monitoring congestion of a first egress port of the network appliance;
based on a determination that the congestion of the first egress port exceeds a first threshold,
determining that the first flow map has a lower priority than the second flow map;
forwarding the second data packet corresponding to the second flow map to the first egress port for transmission downstream to a first network tool;
continually monitoring congestion of a second egress port of the network appliance; and
based on a determination that the congestion of the second egress port does not exceed a second threshold,
forwarding the first data packet corresponding to the first flow map to the second egress port for transmission downstream to a second network tool.

US Pat. No. 10,291,625

SECURITY ACCESS FOR A SWITCH DEVICE

Gigamon Inc., Santa Clar...

1. A system comprising:a network port of a network switch appliance configured to receive packets from a network;
an instrument port of the network switch appliance configured to pass received packets to a network monitoring instrument; and
a processor to ascertain an access level to a configuration item for the network switch appliance, wherein the access level is based on a first set of access levels associated with the network port and a second set of access levels associated with the instrument port.

US Pat. No. 10,177,963

NETWORK VISIBILITY APPLIANCES FOR CLOUD COMPUTING ARCHITECTURES

Gigamon Inc., Santa Clar...

1. A network visibility appliance comprising:an ingress port through which to receive data packets from an originating source,
wherein the data packets are part of virtualized data traffic of a virtual machine;
an egress port through which to forward at least some of the data packets to a network tool; and
a virtual programmable switch configured to
apply a traffic policy to filter the data packets received at the ingress port,
establish a tunnel between the egress port and the network tool, and
forward the filtered data packets to the egress port for transmission to the network tool via the tunnel.

US Pat. No. 10,178,026

FLEXIBLE INLINE ARRANGEMENTS FOR GUIDING TRAFFIC THROUGH NETWORK TOOLS

Gigamon Inc., Santa Clar...

1. A method for configuring a guiding arrangement to be implemented by a packet broker, the method comprising:receiving the guiding arrangement, the guiding arrangement indicative to the packet broker of how to guide data packets through a specific sequence of inline inspection devices that are coupled to the packet broker;
identifying egress ports through which the packet broker forwards data packets to the inline inspection devices;
for each egress port,
implementing an egress translation scheme that causes an internal identifier appended to each data packet by the packet broker to be translated to an external identifier before transmission to a corresponding inline inspection device; and
identifying ingress ports through which the packet broker receives data packets from the inline inspection devices;
for each ingress port,
implementing an ingress translation scheme that causes the external identifier appended to each data packet by the packet broker to be translated to another internal identifier.

US Pat. No. 10,178,049

REDUNDANT INLINE-BYPASS SWITCH

Gigamon Inc., Santa Clar...

1. A method comprising:receiving, at a first network switch appliance, packets and a state signal from a second network switch appliance that is external to the first network switch appliance and that is coupled to a source node, the state signal indicating a state of the second network switch appliance;
forwarding the packets by the first network switch appliance based on the state signal, wherein the forwarding includes:
if the state signal is in a first state, forwarding the packets by a first communication component in the first network switch appliance to a second communication component of the first network switch appliance without sending the packets to an inline tool that is external to the first network switch appliance and the second network switch appliance, and
if the state signal is in a second state, forwarding the packets by the first communication component to the inline tool and subsequently receiving the packets by the second communication component in the network switch appliance from the inline tool; and
transmitting the packets from the second communication component onto a network connection for communication to a destination node.

US Pat. No. 10,154,323

REDUCTION OF NETWORK CONNECTIVITY GAPS EXPERIENCED BY INLINE NETWORK APPLIANCES

Gigamon Inc., Santa Clar...

1. A method comprising:receiving an optical signal at an ingress port of a network appliance;
splitting the optical signal into a first portion and a second portion;
directing the first portion of the optical signal to a switching fabric along a pass-through traffic path; and
directing the second portion of the optical signal to an optical switch along a bypass traffic path,
wherein the optical switch is coupled to an egress port of the network appliance.

US Pat. No. 10,341,368

SELECTIVE MODIFICATION OF DATA PACKETS FOR NETWORK TOOL VERIFICATION

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a data packet at a network port of a network appliance that is configured to forward data packets along a data path from an originating node to a destination node on a network;
identifying, by the network appliance, a flow map associated with the data packet, where the flow map represents a policy for how the data packet is to be handled by the network appliance;
determining, by the network appliance, whether a simulated error mode has been enabled for the flow map;
in response to determining that the simulated error mode has been enabled,
modifying, by the network appliance, the data packet to produce a modified data packet that mimics abnormal traffic;
injecting, by the network appliance, the modified data packet into an outgoing traffic flow to be forwarded to a tool port of the network appliance for transmission downstream to a network tool, where the outgoing traffic flow includes the modified data packet and at least one unmodified data packet;
monitoring, by the network appliance, whether the modified data packet is blocked by the network tool in accordance with a security protocol, by determining whether the modified data packet is included in an incoming traffic flow received from the network tool; and
based on a determination of whether the modified data packet was blocked by the network tool,
generating, by the network appliance, an indication of health of the network tool that is indicative of whether the network tool is operating properly.

US Pat. No. 10,341,203

POLICY TRACKING IN A NETWORK THAT INCLUDES VIRTUAL DEVICES

Gigamon Inc., Santa Clar...

1. A method performed by a network device, the method comprising:receiving, by the network device, an input signal from a device other than the network device, the input signal including an indication that the device other than the network device detected a change in a configuration of a first node or a second node of an auxiliary network from a first configuration to a second configuration, wherein the first node of the auxiliary network is configured to obtain copies of traffic production packets from a traffic production network, the first node is at a boundary between the auxiliary network and the traffic production network, the auxiliary network is not a part of the traffic production network, the second node of the auxiliary network is configured to obtain at least some of the copies of traffic production packets from the first node, and each of the first node and the second node is configured to provide at least one of a packet filtering service, a packet manipulation service, or a packet forwarding service for the copies of traffic production packets;
determining, by the network device, a first network policy including at least one of a rule or criterion that prescribes a first type of packet of the traffic production packets for processing in accordance with a first network objective and precludes from processing another type of packet of the traffic production packets, wherein the first network policy is for application on the copies of traffic production packets in the first node or the second node of the auxiliary network when the first node or the second node of the auxiliary network is in the first configuration;
determining, by the network device, a second network policy that is independent of and distinct from the first network policy and prescribes a second type of packet of the traffic production packets for processing in accordance with a second network objective and precludes from processing another type of packet of the traffic production packets, wherein the second network objective is distinct from the first network objective, is based on the change in the configuration of the first node or the second node of the auxiliary network as indicated in the input signal received from the device other than the network device, and is for application on the copies of traffic production packets in the first node or the second node of the auxiliary network when the first node or the second node of the auxiliary network is in the second configuration; and
deploying, by the network device, the second network policy for application on the copies of traffic production packets in the first node or the second node of the auxiliary network such that the network device automatically adjusts the at least one of a rule or a criterion for processing the copies of traffic production packets by the auxiliary network in accordance with the second network objective as a result of the change in the configuration of the first node or the second node of the auxiliary network as detected by the device other than the network device, wherein the second network policy is for replacing the first network policy, and the second network policy is configured to achieve an objective previously desired to be achieved by the first network policy.

US Pat. No. 10,404,591

STATUS MONITORING OF INLINE NETWORK TOOLS

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a packet guidance arrangement at a packet broker, the packet guidance arrangement indicative to the packet broker of how to forward a plurality of data packets through a specific sequence of a plurality of inline inspection devices, each of which is coupled directly to the packet broker, the packet broker being configured to send each data packet of the plurality of data packets to each of the inline inspection devices in said specific sequence such that after being sent to any one of the inline inspection devices, each data packet of the plurality of data packets returns to the packet broker for subsequent forwarding by the packet broker to another one of the inline inspection devices in the specific sequence or to another destination;
identifying a plurality of ingress ports through which the packet broker receives data packets from the inline inspection devices;
for each ingress port of the plurality of ingress ports,
implementing an ingress translation scheme by which an external identifier appended to each data packet by the packet broker is translated to an internal identifier;
monitoring a current state of each inline inspection device of the plurality of inline inspection devices coupled to the packet broker;
determining a particular inline inspection device in the specific sequence of inline inspection devices has experienced a state change; and
based on a determination that the particular inline inspection device in the specific sequence of inline inspection devices has experienced the state change, redirecting a traffic flow by automatically adjusting a particular ingress translation scheme corresponding to an inline inspection device that immediately precedes the particular inline inspection device in the specific sequence of inline inspection devices,
wherein said redirecting the traffic flow by adjusting the particular ingress translation scheme includes translating an external identifier of a data packet corresponding to the inline inspection device that immediately precedes the particular inline inspection device to a new internal identifier corresponding to another inline inspection device in the specific sequence of inline inspection devices without modifying the packet guidance arrangement.

US Pat. No. 10,103,963

SELECTIVELY FORWARDING FLOW OF PACKETS IN A NETWORK APPLIANCE

Gigamon Inc., Santa Clar...

1. A method comprising:identifying a plurality of hash buckets, wherein a hash bucket in the plurality of hash buckets is associated with a flow of incoming packets;
creating a plurality of virtual ports, wherein each virtual port in the plurality of virtual ports corresponds to one hash bucket in the plurality of hash buckets;
creating a static mapping between the virtual port and an egress port of a network appliance;
receiving the flow of incoming packets at the network appliance; and
deciding, by the network appliance, a forwarding treatment to be applied to the flow of incoming packets, for forwarding the flow of incoming packets to the egress port of the network appliance, based on the virtual port to which the flow of incoming packets is assigned, and based on a detected network characteristic, wherein said deciding the forwarding treatment to be applied to the flow of incoming packets includes determining an action to perform based on the static mapping, a network bandwidth associated with the egress port, and a network traffic associated with the egress port, the action including one of forwarding the flow of incoming packets from the virtual port to the egress port, or dropping the flow of incoming packets.

US Pat. No. 10,505,834

SESSION AWARE ADAPTIVE PACKET FILTERING

Gigamon Inc., Santa Clar...

1. A method comprising:receiving, by a network device, a plurality of packets from a network;
storing, by a network device, the plurality of packets in a buffer while a session to which the plurality of packets belong has not been identified by the network device;
receiving, by the network device, a first packet from the network, wherein the first packet is not one of the plurality of packets;
identifying, by the network device, a session to which the first packet belongs, after storing the plurality of packets in the buffer, based on the first packet satisfying a first criterion, wherein the first criterion comprises the first packet satisfying a regular expression;
after identifying the session to which the first packet belongs,
determining, by the network device, that one or more of the plurality of packets stored in the buffer belong to said session, and performing, by the network device, a packet processing action on the first packet and on said one or more of the plurality of packets stored in the buffer that belong to said session;
receiving a second packet by the network device after said receiving the first packet, wherein the second packet is not one of the plurality of packets;
determining, by the network device, that the second packet belongs to said session based on a plurality of header values of the second packet, wherein the second packet does not satisfy the regular expression;
in response to determining that the second packet belongs to said session, performing, by the network device, the packet processing action on the second packet, wherein the packet processing action includes forwarding, by the network device, the second packet to one or more ports of the network device, for delivery to one or more external network tools, based on the identified session.

US Pat. No. 10,372,174

CABLE MANAGEMENT ASSEMBLIES FOR ELECTRONIC APPLIANCES

Gigamon Inc., Santa Clar...

1. An electromagnetic interference (EMI) shielding system for an electronic appliance, the EMI shielding system comprising:a pair of brackets connected to opposite sides of an electronic appliance chassis; and
a pair of laminate curtain assemblies, each removably connected to a separate bracket of the pair of brackets,
wherein each laminate curtain assembly of the pair of laminate curtain assemblies includes
a laminate curtain configured to absorb electromagnetic radiation leaking from an interconnect surface of the electronic appliance chassis that is orthogonal to the opposite sides of the electronic appliance chassis, and
a mounting frame within which the laminate curtain is mounted.

US Pat. No. 10,404,589

SYSTEMS AND METHODS FOR DETERMINING INPUT AND OUTPUT INTERFACES OF A NETWORK DEVICE AND COPIES OF A SAME PACKET GOING THROUGH THE NETWORK DEVICE

Gigamon Inc., Santa Clar...

1. A method comprising:receiving, at a network device that taps to a network that has a routing device, a first packet tapped from the network;
determining, by the network device, a first information regarding an input interface of the routing device based on a destination address of the first packet, by comparing the destination address of the first packet with a source address of a discovery protocol packet;
receiving, by the network device, a second packet tapped from the network;
determining, by the network device, a second information regarding an output interface of the routing device based on a source address of the second packet, by comparing the source address of the second packet with a destination address of a discovery protocol packet;
determining, by the network device, a first CRC for the first packet;
determining, by the network device, a second CRC for the second packet; and
determining, by the network device, whether the first packet and the second packet are the same based on a comparison of the first CRC with the second CRC.

US Pat. No. 10,924,325

MAPS HAVING A HIGH BRANCHING FACTOR

Gigamon Inc., Santa Clar...

1. A computer-implemented method comprising:identifying a plurality of network objects that are interconnected through a network visibility appliance that is coupled to a public cloud infrastructure accessible to multiple users;
associating each network object of the plurality of network objects with an action set to be applied to incoming data packets;
constructing a data structure indicative of the network visibility appliance by
creating a separate entry in the data structure for each network object of the plurality of network objects, and
establishing an association between a pair of entries in the data structure for each traffic flow between a pair of network objects of the plurality of network objects,
wherein each action set includes at least one of
a pass action represented in the data structure as an established association, or
a drop action represented in the data structure as a lack of established associations, and
wherein a particular action set corresponding to a particular network object includes a plurality of actions to be concurrently applied to the incoming data packets, the plurality of actions including a plurality of pass actions that are represented as a plurality of established associations between a particular entry associated with the particular network object and a plurality of other entries;
acquiring, from the public cloud infrastructure, data packets indicative of traffic associated with a given user of the multiple users;
routing the data packets acquired from the public cloud infrastructure through the plurality of network objects based on the data structure; and
forwarding at least some of the data packets acquired from the public cloud infrastructure that were not dropped by the plurality of network objects to the public cloud infrastructure.

US Pat. No. 10,230,612

SYSTEMS AND METHODS FOR IMPLEMENTING A TRAFFIC VISIBILITY NETWORK

Gigamon Inc., Santa Clar...

1. A method of packet processing comprising:receiving a plurality of packets at a first network appliance;
determining a state of a source associated with each packet of the plurality of packets, wherein the state of the source is indicative of a desired level of security monitoring; and
transmitting each packet of the plurality of packets from the first network appliance to at least one network monitoring tool of a plurality of network monitoring tools based on the state of the source associated with the packet, wherein said transmitting includes, when the determined state of the source of a first packet has a first state value indicative of a first risk level, then transmitting the first packet to a first subset of the plurality of network monitoring tools, and when the determined state of the source of a second packet has a second state value indicative of a second risk level higher than the first risk level, then transmitting the second packet to a second subset of the plurality of network monitoring tools.

US Pat. No. 10,230,616

MONITORING VIRTUALIZED NETWORK

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a packet that has a header at a port of a network switch appliance;
determining whether to process the packet according to a first scheme or a second scheme, including determining that the packet should be processed according to the first scheme if the header is determined to have a tunnel format, or determining that the packet should be processed according to the second scheme if the header is determined not to have the tunnel format;
wherein the first scheme includes stripping the header from the packet and then transmitting the packet without the header to an instrument port, and
wherein the second scheme includes transmitting the packet with the header to the instrument port without first stripping the header; and
processing the packet according to the first scheme or the second scheme based on the determination.

US Pat. No. 10,367,703

ANALYSIS OF NETWORK TRAFFIC RULES AT A NETWORK VISIBILITY NODE

Gigamon Inc., Santa Clar...

1. A method comprising:receiving, at a network visibility node communicatively coupled to a computer network, a plurality of packets associated with network traffic over the computer network, the network traffic associated with communications among a plurality of devices over the computer network, the plurality of devices not including the network visibility node, wherein the network visibility node operates out-of-band with the computer network;
accessing, by the network visibility node, a first set of network traffic rules configured to be applied to the network traffic, wherein the first set of network traffic rules mirror a second set of network traffic rules applied by at least one of the plurality of devices, wherein accessing the first set of network traffic rules includes any one or more of:
receiving an input including the first set of network traffic rules;
receiving programming instructions defining the first set of network traffic rules; or
actively pulling the first set of network traffic rules from any of the plurality of devices applying the network traffic rules; and
processing, by the network visibility node, the received plurality of packets using the first set of network traffic rules to monitor usage of the second set of network traffic rules, by tracking hits and/or misses of the plurality of packets received at the network visibility node against the first set of network traffic rules over a period of time.

US Pat. No. 10,892,941

DISTRIBUTED VISIBILITY FABRICS FOR PRIVATE, PUBLIC, AND HYBRID CLOUDS

Gigamon Inc., Santa Clar...

1. A visibility platform comprising:an agent, mounted on a virtual machine, configured to acquire virtualized traffic of a specific end user;
a first network visibility appliance configured to forward the virtualized traffic to an ingress endpoint of a tunnel; and
a second network visibility appliance configured to
receive the virtualized traffic at an egress endpoint of the tunnel, and
dispatch at least some of the virtualized traffic to a network tool.

US Pat. No. 10,764,162

IN-FABRIC TRAFFIC ANALYSIS

Gigamon Inc., Santa Clar...

1. A filter generation method for a network, comprising:receiving an indication that a first packet matches a user-defined filter, the user-defined over the network filter being implemented as executable logic that sorts packets according to a criterion identified by a user and using a first granularity of filtration, wherein the network comprises an auxiliary network configured to obtain the packets from a traffic production network;
creating one or more derivative filters in response to receipt of the indication that the first packet matches the user-defined filter, by using an automatic filter generation module, wherein the one or more derivative filters are dynamically created by the automatic filter generation module based at least in part on the received indication, wherein the one or more derivative filters are topologically positioned at nodes, wherein packets from the user-defined filter are directed to lower layers of derivative filters based on how the packets match filtration at higher layers at a prior filter;
forwarding or dropping, by a first derivative filter implemented as executable logic, packets including the first packet to the network according to the criterion identified by the user and using a second granularity of filtration, wherein the second granularity of filtration is finer than the first granularity of filtration, and wherein the first derivative filter is one of said one or more derivative filters; and
storing the one or more derivative filters in a non-transitory medium to provide network traffic analysis.

US Pat. No. 10,764,207

SOFTWARE DEFINED VISIBILITY FABRIC

Gigamon Inc., Santa Clar...

1. A system comprising:at least one memory to store information regarding a plurality of nodes that includes a first node, and a second node, and a third node, the information including an efficiency level associated with each node of the plurality of nodes representing a packet processing efficiency for each node, the information further including a first hierarchical relationship based on the efficiency level associated with each node of the plurality of nodes indicative of the packet processing efficiency for each of the nodes of the plurality of nodes, the information further including an intelligence level associated with each node of the plurality of nodes representing a packet processing intelligence for each node, and the information further including a second hierarchical relationship based on the intelligence level associated with each node of the plurality of nodes indicative of the packet processing intelligence for each of the nodes of the plurality of nodes, the packet processing efficiency representative of resource usage, the packet processing intelligence representative of processing complexity; and
a processing circuit configured to create a service chain by selecting the first node and the third node of the plurality of nodes for inclusion in the service chain and omitting the second node of the plurality of nodes from inclusion in the service chain based on a determined functionality to be performed on data to be provided to the service chain, the efficiency level of each node in the first hierarchical relationship, and the intelligence level of each node in the second hierarchical relationship.

US Pat. No. 10,931,545

POLICY-BASED SAMPLING OF NETWORK FLOWS AT A NETWORK VISIBILITY NODE

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a plurality of packets at a network visibility node communicatively coupled to a network, the plurality of packets including control packets and data packets, the control packets including control signaling messages;
processing, by the network visibility node, the control packets to determine, based on the control signaling messages, a parameter of a network flow related to codec selection and associated with the plurality of packets; and
forwarding, by the network visibility node, the plurality of packets to an egress port of the network visibility node when the determined parameter of the network flow related to codec selection satisfies a sampling criterion, the egress port communicatively coupled to an external tool that is not an intended destination of the packets associated with the network flow.

US Pat. No. 10,931,582

INTELLIGENT DROPPING OF PACKETS IN A NETWORK VISIBILITY FABRIC

Gigamon Inc., Santa Clar...

1. A method comprising:identifying a first flow map for a first data packet received at a first ingress port of a network appliance,
wherein the first flow map is representative of a first policy, implemented as a first data structure, that indicates how the first data packet is to be routed through the network appliance;
identifying a second flow map for a second data packet received at a second ingress port of the network appliance,
wherein the second flow map is representative of a second policy, implemented as a second data structure, that indicates how the second data packet is to be routed through the network appliance;
determining that congestion of an egress port of the network appliance exceeds a threshold;
forwarding the first data packet to the egress port for transmission to a network tool, based on a determination that the first flow map has a higher priority than the second flow map; and
performing an operation on the second data packet other than forwarding the second data packet to the egress port for transmission to the network tool, based on the determination that the first flow map has a higher priority than the second flow map.

US Pat. No. 10,917,285

DYNAMIC SERVICE CHAINING AND LATE BINDING

Gigamon Inc., Santa Clar...

1. A computer-implemented method comprising:receiving information indicative to a network visibility appliance of how to route data packets indicative of traffic processed by a cloud computing platform through a service chain of a plurality of service chains implemented by the network visibility appliance,
wherein the service chain represents a sequence of network tools that provide different network services;
populating a data structure with an entry for each network tool of the sequence of network tools,
wherein each entry includes a routing instruction that specifies where a data packet processed by a corresponding network tool should be next routed;
routing the data packets through the sequence of network tools using the data structure;
receiving input specifying a modification to the sequence of network tools; and
dynamically modifying, based on the input, the data structure so that the data packets are routed through the modified sequence of network tools.

US Pat. No. 10,785,152

NETWORK SWITCH DEVICE FOR ROUTING NETWORK TRAFFIC THROUGH AN INLINE TOOL

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a first packet at a first network port of a network device from a first network node;
determining, without modifying the first packet and without adding information to the first packet, that the first packet is to be routed first along a first routing path from the first network port to a first tool port configured to forward the first packet to an inline tool configured to process the first packet, and subsequently forwarded from a second tool port configured to receive the first packet from the inline tool to a second network port of the network device for forwarding on a network;
routing the first packet, without modifying the first packet and without adding information to the first packet, first from the first network port to the first tool port of the network device for transmission to an inline tool and subsequently from the second tool port of the network device to the second network port of the network device for transmission to a second network node according to the first routing path, wherein said routing the first packet is performed subsequent to determining that the first packet is to be routed first along the first routing path;
receiving a second packet at a third network port of the network device from a third network node;
determining, without modifying the second packet and without adding information to the second packet, that the second packet is to be routed first along a second routing path from the third network port to the first tool port configured to forward the second packet to the inline tool configured to process the second packet, and subsequently forwarded from the second tool port configured to receive the second packet from the inline tool to a fourth network port of the network device for forwarding on the network; and
routing the second packet, without modifying the second packet and without adding information to the second packet, first from the third network port to the first tool port of the network device for transmission to the inline tool and subsequently from the second tool port of the network device to the fourth network port of the network device for transmission to a fourth network node according to the second routing path, wherein said routing the second packet is performed subsequent to determining that the second packet is to be routed first along the second routing path.

US Pat. No. 10,243,862

SYSTEMS AND METHODS FOR SAMPLING PACKETS IN A NETWORK FLOW

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a plurality of packets at a network port of a network switch appliance, the network switch appliance including an instrument port for communication with a network monitoring instrument;
identifying packets, of the received plurality of packets, as belonging to a particular network flow that is to be monitored, wherein said identifying includes
identifying, in the network switch appliance, control plane packets as belonging to the particular network flow, based on a user-associated attribute contained in the control plane packets, the control plane packets conforming to a control plane protocol, and
identifying, in the network switch appliance, data plane packets as belonging to the particular network flow, by correlating the identified control plane packets with corresponding data plane packets of the received plurality of packets, the data plane packets conforming to a data plane protocol and not to the control plane protocol; and
passing to the instrument port the packets identified as belonging to the particular network flow, including the identified control plane packets and the identified data plane packets, for delivery to the network monitoring instrument.

US Pat. No. 10,225,186

STATISTICAL MULTIPLEXING OF INLINE NETWORK TOOLS

Gigamon Inc., Santa Clar...

1. A method comprising:receiving a data packet at a network ingress port of a packet broker connected to a network;
applying a packet-matching criterion to identify a predetermined sequence of inline network tools through which the data packet is to be guided;
determining that a tool egress port that corresponds to an inline network tool within the predetermined sequence of inline network tools is part of a trunk,
wherein the trunk includes a defined subset of tool egress ports that are coupled to corresponding inline network tools, and
wherein each tool egress port of the defined subset of tool egress ports is a member of a Virtual Local Area Network (VLAN) membership group;
hashing a field of the data packet to produce a hash value; and
guiding the data packet through the predetermined sequence of inline network tools, wherein said guiding includes
dispatching the data packet to a particular tool egress port of the predefined subset of tool egress ports based on the hash value,
translating an internal identifier added to the data packet to an external identifier before transmission of the data packet by the packet broker to each of the inline network tools, and
translating the external identifier to a different internal identifier of the packet broker each time the data packet is received by the packet broker at a tool ingress port coupled to one of the inline network tools.