| CPC H04L 43/062 (2013.01) [H04L 43/028 (2013.01); H04L 43/106 (2013.01)] | 17 Claims |
|
1. A method performed by a network device in a network monitoring system or fabric, the network device being communicatively coupled with a production network and with a monitoring tool of the network monitoring system or fabric, the method comprising:
receiving, on an ingress port of the network device, a network packet captured in the production network;
matching the network packet to a monitoring policy in a plurality of monitoring policies, each monitoring policy including one or more rules that identify network packets of interest to the monitoring tool for monitoring purposes;
encapsulating the network packet into a Generic Routing Encapsulation (GRE) packet, the encapsulating comprising:
inserting the network packet in an unmodified form into a payload portion of the GRE packet; and
inserting monitoring-related metadata for the network packet into a header portion of the GRE packet, wherein the header portion uses an expanded GRE header format that is larger in size than a standard GRE header format, wherein the monitoring-related metadata includes an identifier of the ingress port of the network device on which the network packet was received and an identifier of the monitoring policy to which the network packet was matched, wherein the identifier of the ingress port is inserted into a first portion of the expanded GRE header format that extends beyond an end of the standard GRE header format, and wherein the identifier of the monitoring policy is inserted into a second portion of the expanded GRE header format that extends beyond the end of the standard GRE header format; and
transmitting the GRE packet to the monitoring tool of the network monitoring system or fabric.
|