Packet-based data networks continue to grow in importance, and it is often desirable to monitor network traffic associated with these packet-based networks on an ongoing basis. To meet these monitoring needs, copies of network packets can be forwarded to diagnostic network packet analysis tools. Network packet analysis tools include a wide variety of devices that analyze packet traffic, including traffic monitoring devices, packet sniffers, data recorders, voice-over-IP monitors, intrusion detection systems, network security systems, application monitors and/or any other network management or security tool device or system. Packets are often forwarded to these network packet analysis tools using network hubs, test access ports (TAPs), and/or switched port analyzer (SPAN) ports available on network switches. For example, certain network switches produced by Cisco Systems include SPAN ports to which traffic on the switches are mirrored. It is also noted that other packet monitoring or access methods may also be used to acquire copies of network packets being communicated within a network packet communication infrastructure.
Certain network communication systems include virtualized processing environments, such as virtual machine (VM) platforms hosted by one or more processing devices, to provide processing resources to user processing systems. For example, network cloud resources made available to network-connected systems are often virtualized such that processors or processing cores associated with a server processing platform (e.g., server blade) and/or combinations of such server processing platforms are used to provide software processing instances or virtual machine platforms within cloud server processing systems. A virtual machine (VM) platform is an emulation of a particular processing system that is created within software being executed on a VM host hardware system. By creating VM platforms within a VM host hardware system, the processing resources of that VM host hardware system can be more easily shared among network connected systems that desire to use these processing resources.
FIG. 1 (Prior Art) is a block diagram of an example embodiment for a VM host hardware system 100 that communicates through an external network 118 to network infrastructure 150 for a user of the VM host hardware system 100. For the example embodiment depicted, the VM host hardware system 100 includes a central processing unit (CPU) 102 that runs a VM host operating system 154. An interconnect bridge 108 can also be provided to couple the CPU 102 to additional circuitry and devices within the server system 100. For example, a system oscillator 110, a real-time clock 112, a network interface card (NIC) 115, and other hardware (H/W) 114 can be coupled to the CPU 102 through the interconnect bridge 108. The system oscillator 110 can also have a direct connection to the CPU 102. The NIC 115 can also include an oscillator 116. The real-time clock 112 can be implemented using an integrated circuit including real time clock (RTC) circuitry and non-volatile read only memory (NVRAM) integrated within an integrated circuit (IC).
The VM host hardware system 100 includes a hypervisor 152 that executes on top of the VM host operating system (OS) 154. This hypervisor 152 provides a virtualization layer including a plurality of VM platforms 156A, 156B, 156C . . . that emulate processing systems and related processing resources. As shown with respect to VM platform 156A, each of the VM platforms 156A, 156B, and 156C have one or more virtual hardware resources associated with it, such as a virtualized network interface card (NIC) 158A, a virtualized CPU 160A, a virtualized real-time clock (RTC) 162A, and/or other virtualized hardware resources. The VM host hardware system 100 makes each of the VM platforms 156A-C available for use by one or more network-connected guest systems through the VM host operating system 154 and the hypervisor 152. It is noted that the hypervisor 152 provides a management and control virtualization interface layer between the VM platforms 156A-C and the guest systems using the processing resources provided by the VM platforms 156A-C. It is further noted that the VM host operating system 154, the hypervisor 152, the VM guests 156A-C, and the virtualized hardware resources 158A/160A/162A can be implemented, for example, as computer-readable instructions stored in a non-transitory data storage medium that are accessed and executed by one or more processing devices, such as the CPU 102, to perform the functions for the VM host hardware platform 100.
FIG. 2 (Prior Art) is a block diagram of an embodiment 200 where a virtual switch 204 has been included along with the hypervisor 152 within a virtualization layer 202. The virtualization layer 202 can provide one or more virtualized hardware components, such as for example virtualized input/output (IO) interfaces, virtualized network interfaces, virtualized CPUs, virtualized storage mediums, and/or other virtualized components. The virtual switch 204 provides virtual network packet forwarding among the VM platforms 156A, 156B, 156C, and 156D that are hosted as guest processes within the host operating system 154. In particular, the virtual switch 204 communicates with the virtualized NICs 158A, 158B, 158C, and 158D for the VM guest platforms 156A, 156B, 156C, and 156D to forward network packets among the VM guest platforms 156A, 156B, 156C, and 156D and between the VM guest platforms 156A, 156B, 156C, and 156D and the external network 118.
When a VM user network infrastructure 150 desires to monitor activity within a virtual environment such as provided by the embodiments in FIGS. 1-2 (Prior Art), difficulties arise in utilizing network packet analysis tools. One such example environment is where virtual processing resources within a cloud-based server system are offered by a controlling entity (e.g., Amazon Web Services) to different user entities that lease, rent, or otherwise pay for server cloud resources from the controlling entity. If a user entity desires to monitor its network activity, the user typically implements packet monitoring within its own local network infrastructure 150 prior to packets being forwarded to the cloud-based server systems or after packets have been received from the cloud-based server systems as the user does not have access to or control the cloud-based network infrastructure. As such, monitoring packet activity within a user's rented or leased resources within a cloud-based server system is difficult to achieve.