Packet-based data networks continue to grow in importance, and it is often desirable to monitor network traffic associated with these packet-based networks on an ongoing basis. To meet these monitoring needs, copies of network packets can be forwarded to diagnostic network monitoring tools. Packets are often forwarded using network hubs, test access ports (TAPs), and/or switched port analyzer (SPAN) ports available on network switch systems. For example, certain network switch systems produced by Cisco Systems include SPAN ports to which traffic on the switches are mirrored. It is also noted that other packet monitoring or access methods may also be used to acquire copies of network packets being communicated within a network infrastructure.
To help alleviate the problem of limited access to network packets for monitoring, tool aggregation devices or packet broker devices have been developed that allow shared access to the monitored network packets. In part, these network packet broker devices allow users to obtain packets from one or more network monitoring points (e.g., network hub, TAP, SPAN port, etc.) and to forward them to different monitoring tools. Network packet brokers can be implemented as one or more packet processing systems in hardware and/or software that provide access and visibility to multiple monitoring tools. These network packet brokers can also aggregate monitored traffic from multiple source links and can load balance traffic-of-interest to various tools. The traffic-of-interest can be network packets that are selected by the packet brokers through packet filters and related packet forwarding rules that identify particular packets or packet flows from within the monitored network traffic as traffic-of-interest. Further, packet brokers may also include options to apply sampling of the monitored traffic, packet slicing, packet de-duplication, and/or other packet related processing to the received packet traffic.
Network traffic monitoring tools are often connected to egress ports for a packet forwarding system operating as a network packet broker, and packet traffic to these monitoring tools is often load balanced by the network packet broker. However, monitoring tools often have limits to the rate (e.g., bits-per-second) of traffic they can handle. For example, an input port for a particular monitoring tool may be configured to handle data rates of up to 10 Gigabits-per-second or up to 40 Gigabits-per-second. If data is sent to an input port for a monitoring tool at a rate higher than the data the input port is designed to handle, then the monitoring tool can suffer from incorrect or unpredictable behavior. As such, it is desirable to keep the data rate for an egress port on a network packet broker below the acceptable input data rate for a monitoring tool connected to that egress port so that port overload conditions will not exist at the egress port. This data rate control, however, is difficult for existing load balancers within network packet brokers particularly where network communications sessions are assigned to particular network monitoring tools, and varied data rates within any particular session can lead to wide variations in loads seen by such monitoring tools.