Data processing: structural design – modeling – simulation – and em – Emulation – Compatibility emulation
Reexamination Certificate
1996-12-20
2001-10-23
Teska, Kevin J. (Department: 2123)
Data processing: structural design, modeling, simulation, and em
Emulation
Compatibility emulation
C703S026000, C370S401000, C370S408000, C707S793000
Reexamination Certificate
active
06308148
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to techniques for exporting and using data relating to flows in a flow switching network and responsive to message flow patterns.
2. Related Art
In computer networks, it is commonly desirable to determine, collect, process, and possibly display information relating to use of the network, including information which could be used by network administrators, routing devices, service providers, and users. This information could be of a variety of types, such as for packets transmitted in the network—their source or destination, number, frequency, size, protocol type, priority, or other administrative information such as security classifications or accounting information. This information could also be aggregated by a variety of categories—for the entire network or subnetworks thereof, for groups of sources or destinations, or for particular types of packets (such as particular size, protocol type, priority, security classifications, or accounting information).
However, one problem which has arisen in the art is that, in many computer networks, the number of packets transmitted in the network, and thus the amount of information to be collected, processed, and possibly displayed, is extremely large. Thus, the amount of processing power required to collect and process that information is much larger than is available.
A first known method for collecting information about use of the network is to couple a monitoring processor to a link in the network, and to monitor traffic which passes through that link. For example, the monitoring processor could be coupled to a local-area network (LAN) coupled to a router, and could monitor traffic input to or output from that router using that LAN. A protocol known as “RMON” (remote monitoring) is known for transmitting messages relating to monitoring information between the monitoring processor and the router. However, this known method is subject to drawbacks, including (1) that the number of packets input to and output from the router usually greatly exceeds the capability of the monitoring processor to collect and process information about packets, and (2) that the monitoring processor is only able to collect and process information about packets which pass through that particular link.
A second known method for collecting information about use of the network is to couple the monitoring processor to the router using protocols at layer
3
of the OSI model, such as using the IP protocol to communicate between the monitoring processor and the router. The RMON protocol may also be used to transmit messages relating to monitoring information between the monitoring processor and the router in this configuration. However, this second method is subject to drawbacks, including that the monitoring processor is either not able to collect information from the router in sufficient detail, or if information is available in sufficient detail, that information greatly exceeds the capability of the monitoring processor to collect and process.
Accordingly, it would be desirable to provide a method and system for monitoring information about network usage. This advantage is achieved in an embodiment of the invention in which information about network usage is collected and aggregated in a network router responsive to flows in a flow switching network, and presented to monitoring processors for processing at a message flow level of aggregation.
SUMMARY OF INVENTION
The invention provides a method and system for exporting and using data relating to flows in a flow switching network and responsive to message flow patterns. In a preferred embodiment, the router collects flow history information, so that flows which are improper or otherwise unusual can be traced to the particular source and destination devices. The router also collects and aggregates flow information using a variety of criteria, including (1) ranges of addresses for source and destination, (2) information about packets in the flow, such as the number and frequency of the packets in the flow, the size of the packets in the flow (total size and distribution), (3) the protocol used for the flow, such as for example whether the flow uses an electronic mail protocol, a file transfer protocol, a hypertext transfer protocol, a real-time audiovisual data transmission protocol, or some other protocol, (4) other administrative criteria which may be pertinent to the flow, such as for example the time of initiation or duration of the flow, and (5) possible aggregations or combinations of these criteria.
In a preferred embodiment, the router provides the aggregated information to one or more filters at an output port. Each filter selects only a subset of the total set of flows; filters may be combined to create compound filters. Filters may be coupled to aggregators, which further aggregate flow data and may store flow data for use by application programs. Application programs may identify useful information in the flow data and may either (1) present that data to an operator for review, or (2) use that data to adjust features or parameters of the network.
REFERENCES:
patent: Re. 33900 (1992-04-01), Howson
patent: 4131767 (1978-12-01), Weinstein
patent: 4161719 (1979-07-01), Parikh et al.
patent: 4316284 (1982-02-01), Howson
patent: 4397020 (1983-08-01), Howson
patent: 4419728 (1983-12-01), Larson
patent: 4424565 (1984-01-01), Larson
patent: 4437087 (1984-03-01), Petr
patent: 4438511 (1984-03-01), Baran
patent: 4439763 (1984-03-01), Limb
patent: 4445213 (1984-04-01), Baugh et al.
patent: 4446555 (1984-05-01), Devault et al.
patent: 4456957 (1984-06-01), Schieltz
patent: 4464658 (1984-08-01), Thelen
patent: 4499576 (1985-02-01), Fraser
patent: 4506358 (1985-03-01), Montgomery
patent: 4507760 (1985-03-01), Fraser
patent: 4532626 (1985-07-01), Flores et al.
patent: 4644532 (1987-02-01), George et al.
patent: 4646287 (1987-02-01), Larson et al.
patent: 4677423 (1987-06-01), Benvenuto et al.
patent: 4679189 (1987-07-01), Olson et al.
patent: 4679227 (1987-07-01), Hughes-Hartogs
patent: 4723267 (1988-02-01), Jones et al.
patent: 4731816 (1988-03-01), Hughes-Hartogs
patent: 4750136 (1988-06-01), Arpin et al.
patent: 4757495 (1988-07-01), Decker et al.
patent: 4763191 (1988-08-01), Gordon et al.
patent: 4769810 (1988-09-01), Eckberg, Jr. et al.
patent: 4769811 (1988-09-01), Eckberg, Jr. et al.
patent: 4771425 (1988-09-01), Baran et al.
patent: 4819228 (1989-04-01), Baran et al.
patent: 4827411 (1989-05-01), Arrowood et al.
patent: 4833706 (1989-05-01), Hughes-Hartogs
patent: 4835737 (1989-05-01), Herrig et al.
patent: 4879551 (1989-11-01), Georgiou et al.
patent: 4893306 (1990-01-01), Chao et al.
patent: 4903261 (1990-02-01), Baran et al.
patent: 4922486 (1990-05-01), Lidinsky et al.
patent: 4933937 (1990-06-01), Konishi
patent: 4960310 (1990-10-01), Cushing
patent: 4962497 (1990-10-01), Ferenc et al.
patent: 4962532 (1990-10-01), Kasiraj et al.
patent: 4965772 (1990-10-01), Daniel et al.
patent: 4970678 (1990-11-01), Sladowski et al.
patent: 4980897 (1990-12-01), Decker et al.
patent: 4991169 (1991-02-01), Davis et al.
patent: 5003595 (1991-03-01), Collins et al.
patent: 5014265 (1991-05-01), Hahne et al.
patent: 5020058 (1991-05-01), Holden et al.
patent: 5033076 (1991-07-01), Jones et al.
patent: 5054034 (1991-10-01), Hughes-Hartogs
patent: 5059925 (1991-10-01), Weisbloom
patent: 5072449 (1991-12-01), Enns et al.
patent: 5088032 (1992-02-01), Bosack
patent: 5095480 (1992-03-01), Fenner
patent: 5115431 (1992-05-01), Williams et al.
patent: 5128945 (1992-07-01), Enns et al.
patent: 5136580 (1992-08-01), Braff et al.
patent: 5199049 (1993-03-01), Wilson
patent: 5206886 (1993-04-01), Bingham
patent: 5208811 (1993-05-01), Kashio et al.
patent: 5212686 (1993-05-01), Joy et al.
patent: 5224099 (1993-06-01), Corbalis et al.
patent: 5226120 (1993-07-01), Brown et al.
patent: 5228062 (1993-07-01), Bingham
patent: 5229994 (1993-07-01), Balzano et al.
patent: 5237564 (1993-08-01), Lespagnol et al.
patent: 5241682 (1993-08-01), Bryant et al.
patent:
Bruins Barry L.
Kerr Darren R.
Cisco Technology Inc.
Hickman Palermo & Truong & Becker LLP
Palermo Christopher J.
Phan Thai
Teska Kevin J.
LandOfFree
Network flow data export does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network flow data export, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network flow data export will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2574024