WO2002045346A1 - Network management - Google Patents

Network management Download PDF

Info

Publication number
WO2002045346A1
WO2002045346A1 PCT/GB2001/005223 GB0105223W WO0245346A1 WO 2002045346 A1 WO2002045346 A1 WO 2002045346A1 GB 0105223 W GB0105223 W GB 0105223W WO 0245346 A1 WO0245346 A1 WO 0245346A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
node
data
segment
traffic
Prior art date
Application number
PCT/GB2001/005223
Other languages
French (fr)
Inventor
Phillip Leslie Snell
Original Assignee
Chevin Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chevin Limited filed Critical Chevin Limited
Priority to AU2002216191A priority Critical patent/AU2002216191A1/en
Publication of WO2002045346A1 publication Critical patent/WO2002045346A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route

Abstract

An apparatus for monitoring the operation of a network comprising at least one network monitoring node which runs a local software task to gather and store data representative of traffic on the network local to that node. At least one network management node runs client software applications which collect and return to the management node stored traffic representative data from the at least one network monitoring node. The network management node comprises means for controlling data collection connections to the at least one network monitoring node such that data collected by simultaneously running client applications is returned to the network management node on a common physical connection. Where the network comprises a plurality of segments linked by a switch each segment may include a network monitoring node.

Claims

NETWORK MANAGEMENTThe present invention relates to computer network management systems and in particular apparatus and methods for monitoring traffic flow between nodes of a computer network.Modern businesses often use large computer networks consisting of hundreds or thousands of computers and other components connected together using a network. These networks often consist of clusters of computers in reasonably close proximity joined by a Local Area Network (LAN). These LANs are themselves connected together possibly over distances of many miles using a Wide Area Network (WAN).It has been recognised for some time that it is useful to monitor traffic flow around a network, to identify bottlenecks and monitor usage of available bandwidth. Such systems are generally known as network analysis or network management systems. One such system uses the Remote MONitoring (RMON) standard, a subset of the Simple Network Management Protocol (SNMP), to monitor data and analyse the results. One of the major drawbacks with this system is the inherent speed limitation caused by the complexity of the protocol used to transfer management data around the network. In effect, a substantial part of the available bandwidth is used for management purposes which is clearly undesirable as network management systems are at least in part intended to maximise the efficiency with which the available bandwidth is used.An alternative system in current use which is available from Chevin Software Engineering Limited of Otley, West Yorkshire, England LS21 3AL is based on the High Speed Remote MONitoring (HSRMON) protocol. In this alternative system, software known as a "PodLink" runs as a background task on one or more nodes of the network which function as network monitoring nodes. A PodLink gathers data representative of traffic on the network using a promiscuous reception technique and builds tables of node to node conversations in a non-intrusive and passive manner. These conversations are arranged by protocol, that is the conversations are "demultiplexed by protocol". The network monitoring nodes collecting this data can subsequently be interrogated by a node operating as a network management node which collects and analyses the data. This communication is carried out along a Transmission Control Protocol (TCP) connection, and the protocol uses the raw conversation data yielding improvements in. efficiency over traditional SNMP type systems.It has been recognised for some time that it can be beneficial to separate a network into a number of segments, each segment being connected to a number of computers or other machines. This offers the benefit of reducing traffic on the network by restricting the traffic flow on each segment. The segments are then connected together using a switch. Switches have the advantage of selectively routing traffic through the switch and only passing a network data packet onto a segment if it is addressed to a machine on or accessible only through that segment. This is valuable in circumstances where bandwidth is limited. Switches also provide a method of combining different network technologies together. It is possible, for example, for one segment to be a lOOMb/s Ethernet and for another to be a lOMb/s Ethernet.Although the known system relying upon network monitoring nodes running PodLink software has proved advantageous, as networks have grown larger and more complex so too have the demands of network management systems. In particular, different client applications run by a network management node can range from simple disk archiving products for off-line analysis to full-blown network management systems and these applications can run at regular intervals, occupying a large amount of network bandwidth. Furthermore, on networks which are segmented, although a network monitoring node on one segment can record details of all traffic on that segment, it can be difficult to identify network bottlenecks which result from traffic passing through several segments.It is an object of the present invention to obviate or mitigate the problems outlined above.According to the present invention, there is provided an apparatus for monitoring the operation of a network comprising at least one network monitoring node which runs a local software task to gather and store data representative of traffic on the network local to that node, and at least one network management node which runs client software applications which collect and return to the management node traffic representative data from the at least one network monitoring node, wherein the at least one network management node comprises means for controlling data collection connections to the at least one network monitoring node such that data collected by simultaneously running client applications is returned to the network management node on a common physical connection.Preferably the data collection control means comprises means for establishing a virtual connection in respect of each running client application between the network management node on which the client application is running and the network monitoring node from which data is to be collected by that client application, and means for mapping virtual connections between the same pair of nodes to the common physical connection. The data collection control means may maintain a record of all open physical connections to the or each network monitoring node to enable simultaneous running of client applications to be detected. The common physical connection may be a transmission control protocol connection.Given that network monitoring traffic between any one network management node and any one network monitoring node is restricted to a single physical link, the risk of network congestion resulting from the operation of the network monitoring software is greatly reduced.The invention also provides an apparatus for monitoring the operation of a network comprising a plurality of segments linked by a switch such -that data transmitted on one segment of the network is restricted to that one segment by the switch unless it is transmitted to a node on another segment of the network, wherein each segment includes a network monitoring node which runs a local software task to gather and store data representative of traffic on the segment of the network to which it is connected, and one node of the network comprises a network management node which runs client software applications which collect and return to the management node traffic representative data 4from each of the network monitoring nodes, the network management node including means for aggregating data returned from the network monitoring nodes.Aggregating data from different segments makes it possible to present data from which for example duplications resulting from traffic travelling through two segments have been removed. A user can therefore observe the flow of traffic around the switch network from one viewpoint as if the system was not switched.Embodiments of the present invention will now be described with reference to the accompanying drawings in which:Figure 1 is a schematic illustration of a network comprising segments and switches and using network monitoring apparatus in accordance with the present invention;Figure 2 is a screen dump of a display illustrating a network having a structure such as that of the system described in Figure 1 ;Figure 3 is a schematic illustration of an example architecture for a network management node suitable for interrogating a network momtoring node running network monitoring software of the type described in Figure 1;Figure 4 is a schematic illustration of how several virtual connections between two nodes may be mapped to a single real connection in the network management node of Figure 3;Figure 5 is a screen dump of a display showing an example of stored conversation tables;Figure 6 is a screen dump of a display showing an example of a network traffic information table;Figure 7 is a schematic illustration of a switched segmented network, showing the use of a switch aggregator to obtain an overall view of traffic flow around the network;Figure 8 is a representation of the operational relationship between network monitoring software modules used in the network of Figure 7; andFigure 9 is a schematic illustration of a switch aggregator in a network management node of the network of Figure 7. Figure 1 shows one well-known network topology that is in common use. A switch 1, connects segments SI, S2 and S3 together to form a single network. Each segment has cabling 2 which has a number of computer terminals 3 attached to it, each of these terminals forming a node in the network. If a node communicates with another on the same segment, this is done directly, without data flowing through the switch 1. Thus, if node TI communicates with node T2 the packets flow only on segment S3; no data flows through the switch 1 and no data flows along segments SI or S2. If, however, node TI communicates with node T3 the data passes along segment S3, through the switch 1 and is then routed onto segment S2. No data is passed onto segment SI.On segment SI node T4 runs network monitoring software (for example a PodLink). The PodLink software is represented by box 4. This captures all packets passing along the segment SI and creates tables storing details of the conversations between nodes. As data passing one point on a segment passes all points on that segment, only one PodLink need be present on any one segment. The PodLink can be interrogated by client applications run by a network management node defined by terminal 5 on segment SI. The network management node 5 performs data analysis. There can be any number of network management nodes on a network, and there may be a network management node on each segment.Figure 2 represents the nodes of segment SI of Figure 1 and the manner in which the network management node 5 is able to obtain data from any node on the segment, although a PodLink exists only at node T4 on the segment. The full line 6 represents a real connection that exists between network management node 5 and node T4. The broken lines 6a represent the fact that the network management node 5 is able to obtain information about traffic to and from any other node on the segment.The architecture of the network management node 5 of Figure 1 is shown in Figure 3. All communication between the network management node 5 and the network is carried out via a "tablehandler" software module 7, an interface 8 and a physical network connection 9. Two software applications Al and A2 are clients of the network management node 5 running analyses. Each of these applications communicates with the tablehandler module 7, which in turn communicates with the network connection 9 via interface 8. If client Al sends a requests for data to the tablehandler module 7, a connection is then established between the tablehandler module 7 in the network management node 5, and the PodLink 4 of the terminal T4 (Figure 1) from which data is requested. The network management node 5 then polls the remote PodLink 4 at user specified intervals (2s being a common choice) to obtain traffic data. The interface 8 could itself be a PodLink storing data collected from remote PodLinks.The use of the tablehandler module 7 in communications between nodes reduces network traffic as described with reference to Figure 4 by mapping two or more virtual connections to one physical connection. The tablehandler module 7 keeps a record of all open connections to remote PodLinks. If client Al requests data from the PodLink 4 at network node T4 through the tablehandler module 7, the tablehandler module 7 ascertains whether or not a connection to T4 already exists. If there is no such connection, a TCP connection 9 is established and the network management node 5 starts polling network monitoring node T4. Client Al then has a virtual connection, 10, to node T4, which is mapped to physical connection 9. If client A2 then requests data from the PodLink 4 at node T4 simultaneously with client Al, no further real connection is established. Instead a virtual connection 11 is created, and that virtual connection 11 is mapped to the physical connection 9 by the tablehandler module 7. Thus, the tablehandler module 7 ensures that only one physical connection exists between the network management module and any one remote PodLink 4.If client Al requests that node T4 is polled at a different interval to client A2, the poll requests to the PodLink 4 may be combined for example if client Al requests a polling interval of 60 seconds from PodLink 4 of node T4, whereas client A2 requests a polling interval of 30 seconds, the network management node will poll every 30 seconds, passing the results to the tablehandler module 7. Every poll result is passed to client A2, and the results of alternate polls are passed to client Al . 7Thus data stored by PodLinks is transferred to the tablehandler module 7 in response to a poll request. Various tables can be collated. Figure 5 shows one example of how data may be presented to the user.Figure 5 shows a general statistics table in area 20. This table includes information about the times of analysis, the number of packets transferred, the number of octets, and the number of conversations.Area 21 of Figure 5 contains information about all node to node conversations that have taken place over the network, in terms of MAC identifiers. This information is arranged in such a way that each pair of nodes between which traffic has flowed has a row in the table. This has the advantage that in row 22 for example all data sent from node "ANNIE" to node "PHIL2" is combined with data sent from node "PHIL2" to node "ANNIE". The data stored in the table records the time at which data was last sent, the number of packets and octets that have travelled between the two nodes, and the number of errors. The protocol is also stored, which means that if two nodes communicate using, for example, the IP protocol and the ARP protocol, the data sent will be separated by protocol in the table. The Last, Packets, Octets and Errors columns each appear twice. This allows the user to observe the direction of flow of data between the nodes.The table represented in Figure 5 is maintained by the tablehandler module 7. A PodLink 4 sends only the data in the table that has changed since it was last polled. The tablehandler module 7 uses this "change" data to update its stored table, keeping it up to date.The tablehandler module 7 also stores a node information table, and a screen presentation of this is shown in panel 23 of Figure 6. The data shows the identity of the node together with its addresses, types and traffic flow statistics to and from the node. The table will contain one row for each node on the segment.The tablehandler module 7 also maintains a duplicate IP address table, by identifying IP addresses having more than one MAC address and other protocol specific tables. 8An important aspect of the present invention relates to the ability to aggregate the data collected by PodLinks or similar network monitoring software on distinct segments of a network. As illustrated in Figure 7, three PodLinks PI, P2 and P3 may be aggregated to provide network traffic data via a single virtual PodLink P4. This is represented graphically in Figure 8. Refereing to Figure 7, a network consists of a switch 1 and three segments SI, S2 and S3. A PodLink 4 is present on each segment, and a further PodLink is provided in node 5 on segment SI to act as the virtual PodLink P4. As different data passes along each segment, the data collected by each of PodLinks PI, P2 and P3 will be different. Each PodLink PI, P2 and P3 can be interrogated individually from node 5 to obtain a picture of dataflow on the segment to which that PodLink is directly connected. If an overview of all three segments is required, it is necessary to aggregate the data collected by the three PodLinks PI, P2 and P3 into a single coherent dataset, as depicted in Figure 8.It should be noted that the combination must take into account redundancy in the data. For example if TI communicates with T3, this conversation will appear twice, detected once by P2 and once by P3. The aggregation is efficiently and effectively implemented as shown in Figure 9, using a switch aggregator software module 12, communicating with a tablehandler module 7.A client, for example Al, connects to an enhanced tablehandler module 13 incorporating the switch aggregator 12 and the basic tablehandler module 7 as described above. The client requests that a number of PodLinks are aggregated to deliver data to the virtual PodLink P4, to provide a co-ordinated traffic picture. Switch • aggregator module 12 aggregates the data received from the PodLinks PI, P2 and P3 to build the tables described above with reference to Figures 5 and 6 for the virtual PodLink P4 in addition to the tables for each individual PodLink PI, P2 and P3 as in the non-aggregated situation. A client can then access the aggregated table, giving the overview traffic picture. The tablehandler module 7 will again ensure that only one TCP connection exists between two PodLinks. Although the figures refer to networks consisting of segments connected by switches it will be clear to those skilled in the art that the principles of the inventions as described are also applicable to networks using other topologies, for example network relying upon hubs. 10CLAIMS
1. An apparatus for monitoring the operation of a network comprising at least one network monitoring node which runs a local software task to gather and store data representative of traffic on the network local to that node, and at least one network management node which runs client software applications which collect and return to the management node traffic representative data from the at least one network monitoring node, wherein the at least one network management node comprises means for controlling data collection connections to the at least one network monitoring node such that data collected by simultaneously running client applications is returned to the network management node on a common physical connection.
2. An apparatus according to claim 1, wherein the data collection control means comprises means for establishing a virtual connection in respect of each running client application between the network management node on which the client application is running and the network monitoring node from which data is to be collected by that client application, and means for mapping virtual connections between the same pair of nodes to the common physical connection.
3. An apparatus according to claim 1 or 2, wherein the data collection control means maintains a record of all open physical connections to the or each network monitoring node.
4. An apparatus according to claim 1, 2 or 3, wherein the common physical connection is a transmission control protocol connection.
5. An apparatus for monitoring the operation of a network comprising a plurality of segments linked by a switch such that data transmitted on one segment of the network is restricted to that one segment by the switch unless it is transmitted to a node on another segment of the network, wherein each segment includes a network monitoring node 11
which runs a local software task to gather and store data representative of traffic on the segment of the network to which it is connected, and one node of the network comprises a network management node which runs client software applications which collect and return to the management node traffic representative data from each of the network monitoring nodes, the network management node including means for aggregating data returned from the network monitoring nodes.
6. An apparatus according to claim 5, wherein the aggregating means generates tables from which duplications have been removed such that the data included in the tables resemble data from a non-switched network.
7. An apparatus according to claim 5 or 6, incorporating apparatus according to claims 1, 2, 3 or 4.
8. An apparatus for monitoring the operation of a network substantially as hereinbefore described with reference to Figures 1 to 6 or Figures 7 to 9 of the accompanying drawings.
PCT/GB2001/005223 2000-11-29 2001-11-27 Network management WO2002045346A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002216191A AU2002216191A1 (en) 2000-11-29 2001-11-27 Network management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB0028974.4A GB0028974D0 (en) 2000-11-29 2000-11-29 Network management
GB0028974.4 2000-11-29

Publications (1)

Publication Number Publication Date
WO2002045346A1 true WO2002045346A1 (en) 2002-06-06

Family

ID=9904018

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2001/005223 WO2002045346A1 (en) 2000-11-29 2001-11-27 Network management

Country Status (3)

Country Link
AU (1) AU2002216191A1 (en)
GB (1) GB0028974D0 (en)
WO (1) WO2002045346A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102014220462A1 (en) 2014-10-09 2016-04-14 Continental Automotive Gmbh Apparatus and method for monitoring network communication of a data network for a motor vehicle

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5878420A (en) * 1995-08-31 1999-03-02 Compuware Corporation Network monitoring and management system
EP0923211A2 (en) * 1997-12-10 1999-06-16 Radvision Ltd System and method for packet network trunking
US6085243A (en) * 1996-12-13 2000-07-04 3Com Corporation Distributed remote management (dRMON) for networks
US6108782A (en) * 1996-12-13 2000-08-22 3Com Corporation Distributed remote monitoring (dRMON) for networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5878420A (en) * 1995-08-31 1999-03-02 Compuware Corporation Network monitoring and management system
US6085243A (en) * 1996-12-13 2000-07-04 3Com Corporation Distributed remote management (dRMON) for networks
US6108782A (en) * 1996-12-13 2000-08-22 3Com Corporation Distributed remote monitoring (dRMON) for networks
EP0923211A2 (en) * 1997-12-10 1999-06-16 Radvision Ltd System and method for packet network trunking

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102014220462A1 (en) 2014-10-09 2016-04-14 Continental Automotive Gmbh Apparatus and method for monitoring network communication of a data network for a motor vehicle

Also Published As

Publication number Publication date
AU2002216191A1 (en) 2002-06-11
GB0028974D0 (en) 2001-01-10

Similar Documents

Publication Publication Date Title
CN106130766B (en) System and method for realizing automatic network fault analysis based on SDN technology
CN106130796B (en) SDN network topology traffic visualization monitoring method and control terminal
US6385197B1 (en) Virtual port trunking method and apparatus
US5982753A (en) Method of testing a switched local area network
Claffy et al. A parameterizable methodology for Internet traffic flow profiling
Caceres et al. Measurement and analysis of IP network usage and behavior
Van Adrichem et al. Opennetmon: Network monitoring in openflow software-defined networks
US5886643A (en) Method and apparatus for discovering network topology
CN1875585B (en) Dynamic unknown L2 flooding control with MAC limits
JP5300076B2 (en) Computer system and computer system monitoring method
US6934292B1 (en) Method and system for emulating a single router in a switch stack
DE602004010526T2 (en) METHOD AND DEVICE FOR ADAPTIVE ROUTES ON A FLOW BASE IN MULTI-STAGE DATA NETWORKS
US6385204B1 (en) Network architecture and call processing system
US20050190695A1 (en) Intelligent collaboration across network systems
CN110266556A (en) The method and system of service exception in dynamic detection network
EP2215489A1 (en) Scalable connectivity fault management in a bridged/virtual private lan service environment
JP2000155736A (en) Method for distributing service request and address converting device
US7908369B2 (en) Method of collecting descriptions of streams pertaining to streams relating to at least one client network attached to an interconnection network
CN111726410B (en) Programmable real-time computing and network load sensing method for decentralized computing network
WO2002045346A1 (en) Network management
CN111800311B (en) Real-time sensing method for decentralized computing state
Chen et al. Concise retrieval of flow statistics for software-defined networks
Cisco Network Management
Shiyong et al. Network monitoring in broadband network
Cisco TrafficDirector Overview

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP