Network manager SNMP trap suppression

US 20040205186A1
Filed: 04/11/2003
Published: 10/14/2004
Est. Priority Date: 04/11/2003
Status: Active Grant

First Claim

Patent Images

1. A method of suppressing, at a network management system, SNMP event trap messages from network nodes in a communication network, the method comprising the steps of:

counting, at the network management system, event trap messages received from each network node during a time interval; and

responsive to the count exceeding a threshold, ignoring all further event trap messages sent by that network node to the network management system until a predetermined suppression period has expired.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for controllably suppressing, at a network management system, SNMP event trap messages received from network nodes in a communications network are presented. The rate at which the traps are received from the network nodes is monitored and if the rate exceeds a threshold all subsequent traps received over a set time interval are not processed. The rate is calculated by counting received event traps over a time interval which is either preset or programmed. After the set time interval has passed all newly received traps are monitored. Information regarding traps received during the set time interval may be logged. Additionally, nodes from which excessive traps are received and indicating an event such as a Denial of Service (DoS) attack, are identified so that remedial action can be taken.

Citations

20 Claims

1. A method of suppressing, at a network management system, SNMP event trap messages from network nodes in a communication network, the method comprising the steps of:
- counting, at the network management system, event trap messages received from each network node during a time interval; and
  
  responsive to the count exceeding a threshold, ignoring all further event trap messages sent by that network node to the network management system until a predetermined suppression period has expired.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method as defined in claim 1 wherein the suppression period starts from a time at which the threshold is exceeded, after which expiration the network management system resumes processing messages sent by that network node.
  - 3. The method as defined in claim 1 wherein the time interval is a predetermined interval.
  - 4. The method as defined in claim 1 wherein the time interval is programmable.
  - 5. The method as defined in claim 1 wherein the threshold is specified on a per node basis.
  - 6. The method as defined in claim 1 wherein the threshold is specified based on the type of node from which the traps are received.
  - 7. The method as defined in claim 1 wherein the threshold is specified in accordance with type of trap message received from the network node.
  - 8. The method as defined in claim 1 wherein trap messages otherwise ignored are subject to an aging feature.
  - 9. The method as defined in claim 8 wherein the aging feature includes the recording of traps otherwise ignored and records are kept for each node that is sending traps so that the trap suppression function can be re-applied to those nodes.
  - 10. The method as defined in claim 9 wherein records pertaining to any given node are deleted after a time limit based on the time of the last trap received from that node has expired without any further traps being received.
  - 11. The method as defined in claim 1 wherein the network management system selectively logs all nodes that have exceeded their trap arrival rate threshold.
  - 12. The method as defined in claim 1 wherein the network management system selectively provides a notification with respect to nodes that have exceeded their trap arrival rate threshold.
  - 13. The method as defined in claim 12 wherein the notification is and alarm.
  - 14. The method as defined in claim 12 wherein the notification alerts an operator that a node has exceeded the threshold so that remedial action can be taken.

15. A system for suppressing, at a network management system, SNMP event trap messages received from network nodes in a communication network, the system comprising:
- a counter, at the network management system, for counting event trap messages received from each network node during a time interval; and
  
  means, responsive to the count exceeding a threshold, for ignoring all further event trap messages sent by that network node to the network management system until a predetermined suppression period has expired.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system as defined in claim 15 wherein the time interval has a predetermined value.
  - 17. The system as defined in claim 15 wherein the time interval is programmable.
  - 18. The system as defined in claim 15 further including means to log information regarding event traps which have been received at the network management system after the time interval has been exceeded.
  - 19. The system as defined in claim 18 having trap suppression legacy means to a set time limit for blocking traps after the time interval has been exceeded.
  - 20. The system as defined in claim 19 having aging means to set a parameters as to how long logging information is retained.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Alcatel SA (Nokia Corporation)
Inventors
Gaspard, Moise

Granted Patent

US 7,263,553 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/0622   based on time

H04L 43/16   Threshold monitoring

H04L 63/1458   Denial of Service

Network manager SNMP trap suppression

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network manager SNMP trap suppression

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links