EVENT CORRELATION USING NETWORK DATA FLOW SIMULATION OVER UNMANAGED NETWORK SEGMENTS

US 20090122710A1
Filed: 11/08/2007
Published: 05/14/2009
Est. Priority Date: 11/08/2007
Status: Active Grant

First Claim

Patent Images

1. A network simulator comprising:

a virtual network that models a network that comprises one or more managed portions and one or more unmanaged portions;

wherein the virtual network comprises a plurality of virtual network elements (VNEs) that correspond to a plurality of network elements in the network;

logic encoded in one or more tangible media for execution and, when executed, operable to perform;

receiving first data that indicates an event occurred in the network;

in response to the first data, initiating a network flow at a source VNE corresponding to a source network device toward a destination VNE corresponding to a destination network device;

traversing one or more first physical topological links between the source VNE and the destination VNE;

before the network flow arrives at the destination VNE, determining that a first VNE is communicatively coupled to a particular VNE in a portion of the virtual network and that a physical topological link from the first VNE toward the destination VNE is not available, wherein the particular VNE corresponds to one of the one or more unmanaged portions of the network;

in response to the determining that the first VNE is communicatively coupled to the particular VNE and that a physical topological link from the first VNE toward the destination VNE is not available, identifying and traversing a logical topological link to a second VNE;

after traversing the logical topological link to the second VNE, identifying second data that is associated with the unmanaged portion of the network; and

storing, in association, the first data and the second data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network simulator comprises a virtual network and event correlation logic. The virtual model models a network that comprises a managed portion and an unmanaged portion. The event correlation logic, when executed, is operable to perform receiving first data indicating that an event occurred in the network. A network flow is initiated at a source virtual network element (VNE) corresponding to the source network device toward a destination VNE corresponding to the destination network device. A first VNE is communicatively coupled to a particular VNE corresponding to an unmanaged portion of the network. A logical topological link to a second VNE is identified and traversed. Second data that is associated with the unmanaged portion of the network is identified. As a result, the first data is stored in association with the second data.

244 Citations

26 Claims

1. A network simulator comprising:
- a virtual network that models a network that comprises one or more managed portions and one or more unmanaged portions;
  
  wherein the virtual network comprises a plurality of virtual network elements (VNEs) that correspond to a plurality of network elements in the network;
  
  logic encoded in one or more tangible media for execution and, when executed, operable to perform;
  
  receiving first data that indicates an event occurred in the network;
  
  in response to the first data, initiating a network flow at a source VNE corresponding to a source network device toward a destination VNE corresponding to a destination network device;
  
  traversing one or more first physical topological links between the source VNE and the destination VNE;
  
  before the network flow arrives at the destination VNE, determining that a first VNE is communicatively coupled to a particular VNE in a portion of the virtual network and that a physical topological link from the first VNE toward the destination VNE is not available, wherein the particular VNE corresponds to one of the one or more unmanaged portions of the network;
  
  in response to the determining that the first VNE is communicatively coupled to the particular VNE and that a physical topological link from the first VNE toward the destination VNE is not available, identifying and traversing a logical topological link to a second VNE;
  
  after traversing the logical topological link to the second VNE, identifying second data that is associated with the unmanaged portion of the network; and
  
  storing, in association, the first data and the second data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The network simulator of claim 1, wherein the event is a logical link between the source network device and the destination network device in the network becoming unavailable.
  - 3. The network simulator of claim 1, wherein storing the first data and the second data includes determining that a network event reflected in the second data is a cause of a network event reflected in the first data.
  - 4. The network simulator of claim 1, wherein the logic includes additional logic that, when executed, is further operable to perform:
    - before identifying the second data, traversing one or more second physical topological links from the second VNE toward the first VNE.
  - 5. The network simulator of claim 1, wherein the logic includes additional logic that, when executed, is further operable to perform:
    - for each physical topological link of the one or more physical topological links, determining whether a VNE, at which said each physical topological link is identified, includes third data that indicates a logical topological link from the VNE to another VNE; and
      
      when the VNE includes the data, storing, in association with the network flow, an identifier of the VNE.
  - 6. The network simulator of claim 1, wherein the topology of the plurality of VNEs is equivalent to the topology of the plurality of network elements.
  - 7. The network simulator of claim 1, wherein each VNE in the plurality of VNEs is associated with the same routing logic as is stored in the network element that corresponds to said each VNE.
  - 8. The network simulator of claim 1, wherein each VNE in the plurality of VNEs is associated with the same historical information as is stored in the network element that corresponds to said each VNE.

9. A method comprising:
- receiving first data that indicates an event occurred in the network, wherein the network comprises one or more managed portions and one or more unmanaged portions;
  
  wherein a virtual network models the network;
  
  wherein the virtual network comprises a plurality of virtual network elements (VNEs) that correspond to a plurality of network elements in the network;
  
  in response to the first data, initiating a network flow at a source VNE corresponding to a source network device toward a destination VNE corresponding to a destination network device;
  
  traversing one or more first physical topological links between the source VNE and the destination VNE;
  
  before the network flow arrives at the destination VNE, determining that a first VNE is communicatively coupled to a particular VNE in a portion of the virtual network and that a physical topological link from the first VNE toward the destination VNE is not available, wherein the particular VNE corresponds to one of the one or more unmanaged portions of the network;
  
  in response to the determining that the first VNE is communicatively coupled to the particular VNE and that a physical topological link from the first VNE toward the destination VNE is not available, identifying and traversing a logical topological link to a second VNE;
  
  after traversing the logical topological link to the second VNE, identifying second data that is associated with the unmanaged portion of the network; and
  
  storing, in association, the first data and the second data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the event is a logical link between the source network device and the destination network device in the network becoming unavailable.
  - 11. The method of claim 9, wherein storing the first data and the second data includes determining that a network event reflected in the second data is a cause of a network event reflected in the first data.
  - 12. The method of claim 9, further comprising, before identifying the second data, traversing one or more second physical topological links from the second VNE toward the first VNE.
  - 13. The method of claim 9, further comprising:
    - for each physical topological link of the one or more physical topological links, determining whether a VNE, at which said each physical topological link is identified, includes third data that indicates a logical topological link from the VNE to another VNE; and
      
      when the VNE includes the data, storing, in association with the network flow, an identifier of the VNE.
  - 14. The network of claim 9, wherein the topology of the plurality of VNEs is equivalent to the topology of the plurality of network elements.
  - 15. The method of claim 9, wherein each VNE in the plurality of VNEs is associated with the same routing logic as is stored in the network element that corresponds to said each VNE.
  - 16. The method of claim 9, wherein each VNE in the plurality of VNEs is associated with the same historical information as is stored in the network element that corresponds to said each VNE.

17. A computer-readable medium carrying instructions which, when executed by one or more processors, causes the one or more processors to perform the steps of:
- receiving first data that indicates an event occurred in the network, wherein the network comprises one or more managed portions and one or more unmanaged portions;
  
  wherein a virtual network models the network;
  
  wherein the virtual network comprises a plurality of virtual network elements (VNEs) that correspond to a plurality of network elements in the network;
  
  in response to the first data, initiating a network flow at a source VNE corresponding to a source network device toward a destination VNE corresponding to a destination network device;
  
  traversing one or more first physical topological links between the source VNE and the destination VNE;
  
  before the network flow arrives at the destination VNE, determining that a first VNE is communicatively coupled to a particular VNE in a portion of the virtual network and that a physical topological link from the first VNE toward the destination VNE is not available, wherein the particular VNE corresponds to one of the one or more unmanaged portions of the network;
  
  in response to the determining that the first VNE is communicatively coupled to the particular VNE and that a physical topological link from the first VNE toward the destination VNE is not available, identifying and traversing a logical topological link to a second VNE;
  
  after traversing the logical topological link to the second VNE, identifying second data that is associated with the unmanaged portion of the network; and
  
  storing, in association, the first data and the second data.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer-readable medium of claim 17, wherein the event is a logical link between the source network device and the destination network device in the network becoming unavailable.
  - 19. The computer-readable medium of claim 17, wherein storing the first data and the second data includes determining that a network event reflected in the second data is a cause of a network event reflected in the first data.
  - 20. The computer-readable medium of claim 17, wherein execution of the instructions by the one or more processors further cause the one or more processors to perform the step of, before identifying the second data, traversing one or more second physical topological links from the second VNE toward the first VNE.
  - 21. The computer-readable medium of claim 17, wherein execution of the instructions by the one or more processors further cause the one or more processors to perform the steps of:
    - for each physical topological link of the one or more physical topological links, determining whether a VNE, at which said each physical topological link is identified, includes third data that indicates a logical topological link from the VNE to another VNE; and
      
      when the VNE includes the data, storing, in association with the network flow, an identifier of the VNE.
  - 22. The computer-readable medium of claim 17, wherein the topology of the plurality of VNEs is equivalent to the topology of the plurality of network elements.
  - 23. The computer-readable medium of claim 17, wherein each VNE in the plurality of VNEs is associated with the same routing logic as is stored in the network element that corresponds to said each VNE.
  - 24. The computer-readable medium of claim 17, wherein each VNE in the plurality of VNEs is associated with the same historical information as is stored in the network element that corresponds to said each VNE.

25. An apparatus comprising:
- means for receiving first data that indicates an event occurred in the network, wherein the network comprises one or more managed portions and one or more unmanaged portions;
  
  wherein a virtual network models the network;
  
  wherein the virtual network comprises a plurality of virtual network elements (VNEs) that correspond to a plurality of network elements in the network;
  
  means for initiating, in response to the first data, a network flow at a source VNE corresponding to a source network device toward a destination VNE corresponding to a destination network device;
  
  means for traversing one or more first physical topological links between the source VNE and the destination VNE;
  
  means for determining, before the network flow arrives at the destination VNE, that a first VNE is communicatively coupled to a particular VNE in a portion of the virtual network and that a physical topological link from the first VNE toward the destination VNE is not available, wherein the particular VNE corresponds to one of the one or more unmanaged portions of the network;
  
  means for identifying and traversing, in response to the determining that the first VNE is communicatively coupled to the particular VNE and that a physical topological link from the first VNE toward the destination VNE is not available, a logical topological link to a second VNE;
  
  means for identifying, after traversing the logical topological link to the second VNE, second data that is associated with the unmanaged portion of the network; and
  
  means for storing, in association, the first data and the second data.
- View Dependent Claims (26)
- - 26. The apparatus of claim 25, wherein the event is a logical link between the source network device and the destination network device in the network becoming unavailable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bar-Tor, Chen, Lawenthal, Harold

Granted Patent

US 8,848,544 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/250
CPC Class Codes

H04L 41/0631   using root cause analysis; ...

H04L 41/12   Discovery or management of ...

H04L 41/14   Network analysis or design

H04L 41/145   involving simulating, desig...

H04L 41/40   using virtualisation of net...

EVENT CORRELATION USING NETWORK DATA FLOW SIMULATION OVER UNMANAGED NETWORK SEGMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

244 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

EVENT CORRELATION USING NETWORK DATA FLOW SIMULATION OVER UNMANAGED NETWORK SEGMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

244 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links