TRAFFIC ANALYSIS OF DATA FLOWS

US 20110255408A1
Filed: 06/30/2011
Published: 10/20/2011
Est. Priority Date: 01/30/2009
Status: Active Grant

First Claim

Patent Images

1-23. -23. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device includes a memory, flow table logic, sampling logic, and a processing unit. The memory is configured to store a flow table that stores, as a number of entries, statistics regarding a number of data flows. The flow table logic is configured to generate records corresponding to data flows for which entries are created in the flow table or removed from the flow table. The sampling logic is configured to select one of the data flows for sampling and sample initial data units for the one of the data flows. The processing unit is configured to receive the records generated by the flow table logic, receive the initial data units sampled by the sampling logic, analyze the initial data units to generate analysis results, correlate the records and the analysis results associated with a same one of the data flows, and store the correlated records and analysis results.

17 Citations

View as Search Results

43 Claims

1-23. -23. (canceled)

24. A system, comprising:
- a plurality of network devices, each of the plurality of network devices to;
  
  aggregate information regarding data flows associated with data units received or transmitted by the network device without impacting throughput of the data units, andoutput the aggregated information; and
  
  a global traffic analyzer, connected to the plurality of network devices, to;
  
  collect the aggregated information from each of the plurality of network devices,store the aggregated information, andprovide information associated with a user interface, to facilitate searching and retrieval of information from the stored, aggregated information.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The system of claim 24, where the aggregated information includes:
    - information regarding active and terminated data flows, andinformation regarding sampled data units of at least one of the active or terminated data flows.
  - 26. The system of claim 24, where the aggregated information, aggregated by a particular network device, is associated with all data flows associated with data units received by the particular network device.
  - 27. The system of claim 24, where the aggregated information, aggregated by a particular network device, is associated with all data flows associated with data units transmitted by the particular network device.
  - 28. The system of claim 24, where the global traffic analyzer is further to:
    - receive a search query;
      
      identify matching information, from the stored, aggregated information; and
      
      present the matching information via the user interface.
  - 29. The system of claim 28, where when receiving the search query, the global traffic analyzer is to:
    - receive the search query via the user interface.
  - 30. The system of claim 24, where the global traffic analyzer is further to:
    - identify, in the collected aggregated information from two or more of the network devices, of the plurality of network devices, a particular data flow; and
      
      where, when storing the aggregated information, the global traffic analyzer is to;
      
      store information that identifies the particular data flow.

31. A non-transitory computer-readable memory device storing instructions that are executable by a processor, the instructions comprising:
- one or more instructions to collect aggregated information from each of a plurality of network devices,where the aggregated information from a particular one of the network devices includes information regarding data flows associated with data units received or transmitted by the particular network device without impacting throughput of the data units,one or more instructions to store the aggregated information, andone or more instructions to provide information associated with a user interface, to facilitate searching and retrieval of information from the stored, aggregated information.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The non-transitory computer-readable memory device of claim 31, where the aggregated information includes:
    - information regarding active and terminated data flows, andinformation regarding sampled data units of at least one of the active or terminated data flows.
  - 33. The non-transitory computer-readable memory device of claim 31, where the aggregated information, aggregated by the particular network device, is associated with all data flows associated with data units received by the particular network device.
  - 34. The non-transitory computer-readable memory device of claim 31, where the aggregated information, aggregated by the particular network device, is associated with all data flows associated with data units transmitted by the particular network device.
  - 35. The non-transitory computer-readable memory device of claim 31, further comprising:
    - one or more instructions to receive a search query;
      
      one or more instructions to identify matching information, from the stored, aggregated information; and
      
      one or more instructions to present the matching information via the user interface.
  - 36. The non-transitory computer-readable memory device of claim 35, where the one or more instructions to receiving the search query, include:
    - one or more instructions to receive the search query via the user interface.
  - 37. The non-transitory computer-readable memory device of claim 31, further comprising:
    - one or more instructions to identify, in the collected aggregated information from two or more of the network devices, of the plurality of network devices, a particular data flow; and
      
      where the one or more instructions to store the aggregated information include;
      
      one or more instructions to store information that identifies the particular data flow.

38. A method, comprising:
- collecting, by one or more server devices, aggregated information from each of a plurality of network devices,where the aggregated information from a particular one of the network devices includes information regarding data flows associated with data units received or transmitted by the particular network device without impacting throughput of the data units;
  
  storing, by one or more server devices, the aggregated information, andproviding, by one or more server devices, information associated with a user interface, to facilitate searching and retrieval of information from the stored, aggregated information.
- View Dependent Claims (39, 40, 41, 42, 43)
- - 39. The method of claim 38, where the aggregated information includes:
    - information regarding active and terminated data flows, andinformation regarding sampled data units of at least one of the active or terminated data flows.
  - 40. The method of claim 38, where the aggregated information, aggregated by the particular network device, is associated with all data flows associated with data units received by the particular network device.
  - 41. The method of claim 38, where the aggregated information, aggregated by the particular network device, is associated with all data flows associated with data units transmitted by the particular network device.
  - 42. The method of claim 38, further comprising:
    - receiving a search query;
      
      identifying matching information, from the stored, aggregated information; and
      
      presenting the matching information via the user interface.
  - 43. The method of claim 38, further comprising:
    - identifying, in the collected aggregated information from two or more of the network devices, of the plurality of network devices, a particular data flow; and
      
      where storing the aggregated information includes;
      
      storing information that identifies the particular data flow.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Rowell, David, Kohn, Jack, Shi, Fuguang, AYBAY, Gunes

Granted Patent

US 9,485,155 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/235
CPC Class Codes

H04L 43/02   Capturing of monitoring data

H04L 43/04   Processing captured monitor...

H04L 43/0811   by checking connectivity

H04L 47/10   Flow control; Congestion co...

H04L 63/1458   Denial of Service

TRAFFIC ANALYSIS OF DATA FLOWS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

TRAFFIC ANALYSIS OF DATA FLOWS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links