Automatic Network Topology Detection and Modeling
First Claim
1. A network monitoring system comprising:
- one or more monitoring probes coupled to network interfaces, the probes capable of capturing data packets from the network interfaces,the monitoring probes further comprising one or more topology analyzers capable of receiving the captured data packets and comparing the captured data packets to a known network element list, the topology analyzers capable of identifying new network elements that are not on the known network element list,the monitoring probes further comprising a probe topology agent capable of receiving data from the topology analyzers regarding the new network elements and resolving overlapping detections of a same new network element from different topology analyzers; and
a monitoring system server coupled to one or more probes,the monitoring system comprising a server topology agent coupled to probe topology agents on the one or more probes, the server topology agent capable of receiving data from the probe topology agents regarding the new network elements and resolving overlapping detections of the same new network element from different probe topology agents,the monitoring system server further comprising a topology maintenance agent capable of maintaining current network topology information, the topology maintenance agent capable of providing updated network element lists to the probe topology analyzers.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for identifying the topology of a network is disclosed. One or more monitoring probes capture data packets from network interfaces. Network elements, such as physical ports, physical links, network nodes, logical links, and SCTP associations, are identified from the captured data packets. A data model is created for storing the network elements, including the physical ports, physical links, network nodes, logical links, and SCTP associations. The data model also stores associations between the network elements. The monitoring probes pass network element data to a monitoring server. A topology agent in each monitoring probe identifies duplicates of previously detected network elements within the probe. A topology agent in the monitoring system server identifies duplicates of previously detected network elements within the monitoring system server.
-
Citations
18 Claims
-
1. A network monitoring system comprising:
-
one or more monitoring probes coupled to network interfaces, the probes capable of capturing data packets from the network interfaces, the monitoring probes further comprising one or more topology analyzers capable of receiving the captured data packets and comparing the captured data packets to a known network element list, the topology analyzers capable of identifying new network elements that are not on the known network element list, the monitoring probes further comprising a probe topology agent capable of receiving data from the topology analyzers regarding the new network elements and resolving overlapping detections of a same new network element from different topology analyzers; and a monitoring system server coupled to one or more probes, the monitoring system comprising a server topology agent coupled to probe topology agents on the one or more probes, the server topology agent capable of receiving data from the probe topology agents regarding the new network elements and resolving overlapping detections of the same new network element from different probe topology agents, the monitoring system server further comprising a topology maintenance agent capable of maintaining current network topology information, the topology maintenance agent capable of providing updated network element lists to the probe topology analyzers. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage medium comprising instructions for controlling a monitoring system to identify a network topology based upon data packets captured from network interfaces, wherein the instructions, when executed, cause a processor to perform actions comprising:
-
receiving data packets from a plurality of monitoring probes; identifying network elements associated with the data packets; and determining whether the network elements were already identified and are in a list of known network elements. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method for identifying the topology of a network, comprising:
-
capturing, via one or more monitoring probes, data packets from network interfaces; identifying one or more physical ports in the network from the data packets; storing data for each physical port in a topology data model; identifying one or more physical links in the network from the data packets; storing data for each physical link in the topology data model, each physical link associated with one or more physical ports in the topology data model; identifying one or more network nodes in the network from the data packets; storing data for each network node in the topology data model, wherein one or more of the network nodes are associated with one or more physical links in the topology data model; identifying one or more logical links in the network from the data packets; storing data for each logical link in the topology data model, wherein one or more of the logical links are associated with two or more network nodes in the topology data model; identifying one or more SCTP associations in the network from the data packets; and storing data for each SCTP association in the topology data model, wherein one or more of the SCTP associations are paired with one of the logical links in the topology data model. - View Dependent Claims (15, 16, 17, 18)
-
Specification