METHOD AND SYSTEM FOR ANNOTATING NETWORK FLOW INFORMATION
1 Assignment
0 Petitions
Accused Products
Abstract
A scalable flow monitoring solution takes in standard flow records exported from network devices such as routers, switches, firewalls, hubs, etc., and annotates the flow with additional information. This information is derived from a number of sources, including Border Gateway Protocol (BGP), Simple Network Management Protocol (SNMP), user configuration, and other, intelligent flow analysis. These annotations add information to the flow data, and can be used to perform value-added flow analysis. The annotated flow is then resent to a configurable set of destinations using standard flow formatting, e.g., Cisco System Inc.'"'"'s NetFlow, in one implementation. This allows the annotated flow to be processed and the enhanced information to be used by other flow analysis tools and existing flow analysis infrastructure.
-
Citations
47 Claims
-
1-27. -27. (canceled)
-
28. A method, comprising:
-
receiving data packet flow information from a first network device in a first network monitoring device; analyzing the received data packet flow information in the first network monitoring device to determine information to be annotated in the received data packet flow information; encoding in the received data packet flow the determined information to be annotated in the first network monitoring device; and distributing the received data packet flow having the annotated information from the first network monitoring device to a second network monitoring device according to a distribution list provided in the first network device. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A method, comprising:
-
receiving data packet flow information from a first network device in a first network monitoring device; analyzing the received data packet flow information in the first network monitoring device to determine information to be annotated in the received data packet flow information; encoding in the received data packet flow the determined information to be annotated in the first network monitoring device, the annotated information selected from the group consisting of;
Border Gateway Protocol (BGP) attributes, Simple Network Management Protocol (SNMP) attributes, payload attributes, Virtual Local Area Network (VLAN) attributes, attributes relating to data flow traffic based upon user configuration information, attributes relating to network topology, signature detection attributes, network topology attributes and signature detection attributes;distributing the received data packet flow having the annotated information from the first network monitoring device to a second network monitoring device according to a distribution list provided in the first network device; receiving in a second network monitoring device the data packet flow information having the annotated information distributed from the first network monitoring device; analyzing the received data packet flow information having the annotated information in the second network monitoring device to determine additional information to be annotated in the received data packet flow information having the annotated information; and encoding in the received data packet flow having the annotated information the determined additional information to be annotated in the second network monitoring device. - View Dependent Claims (38, 39)
-
-
40. A communication system, comprising:
a first network monitor device including; a flow analysis engine adapted and configured to; receive data packet flow information from a first network device; analyze the received data packet flow information to determine information to be annotated in the received data packet flow information; an encoding and distribution engine adapted and configured to; encode in the received data packet flow the determined information to be annotated; and distribute the received data packet flow having the annotated information to a second network monitoring device in a communications network according to a distribution list provided in the encoding and distribution engine. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
Specification