Collecting and reporting monitoring data from remote network probes
First Claim
Patent Images
1. A method for collecting and reporting monitoring data for network traffic accumulated by a plurality of remote probes, comprising:
- making a series of polls to each prove of the plurality for lists of monitoring data;
receiving the lists of monitoring data from each probe, each lists having traffic count values, each traffic count value being identified by a sampling time, a source address, a destination address and a probe;
calculating the traffic observed by each probe between successive sampling times; and
apportioning the calculated traffic data for each probe among a single set of consecutive temporal intervals.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for collecting and reporting monitored data for network traffic, which has been accumulated by a plurality of remote probes. The method includes making a series of polling requests for lists of monitoring data to each probe and receiving the requested lists. Each list has traffic count values that are identified by at least a sampling time, a source address, a destination address and a probe identifier. The method also includes calculating the traffic observed by each probe between successive sampling times and apportioning the calculated traffic data among a single set of consecutive temporal intervals and selecting best counts to avoid overcounting.
95 Citations
32 Claims
-
1. A method for collecting and reporting monitoring data for network traffic accumulated by a plurality of remote probes, comprising:
-
making a series of polls to each prove of the plurality for lists of monitoring data;
receiving the lists of monitoring data from each probe, each lists having traffic count values, each traffic count value being identified by a sampling time, a source address, a destination address and a probe;
calculating the traffic observed by each probe between successive sampling times; and
apportioning the calculated traffic data for each probe among a single set of consecutive temporal intervals. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
storing the apportioned traffic data to a database, the stored data being grouped by the temporal interval, address pair, and probe identity.
-
-
6. The method of claim 5, further comprising:
finding best probes for selected address pairs from the stored traffic data in response to a request for a traffic report for the selected address pairs.
-
7. The method of claim 6, further comprising:
reporting the stored traffic data for the best probes in response to the request for a traffic report.
-
8. The method of claim 6, wherein each step of finding comprises:
scanning the stored data to determine which probe observed the most traffic for the associated address pair in a preselected range of temporal intervals.
-
9. The method of claim 8, wherein the step of scanning determines which probe observed the most traffic by comparing summed data packet counts for probes.
-
10. The method of claim 5, wherein the traffic data is further grouped by traffic protocols.
-
11. The method of claim 1, wherein the traffic count values include one of counter values for data packet counts and counter values for data byte counts.
-
12. A method of recording and reporting network traffic data, comprising:
-
collecting monitoring data from a plurality of remote probes, the monitoring data from first and second portions of the probes corresponding to non-aligned sampling times;
processing the collected data to produce traffic data for a single set of consecutive temporal intervals; and
storing the traffic data to a database, entries of the database being grouped together by the temporal intervals, the monitoring probe identifiers and address pairs. - View Dependent Claims (13, 14, 15, 16, 17)
calculating traffic data for sampling intervals by subtracting probe counter values at successive sampling times; and
apportioning the traffic data for sampling intervals among the temporal intervals, the amount of traffic attributed to a particular temporal interval being proportional to the overlap between the associated sampling interval and the particular temporal interval.
-
-
14. The method of claim 12, further comprising:
scanning the stored traffic data to determine which probes observed the most traffic for each of a selected set of address pairs in response to a request for a traffic report for the selected set of address pairs.
-
15. The method of claim 14, further comprising:
reporting the stored traffic data for the probes that observed the most data in response to the request for a traffic report.
-
16. The method of claim 14, wherein the step of scanning determines which probe observed the most traffic by comparing summed data packet counts for the various probes.
-
17. The method of claim 14, wherein the steps of scanning make a limited scan of the database for the traffic data from a portion of the probes, the portion of the probes being fixed by the request for a traffic report.
-
18. A method for collecting and reporting network traffic, comprising:
-
receiving monitoring data from a plurality of remote probes, the sampling times for the monitoring data of at least one of the probes not coinciding with the sampling times of the other probes;
calculating traffic for sampling intervals from the monitoring data of each probe; and
processing the calculated traffic data to produce traffic data apportioned among a single set of temporal intervals pro rata according to the overlap between the associated sampling intervals and the temporal intervals. - View Dependent Claims (19, 20)
storing the processed traffic data to a database in hierarchical groups organized by temporal interval and source and destination address pair.
-
-
20. The method of claim 19, further comprising:
scanning the database to find the probes that observed the most traffic between selected pairs of addresses in response to a request for a traffic report on the selected pairs of addresses.
-
21. A storage medium encoding an executable program of instructions for a method of collecting and reporting monitoring data for network traffic data accumulated by a plurality of remote probes, the instructions comprising:
-
making a series of polls for lists of monitoring data to each probe of the plurality;
receiving the lists of monitoring data from each probe, each list having traffic count values identified by at least a sampling time, a source address, a destination address and a probe;
calculating the traffic observed by each probe between successive sampling times; and
apportioning the calculated traffic data among a single set of consecutive temporal intervals. - View Dependent Claims (22, 23, 24, 25, 26, 27)
storing the apportioned traffic data to a database, the stored data being grouped by the temporal interval, address pair, and probe identity.
-
-
25. The medium of claim 24, the instructions further comprising:
finding best probes for selected address pairs from the stored traffic data in response to a request for a traffic report for the selected address pairs.
-
26. The medium of claim 25, the instructions further comprising:
reporting the stored traffic data for the best probes in response to the request for a traffic report.
-
27. The medium of claim 26, wherein the instructions for finding comprises:
scanning the stored data to determine which probe observed the most traffic for the associated address pair in a preselected range of temporal intervals.
-
28. A storage medium encoding an executable program of instructions for collecting and reporting network traffic data, the instructions comprising:
-
collecting traffic monitoring data from a plurality of remote probes, the monitoring data from first and second portions of the probes corresponding the non-aligned sampling times;
processing the collected data to produce traffic data for a single set of consecutive temporal intervals; and
storing the traffic data to a database with entries being grouped together by the temporal intervals, the monitoring probe identifiers and address pairs. - View Dependent Claims (29, 30, 31, 32)
calculating traffic data for sampling intervals by subtracting probe counter values at successive sampling times; and
apportioning the traffic data for sampling intervals among the temporal intervals, the amount of traffic attributed to a particular temporal interval being proportional to the overlap between the associated sampling interval and the particular temporal interval.
-
-
30. The medium of claim 28, the instructions further comprising:
scanning the stored traffic data to determine which probes observed the most traffic for each of a selected set of address pairs in response to a request for a traffic report for the selected set of address pairs.
-
31. The medium of claim 30, the instructions further comprising:
reporting the stored traffic data for the probes that observed the most data in response to the request for a traffic report.
-
32. The medium of claim 30, wherein the instructions of scanning make a limited scan of the database restricted to the traffic data for a portion of the probes, the portion of the probes being fixed by the request for a traffic report.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeComputer Associates Think Inc. (Broadcom, Inc.)
-
Original AssigneeConcord Communications Incorporated (Broadcom, Inc.)
-
InventorsCarey, Bradley S., Wolf, Jay B., Lauer, Will C., Stabile, Lawrence A.
-
Primary Examiner(s)Holloway, III, Edwin C.
-
Application NumberUS09/293,021Time in Patent Office858 DaysField of Search370/253, 370/252, 370/232, 370/449, 709/224, 710/46, 710/220, 340/825.08, 340/825.15, 707/10, 706/50, 714/39, 714/43US Class Current370/253CPC Class CodesH04L 43/022 by samplingH04L 43/06 Generation of reportsH04L 43/0894 Packet rateH04L 43/12 Network monitoring probesH04L 43/16 Threshold monitoring
