System wide flow aggregation process for aggregating network activity records
First Claim
1. A method for collecting data from network entities for a data consuming application, comprising:
- receiving network activity records from a plurality of data collectors, each of the data collectors coupled to a different one of the network entities; and
aggregating related ones of the received network activity records into an aggregated network activity record.
8 Assignments
0 Petitions
Accused Products
Abstract
A system for collecting and aggregating data from network entities for a data consuming application is described. The system includes a data collector layer to receive network flow information from the network entities and to produce records based on the information. The system also includes a flow aggregation layer fed from the data collection layer and coupled to a storage device. The flow aggregation layer receiving records produced by the data collector layer and aggregates received records. The system can also include an equipment interface layer coupled to the data collector layer and a distribution layer to obtain selected information stored in the storage device and to distribute the select information to a requesting, data consuming application.
399 Citations
36 Claims
-
1. A method for collecting data from network entities for a data consuming application, comprising:
-
receiving network activity records from a plurality of data collectors, each of the data collectors coupled to a different one of the network entities; and
aggregating related ones of the received network activity records into an aggregated network activity record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 24, 27, 28)
determining if a first one of the network activity records may be correlated with a second one of the network activity records.
-
-
3. The method of claim 2, further comprising:
correlating the first one of the network activity records with a second one of the network activity records.
-
4. The method of claim 3, wherein each of the first and second ones of the network activity records includes an identifier portion and a metrics portion.
-
5. The method of claim 4, wherein correlating comprises:
determining a match between the identifier portion in the first one of the network activity records and the identifier portion in the second one of the network activity records.
-
6. The method of claim 5 wherein the identifier portion includes descriptors and wherein determining comprises:
-
explicitly matching one or more of the descriptors in the identifier portion of the first one of the network activity records with one or more of the descriptors in the identifier portion of the second one of the network activity records; and
implicitly matching one or more of the descriptors in the identifier portion of the first one of the network activity records with one or more of the descriptors in the identifier portion of the second one of the network activity records.
-
-
7. The method of claim 6 wherein correlating further comprises:
marking the first and second ones of the network activity records as candidates for aggregation based on the explicit matching of the one or more descriptors.
-
8. The method of claim 1 wherein aggregating comprises:
merging an identifier portion in the first one of the network activity records with an identifier portion in the second one of the network activity records.
-
9. The method of claim 8 wherein aggregating further comprises:
aggregating a metrics portion in the first one of the network activity records with the metrics portion in the second one of the network activity records.
-
10. The method of claim 7, wherein the aggregating comprises:
merging the identifier portion in the first one of the network activity records with the identifier portion in the second one of the network activity records.
-
11. The method of claim 10, wherein merging comprises:
-
saving the explicitly matched descriptors; and
selectively saving one or more of the implicitly matched descriptors.
-
-
12. The method of claim 11, wherein selectively saving comprises:
using an aggregation policy to determine which of the implicitly matched descriptors to save.
-
13. The method of claim 12, wherein merging further comprises:
discarding the nonmatched descriptors.
-
14. The method of claim 10, where aggregating further comprises:
aggregating the metrics portion in the first one of the network activity records with the metrics portion in the second one of the network activity records.
-
15. The method of claim 14, further comprising:
storing the aggregated network activity record in an aggregation store for a predetermined time period, the aggregation network activity record being available within the predetermined time period for further correlation and aggregation with other network activity records.
-
16. The method of claim 4, further comprising:
enhancing the first one of the network activity records to permit the correlation.
-
17. The method of claim 16, wherein enhancing comprises:
adding supplemental information to the identifier portion in the first one of the network activity records.
-
18. The method of claim 17, wherein enhancing comprises:
collecting the supplemental information from a different one of the data collectors.
-
19. The method of claim 1 wherein aggregating related ones of the received network activity records into an aggregated network activity record comprises merging related ones of the received network activity records into a single aggregated network activity record.
-
20. The method of claim 19 wherein merging related ones of the received network activity records into a single aggregated network activity record comprises assigning a new header to the network activity record.
-
24. The system of claim 2 wherein the network activity records include an identifier portion and a metrics portion.
-
27. The system of claim 2 wherein said flow aggregation processor merges related ones of the received network activity records into a single aggregated network activity record.
-
28. The system of claim 27 wherein said flow aggregation process assigns a new header to the single aggregated network activity record.
-
21. A system for collecting data from network entities for a data consuming application, comprising:
-
a plurality of data collectors for receiving information from the network entities, each data collector in the plurality of data collectors being associated with a different one of the network entities and producing network activity records based on the information received from the associated different one of the network entities; and
a flow aggregation processor coupled to the plurality of data collectors, the flow aggregation processor receiving the network activity records produced by the plurality of the data collectors and aggregating related ones of the received network activity records into an aggregated network activity record. - View Dependent Claims (22, 23, 25, 26)
-
-
29. A computer program product residing on a computer-readable medium for collecting data from network entities for a data consuming application, comprising instructions to cause a computer to:
-
receive network activity records from a plurality of data collectors, each of the data collectors coupled to a different one of the network entities; and
aggregate related ones of the received network activity records into an aggregated network activity record. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
determine if a first one of the network activity records may be correlated with a second one of the network activity records.
-
-
31. The computer program of claim 29, wherein instructions to aggregate further comprise instructions to cause a computer to:
correlate the first one of the network activity records with a second one of the network activity records.
-
32. The computer program of claim 29 wherein the network activity records include an identifier portion and a metrics portion.
-
33. The computer program of claim 32 wherein instructions to aggregate further comprise instructions to cause a computer to:
determine a match between the identifier portion in the first one of the network activity records and the identifier portion in the second one of the network activity records.
-
34. The computer program of claim 33 wherein the identifier portion includes descriptors and wherein instructions to determine comprises instructions to:
-
explicitly match one or more of the descriptors in the identifier portion of the first one of the network activity records with one or more of the descriptors in the identifier portion of the second one of the network activity records; and
implicitly match one or more of the descriptors in the identifier portion of the first one of the network activity records with one or more of the descriptors in the identifier portion of the second one of the network activity records.
-
-
35. The computer program product of claim 29 wherein said instructions that aggregate related ones of the received network activity records into an aggregated network, activity record aggregate the related ones of the received network activity into a single aggregated network activity record.
-
36. The computer program product of claim 35 wherein said instructions assign a new header to the single aggregated network activity record.
Specification