System wide flow aggregation process for aggregating network activity records

US 6,751,663 B1
Filed: 03/25/1999
Issued: 06/15/2004
Est. Priority Date: 03/25/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for collecting data from network entities for a data consuming application, comprising:

receiving network activity records from a plurality of data collectors, each of the data collectors coupled to a different one of the network entities; and

aggregating related ones of the received network activity records into an aggregated network activity record.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for collecting and aggregating data from network entities for a data consuming application is described. The system includes a data collector layer to receive network flow information from the network entities and to produce records based on the information. The system also includes a flow aggregation layer fed from the data collection layer and coupled to a storage device. The flow aggregation layer receiving records produced by the data collector layer and aggregates received records. The system can also include an equipment interface layer coupled to the data collector layer and a distribution layer to obtain selected information stored in the storage device and to distribute the select information to a requesting, data consuming application.

399 Citations

36 Claims

1. A method for collecting data from network entities for a data consuming application, comprising:
- receiving network activity records from a plurality of data collectors, each of the data collectors coupled to a different one of the network entities; and
  
  aggregating related ones of the received network activity records into an aggregated network activity record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 24, 27, 28)
- - 2. The method of claim 1, further comprising:
3. The method of claim 2, further comprising:
- correlating the first one of the network activity records with a second one of the network activity records.
4. The method of claim 3, wherein each of the first and second ones of the network activity records includes an identifier portion and a metrics portion.
5. The method of claim 4, wherein correlating comprises:
- determining a match between the identifier portion in the first one of the network activity records and the identifier portion in the second one of the network activity records.
6. The method of claim 5 wherein the identifier portion includes descriptors and wherein determining comprises:
- explicitly matching one or more of the descriptors in the identifier portion of the first one of the network activity records with one or more of the descriptors in the identifier portion of the second one of the network activity records; and
  
  implicitly matching one or more of the descriptors in the identifier portion of the first one of the network activity records with one or more of the descriptors in the identifier portion of the second one of the network activity records.
7. The method of claim 6 wherein correlating further comprises:
- marking the first and second ones of the network activity records as candidates for aggregation based on the explicit matching of the one or more descriptors.
8. The method of claim 1 wherein aggregating comprises:
- merging an identifier portion in the first one of the network activity records with an identifier portion in the second one of the network activity records.
9. The method of claim 8 wherein aggregating further comprises:
- aggregating a metrics portion in the first one of the network activity records with the metrics portion in the second one of the network activity records.
10. The method of claim 7, wherein the aggregating comprises:
- merging the identifier portion in the first one of the network activity records with the identifier portion in the second one of the network activity records.
11. The method of claim 10, wherein merging comprises:
- saving the explicitly matched descriptors; and
  
  selectively saving one or more of the implicitly matched descriptors.
12. The method of claim 11, wherein selectively saving comprises:
- using an aggregation policy to determine which of the implicitly matched descriptors to save.
13. The method of claim 12, wherein merging further comprises:
- discarding the nonmatched descriptors.
14. The method of claim 10, where aggregating further comprises:
- aggregating the metrics portion in the first one of the network activity records with the metrics portion in the second one of the network activity records.
15. The method of claim 14, further comprising:
- storing the aggregated network activity record in an aggregation store for a predetermined time period, the aggregation network activity record being available within the predetermined time period for further correlation and aggregation with other network activity records.
16. The method of claim 4, further comprising:
- enhancing the first one of the network activity records to permit the correlation.
17. The method of claim 16, wherein enhancing comprises:
- adding supplemental information to the identifier portion in the first one of the network activity records.
18. The method of claim 17, wherein enhancing comprises:
- collecting the supplemental information from a different one of the data collectors.
19. The method of claim 1 wherein aggregating related ones of the received network activity records into an aggregated network activity record comprises merging related ones of the received network activity records into a single aggregated network activity record.
20. The method of claim 19 wherein merging related ones of the received network activity records into a single aggregated network activity record comprises assigning a new header to the network activity record.
24. The system of claim 2 wherein the network activity records include an identifier portion and a metrics portion.
27. The system of claim 2 wherein said flow aggregation processor merges related ones of the received network activity records into a single aggregated network activity record.
28. The system of claim 27 wherein said flow aggregation process assigns a new header to the single aggregated network activity record.

21. A system for collecting data from network entities for a data consuming application, comprising:
- a plurality of data collectors for receiving information from the network entities, each data collector in the plurality of data collectors being associated with a different one of the network entities and producing network activity records based on the information received from the associated different one of the network entities; and
  
  a flow aggregation processor coupled to the plurality of data collectors, the flow aggregation processor receiving the network activity records produced by the plurality of the data collectors and aggregating related ones of the received network activity records into an aggregated network activity record.
- View Dependent Claims (22, 23, 25, 26)
- - 22. The system of claim 21 wherein the flow aggregation processor determines if a first one of the network activity records may be correlated with a second one of the network activity records.
  - 23. The system of claim 22 wherein the flow aggregation processor correlates the first one of the network activity records with a second one of the network activity records.
  - 25. The system of claim 21 wherein the flow aggregation processor determines whether a match exists between the identifier portion in a first one of the network activity records and the identifier portion in a second one of the network activity records.
  - 26. The system of claim 25 wherein the identifier portion includes descriptors and the flow aggregation processor explicitly matches one or more of the descriptors in the identifier portion of the first one of the network activity records with one or more of the descriptors in the identifier portion of the second one of the network activity records and implicitly matches one or more of the descriptors in the identifier portion of the first one of the network activity records with one of more of the descriptors in the identifier portion of the second one of the network activity records.

29. A computer program product residing on a computer-readable medium for collecting data from network entities for a data consuming application, comprising instructions to cause a computer to:
- receive network activity records from a plurality of data collectors, each of the data collectors coupled to a different one of the network entities; and
  
  aggregate related ones of the received network activity records into an aggregated network activity record.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
- - 30. The computer program of claim 29 wherein instructions to aggregate further comprise instructions to cause a computer to:
31. The computer program of claim 29, wherein instructions to aggregate further comprise instructions to cause a computer to:
- correlate the first one of the network activity records with a second one of the network activity records.
32. The computer program of claim 29 wherein the network activity records include an identifier portion and a metrics portion.
33. The computer program of claim 32 wherein instructions to aggregate further comprise instructions to cause a computer to:
- determine a match between the identifier portion in the first one of the network activity records and the identifier portion in the second one of the network activity records.
34. The computer program of claim 33 wherein the identifier portion includes descriptors and wherein instructions to determine comprises instructions to:
- explicitly match one or more of the descriptors in the identifier portion of the first one of the network activity records with one or more of the descriptors in the identifier portion of the second one of the network activity records; and
  
  implicitly match one or more of the descriptors in the identifier portion of the first one of the network activity records with one or more of the descriptors in the identifier portion of the second one of the network activity records.
35. The computer program product of claim 29 wherein said instructions that aggregate related ones of the received network activity records into an aggregated network, activity record aggregate the related ones of the received network activity into a single aggregated network activity record.
36. The computer program product of claim 35 wherein said instructions assign a new header to the single aggregated network activity record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Management L.P. (Avaya Incorporated)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Farrell, Kevin, Ball, Steven, Mahoney, II, Daniel O.
Primary Examiner(s)
Najjar, Saleh

Application Number

US09/276,309
Time in Patent Office

1,909 Days
Field of Search

709/223, 709/224
US Class Current

709/224
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/104 Grouping of entities

System wide flow aggregation process for aggregating network activity records

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

399 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

System wide flow aggregation process for aggregating network activity records

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

399 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links