Network manager SNMP trap suppression

US 7,263,553 B2
Filed: 04/11/2003
Issued: 08/28/2007
Est. Priority Date: 04/11/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of suppressing, at a network management system (NMS), SNMP event trap messages from network nodes in a communication network, the method comprising the steps of:

providing said NMS with a trap suppression function with a configurable set of parameters, said set of parameters including a maximum trap arrival rate per node and a trap suppression latency time;

counting, at the network management system, event trap messages received from each network node during a time interval; and

responsive to the count for a certain network node exceeding said maximum trap arrival rate, enabling said trap suppression function for droping all further event trap messages sent by that network node to the network management system until said trap suppression latency time has expired.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for controllably suppressing, at a network management system, SNMP event trap messages received from network nodes in a communications network are presented. The rate at which the traps are received from the network nodes is monitored and if the rate exceeds a threshold all subsequent traps received over a set time interval are not processed. The rate is calculated by counting received event traps over a time interval which is either preset or programmed. After the set time interval has passed all newly received traps are monitored. Information regarding traps received during the set time interval may be logged. Additionally, nodes from which excessive traps are received and indicating an event such as a Denial of Service (DoS) attack, are identified so that remedial action can be taken.

30 Citations

View as Search Results

16 Claims

1. A method of suppressing, at a network management system (NMS), SNMP event trap messages from network nodes in a communication network, the method comprising the steps of:
- providing said NMS with a trap suppression function with a configurable set of parameters, said set of parameters including a maximum trap arrival rate per node and a trap suppression latency time;
  
  counting, at the network management system, event trap messages received from each network node during a time interval; and
  
  responsive to the count for a certain network node exceeding said maximum trap arrival rate, enabling said trap suppression function for droping all further event trap messages sent by that network node to the network management system until said trap suppression latency time has expired.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as defined in claim 1 wherein said trap suppression latency time starts from a time at which the maximum trap arrival rate is exceeded, after which expiration the network management system resumes processing event trap messages sent by that network node.
  - 3. The method as defined in claim 1 wherein said trap suppression latency time is programmable.
  - 4. The method as defined in claim 1 wherein the maximum trap arrival rate is specified based on the type of node from which the event trap message are received.
  - 5. The method as defined in claim 1 wherein the maximum trap arrival rate is specified in accordance with type of trap message received from the network node.
  - 6. The method as defined in claim 1 wherein said set of parameters further comprises an aging time for enabling back said trap suppression function after a predetermined time interval.
  - 7. The method as defined in claim 1 wherein said trap suppression function keeps a record of all periods when said trap suppression function has been enabled for each node that is sending traps.
  - 8. The method as defined in claim 7 wherein all records pertaining to any given node are deleted after a time measured from the last trap received from that node.
  - 9. The method as defined in claim 1 wherein the network management system selectively logs all nodes that have exceeded the respective maximum trap arrival rate.
  - 10. The method as defined in claim 1 wherein the network management system selectively provides a notification with respect to nodes that have exceeded their maximum trap arrival rate.
  - 11. The method as defined in claim 10 wherein the notification is an alarm.
  - 12. The method as defined in claim 10 wherein the notification alerts an operator that a node has exceeded the maximum trap arrival rate so that remedial action can be taken.

13. A trap suppression system for suppressing, at a network management system (NMS), SNMP event trap messages received from network nodes in a communication network, the system comprising:
- a trap suspension function for enabling or disabling processing of SNMP event trap messages received at said NMS from the nodes of said network;
  
  for each network node, a first counter measuring a trap suppression latency time specifying the amount of time during which said event trap messages should be blocked;
  
  a second counter, for counting event trap messages received from each network node during said respective trap suppression latency time interval; and
  
  means, responsive to the second count exceeding a maximum trap arrival rate, for identifying an offending node that sends an excessive number of event trap messages and enabling said trap suspension function to drop all further event trap messages sent by that of offending network node to the network management system until said trap suppression time has expired.
- View Dependent Claims (14, 15, 16)
- - 14. The system as defined in claim 13 wherein the trap suppression latency time is programmable.
  - 15. The system as defined in claim 13 further including means to log all periods when the maximum trap arrival rate has been exceeded resulting in said trap suppression function being enabled.
  - 16. The system as defined in claim 15 having aging means to set parameters as to how long logging information is retained.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Alcatel SA (Nokia Corporation)
Inventors
Gaspard, Moise
Primary Examiner(s)
Coulter, Kenneth R.

Application Number

US10/411,263
Publication Number

US 20040205186A1
Time in Patent Office

1,600 Days
Field of Search

709/223, 709/224, 726/3, 726/22, 726/23
US Class Current

709/224
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/0622   based on time

H04L 43/16   Threshold monitoring

H04L 63/1458   Denial of Service

Network manager SNMP trap suppression

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Network manager SNMP trap suppression

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links