Network manager SNMP trap suppression
First Claim
1. A method of suppressing, at a network management system (NMS), SNMP event trap messages from network nodes in a communication network, the method comprising the steps of:
- providing said NMS with a trap suppression function with a configurable set of parameters, said set of parameters including a maximum trap arrival rate per node and a trap suppression latency time;
counting, at the network management system, event trap messages received from each network node during a time interval; and
responsive to the count for a certain network node exceeding said maximum trap arrival rate, enabling said trap suppression function for droping all further event trap messages sent by that network node to the network management system until said trap suppression latency time has expired.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for controllably suppressing, at a network management system, SNMP event trap messages received from network nodes in a communications network are presented. The rate at which the traps are received from the network nodes is monitored and if the rate exceeds a threshold all subsequent traps received over a set time interval are not processed. The rate is calculated by counting received event traps over a time interval which is either preset or programmed. After the set time interval has passed all newly received traps are monitored. Information regarding traps received during the set time interval may be logged. Additionally, nodes from which excessive traps are received and indicating an event such as a Denial of Service (DoS) attack, are identified so that remedial action can be taken.
30 Citations
16 Claims
-
1. A method of suppressing, at a network management system (NMS), SNMP event trap messages from network nodes in a communication network, the method comprising the steps of:
-
providing said NMS with a trap suppression function with a configurable set of parameters, said set of parameters including a maximum trap arrival rate per node and a trap suppression latency time; counting, at the network management system, event trap messages received from each network node during a time interval; and responsive to the count for a certain network node exceeding said maximum trap arrival rate, enabling said trap suppression function for droping all further event trap messages sent by that network node to the network management system until said trap suppression latency time has expired. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A trap suppression system for suppressing, at a network management system (NMS), SNMP event trap messages received from network nodes in a communication network, the system comprising:
-
a trap suspension function for enabling or disabling processing of SNMP event trap messages received at said NMS from the nodes of said network; for each network node, a first counter measuring a trap suppression latency time specifying the amount of time during which said event trap messages should be blocked; a second counter, for counting event trap messages received from each network node during said respective trap suppression latency time interval; and means, responsive to the second count exceeding a maximum trap arrival rate, for identifying an offending node that sends an excessive number of event trap messages and enabling said trap suspension function to drop all further event trap messages sent by that of offending network node to the network management system until said trap suppression time has expired. - View Dependent Claims (14, 15, 16)
-
Specification