Network monitoring using virtual packets
First Claim
1. A method, including steps of:
- sampling, at a first predetermined rate, first flow information;
generating first virtual packets in response thereto,said first virtual packets being equally distributed over a time reported for said first flow information;
sampling, at a second predetermined rate, second flow information;
generating second virtual packets in response thereto; and
recording, at a network monitoring device, only some of the first and second virtual packets whereby the recorded virtual packets represent equivalent sampling for both the first flow information and the second flow information.
12 Assignments
0 Petitions
Accused Products
Abstract
A network monitoring device includes a flow processing element, disposed to receive flow information relating to network flows, and to generate a set of virtual packets, each representing a portion of a network flow. The virtual packets are maintained in a time-sequential order, and read by elements of the network monitoring device to generate information relating to network traffic, such as symptoms affecting the communication network, problems affecting the communication network, and otherwise. The network monitoring device randomly samples virtual packets, with at least one of two effects: (1) flow information from traffic reporting devices that are themselves sampling at differing rates can be equalized, with the effect of standardizing information from all of them; (2) the network monitoring device itself can restrict its attention to a fraction of all virtual packets, with the effect of keeping up with a relatively large number of virtual packets.
-
Citations
20 Claims
-
1. A method, including steps of:
-
sampling, at a first predetermined rate, first flow information; generating first virtual packets in response thereto, said first virtual packets being equally distributed over a time reported for said first flow information; sampling, at a second predetermined rate, second flow information; generating second virtual packets in response thereto; and recording, at a network monitoring device, only some of the first and second virtual packets whereby the recorded virtual packets represent equivalent sampling for both the first flow information and the second flow information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a first device having; a flow processor for receiving flow information from a set of flow information gathering devices, said flow processor configured to generate a sequence of virtual packets for each said flow, said sequence of virtual packets being equally distributed over a time for said flow, said time being reported after an end of said flow; wherein a first sequence of virtual packets for a first flow is responsive to a first sampling rate of real packets reported in said flow information for said first flow, wherein a second sequence of virtual packets for a second flow is responsive to a second sampling rate of real packets reported in said flow information for said second flow, wherein said first and second sequences of virtual packets have equivalent sampling rates relative to real packets in said first and second flows; a virtual packet buffer for storing virtual packets received from the flow processor; a virtual bus coupled to the virtual packet buffer through either a discovery engine, a monitoring engine, a profiling engine or a detection engine. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory processor readable storage device having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method including steps of:
-
sampling, at a first predetermined rate, first flow information; generating first virtual packets in response thereto, said first virtual packets being equally distributed over a time reported for said first flow information; sampling, at a second predetermined rate, second flow information; generating second virtual packets in response thereto; and recording some of the virtual packets whereby the recorded virtual packets represent equivalent sampling for both the first flow information and the second flow information. - View Dependent Claims (17, 18, 19, 20)
-
Specification