System and method for network topology and flow visualization

US 9,003,292 B2
Filed: 04/28/2009
Issued: 04/07/2015
Est. Priority Date: 07/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method for visualizing a network data communication flow over a network topology, comprising:

obtaining device configuration data from device information tables of a plurality of network devices within a network;

analyzing the obtained device configuration data to identify interfaces of each of the plurality of network devices, the interfaces including physical interfaces and logical interfaces;

generating a topology view of the network on a visual display of a computer system, wherein the topology view includes subnet objects, network device objects, physical interface objects within the network device objects, and logical interface objects within some network device objects;

acquiring a plurality of network data communication flow records from each of the plurality of network devices within the network for a specified time period,wherein each of the plurality of network data communication flow records is associated with a corresponding one of the plurality of network devices, andwherein each of the plurality of network data communication flow records includes information about network traffic flowing through the corresponding one of the plurality of network devices to which the network data communication flow record is associated, andwherein each of the plurality of network data communication flow records is generated and stored by the corresponding one of the plurality of network devices to which the network data communication flow record is associated, andwherein each of the plurality of network data communication flow records is generated and stored separate from the network traffic flowing through the corresponding one of the plurality of network devices to which the network data communication flow record is associated, andwherein each of the plurality of network data communication flow records includes data fields for1) an identifier of an ingress interface through which the network traffic entered the corresponding one of the plurality of network devices to which the network data communication flow record is associated, and2) an identifier of an egress interface through which the network traffic exited the corresponding one of the plurality of network devices to which the network data communication flow record is associated or an identifier of an internal interface at which the network traffic terminated within the corresponding one of the plurality of network devices to which the network data communication flow record is associated, and3) an internet protocol source address for the network traffic, and4) an internet protocol destination address for the network traffic, and5) a source port for the network traffic, and6) a destination port for the network traffic;

correlating separate ones of the plurality of network data communication flow records acquired from different ones of the plurality of network devices in the network based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network data communication flow records,wherein each of the separate ones of the plurality of network data communication flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the network traffic, and2) identical content in the data field for the internet protocol destination address for the network traffic, and3) identical content in the data field for the source port for the network traffic, and4) identical content in the data field for the destination port for the network traffic;

repeating the correlating of separate ones of the plurality of network data communication flow records based on content of the data fields so as to create a plurality of common network data communication flow records;

aggregating some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record-; and

rendering in the topology view of the network on the visual display a graphical representation of the aggregated network communication flow record in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including one or more arrows to represent a data communication path traversed through some of the plurality of network devices by network flows represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including at least one arrow extending between two internal interfaces of a given one of the plurality of network devices.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A topology view of a network is generated on a visual display of a computer system. The topology view includes subnet objects, network device objects, and interface objects within the network device objects. Network flow records are acquired from each device within the network. Separate network flow records acquired from different devices in the network are correlated together into a common network flow record. Each of the separate network flow records shares a common source address and a common destination address. The common network flow record specifies transmission path segments of a communication through the network. The common network flow is rendered in the visual display over the topology view of the network by displaying an arrow for each transmission path segment traversed by the communication through the network.

146 Citations

21 Claims

1. A method for visualizing a network data communication flow over a network topology, comprising:
- obtaining device configuration data from device information tables of a plurality of network devices within a network;
  
  analyzing the obtained device configuration data to identify interfaces of each of the plurality of network devices, the interfaces including physical interfaces and logical interfaces;
  
  generating a topology view of the network on a visual display of a computer system, wherein the topology view includes subnet objects, network device objects, physical interface objects within the network device objects, and logical interface objects within some network device objects;
  
  acquiring a plurality of network data communication flow records from each of the plurality of network devices within the network for a specified time period,wherein each of the plurality of network data communication flow records is associated with a corresponding one of the plurality of network devices, andwherein each of the plurality of network data communication flow records includes information about network traffic flowing through the corresponding one of the plurality of network devices to which the network data communication flow record is associated, andwherein each of the plurality of network data communication flow records is generated and stored by the corresponding one of the plurality of network devices to which the network data communication flow record is associated, andwherein each of the plurality of network data communication flow records is generated and stored separate from the network traffic flowing through the corresponding one of the plurality of network devices to which the network data communication flow record is associated, andwherein each of the plurality of network data communication flow records includes data fields for1) an identifier of an ingress interface through which the network traffic entered the corresponding one of the plurality of network devices to which the network data communication flow record is associated, and2) an identifier of an egress interface through which the network traffic exited the corresponding one of the plurality of network devices to which the network data communication flow record is associated or an identifier of an internal interface at which the network traffic terminated within the corresponding one of the plurality of network devices to which the network data communication flow record is associated, and3) an internet protocol source address for the network traffic, and4) an internet protocol destination address for the network traffic, and5) a source port for the network traffic, and6) a destination port for the network traffic;
  
  correlating separate ones of the plurality of network data communication flow records acquired from different ones of the plurality of network devices in the network based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network data communication flow records,wherein each of the separate ones of the plurality of network data communication flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the network traffic, and2) identical content in the data field for the internet protocol destination address for the network traffic, and3) identical content in the data field for the source port for the network traffic, and4) identical content in the data field for the destination port for the network traffic;
  
  repeating the correlating of separate ones of the plurality of network data communication flow records based on content of the data fields so as to create a plurality of common network data communication flow records;
  
  aggregating some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record-; and
  
  rendering in the topology view of the network on the visual display a graphical representation of the aggregated network communication flow record in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including one or more arrows to represent a data communication path traversed through some of the plurality of network devices by network flows represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including at least one arrow extending between two internal interfaces of a given one of the plurality of network devices.
- View Dependent Claims (2, 3, 4, 5, 6, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A method for visualizing a network data communication flow over a network topology as recited in claim 1, wherein the one or more arrows of the graphical representation of the aggregated network communication flow record are depicted in a like manner.
  - 3. A method for visualizing a network data communication flow over a network topology as recited in claim 1, wherein arrows associated with different aggregated network communication flow records are depicted differently to visually differentiate between the different aggregated network communication flow records.
  - 4. A method for visualizing a network data communication flow over a network topology as recited in claim 1, further comprising:
    - selecting one or more key data fields within the plurality of common network data communication flow records for use in the aggregating to create the aggregated network communication flow record.
  - 5. A method for visualizing a network data communication flow over a network topology as recited in claim 1, further comprising:
    - selecting an arrow for a given aggregated network communication flow record; and
      
      conspicuously modifying a visual display of all arrows associated with the aggregated network communication flow record within which the selected arrow is included.
  - 6. A method for visualizing a network data communication flow over a network topology as recited in claim 1, further comprising:
    - selecting one or more filter settings for network data communication flow parameters and associated ranges by which network data communication flow records are to be filtered for display; and
      
      rendering arrows for network data communication transmission path segments that satisfy the selected filter settings.
  - 11. A method for visualizing a network data communication flow over a network topology as recited in claim 1, wherein generating the topology view of the network on the visual display of the computer system includes rendering in the visual display line segments extending between physical interface objects and subnet objects, wherein the line segments represent network connections.
  - 12. A method for visualizing a network data communication flow over a network topology as recited in claim 11, wherein each of the network device objects is displayed as a large geometric shape within the topology view of the network.
  - 13. A method for visualizing a network data communication flow over a network topology as recited in claim 12, wherein each of the physical interface objects and logical interface objects is displayed as a small geometric shape within the large geometric shape of its network device object.
  - 14. A method for visualizing a network data communication flow over a network topology as recited in claim 13, wherein the small and large geometric shapes are small and large circles respectively.
  - 15. A method for visualizing a network data communication flow over a network topology as recited in claim 11, further comprising:
    - rendering in the visual display a first value above each physical interface object indicating an input bandwidth of the physical interface object; and
      
      rendering in the visual display a second value below each physical interface object indicating an output bandwidth of the physical interface object.
  - 16. A method for visualizing a network data communication flow over a network topology as recited in claim 11, further comprising:
    - rendering in the visual display a hierarchical view of the number of network device objects and the physical interfaces within the number of network device objects; and
      
      upon selection of a particular network device object in the hierarchical view, rendering in the visual display an isolated view of the particular selected network device object.
  - 17. A method for visualizing a network data communication flow over a network topology as recited in claim 11, further comprising:
    - generating a device information table to include the obtained device configuration data; and
      
      storing the device information table on a computer readable storage medium.
  - 18. A method for visualizing a network data communication flow over a network topology as recited in claim 1, wherein the topology view includes at least one logical tunnel connection between logical interface objects in different network device objects.
  - 19. A method for visualizing a network data communication flow over a network topology as recited in claim 18, wherein generating the topology view of the network includes labeling each of the subnet objects, network device objects, physical interface objects, logical interface objects, and the at least one logical tunnel connection.
  - 20. A method for visualizing a network data communication flow over a network topology as recited in claim 1, further comprising:
    - storing the plurality of common network data communication flow records in a global flow table.
  - 21. A method for visualizing a network data communication flow over a network topology as recited in claim 1, wherein each network data communication flow record is defined in either a NetFlow format, or an IPFIX (Internet Protocol Flow Information Export) format, or a combination of NetFlow and IPFIX formats.

7. A computer system for visualizing a network data communication flow over a network topology, comprising:
- a device information management module defined to obtain device configuration data from device information tables of a plurality of network devices within a network;
  
  a network visualization module defined to analyze the obtained device configuration data to identify interfaces of each of the plurality of network devices, the interfaces including physical interfaces and logical interfaces, and to identify subnets to which the interfaces connect, and further defined to render in a visual display a topology view of the network including graphical representations of the subnets, the network devices, the physical interfaces within the network devices, the logical interfaces within the network devices;
  
  a network flow collection management module defined to acquire a plurality of network data communication flow records from each of the plurality of network devices within the network for a specified time period,wherein each of the plurality of network data communication flow records is associated with a corresponding one of the plurality of network devices, andwherein each of the plurality of network data communication flow records includes information about network traffic flowing through the corresponding one of the plurality of network devices to which the network data communication flow record is associated, andwherein each of the plurality of network data communication flow records is generated and stored by the corresponding one of the plurality of network devices to which the network data communication flow record is associated, andwherein each of the plurality of network data communication flow records is generated and stored separate from the network traffic flowing through the corresponding one of the plurality of network device to which the network data communication flow record is associated, andwherein each of the plurality of network data communication flow records includes data fields for1) an identifier of an ingress interface through which the network traffic entered the corresponding one of the plurality of network devices to which the network data communication flow record is associated, and2) an identifier of an egress interface through which the network traffic exited the corresponding one of the plurality of network devices to which the network data communication flow record is associated or an identifier of an internal interface at which the network traffic terminated within the corresponding one of the plurality of network devices to which the network data communication flow record is associated, and3) an internet protocol source address for the network traffic, and4) an internet protocol destination address for the network traffic, and5) a source port for the network traffic, and6) a destination port for the network traffic;
  
  a network flow correlation module defined to correlate separate ones of the plurality of network data communication flow records acquired from different ones of the plurality of network devices in the network based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network data communication flow records,wherein each of the separate ones of the plurality of network data communication flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the network traffic, and2) identical content in the data field for the internet protocol destination address for the network traffic, and3) identical content in the data field for the source port for the network traffic, and4) identical content in the data field for the destination port for the network traffic,the network flow correlation module defined to repeat the correlating of separate ones of the plurality of network data communication flow records based on content of the data fields so as to create a plurality of common network data communication flow records,the network flow correlation module defined to aggregate some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record, andwherein the network visualization module is defined to render in the topology view of the network on the visual display a graphical representation of the aggregated network communication flow record in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including one or more arrows to represent a data communication path traversed through some of the plurality of network devices by network flows represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including at least one arrow extending between two internal interfaces of a given one of the plurality of network devices.
- View Dependent Claims (8, 9, 10)
- - 8. A computer system for visualizing a network data communication flow over a network topology as recited in claim 7, wherein the network flow collection management module is defined to understand each network data communication flow record format utilized by each of the plurality of network devices within the network, wherein different ones of the plurality of network devices can utilize different network data communication flow formats.
  - 9. A computer system for visualizing a network data communication flow over a network topology as recited in claim 7, wherein the network flow correlation module is defined to combine a first network data communication flow record for how a given network data communication flow entered a device with a second network data communication flow record for how the given network data communication flow exited the device so as to create a single network data communication flow record for the given network data communication flow through the device.
  - 10. A computer system for visualizing a network data communication flow over a network topology as recited in claim 7, wherein the network flow collection management module is defined to enable polling of network data communication flow records to facilitate real-time rendering of network data communication flows over the topology view of the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LiveAction, Inc.
Original Assignee
LiveAction, Inc.
Inventors
Smith, John Kei, Pierce, Robert
Primary Examiner(s)
Kujundzic, Dino
Assistant Examiner(s)
Chuang, Jessica

Application Number

US12/431,698
Publication Number

US 20090327903A1
Time in Patent Office

2,170 Days
Field of Search

715/733, 715/734, 715/737
US Class Current

715/737
CPC Class Codes

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 43/0829   Packet loss

H04L 43/0852   Delays

H04L 43/087   Jitter

H04L 43/50   Testing arrangements

System and method for network topology and flow visualization

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

146 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for network topology and flow visualization

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

146 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links