System and method for network topology and flow visualization

US 9,246,772 B2
Filed: 02/22/2013
Issued: 01/26/2016
Est. Priority Date: 07/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method for visualization of network flow, comprising:

rendering, on a computer system display, a graphical user interface including a network topology, the network topology including multiple network devices and showing connections between multiple network devices;

acquiring, using a computer, a plurality of network flow records from each of the multiple network devices for a specified period of time,wherein each of the plurality of network flow records is generated by a corresponding one of the multiple network devices and is uniquely associated with the corresponding one of the multiple network devices and is stored by the corresponding one of the multiple network devices,wherein each of the plurality of network flow records includes information about a corresponding network flow through the corresponding one of the multiple network devices, andwherein each of the plurality of network flow records is generated and stored separate from data of the corresponding network flow, andwherein each of the plurality of network flow records includes data fields for1) an identifier of the ingress interface through which the corresponding network flow entered the corresponding one of the multiple network devices, and2) an identifier of an egress interface through which the corresponding network flow exited the corresponding one of the multiple network devices or an identifier of an internal interface at which the corresponding network flow terminated within the corresponding one of the multiple network devices, and3) an internet protocol source address for the corresponding network flow, and4) an internet protocol destination address for the corresponding network flow, and5) a source port for the corresponding network flow, and6) a destination port for the corresponding network flow;

correlating separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records for the specified period of time;

repeating the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records for the specified period of time;

aggregating some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record for the specified period of time;

applying the network flow parameter filter to the plurality of network flow records so as to filter the aggregated network communication flow record for the specified period of time and generate a filtered aggregated network communication flow record for the specified period of time; and

rendering, on the computer system display within the network topology, a graphical representation of the filtered aggregated network communication flow record, wherein rendering the network topology includes rendering interface objects corresponding to each internal interface of the multiple network devices including each ingress interface and each egress interface of the multiple network devices and including each local interface of the multiple network devices, and wherein rendering of the graphical representation of the filtered aggregated network communication flow record includes rendering of arrows directly between interface objects corresponding to some of the ingress and egress interfaces of the multiple network devices and rendering of at least one arrow directed toward at least one local interface.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A graphical user interface including an object representing a network device is rendered. Interface objects respectively corresponding to each internal interface of the network device are rendered within the object representing the network device. A network flow record for a network flow through the network device is acquired. The network flow record identifies ingress and egress interfaces of the network device for the network flow. Switching information for the network flow within the network device is determined based on the ingress and egress identifications. A transmission path of the network flow within the network device from the ingress interface is rendered within the object representing the network device. The transmission path is defined by the switching information identified by the network flow record.

209 Citations

18 Claims

1. A method for visualization of network flow, comprising:
- rendering, on a computer system display, a graphical user interface including a network topology, the network topology including multiple network devices and showing connections between multiple network devices;
  
  acquiring, using a computer, a plurality of network flow records from each of the multiple network devices for a specified period of time,wherein each of the plurality of network flow records is generated by a corresponding one of the multiple network devices and is uniquely associated with the corresponding one of the multiple network devices and is stored by the corresponding one of the multiple network devices,wherein each of the plurality of network flow records includes information about a corresponding network flow through the corresponding one of the multiple network devices, andwherein each of the plurality of network flow records is generated and stored separate from data of the corresponding network flow, andwherein each of the plurality of network flow records includes data fields for1) an identifier of the ingress interface through which the corresponding network flow entered the corresponding one of the multiple network devices, and2) an identifier of an egress interface through which the corresponding network flow exited the corresponding one of the multiple network devices or an identifier of an internal interface at which the corresponding network flow terminated within the corresponding one of the multiple network devices, and3) an internet protocol source address for the corresponding network flow, and4) an internet protocol destination address for the corresponding network flow, and5) a source port for the corresponding network flow, and6) a destination port for the corresponding network flow;
  
  correlating separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records for the specified period of time;
  
  repeating the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records for the specified period of time;
  
  aggregating some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record for the specified period of time;
  
  applying the network flow parameter filter to the plurality of network flow records so as to filter the aggregated network communication flow record for the specified period of time and generate a filtered aggregated network communication flow record for the specified period of time; and
  
  rendering, on the computer system display within the network topology, a graphical representation of the filtered aggregated network communication flow record, wherein rendering the network topology includes rendering interface objects corresponding to each internal interface of the multiple network devices including each ingress interface and each egress interface of the multiple network devices and including each local interface of the multiple network devices, and wherein rendering of the graphical representation of the filtered aggregated network communication flow record includes rendering of arrows directly between interface objects corresponding to some of the ingress and egress interfaces of the multiple network devices and rendering of at least one arrow directed toward at least one local interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein acquiring the plurality of network flow records, correlating separate ones of the plurality of network flow records, aggregating some of the plurality of common network data communication flow records, applying the network flow parameter filter to the plurality of network flow records, and rendering the graphical representation of the filtered aggregated network communication flow record occurs in real time.
  - 3. The method of claim 1, wherein rendering the network topology includes rendering interface objects corresponding to each internal interface of the multiple network devices including each null interface of the multiple network devices, and wherein rendering of the graphical representation of the filtered aggregated network communication flow record includes rendering of at least one arrow directed toward at least one null interface.
  - 4. The method of claim 1, wherein acquiring the plurality of network flow records is performed by polling the multiple network devices.
  - 5. The method of claim 1, further comprising:
    - enabling selection of the graphical representation of the filtered aggregated network communication flow record; and
      
      displaying, on the computer system display, information about the graphical representation of the filtered aggregated network communication flow record upon its selection.
  - 6. The method of claim 1, further comprising:
    - rendering, on the computer system display, a tabular listing of data for the filtered aggregated network communication flow record.
  - 7. The method of claim 1, further comprising:
    - rendering, on the computer system display within the network topology, an input bandwidth, an output bandwidth, and an identifier for each of the multiple network devices.
  - 8. The method of claim 1, wherein the plurality of network flow records correspond to layer 2 network flows.
  - 9. The method of claim 8, wherein the layer 2 network flows are transmitted through a VLAN (virtual local area network).
  - 10. The method of claim 1, wherein each of the plurality of network flow records is defined in either a NetFlow format, or an IPFIX (Internet Protocol Flow Information Export) format, or a combination of NetFlow and IPFIX formats.
  - 11. The method of claim 1, wherein each of the separate ones of the plurality of network flow records within the common network data communication flow record hasidentical content in the data field for the internet protocol source address for the corresponding network flow, andidentical content in the data field for the internet protocol destination address for the corresponding network flow, andidentical content in the data field for the source port for the corresponding network flow, andidentical content in the data field for the destination port for the corresponding network flow.
  - 12. The method of claim 1, wherein the network flow parameter filter is defined based on one or more of DSCP (differentiated services code point), port, IP (internet protocol) address, layer 4 protocol, bit rate range, and byte range.

13. An apparatus, comprising:
- a memory including instructions for execution by one or more processors; and
  
  one or more processors coupled to the memory, the one or more processors being operable when executing the instructions to;
  
  render, on a computer system display, a graphical user interface including a network topology, the network topology including multiple network devices and showing connections between multiple network devices,acquire a plurality of network flow records from each of the multiple network devices for a specified period of time,wherein each of the plurality of network flow records is generated by a corresponding one of the multiple network devices and is uniquely associated with the corresponding one of the multiple network devices and is stored by the corresponding one of the multiple network devices,wherein each of the plurality of network flow records includes information about a corresponding network flow through the corresponding one of the multiple network devices, andwherein each of the plurality of network flow records is generated and stored separate from data of the corresponding network flow, andwherein each of the plurality of network flow records includes data fields for1) an identifier of the ingress interface through which the corresponding network flow entered the corresponding one of the multiple network devices, and2) an identifier of an egress interface through which the corresponding network flow exited the corresponding one of the multiple network devices or an identifier of an internal interface at which the corresponding network flow terminated within the corresponding one of the multiple network devices, and3) an internet protocol source address for the corresponding network flow, and4) an internet protocol destination address for the corresponding network flow, and5) a source port for the corresponding network flow, and6) a destination port for the corresponding network flow,correlate separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records for the specified period of time,repeat the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records for the specified period of time,aggregate some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record for the specified period of time,define a network flow parameter filter,apply the network flow parameter filter to the plurality of network flow records so as to filter the aggregated network communication flow record for the specified period of time and generate a filtered aggregated network communication flow record for the specified period of time, andrender, on the computer system display within the network topology, a graphical representation of the filtered aggregated network communication flow record, wherein rendering the network topology includes rendering interface objects corresponding to each internal interface of the multiple network devices including each ingress interface and each egress interface of the multiple network devices and including each local interface of the multiple network devices, and wherein rendering of the graphical representation of the filtered aggregated network communication flow record includes rendering of arrows directly between interface objects corresponding to some of the ingress and egress interfaces of the multiple network devices and includes rendering of at least one arrow directed toward at least one local interface.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The apparatus as recited in claim 13, wherein acquiring the plurality of network flow records, correlating separate ones of the plurality of network flow records, aggregating some of the plurality of common network data communication flow records, applying the network flow parameter filter to the plurality of network flow records, and rendering the graphical representation of the filtered aggregated network communication flow record occurs in real time.
  - 15. The apparatus as recited in claim 13, wherein rendering the network topology includes rendering interface objects corresponding to each internal interface of the multiple network devices including each null interface of the multiple network devices, and wherein rendering of the graphical representation of the filtered aggregated network communication flow record includes rendering of at least one arrow directed toward at least one null interface.
  - 16. The apparatus as recited in claim 13, wherein acquiring the plurality of network flow records includes polling the multiple network devices.
  - 17. The apparatus as recited in claim 13, wherein the one or more processors are operable when executing the instructions to:
    - enable selection of the graphical representation of the filtered aggregated network communication flow record; and
      
      display, on the computer system display, information about the graphical representation of the filtered aggregated network communication flow record upon its selection.
  - 18. The apparatus as recited in claim 13, wherein the one or more processors are operable when executing the instructions to:
    - render, on the computer system display, a tabular listing of data for the filtered aggregated network communication flow record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LiveAction, Inc.
Original Assignee
LiveAction, Inc.
Inventors
Smith, John Kei, Pierce, Robert
Primary Examiner(s)
Chuang, Jessica

Application Number

US13/774,867
Publication Number

US 20130159863A1
Time in Patent Office

1,068 Days
Field of Search

715/734
US Class Current

1/1
CPC Class Codes

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 43/0829   Packet loss

H04L 43/0852   Delays

H04L 43/087   Jitter

H04L 43/50   Testing arrangements

System and method for network topology and flow visualization

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

209 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for network topology and flow visualization

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

209 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links