Method for monitoring traffic in a network and a network
First Claim
Patent Images
1. A method for monitoring traffic in a network, comprising:
- monitoring activity of at least two monitoring probes of the network coordinated by a coordinating means;
operating at least two nodes of the network as the coordinating means, the at least two nodes belonging to a peer-to-peer system; and
splitting a responsibility for coordinating the monitoring activity of the monitoring probes between the at least two nodes according to a compressed representation of flow parameter keys, whereinupon detection of a new flow at least one probe computes a hash value of one or more certain fields of the flow identifying the flow,the hash is the flow 5-tuple consisting of IP source and destination addresses, protocol type, and source and destination ports,after having computed the hash value, the at least one probe performs a content-based lookup of the computed hash value for obtaining the address of the responsible node which will be responsible for coordinating the monitoring of the flow, and after having obtained the address of the responsible node, the at least one probe sends a message to the responsible node including definable data types of the flow and/or a description of the flow,wherein transparent handling of node failures and new node joins is used within the network.
2 Assignments
0 Petitions
Accused Products
Abstract
For providing a simple monitoring mechanism with reduced resource and performance requirements a method for monitoring traffic in a network is claimed, wherein a monitoring activity of at least two monitoring probes of the network is coordinated by a coordinating element, wherein at least two nodes of the network are able to operate as coordinating elements and wherein the responsibility for coordinating the monitoring activity of the monitoring probes is split between the nodes according to a compressed representation of flow parameter keys. Further, an according network is described, preferably for carrying out the above mentioned method.
39 Citations
16 Claims
-
1. A method for monitoring traffic in a network, comprising:
-
monitoring activity of at least two monitoring probes of the network coordinated by a coordinating means; operating at least two nodes of the network as the coordinating means, the at least two nodes belonging to a peer-to-peer system; and splitting a responsibility for coordinating the monitoring activity of the monitoring probes between the at least two nodes according to a compressed representation of flow parameter keys, wherein upon detection of a new flow at least one probe computes a hash value of one or more certain fields of the flow identifying the flow, the hash is the flow 5-tuple consisting of IP source and destination addresses, protocol type, and source and destination ports, after having computed the hash value, the at least one probe performs a content-based lookup of the computed hash value for obtaining the address of the responsible node which will be responsible for coordinating the monitoring of the flow, and after having obtained the address of the responsible node, the at least one probe sends a message to the responsible node including definable data types of the flow and/or a description of the flow, wherein transparent handling of node failures and new node joins is used within the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for monitoring traffic in a network, comprising:
-
monitoring and coordinating activity of at least two monitoring probes of the network; operating at least two nodes of the network to coordinate the activity, the at least two nodes belonging to a peer-to-peer rendez-vous system; and splitting a responsibility for coordinating the monitoring activity of the monitoring probes between the at least two nodes according to a compressed representation of flow parameter keys, wherein upon detection of a new flow at least one probe computes a hash value of one or more certain fields of the flow identifying the flow, the hash is the flow 5-tuple consisting of IP source and destination addresses, protocol type, and source and destination ports, after having computed the hash value, the at least one probe performs a content-based lookup of the computed hash value for obtaining the address of the responsible node which will be responsible for coordinating the monitoring of the flow, and after having obtained the address of the responsible node, the at least one probe sends a message to the responsible node including definable data types of the flow and/or a description of the flow, wherein transparent handling of node failures and new node joins is used within the network. - View Dependent Claims (15, 16)
-
Specification