Method and system for real-time visualization of network flow within network device
First Claim
Patent Images
1. A method for network flow visualization, comprising:
- displaying a network topology in a graphical user interface on a display of a computer, the network topology including graphical representations of multiple network devices, of internal interfaces within the multiple network devices, and of network connections between the multiple network devices;
acquiring a plurality of network flow records from each of the multiple network devices for a specified period of time,wherein each of the plurality of network flow records is generated by a corresponding one of the multiple network devices and is uniquely associated with the corresponding one of the multiple network devices and is stored by the corresponding one of the multiple network devices,wherein each of the plurality of network flow records includes information about a corresponding network flow through the corresponding one of the multiple network devices, andwherein each of the plurality of network flow records is generated and stored separate from data of the corresponding network flow, andwherein each of the plurality of network flow records includes data fields for1) an identifier of the ingress interface through which the corresponding network flow entered the corresponding one of the multiple network devices, and2) an identifier of an egress interface through which the corresponding network flow exited the corresponding one of the multiple network devices or an identifier of an internal interface at which the corresponding network flow terminated within the corresponding one of the multiple network devices, and3) an internet protocol source address for the corresponding network flow, and4) an internet protocol destination address for the corresponding network flow, and5) a source port for the corresponding network flow, and6) a destination port for the corresponding network flow;
correlating separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records for the specified period of time,wherein each of the separate ones of the plurality of network flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the corresponding network flow, and2) identical content in the data field for the internet protocol destination address for the corresponding network flow, and3) identical content in the data field for the source port for the corresponding network flow, and4) identical content in the data field for the destination port for the corresponding network flow;
repeating the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records for the specified period of time;
aggregating some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record for the specified period of time; and
rendering, on the display, an animation of a graphical representation of the aggregated network communication flow record for the specified period of time, wherein the animation of the graphical representation of the aggregated network communication flow record is rendered in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the animation of the graphical representation of the aggregated network communication flow record including one or more arrows to represent a data communication path traversed through the network topology by network flows represented by the aggregated network communication flow record, wherein the animation of the graphical representation of the aggregated network communication flow record includes at least one arrow depicting a segment of the data communication path traversed inside of at least one of the multiple network devices; and
providing a control within the graphical user interface to control a temporal progression through the animation of the graphical representation of the aggregated network communication flow record, including pausing of the animation at a selected time within the specified period of time.
3 Assignments
0 Petitions
Accused Products
Abstract
A network topology is displayed in a graphical user interface on a display of a computer. The network topology includes graphical representations of multiple network devices, of internal interfaces within the multiple network devices, and of network connections between the multiple network devices. A record of a network flow within a particular network device of the multiple network devices is acquired in real time upon transmission of the network flow within the particular network device. A graphical representation of a transmission path of the network flow within the particular network device is rendered in real time on the display based on the record of the network flow.
-
Citations
20 Claims
-
1. A method for network flow visualization, comprising:
-
displaying a network topology in a graphical user interface on a display of a computer, the network topology including graphical representations of multiple network devices, of internal interfaces within the multiple network devices, and of network connections between the multiple network devices; acquiring a plurality of network flow records from each of the multiple network devices for a specified period of time, wherein each of the plurality of network flow records is generated by a corresponding one of the multiple network devices and is uniquely associated with the corresponding one of the multiple network devices and is stored by the corresponding one of the multiple network devices, wherein each of the plurality of network flow records includes information about a corresponding network flow through the corresponding one of the multiple network devices, and wherein each of the plurality of network flow records is generated and stored separate from data of the corresponding network flow, and wherein each of the plurality of network flow records includes data fields for 1) an identifier of the ingress interface through which the corresponding network flow entered the corresponding one of the multiple network devices, and 2) an identifier of an egress interface through which the corresponding network flow exited the corresponding one of the multiple network devices or an identifier of an internal interface at which the corresponding network flow terminated within the corresponding one of the multiple network devices, and 3) an internet protocol source address for the corresponding network flow, and 4) an internet protocol destination address for the corresponding network flow, and 5) a source port for the corresponding network flow, and 6) a destination port for the corresponding network flow; correlating separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records for the specified period of time, wherein each of the separate ones of the plurality of network flow records within the common network data communication flow record has 1) identical content in the data field for the internet protocol source address for the corresponding network flow, and 2) identical content in the data field for the internet protocol destination address for the corresponding network flow, and 3) identical content in the data field for the source port for the corresponding network flow, and 4) identical content in the data field for the destination port for the corresponding network flow; repeating the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records for the specified period of time; aggregating some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record for the specified period of time; and rendering, on the display, an animation of a graphical representation of the aggregated network communication flow record for the specified period of time, wherein the animation of the graphical representation of the aggregated network communication flow record is rendered in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the animation of the graphical representation of the aggregated network communication flow record including one or more arrows to represent a data communication path traversed through the network topology by network flows represented by the aggregated network communication flow record, wherein the animation of the graphical representation of the aggregated network communication flow record includes at least one arrow depicting a segment of the data communication path traversed inside of at least one of the multiple network devices; and providing a control within the graphical user interface to control a temporal progression through the animation of the graphical representation of the aggregated network communication flow record, including pausing of the animation at a selected time within the specified period of time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for network flow visualization, comprising:
-
multiple network devices operating to transmit multiple network flows through a network, each of the multiple network devices including one or more internal interfaces; and a computer operating to display a network topology of the network in a graphical user interface on a display connected to the computer, the network topology including graphical representations of the multiple network devices, of internal interfaces within the multiple network devices, and of network connections between the multiple network devices, the computer operating to acquire a plurality of network flow records from each of the multiple network devices for a specified period of time, wherein each of the plurality of network flow records is generated by a corresponding one of the multiple network devices and is uniquely associated with the corresponding one of the multiple network devices and is stored by the corresponding one of the multiple network devices, wherein each of the plurality of network flow records includes information about a corresponding network flow through the corresponding one of the multiple network devices, and wherein each of the plurality of network flow records is generated and stored separate from data of the corresponding network flow, and wherein each of the plurality of network flow records includes data fields for 1) an identifier of the ingress interface through which the corresponding network flow entered the corresponding one of the multiple network devices, and 2) an identifier of an egress interface through which the corresponding network flow exited the corresponding one of the multiple network devices or an identifier of an internal interface at which the corresponding network flow terminated within the corresponding one of the multiple network devices, and 3) an internet protocol source address for the corresponding network flow, and 4) an internet protocol destination address for the corresponding network flow, and 5) a source port for the corresponding network flow, and 6) a destination port for the corresponding network flow; the computer operating to correlate separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records for the specified period of time, wherein each of the separate ones of the plurality of network flow records within the common network data communication flow record has 1) identical content in the data field for the internet protocol source address for the corresponding network flow, and 2) identical content in the data field for the internet protocol destination address for the corresponding network flow, and 3) identical content in the data field for the source port for the corresponding network flow, and 4) identical content in the data field for the destination port for the corresponding network flow; the computer operating to repeat the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records for the specified period of time; the computer operating to aggregate some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record for the specified period of time, and the computer operating to render on the display an animation of a graphical representation of the aggregated network communication flow record for the specified period of time, wherein the animation of the graphical representation of the aggregated network communication flow record is rendered in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the animation of the graphical representation of the aggregated network communication flow record including one or more arrows to represent a data communication path traversed through the network topology by network flows represented by the aggregated network communication flow record, wherein the animation of the graphical representation of the aggregated network communication flow record includes at least one arrow depicting a segment of the data communication path traversed inside of at least one of the multiple network devices, and the computer operating to provide a control within the graphical user interface to control a temporal progression through the animation of the graphical representation of the aggregated network communication flow record, including pausing of the animation at a selected time within the specified period of time. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification