Methods and systems for monitoring network routing

US 9,628,354 B2
Filed: 05/20/2015
Issued: 04/18/2017
Est. Priority Date: 03/18/2003
Status: Active Grant

First Claim

Patent Images

1. A method of monitoring routing conditions in a network, the method comprising:

collecting routing message data from a plurality of network routers, the routing message data representing at least one change in a route to or from at least one network router in the plurality of network routers;

selecting between a real-time mode and a historical mode;

in the real-time mode;

in response to a routing message, correlating the routing message data across multiple network routers in the plurality of network routers and across time to obtain real-time correlated routing message data; and

detecting a real-time anomalous routing condition based on the real-time correlated routing message data; and

in the historical mode;

selecting a start time;

correlating the routing message data across multiple network routers in the plurality of network routers beginning at the start time to obtain historical correlated routing message data; and

detecting a historical anomalous routing condition based on the historical correlated routing message data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed methods and systems include collecting routing data from a plurality of network routers, and correlating the routing data across routers and across time to obtain network data. The network data can be streamed to a user in real-time and the user can interactively query the data. In one embodiment, interactive routing analyses, drill-down, and forensics can be performed using a repository of Border Gateway Protocol (BGP) update traffic. Alarms can be set to detect selected routing problems. In setting the alarms, the message data for each router can be processed in timestamp order. Current message data from each router can be compared with previous message data to determine a condition status. An alarm can be provided when the condition status meets a temporal correlation criterion and/or a spatial correlation criterion. Based on the computed instability metrics for individual network prefixes and on a common property of those prefixes, a group instability metric for a group of network prefixes can be computed.

60 Citations

View as Search Results

20 Claims

1. A method of monitoring routing conditions in a network, the method comprising:
- collecting routing message data from a plurality of network routers, the routing message data representing at least one change in a route to or from at least one network router in the plurality of network routers;
  
  selecting between a real-time mode and a historical mode;
  
  in the real-time mode;
  
  in response to a routing message, correlating the routing message data across multiple network routers in the plurality of network routers and across time to obtain real-time correlated routing message data; and
  
  detecting a real-time anomalous routing condition based on the real-time correlated routing message data; and
  
  in the historical mode;
  
  selecting a start time;
  
  correlating the routing message data across multiple network routers in the plurality of network routers beginning at the start time to obtain historical correlated routing message data; and
  
  detecting a historical anomalous routing condition based on the historical correlated routing message data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein collecting the routing message data comprises:
    - time-stamping the routing message data; and
      
      archiving the routing message data in a database.
  - 3. The method of claim 2, wherein detecting the historical anomalous routing condition comprises processing at least some of the routing message data archived in the database in time-stamp order.
  - 4. The method of claim 1, wherein the routing message data comprises at least one BGP UPDATE message.
  - 5. The method of claim 1, wherein the plurality of network routers comprises a first network router in a first Autonomous System (AS) and a second network router in a second AS.
  - 6. The method of claim 1, wherein detecting the historical anomalous routing condition or the real-time anomalous routing condition comprises triangulating at least some of the historical correlated routing message data or the real-time correlated routing message data for root cause problem localization.
  - 7. The method of claim 1, further comprising:
    - generating an alarm based on the historical anomalous routing condition or the real-time anomalous routing condition.
  - 8. The method of claim 7, wherein generating the alarm comprises detecting a predefined change in a route to a network prefix within the network.
  - 9. The method of claim 8, wherein generating the alarm further comprises detecting a predefined change in another network prefix, the other network prefix being within the network prefix.
  - 10. The method of claim 7, wherein generating the alarm further comprises detecting changes to a plurality of routes within an Autonomous System (AS) within the network.
  - 11. The method of claim 1, further comprising:
    - reconstructing a topology of the network based on the routing message data.
  - 12. The method of claim 1, further comprising:
    - performing a query on the routing message data.
  - 13. The method of claim 1, wherein correlating the routing message data includes determining a globally reachable network prefix metric.
  - 14. The method of claim 1, wherein correlating the routing message data includes determining an intensity metric indicative of total routing message traffic on the network.
  - 15. The method of claim 1, wherein correlating the routing message data includes determining an unreachable network metric.
  - 16. The method of claim 1, wherein correlating the routing message data includes determining a route instability metric.

17. A method of monitoring routing conditions in a network, the method comprising:
- collecting routing message data from a plurality of network routers, the routing message data representing at least one change in a route to or from at least one network router in the plurality of network routers;
  
  setting a spatial alarm condition and a temporal alarm condition based on at least a part of the routing message data;
  
  correlating the spatial alarm condition and the temporal alarm condition across multiple network routers in the plurality of network routers and across time; and
  
  firing a routing alarm for a network prefix in response to at least one of the spatial alarm condition meeting a spatial correlation criterion or the temporal alarm condition meeting a temporal correlation criterion.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, wherein firing the routing alarm in response to the temporal alarm condition meeting the temporal correlation criterion includes setting the temporal alarm condition for a predetermined time duration.
  - 19. The method of claim 17, wherein firing the routing alarm in response to the spatial alarm condition meeting the spatial correlation criterion includes setting the spatial alarm condition for a predetermined number of network routers.

20. A method of monitoring routing conditions in a network, the method comprising:
- collecting routing message data from a plurality of network routers, the routing message data representing at least one change in a route to or from at least one network router in the plurality of network routers;
  
  setting a composite alarm, the composite alarm representing routing conditions for a hierarchy of network prefixes;
  
  correlating the routing message data across multiple network routers in the plurality of network routers and across time to obtain correlated routing message data;
  
  detecting an anomalous routing condition based on the correlated routing message data, the anomalous routing condition affecting the hierarchy of network prefixes; and
  
  firing the composite alarm in response to detecting the anomalous routing condition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dynamic Network Services, Inc. (Oracle Corporation)
Original Assignee
Dynamic Network Services, Inc. (Oracle Corporation)
Inventors
Ogielski, Andrew T., Cowie, James H., Popescu, Alin
Primary Examiner(s)
Eskandarnia, Arvin

Application Number

US14/717,397
Publication Number

US 20150333983A1
Time in Patent Office

699 Days
Field of Search

709224
US Class Current
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 41/064   involving time analysis

H04L 41/065   involving logical or physic...

H04L 43/00   Arrangements for monitoring...

H04L 43/024   by adaptive sampling

H04L 43/04   Processing captured monitor...

H04L 43/045   for graphical visualisation...

H04L 43/065   related to network devices

H04L 43/067   using time frame reporting

H04L 43/0811   by checking connectivity

H04L 43/106   using time related informat...

H04L 43/16   Threshold monitoring

H04L 45/00   Routing or path finding of ...

H04L 45/08   Learning-based routing, e.g...

H04L 45/12   Shortest path evaluation

H04L 45/123   Evaluation of link metrics ...

Methods and systems for monitoring network routing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for monitoring network routing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links