System for network flow visualization through network devices within network topology

US 9,240,930 B2
Filed: 02/22/2013
Issued: 01/19/2016
Est. Priority Date: 07/06/2006
Status: Active Grant

First Claim

Patent Images

1. A system for visualization of internal network flow, comprising:

a network device including a plurality of internal interfaces, the network device operating to receive a plurality of network flows at an ingress interface of the plurality of internal interfaces and route the plurality of network flows within the network device; and

a computer system in communication with the network device, the computer system including a display,the computer system executing instructions for rendering on the display a graphical user interface including an object representing the network device,the computer system executing instructions for rendering on the display, within the object representing the network device, interface objects respectively corresponding to each of the plurality of internal interfaces of the network device,the computer system operating to acquire a plurality of network flow records for the plurality of network flows through the network device for a specified period of time,wherein each of the plurality of network flow records is generated by the network device and is uniquely associated with the network device and is stored by the network device,wherein each of the plurality of network flow records includes information about a corresponding network flow through the network device, andwherein each of the plurality of network flow records is generated and stored separate from the corresponding network flow through the network device, andwherein each of the plurality of network flow records includes data fields for1) an identifier of the ingress interface through which the corresponding network flow entered the network device, and2) an identifier of an egress interface through which the corresponding network flow exited the network device or an identifier of an internal interface at which the corresponding network flow terminated within the network device, and3) an internet protocol source address for the corresponding network flow, and4) an internet protocol destination address for the corresponding network flow, and5) a source port for the corresponding network flow, and6) a destination port for the corresponding network flow,the computer system operating to correlate separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records,wherein each of the separate ones of the plurality of network flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the network traffic, and2) identical content in the data field for the internet protocol destination address for the network traffic, and3) identical content in the data field for the source port for the network traffic, and4) identical content in the data field for the destination port for the network traffic,the computer system operating to repeat the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records,the computer system operating to aggregate some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record,the computer system executing instructions for rendering on the display, within the object representing the network device, a graphical representation of the aggregated network communication flow record in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including one or more line segments to represent a data communication path traversed through the network device by network flows represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including at least one line segment directed to the ingress interface of the network device, the graphical representation of the aggregated network communication flow record including at least one line segment extending between two internal interfaces of the plurality of internal interfaces of the network device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network device includes internal interfaces and operates to receive a network flow at an ingress interface and route the network flow within the network device. A computer in communication with the network device executes instructions for rendering a graphical user interface including an object representing the network device. The computer also renders interface objects respectively corresponding to each of the internal interfaces of the network device. The computer operates to acquire a network flow record for the network flow through the network device. The network flow record identifies the ingress interface of the network device for the network flow and identifies switching information for the network flow within the network device. The computer also renders a graphical representation of a transmission path of the network flow within the network device from the ingress interface. The transmission path is defined by the switching information identified by the network flow record.

209 Citations

21 Claims

1. A system for visualization of internal network flow, comprising:
- a network device including a plurality of internal interfaces, the network device operating to receive a plurality of network flows at an ingress interface of the plurality of internal interfaces and route the plurality of network flows within the network device; and
  
  a computer system in communication with the network device, the computer system including a display,the computer system executing instructions for rendering on the display a graphical user interface including an object representing the network device,the computer system executing instructions for rendering on the display, within the object representing the network device, interface objects respectively corresponding to each of the plurality of internal interfaces of the network device,the computer system operating to acquire a plurality of network flow records for the plurality of network flows through the network device for a specified period of time,wherein each of the plurality of network flow records is generated by the network device and is uniquely associated with the network device and is stored by the network device,wherein each of the plurality of network flow records includes information about a corresponding network flow through the network device, andwherein each of the plurality of network flow records is generated and stored separate from the corresponding network flow through the network device, andwherein each of the plurality of network flow records includes data fields for1) an identifier of the ingress interface through which the corresponding network flow entered the network device, and2) an identifier of an egress interface through which the corresponding network flow exited the network device or an identifier of an internal interface at which the corresponding network flow terminated within the network device, and3) an internet protocol source address for the corresponding network flow, and4) an internet protocol destination address for the corresponding network flow, and5) a source port for the corresponding network flow, and6) a destination port for the corresponding network flow,the computer system operating to correlate separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records,wherein each of the separate ones of the plurality of network flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the network traffic, and2) identical content in the data field for the internet protocol destination address for the network traffic, and3) identical content in the data field for the source port for the network traffic, and4) identical content in the data field for the destination port for the network traffic,the computer system operating to repeat the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records,the computer system operating to aggregate some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record,the computer system executing instructions for rendering on the display, within the object representing the network device, a graphical representation of the aggregated network communication flow record in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including one or more line segments to represent a data communication path traversed through the network device by network flows represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including at least one line segment directed to the ingress interface of the network device, the graphical representation of the aggregated network communication flow record including at least one line segment extending between two internal interfaces of the plurality of internal interfaces of the network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The system of claim 1, wherein the plurality of internal interfaces include both logical and physical interfaces within the network device.
  - 3. The system of claim 1, wherein the computer system executes a network flow correlation module to correlate separate ones of the plurality of network flow records including a first network flow record for how a given network flow entered the network device with a second network flow record for how the given network flow exited the network device so as to create a corresponding common network data communication flow record for the given network flow through the network device.
  - 4. The system of claim 3, wherein the network flow correlation module is defined to identify the first and second network flow records by analyzing key fields present in the first and second network flow records.
  - 5. The system of claim 1, wherein the computer system executes a network flow collection management module to acquire the plurality of network flow records and to understand a format of the plurality of network flow records.
  - 6. The system of claim 5, wherein the network flow collection management module is defined to acquire the plurality of network flow records in real-time, and wherein the computer system executes instructions to render the graphical representation of the aggregated network communication flow record within the object representing the network device in real-time.
  - 7. The system of claim 6, wherein the network flow collection management module is defined to poll the network device to acquire the plurality of network flow records.
  - 8. The system of claim 1, wherein the computer system executes instructions to render, on the display, information about the aggregated network communication flow record upon selection of the aggregated network communication flow record within the display.
  - 9. The system of claim 8, wherein the information about the aggregated network communication flow record includes one or more of a bit rate of a corresponding network flow, a total byte count of the corresponding network flow, a source address of the corresponding network flow, and a destination address of the corresponding network flow.
  - 10. The system of claim 1, wherein the computer system executes instructions to render, on the display, a tabular listing of data for the plurality of network flow records.
  - 11. The system of claim 1, wherein the computer system executes instructions to render, on the display within the object representing the network device, an input bandwidth, an output bandwidth, and an identifier for each interface object.
  - 12. The system of claim 1, wherein the computer system executes instructions to render, on the display, a network topology including the network device in conjunction with rendering the graphical representation of the aggregated network communication flow record within the network device.
  - 13. The system of claim 12, wherein the network topology includes graphical representations of multiple network devices, graphical representations of subnets, graphical representations of interfaces within the multiple network devices, and graphical representations of connections between one or more of the interfaces within the multiple network devices and one or more of the subnets.
  - 14. The system of claim 13, wherein the network topology includes graphical representations of logical interfaces.
  - 15. The system of claim 14, wherein the logical interfaces include one or more of a router loopback, a null interface, a local interface, a VLAN (virtual local area network) interface, and a tunnel.
  - 16. The system of claim 13, wherein the network topology includes a graphical representation of a logical connection across the network topology.
  - 17. The system of claim 13, wherein the computer system executes instructions to provide a number of controls for navigating around the network topology.
  - 18. The system of claim 17, wherein the number of controls include one or more of a selection control, a network flow toggle control, a pan control, a zoom out control, and a zoom in control.
  - 19. The system of claim 13, wherein the computer system executes instructions to render, on the display on top of the network topology, routing information obtained directly from the multiple network devices.

20. A system for visualization of internal network flow, comprising:
- a network device including a plurality of internal interfaces, the network device operating to receive a network flow at an ingress interface of the plurality of internal interfaces and route the network flow within the network device; and
  
  a computer system in communication with the network device, the computer system including a display,the computer system executing instructions for rendering on the display a graphical user interface including an object representing the network device,the computer system executing instructions for rendering on the display, within the object representing the network device, interface objects respectively corresponding to each of the plurality of internal interfaces of the network device,the computer system operating to acquire a network flow record for the network flow through the network device, the network flow record identifying the ingress interface of the network device for the network flow and identifying switching information for the network flow within the network device,the computer system executing instructions for rendering on the display, within the object representing the network device, a transmission path of the network flow into the ingress interface of the network device,the computer system executing instructions for rendering on the display, within the object representing the network device, the transmission path of the network flow within the network device from the ingress interface to another internal interface of the plurality of internal interfaces of the network device, the transmission path defined by the switching information identified by the network flow record,wherein the computer system executes instructions to render, on the display, a network topology including the network device in conjunction with rendering the transmission path of the network flow within the network device,wherein the network topology includes graphical representations of multiple network devices, graphical representations of subnets, graphical representations of interfaces within the multiple network devices, and graphical representations of connections between one or more of the interfaces within the multiple network devices and one or more of the subnets,wherein the network topology includes graphical representations of logical interfaces,wherein the logical interfaces include a tunnel, and wherein the network topology includes a graphical representation of a logical connection to a far end-point of the tunnel, and wherein the network topology includes a graphical representation of a physical interface associated with the tunnel.

21. A system for visualizing a network data communication flow over a network topology, comprising:
- a device information management module defined to obtain device configuration data from device information tables of a plurality of network devices within a network;
  
  a network visualization module defined to analyze the obtained device configuration data to identify interfaces of each of the plurality of network devices, the interfaces including physical interfaces and logical interfaces,the network visualization module defined to generate a topology view of the network on a visual display of a computer system, wherein the topology view includes subnet objects, network device objects, physical interface objects within the network device objects, logical interface objects within some network device objects;
  
  a network flow collection management module defined to acquire network data communication flow records from each network device within the network for a specified time period,wherein each network data communication flow record is associated with a corresponding network device, andwherein each network data communication flow record includes information about network traffic flowing through the corresponding network device, andwherein each network data communication flow record is generated and stored by the corresponding network device, andwherein each network data communication flow record is generated and stored separate from the network traffic flowing through the corresponding network device, andwherein each network data communication flow record includes data fields for1) an identifier of an ingress interface through which the network traffic entered the corresponding network device, and2) an identifier of an egress interface through which the network traffic exited the corresponding network device or an identifier of an internal interface at which the network traffic terminated within the corresponding network device, and3) an internet protocol source address for the network traffic, and4) an internet protocol destination address for the network traffic, and5) a source port for the network traffic, and6) a destination port for the network traffic;
  
  a network flow correlation module defined toA) correlate separate network data communication flow records acquired from different network devices in the network based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate network data communication flow records,wherein each of the separate network data communication flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the network traffic, and2) identical content in the data field for the internet protocol destination address for the network traffic, and3) identical content in the data field for the source port for the network traffic, and4) identical content in the data field for the destination port for the network traffic,B) analyze the common network data communication flow record to identify associated transmission path segments of the network traffic through the network,C) repeat A) and B) for different network traffic to create a plurality of common network data communication flow records and identify transmission path segments of the different network traffic respectively associated with the plurality of common network data communication flow records, andD) aggregate some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record,wherein the network visualization module is defined to render in the topology view of the network on the visual display a graphical representation of the aggregated network communication flow record in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including one or more line segments displayed over the topology view of the network to respectively represent one or more data communication paths traversed through the network by network traffic represented by the aggregated network communication flow record, the graphical representation of the aggregated network communication flow record including at least one line segment extending into an ingress interface of a given network device, the graphical representation of the aggregated network communication flow record including at least one line segment extending between two internal interfaces of the given network device,wherein each of the device information management module, the network visualization module, the network flow collection management module, and the network flow correlation module is executed by a computer processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LiveAction, Inc.
Original Assignee
LiveAction, Inc.
Inventors
Smith, John Kei, Pierce, Robert
Primary Examiner(s)
Chuang, Jessica

Application Number

US13/774,879
Publication Number

US 20130159864A1
Time in Patent Office

1,061 Days
Field of Search

715/734
US Class Current

1/1
CPC Class Codes

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 43/0829   Packet loss

H04L 43/0852   Delays

H04L 43/087   Jitter

H04L 43/50   Testing arrangements

System for network flow visualization through network devices within network topology

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

209 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

System for network flow visualization through network devices within network topology

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

209 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others