Ethernet switching technology provides high bandwidth, low latency, and scalability for large datacenters and computers for data communication. A number of approaches have been used to exploit multiple paths in an Ethernet. For example, the network can be partitioned using layer-three Internet Protocol (IP) subnets or layer-two Virtual Local Area Networks (VLANs). Although these approaches limit the scope of flat layer two networks and assist in exploiting multiple paths, complex and costly manual administration are still required.
Communications network operators need efficient reporting applications to analyze the data generated from the network elements. The data may be traffic, fault or performance data. With the increase of subscribers and services in telecommunications, the volume of data generated has also grown significantly. As a result, the data as become increasingly difficult to handle and analyze efficiently. In addition to the scale of the data, the data itself is typically more complex and include noise elements. Handling and storing such data involves large amounts of costly processing power and storage.
Features of the present disclosure are illustrated by way of example and not limited in the following figure(s), in which like numerals indicate like elements, in which:
For simplicity and illustrative purposes, the present disclosure is described by referring mainly to an example thereof. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure. It will be readily apparent however, that the present disclosure may be practiced without limitation to these specific details. In other instances, some methods and structures have not been described in detail so as not to unnecessarily obscure the present disclosure. As used herein, the term “includes” means includes but not limited to, the term “including” means including but not limited to. The term “based on” means based at least in part on.
Disclosed herein are a method, apparatus, and system for analyzing a network. In the method, packet flow information of a virtual local area network (VLAN) implemented in the network is received. The packet flow information is sent from a node, such as a router, in the network and includes a VLAN identification (ID) of the VLAN. A representation of the VLAN is identified in a network topology based on the node and the VLAN ID of the VLAN. The packet flow information is associated with the representation of the VLAN.
As discussed herein, a packet may be a data packet and a stream of data packets carries information needed for communication flows that transport information streams over a network between sending and receiving devices. Examples of types of packet streams are multiplayer game data, streaming video or audio, or bulk transfer of data. The source and destination devices are configured to send or receive packets via a route in a network and packets may pass through the route to the destination device through the network or through another network.
Through implementation of the method, apparatus, and system disclosed herein, the topology of a network and VLANs implemented in the network, including participating switches in the VLAN, may be linked with packet flow information flowing over the network. As discussed in greater detail below, packet flow information is a directed stream of Internet Protocol (IP) flow packet data including information regarding the packet that may be sent from a designated router(s) to a collection/analysis software. The packet flow information may be categorized by application, which provides an integrated view of the configured VLANs from both the topology and traffic load perspectives. In addition, the network and VLAN topologies may be linked to application traffic analysis. Moreover, a VLAN management tool is disclosed herein, which allows for inspection and identification of bottlenecks in a current VLAN setup. Through analysis of application traffic flowing between VLANs, troubleshooting of bandwidth and network congestion related issues may be streamlined for improved performance.
Traffic analysis and application categorization at the router interface level are currently being performed. While this approach provides a view of the traffic in the network in terms of consumers and producers, it does not provide VLAN based analysis, as this approach lacks the capability to discover and link VLANs to traffic data. Also the VLAN Id is reported at the router level, while VLAN operation happens at the switch port level. The method, apparatus, and system for analyzing a network dsiclosed herein provide a connection between the application traffic and participating VLANs, which provides relatively more accurate inter-VLAN traffic characterization and analysis as compared with conventional approaches.
With reference first to
There may be a plurality of virtual local area networks (VLANS) implemented in the network 100. The VLANs are primarily switch configuration items and route data packets through nodes in the network, such as the routers 102a-102b. The network 100 includes an IP flow collection framework through which packet flow information, for instance, Internet protocol (IP) information, containing information about IP flow in the network from the routers 102a-102b is aggregated and collected. The packet flow is an aggregation of data packets sent between the VLANs, for instance from a source VLAN to a destination VLAN. The IP flow collection framework of the network 100 includes a distributed architecture containing local collectors 104a-104b and the master collector 106. The local collectors 104a-104b receive, parse, filter and aggregate data packets from nodes (for instance, routers 102a-102b) in the network 100. The local collectors 104a-104b send aggregated IP flow information to the master collector 106, for instance, at a master node (not shown) that may be located within or outside of the network 100. The master collector 106 provides a network topology context for the collected packet flow information and may store the collected packet flow information, for instance, in the data store 112.
According to an example, the local collectors 104a-104b, the master collector 106, and the network analysis manager 108 each comprise machine readable instructions that may be stored, for instance, in a volatile or non-volatile memory, such as DRAM, EEPROM, MRAM, flash memory, floppy disk, a CD-ROM, a DVD-ROM, or other optical or magnetic media, and the like. The machine readable instructions may be stored in the memory, which are executable by a processor of a computing device. According to another example, each of the local collectors 104a-104b, the master collector 106, and the network analysis manager 108 comprise a hardware device, such as, a circuit or multiple circuits arranged on a board. According to a further example, the local collectors 104a-104b, the master collector 106, and the network analysis manager 108 each comprise a combination of modules with machine readable instructions and hardware modules. In addition, multiple processors may be employed to implement or execute the local collectors 104a-104b, the master collector 106, and the network analysis manager 108.
The local collectors 104a-104b may be implemented at each of the routers 102a-102b or switches at which a VLAN is implemented. The master collector 106 and the network analysis manager 108 may be located at any suitable server having access to the network 100. The local collectors 104a-104b may transfer the packet flow information to the master collector 106 at the master node using an access network or any wide area network (WAN) or other network. According to an example, the local collectors 104a-104b transform the packet flow information into a predetermined secure format and then transfers the packet flow information in the predetermined secure format to the master collector 106. In this example, the predetermined secure format comprises a format suitable for processing by the master collector 106.
The collected packet flow information may be input from the master collector 106 into a reporting subsystem at the reporting server 110 from which an external client may access information regarding the collected packet flow information. In the instance of inter VLAN traffic, the packet flow information contains the VLAN ID of a source VLAN of a router, for instance the router 102a, that receives the IP flow at ingress interfaces (not shown) of the router 102a. The packet flow information also contains the VLAN ID of a destination VLAN in the instance of IP flow reporting for IP flows sent from egress interfaces (not shown) of the router 102a to the destination VLAN. The local collectors 104a-104b parse the packet flow information and extract the VLAN ID and the router IP and interface indices along with other attributes of the flow such as source and destination addresses and ports, type of service, etc. This information is then aggregated over a configurable period and communicated to the master collector 106, for instance, in the predetermined secure format. By way of example, each IP flow may be aggregated over a predetermined time, for instance, over a period of minutes, before being communicated to the master collector 106.
The network analysis manager 108 performs network management including automatic discovery and network element and connection analysis to build a network topology, which provides a topological view of the network 100. The packet flow information reported by the routers 102a, 102b provides VLAN identifications (IDs). However, VLANs are substantially switch configuration items, and topological connectivity analysis is required for identification of the VLANs for which the packet flow information is being reported in the network topology. The network analysis manager 108 performs this topological connectivity analysis. An example of the network analysis manager 108 is the Network Node Manager (hereafter referred to as NNMi) from the Hewlett Packard Company. The network analysis manager 108 identifies VLANs and participating interfaces for the VLANs in the network 100 uniquely. In addition, in some instances, the network analysis manager 108 determines layer 2 and layer 3 views of the network 100 in the network topology. The network analysis manager 108 stores network and VLAN topology information that may be queried by external clients.
The master collector 106 may integrate with the network analysis manager 108, for instance, via a web-service software development kit (SDK), and for each packet flow information identify a corresponding VLAN instance in the network analysis manager 108. The master collector 106 determines a flow record for the IP data flow based on the VLAN topology information received from the network analysis manager 108. The flow records are stored in a database and made available to external clients via a rich reporting user interface, for instance as described hereinbelow with respect to
With reference now to
As shown in
With reference now to
As shown in
Various manners in which the local collectors 104a-104b, the master collector 106, and the network analysis manager 108 may operate are discussed with respect to the method 400 depicted in
As shown in
At block 402, a topological analysis is performed to determine a network topology of the network 100 including VLANs implemented in the network 100, for instance, by the network analysis manager 108. The topological analysis may be performed for each packet flow information exporting node (for instance, the router 102a in
According to an example, a determination of each switch connected to a node is made for each node at which the packet data flow is accessed. A further determination of a VLAN ID of each VLAN on the switch is made for each switch connected to the node. The network analysis manager 108 may thereby build a cache of all possible VLAN instances that are present on switches connected to the flow exporting node.
The topological analysis may be performed in the following manner to determine VLANs implemented in the network 100, for instance by the network analysis manager 108. The network analysis manager 108 may determine each flow exporting node, for instance, the routers 102a-102b in
At block 404, packet flow information of a VLAN is received, for instance by the master collector 106. The packet flow information is sent form a node in the network 100 and includes a VLAN identification (ID) of the VLAN. The packet flow information may be collected for a predefined time, for instance by the local collectors 104a-104b at the nodes, in this instance the routers 102a-102b.
The local collectors 104a-104b may determine the packet flow information by aggregating IP flow packets received from a router or multiple routers over a period of time and determining packet flow information based on the aggregated data packets. The local collectors 104a-104b may output the packet flow information to the master collector 106 as described hereinabove with respect to
At block 406, a representation of the VLAN, for instance in the network topology, is identified based on the node and the VLAN ID of the VLAN. For example, in an instance in which packet flow information is received by the master collector 106, the master collector 106 may use the VLAN ID and an identification of the node, for instance a router IP address for the router 102a, to determine a corresponding singular VLAN instance. For instance, the master collector 106 may use a table similar to that shown on the user interface 300 in
At block 408, the packet flow information is associated with the representation of the VLAN, for instance by the master collector 106. The packet flow information may be populated in a flow record and stored in the data store 112. The master collector 106 may store the packet flow information and the associated representation of the VLAN and/or reporting the packet flow information and the associated representation of the VLAN to an external client.
Some or all of the operations set forth in the method 400 may be contained as a utility, program, or subprogram, in any desired computer accessible medium. In addition, the method 400 may be embodied by computer programs, which can exist in a variety of forms both active and inactive. For example, they may exist as machine readable instructions, including source code, object code, executable code or other formats. Any of the above may be embodied on a computer readable storage medium.
Exemplary computer readable storage media include conventional computer system RAM, ROM, EPROM, EEPROM, and magnetic or optical disks or tapes. Concrete examples of the foregoing include distribution of the programs on a CD ROM or via Internet download. It is therefore to be understood that any electronic device capable of executing the above-described functions may perform those functions enumerated above.
Turning now to
The computer readable medium 510 may be any suitable medium that participates in providing instructions to the processor 502 for execution. For example, the computer readable medium 510 may be non-volatile media, such as an optical or a magnetic disk; volatile media, such as memory; and transmission media, such as coaxial cables, copper wire, and fiber optics. Transmission media can also take the form of acoustic, light, or radio frequency waves. The computer readable medium 510 may also store other machine readable instructions, including word processors, browsers, email, Instant Messaging, media players, and telephony machine-readable instructions.
The computer-readable medium 510 may also store an operating system 514, such as Mac OS, MS Windows, Unix, or Linux; network applications 516; and a VLAN analysis application 518. The operating system 514 may be multi-user, multiprocessing, multitasking, multithreading, real-time and the like. The operating system 514 may also perform basic tasks such as recognizing input from input devices, such as a keyboard or a keypad; sending output to the display 504; keeping track of files and directories on the computer readable medium 510; controlling peripheral devices, such as disk drives, printers, image capture device; and managing traffic on the bus 512. The network applications 516 include various components for establishing and maintaining network connections, such as machine readable instructions for implementing communication protocols including TCP/IP, HTTP, Ethernet, USB, and FireWire.
The VLAN analysis application 518 provides various components for managing data traffic a network in which VLANs are implemented, as described above. In certain examples, some or all of the processes performed by the application 518 may be integrated into the operating system 514. In certain examples, the processes may be at least partially implemented in digital electronic circuitry, or in computer hardware, machine readable instructions (including firmware and/or software), or in any combination thereof.
Although described specifically throughout the entirety of the instant disclosure, representative embodiments of the present invention have utility over a wide range of applications, and the above discussion is not intended and should not be construed to be limiting, but is offered as an illustrative discussion of aspects of the invention.
What has been described and illustrated herein is a preferred example of the disclosure along with some of its variations. The terms, descriptions and figures used herein are set forth by way of illustration only and are not meant as limitations. Many variations are possible within the spirit and scope of the disclosure, which is intended to be defined by the following claims—and their equivalents—in which all terms are meant in their broadest reasonable sense unless otherwise indicated.