In computer networks, routers, gateways, and/or other types of network elements can typically inspect data traffic passing through. The inspection results can then be analyzed for quality-of-service control, intrusion detection, intrusion protection, firewalling, network monitoring, load balancing, and/or other suitable network management tasks. However, in some computer systems (e.g., unified communication systems), payloads of signaling and/or data traffic may be encrypted. The encryption can “blind” the various network elements, and thus impair execution of various network management tasks.
To address this difficulty, probes with heuristics may be deployed at different locations in a computer network to monitor and/or identify data traffic. However, deployment of such probes can be expensive, and monitoring results may be unreliable because accuracy depends not only on the number and locations of the deployed probes but also on precision of the heuristics.
The present technology is directed to monitoring network performance and diagnosing potential configuration and/or operation issues in computer networks, in which at least a portion of signaling and/or data traffic is encrypted. For example, in one aspect, a server can perform signaling between a first client device and a second client device to establish a network session (e.g., a video call) upon receiving a request. During signaling, various attributes of the network session may be established. The attributes can include network addresses and/or media access control (“MAC”) addresses of the first and second client devices, a media type, a required bandwidth of the network session, transport ports, transport protocols, codecs, session timestamps, encryption types, encryption keys, and/or other suitable session parameters.
The server can transmit one or more of the attributes in a decrypted form to a network management system. The network management system can then determine a network route having one or more network elements connecting the first client device to the second client device for the network session. Once the server indicates that the network session is started, the network management system can collect information of the one or more network elements periodically, on-demand, and/or in other suitable manners.
If a difficulty (e.g., a dropped call or bad call quality) arises during the network session, the server can notify the network management system of this occurrence. The network management system can then determine or at least estimate a potential cause of the difficulty by correlating and/or otherwise analyzing the collected information with respect to the difficulty. As a result, the network management system may determine whether the server and/or at least one of the network elements have potentially caused the difficulty. With such results, an operator and/or other management entities may quickly diagnose and resolve the difficulty.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
Various embodiments of systems, devices, components, modules, routines, and processes for monitoring and diagnostics in computer networks are described below. In the following description, example software codes, values, and other specific details are included to provide a thorough understanding of various embodiments of the present technology. A person skilled in the relevant art will also understand that the technology may have additional embodiments. The technology may also be practiced without several of the details of the embodiments described below with reference to
As used herein, the term “unified communication system” generally refers to an integrated system that combines real-time and non-real-time communication services. Examples of real-time communication services include instant messaging, presence information, telephony, video conferencing, application sharing, call control and speech recognition. Examples of non-real-time communication services can include voicemail, e-mail, short message service, webpage request, and facsimile. In certain embodiments, a unified communication system may be implemented in a single computer program/product. In other embodiments, a unified communication systems may be implemented in a set of computer programs/products that provide a unified user interface and/or experience across multiple devices and media types.
The server 102 can be configured to facilitate processes by one or more of the client devices 107 to establish, update, or demolish a network session among the client devices 107. In one embodiment, the server 102 can include a unified communication system server (e.g., a Microsoft® Lync server). In other embodiments, the server 102 can include an enterprise server, a cloud server, an application server, a catalog server, a communication server, and/or other suitable types of server.
Even though the server 102 is illustrated in
In the illustrated embodiment shown in
The network 108 can include a plurality of network elements 113 interconnected to one another. For example, as shown in
The network management system 104 is configured to receive, from the server 102, one or more of attributes of a network session between at least a pair of client devices 107. The network attributes can include combinations of network addresses of the client devices 107, a session identifier, a protocol of the session, source and destination transport ports, a media type of the network session, a codec, or a bandwidth estimation of the network session. At least one of the attributes is encrypted during establishment and/or configuration of the network session. The network management system 104 is then configured to collect information from one or more of the network elements 113 during the network session. The network management system 104 can then be configured to associate the collected information with the network session and diagnose potential issues with the server 102 and/or at least one of the network elements 113. Embodiments of computing components suitable for the network management system 104 are described in more detail below with reference to
In operation, users 101 can transmit to the server 102 requests for network sessions with other users 101. For example, the first user 101a may request a first network session with the second user 101b. The third user 101c may request a second network session with the fourth user 101d. In response, the server 102 can signal and establish the requested network sessions following session initiation protocol (“SIP”) or other suitable protocols. The established network sessions can have a set of attributes including at least one of the following:
One example of the set of attributes may be as follows:
The server 102 can then “enlighten” the network management system 104 with at least some of the attributes of the established network sessions. For instance, in one embodiment, the server 102 can transmit the following set of attributes to the network management system 104 in a decrypted form:
With the received attributes from the server 102, the network management system 104 can then construct a network route 116 for each of the requested first and second network sessions using interior gateway protocol (“IGP”) or other suitable protocols. For example, the first network session can have a first network route 116a (shown as solid arrows in
The network management system 104 can then collect configuration and/or operation parameters (collectively referred to as “network information”) from the network elements 113 along the first and second network routes 116a and 116b once a start notification is received from the server 102. Example configuration parameters can include network name, MAC address, port configuration, class of service, firmware version, security settings, forwarding settings, QoS settings, and/or other suitable parameters. Example operation parameters can include traffic throughput and class of service thereof, dropped packets, application level throughput (“goodput”), and/or other suitable operation information.
The network management system 104 can collect the network information periodically, on-demand, or in other suitable manners using simple network management protocol (“SNMP”) or other suitable protocols. In certain embodiments, the information collection period can be constant. In other embodiments, the information collection period may vary. For example, at the beginning of a network session, the information collection period may be long so to limit network traffic. As the network session progresses, the information collection period may be shortened. In other examples, the information collection period may be shortened if a performance degradation notification is received from the server 102, as discussed in more detail below.
The network management system 104 can continue collecting the network information until an end-of-session notification is received from the server 102 and/or based on other suitable criteria. During the network sessions, the network management system 104 can also receive update notifications from the server 102. The update notification may include indications that the users 101 have added a new mode of communication (e.g., voice, video, data, etc.) and certain attributes of the updated network session. In response, the network management system 104 can repeat the foregoing operations as if the updated network session is a new network session.
If the server 102 detects a performance degradation for network sessions, the server 102 may notify the network management system 104. In certain embodiments, the degradation notification can include at least some of the following information:
In response, the network management system 104 can associate a subset of the collected information with the network session and analyze for a potential cause of the performance degradation. For instance, in the example above, the network management system 104 may correlate packet loss rates of the routers 114 and the ATM router 115 to the timestamp of the performance degradation. As a result, the network management system 104 may determine that the packet loss rate between the ATM router 115 and the second router 114b is beyond an acceptable range (e.g., an upper threshold). As such, the network management system 104 may indicate that a congestion section 117 exists along the first and second network routes 116a and 116b.
In another example, the network management system 104 may correlate a configuration parameter (e.g., class of service) to the timestamp of the performance degradation. As a result, the network management system 104 may identify that the ATM router 115 is not configured properly for video, voice, or other types of service. In further embodiments, the network management system 104 may correlate both the configuration and operation parameters of the network 108 to determine a potential cause of the performance degradation. If a potential cause is identified, the network management system 104 may alert an operation and/or other suitable entity for further diagnosing and/or resolving the difficulty.
As shown in
The server processor 111 can include a session module 125. In certain embodiments, the session module 125 may be implemented as an application-specific integrated circuit or other suitable types of hardware. In other embodiments, the session module 125 may be implemented as a computer program, procedure, or process written as source code in C, C++, Java, and/or other suitable programming languages. The computer program, procedure, or process may be compiled into object or machine code and presented for execution by the server processor 111. In further embodiments, the session module 125 may be implemented as a combination of hardware and software or as other suitable hardware/software components.
The session module 125 can be configured to establish, update, and/or demolish a network session between a first client device and a second client device interconnected to each other by a computer network via SIP or other suitable protocols. For example, during configuration of a network session, at least one attribute of the configured network session may be negotiated and/or otherwise determined in an encrypted manner. For instance, session attributes are typically included in an encrypted payload of an SIP signaling packet. As a result, network elements 113 (
The traffic module 160 is configured to collect and analyze communication traffic data 150. For example, the traffic module 160 may monitor communication traffic in SNMP or other suitable protocols and identify configuration and/or operation parameters for each of the network elements 113 (
The analysis module 162 may be configured to analyze the identified parameters from the network elements 113 and to determine a potential cause for a performance degradation for a network session. For example, in one embodiment, the analysis module 162 is configured to correlate the collected configuration or operation parameters to the performance degradation based on a timestamp of the performance degradation and the timestamps of the collected configuration or operation parameters. In other embodiments, the analysis module 162 may correlate the collected configuration and/or operation parameters with the performance degradation in other suitable manners. The analysis module 162 can then supply the analysis results to the calculation module 166 and/or control module 164 for further processing.
The calculation module 166 can include counters, timers, and/or other suitable accumulation routines configured to perform various types of calculations to facilitate operation of other modules. For example, in one embodiment, the calculation module 166 may include a counter configured to track a number of established network sessions. In another example, the calculation module 166 may include routines for performing time averaging, window averaging, filtering, and/or other suitable operations.
The control module 164 may be configured to monitor and/or potential cause of performance degradation based on inputs from the analysis module 162, the calculation module 166, or other input 154 (e.g., offline manual input). For example, in certain embodiments, the control module 164 can include comparison routines configured to compare at least one the following parameters to a corresponding threshold:
In other embodiments, the control module 164 may include other suitable routines. If any of the comparisons indicate that the corresponding threshold has been exceeded, the control module 164 can indicate to the output component 138 that a potential cause exists in the network 108 (
As shown in
The process 200 then includes a block 206 of transmitting at least one of the session attributes to the network management system 104 (
The process 200 can then include monitoring the network session for updates at block 208. If an update is detected (e.g., a user 101 has added voice, video, data, or other modes of communication to the network session), the process reverts to block 204 to configure a new network session for the update; otherwise, the process proceeds to determining if the network session has ended at block 210. If the network session is still active, the process 200 reverts to monitoring updates at block 208; otherwise, the process proceeds to block 212 for transmitting to the network management system 104 an end signal indicating that the session has ended at block 214.
The process 200 also include notifying the network management system 104 session conditions at block 212. The session conditions can include a good session indication, a bad session indication, a session error indication, and/or other suitable indications along with at least one of the notification items discussed above with reference to
The process 300 also include monitoring for an session update signal from the server 102 at block 308. If an update is indicated, the process 300 reverts to block 302 for receiving a new set of session attributes for the updated session; otherwise, the process 300 proceeds to block 310 for determining if the network session has ended. If the network session has not ended, the process 300 reverts to block 306 to continue collecting network information along the network route; otherwise, the process 300 proceeds to block 312 for receiving session condition from the server 102.
The process 300 then includes determining if a performance degradation is indicated at block 314. If a performance degradation is indicated, the process 300 proceeds to block 316 for associating collected network information with the performance degradation, as discussed above with reference to
Specific embodiments of the technology have been described above for purposes of illustration. However, various modifications may be made without deviating from the foregoing disclosure. In addition, many of the elements of one embodiment may be combined with other embodiments in addition to or in lieu of the elements of the other embodiments. Accordingly, the technology is not limited except as by the appended claims.