System and method for network monitoring

Abstract

A network monitoring tool capable of effectively supporting a network administrator is provided. A monitoring apparatus includes a collecting unit that collects information on a network, a receiving unit that receives a notification indicating that an event has occurred on an element of the network, and an analyzing unit that analyzes correlation between one received notification and another received or potential notification on the basis of the collected information. The collecting unit may collect information regarding a packet forwarding path that is dynamically established in the network. The apparatus may further include a unit that detects whether the potential notification specified by the analyzing unit is actually received.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings are incorporated in and constitute a part of this specification. The drawings exemplify certain aspects of the invention and, together with the description, serve to explain some principles of the invention.

FIG. 1 shows an exemplary internal configuration of a monitoring apparatus 100 consistent with the principle of the invention;

FIG. 2 shows an example of elements of a network 300 and occurrence of a failure;

FIG. 3 shows an example of logical path information stored in a logical path information memory 140;

FIG. 4 shows an example of event log information stored in an event log memory 150, in which events related to LSPs established by RSVP are handled;

FIG. 5 shows an example of information generated by a user presentation information creating section 170 and displayed on a display screen, in order to present an event occurred on a logical element and its affecting events, which brought about that event, to a user;

FIG. 6 shows an example of information generated by the user presentation information creating section 170 and displayed on the display screen, in order to present an event occurred on a physical element and its affected events, which were brought about by that event, to the user;

FIG. 7 shows another example of elements of a network 300 and occurrence of a failure;

FIGS. 8A and 8B show another example of logical path information stored in the logical path information memory 140, in which FIG. 8A shows a table of LSP routes and FIG. 8B shows a table of VPNs that use logical paths;

FIG. 9 shows another example of event log information stored in the event log memory 150, in which events related to VPNs are handled;

FIG. 10 illustrates a case in which the correlation analysis is performed in response to a reception of an event notification, showing an example of event log information stored in the event log memory 150;

FIG. 11 shows yet another example of elements of a network 300 and occurrence of a failure;

FIGS. 12A and 12B show yet another example of logical path information stored in the logical path information memory 140, in which FIG. 12A shows a table of OSPF topology and FIG. 12B shows a table of VPNs that use logical paths;

FIG. 13 shows yet another example of event log information stored in the event log memory 150, in which events related to IP routes of OSPF are handled;

FIG. 14 shows yet another example of event log information stored in the event log memory 150, in which events related to LSPs established using LDP are handled;

FIG. 15 shows an exemplary internal configuration of a monitoring apparatus 200 having a scheduled maintenance management function consistent with the principle of the invention;

FIG. 16 shows an example of scheduled maintenance information stored in a scheduled maintenance memory 290;

FIG. 17 shows an example of information displayed on a display screen, by which a user can input scheduled maintenance information into the monitoring apparatus 200 through a scheduled maintenance managing section 280;

FIG. 18 shows an example of information generated by a user presentation information creating section 270 and displayed on a display screen, in order to present notified events and their corresponding scheduled maintenances, which caused the notified events, or scheduled maintenances and their corresponding events, which were notified due to the maintenances, to a user;

FIG. 19 shows an example of information generated by the user presentation information creating section 270 and displayed on the display screen, in order to present past events related to scheduled maintenances to a user;

FIG. 20 shows an exemplary internal configuration of a monitoring apparatus 400 having a failure prediction function consistent with the principle of the invention;

FIG. 21 shows yet another example of elements of a network 300 and occurrence of a failure;

FIG. 22A shows an example of information stored in a path information memory 440 (link-port association table) and FIG. 22B shows an example of information stored in a port event managing section 480;

FIG. 23 shows an example of event log information stored in an event log memory 450 in the example of FIGS. 22A and 22B;

FIG. 24 is a flowchart of an exemplary process for predicting a failure in the example of FIGS. 22A and 22B;

FIG. 25A shows another example of information stored in the path information memory 440 (LSP route table) and FIG. 25B shows another example of information stored in the port event managing section 480;

FIG. 26 shows an example of event log information stored in the event log memory 450 in the example of FIGS. 25A and 25B;

FIG. 27 is a flowchart of an exemplary process for predicting a failure in the example of FIGS. 25A and 25B;

FIG. 28 shows an example of event log information stored in the event log memory 450 on the basis of the failure prediction shown in FIG. 27; and

FIG. 29 is a flowchart of an exemplary process for performing selective polling using failure prediction.

Claims

1. A network monitoring apparatus comprising: a collecting unit that collects information regarding a packet forwarding path, the path being dynamically established in a network;a receiving unit that receives a notification indicating that an event has occurred on an element of the network; andan analyzing unit that analyzes correlation between a plurality of notifications received by the receiving unit, on the basis of the information collected by the collecting unit.

2. The network monitoring apparatus according to claim 1, wherein there is at least one of a failure, a failure recovery, and an alteration on the element, as types of events indicated by notifications received by the receiving unit.

3. The network monitoring apparatus according to claim 1, wherein the analyzing unit uses information regarding a packet forwarding path that can be presumed to have been used when the event occurred, on the basis of a time identified by the notification received by the receiving unit, among information regarding the packet forwarding path at a plurality of times collected by the collecting unit.

4. The network monitoring apparatus according to claim 1, wherein the analyzing unit analyzes the correlation irrespective of an order in which the plurality of notifications were received by the receiving unit.

5. The network monitoring apparatus according to claim 1, wherein the collecting unit collects routing information exchanged between nodes in the network, andthe analyzing unit uses the routing information to calculate a packet forwarding path and analyzes the correlation on the basis of the calculated packet forwarding path.

6. The network monitoring apparatus according to claim 1, wherein the collecting unit collects information regarding a label switched path established in the network, andthe analyzing unit analyzes whether there is correlation between an event concerning a label switched path and an event concerning a link passed through by the label switched path.

7. The network monitoring apparatus according to claim 1, further comprising a memory that stores information regarding events indicated by notifications received by the receiving unit as a log,wherein the analyzing unit, in response to a request by a user, analyzes correlation between the events regarding which the log information is stored in the memory, and presents a result of the analysis to the user.

8. The network monitoring apparatus according to claim 1, further comprising a memory that stores information regarding an event indicated by a notification received by the receiving unit,wherein the analyzing unit, in response to a reception by the receiving unit, analyzes correlation between the event regarding which the information is stored in the memory and an event indicated by a notification received, and stores a result of the analysis in the memory.

9. The network monitoring apparatus according to claim 1, wherein the analyzing unit comprises: a unit that identifies, on the basis of the information regarding the packet forwarding path, a notification indicating occurrence of an event causing a series of correlated events among the plurality of notifications; anda unit that specifies, on the basis of the information regarding the packet forwarding path, an event that secondarily occurs on another element due to occurrence of the causing event.

10. The network monitoring apparatus according to claim 9, wherein the collecting unit comprises a unit that collects, in addition to the information regarding the packet forwarding path, information indicating an entity that uses the packet forwarding path, andthe analyzing unit comprises a unit that identifies, on the basis of the information indicating the entity, an entity affected by occurrence of the causing event.

11. The network monitoring apparatus according to claim 9, further comprising a unit that, if the causing event is a failure, estimates a time period during which packets related to said another element on which the secondary event occurs are not transferred, on the basis of a time identified by the notification indicating the occurrence of the causing event.

12. The network monitoring apparatus according to claim 9, further comprising a unit that presents a notification of the secondary event that occurs on said another element to a user in a form that varies depending on the level of severity of the secondary event.

13. The network monitoring apparatus according to claim 9, further comprising a unit that, if a notification indicating that the secondary event specified by the analyzing unit to occur on said another element has actually occurred is not received by the receiving unit, presents an abnormal condition to a user.

14. The network monitoring apparatus according to claim 9, further comprising a unit that, if a notification indicating that the secondary event specified by the analyzing unit to occur on said another element has actually occurred is not received by the receiving unit, checks a status of said another element.

15. A network monitoring apparatus, comprising: a collecting unit that collects information regarding a packet forwarding path, the path being dynamically established in a network;a receiving unit that receives a notification indicating that an event has occurred on an element of the network;a registering unit that registers information indicating that a maintenance of an element in the network is scheduled and a scheduled start time of the maintenance; andan analyzing unit that analyzes correlation between an execution of the maintenance registered by the registering unit and the event notification received by the receiving unit, on the basis of the information collected by the collecting unit.

16. The network monitoring apparatus according to claim 15, wherein the analyzing unit comprises a unit that, in response to a reception by the receiving unit, determines whether the execution of the maintenance causes the event indicated by the notification, on the basis of information regarding the packet forwarding path at a time identified from the reception.

17. The network monitoring apparatus according to claim 15, wherein the analyzing unit comprises: a unit that, in response to a start of the maintenance, specifies an event that secondarily occurs on another element due to the execution of the maintenance, on the basis of information regarding the packet forwarding path at a time identified from the start, and stores the specified event; anda unit that, in response to a reception by the receiving unit, determines whether the event indicated by the notification is stored as the specified event.

18. A network monitoring apparatus comprising: a collecting unit that collects information representing interrelation between elements in a network;a receiving unit that receives a notification indicating occurrence of an event on an element of the network;an analyzing unit that, on the basis of the information collected by the collecting unit, specifies another notification concerning another element to be received in a case of occurrence of the event indicated by the notification received by the receiving unit; anda managing unit that detects whether said another notification specified by the analyzing unit is received by the receiving unit within a predetermined time period.

19. The network monitoring apparatus according to claim 18, further comprising a unit that presents an abnormal condition to a user, if the management unit detects that said another notification has not been received within the predetermined time period.

20. The network monitoring apparatus according to claim 18, further comprising a checking unit that sends a message for checking a status of said another element onto the network, if the managing unit detects that said another notification has not been received within the predetermined time period.

21. The network monitoring apparatus according to claim 20, further comprising a unit that, if an abnormality is detected on the basis of a reply to the message sent by the checking unit, notifies a user of the abnormality.

22. The network monitoring apparatus according to claim 18, wherein the information collected by the collecting unit is at least one of information regarding a set of elements directly interconnected in the network and information regarding a packet forwarding path dynamically established in the network.

23. A network monitoring method comprising: collecting information regarding a packet forwarding path, the path being dynamically established in a network;receiving a plurality of notifications, each notification indicating that an event has occurred on an element of the network; andanalyzing correlation between the plurality of notifications received, on the basis of the collected information.

24. A computer usable medium having computer readable program codes embodied therein for a computer functioning as a network monitoring apparatus, the computer readable program codes comprising: a first program code for collecting information regarding a packet forwarding path, the path being dynamically established in a network;a second program code for receiving a notification indicating that an event has occurred on an element of the network; anda third program code for analyzing correlation between a plurality of notifications received by the second program code, on the basis of the information collected by the first program code.

25. The computer usable medium according to claim 24, the computer readable program codes further comprising: a fourth program code for registering information indicating that a maintenance of an element in the network is scheduled and a scheduled start time of the maintenance; anda fifth program code for causing the third program code to analyze correlation between a first notification indicating that an event corresponding to the scheduled maintenance registered using the fourth program code has occurred and a second notification indicating that another event has occurred.

26. A network monitoring method comprising: collecting information representing interrelation between elements in a network;receiving a notification indicating occurrence of an event on an element of the network;specifying, on the basis of the collected information, another notification concerning another element to be received in a case of occurrence of the event indicated by the received notification; anddetecting whether said another notification specified is received within a predetermined time period.

27. A computer usable medium having computer readable program codes embodied therein for a computer functioning as a network monitoring apparatus, the computer readable program codes comprising: a first program code for collecting information representing interrelation between elements in a network;a second program code for receiving a notification indicating occurrence of an event on an element of the network;a third program code for obtaining, on the basis of information collected by the first program code, a notification concerning another element to be received in a case of occurrence of the event indicated by the notification received by the second program code; anda fourth program code for detecting whether another notification specified by the third program code is received within a predetermined time period.

28. The computer usable medium according to claim 27, the computer readable program codes further comprising a fifth program code for sending a message for checking a status of said another element onto the network, if it is detected by the fourth program code that said another notification has not been received within the predetermined time period.