1. Field of the Invention
This invention relates in general to a system for managing network traffic, and more particularly to a process and assembly for prioritizing the segments of a computer network according to their importance to help predict future network problems without jeopardizing host system resources.
2. Description of the Related Art
In the early 1990s and before, most of the world""s networks consisted of shared media Ethernet. Such networks were built using hubs that attached to end nodes. Bridges and routers separated groups of hubs into smaller areas of shared media known as collision domains, or segments. A typical network contained multiple segments, and the bandwidth of each segment was in turn shared by multiple nodes that contended with one another when they had data to transmit. As the number of nodes contending for a segment""s bandwidth increased, the average period that each node had to wait before transmitting its data lengthened, and each host waited for exclusive access to the shared media.
In the late 1990s the availability of network switching solutions at commodity prices prompted customers to partition their computer networks into increasingly smaller pockets of shared media, using switches to connect the shared-media pockets. Switching reduces the potential for bandwidth contention by isolating the devices attached to a switch port from one another. Each switch port bounds a segment, just as bridges and routers did before.
Single nodes or groups of nodes may be attached to a switch port to define a segment. A node, as described herein, can be any element of a network other than the network bus itself For example, a node could include a computer, printer, modem, scanner, repeater, bridge, hub, router, etc. Each node as described, may repeatably receive, transmit, and/or transfer a volume or unit of data or traffic information.
Attaching a group of nodes to a switch effectively isolates those nodes from all others in the network. In other words, the devices on a switch port only hear traffic destined specifically for them. The isolated nodes must contend with the switch and with one another for network bandwidth, but do not have to contend with nodes elsewhere in the network. Attaching a single node to a switch isolates that node so that it has only to contend with the switch for network bandwidth when it needs to transmit data.
Building a network infrastructure that isolates most or all of the network""s end nodes onto their own switch ports is often referred to as micro-segmenting, a practice that results in increased network availability and effectively more bandwidth for the end nodes. Micro-segmenting comes at an expense. The more heavily a network is segmented the more difficult, time consuming, and expensive it is for a network administrator to manage effectively due to the increased number of segments in the topology.
Most network administrators rely on one or more network management system (xe2x80x9cNMSxe2x80x9d) applications to assist them in monitoring and controlling their network""s operation. In all but the simplest networks, a critical function of an NMS is to monitor and control the flow of traffic within the network.
Networks evolve in many different ways over time: the number and type of devices used in the network infrastructure changes, the number and type of end nodes change, and the data exchanged by the end nodes change. Even the type and speed of media used in the network can evolve as technology improves. Without monitoring the flow of traffic in such a network it would be impossible to determine whether a network continues to function properly over time except in extreme cases where it becomes non-operational.
Monitoring the flow of traffic in a network allows NMS applications to build databases that describe which nodes are conversing on the network""s segments, which nodes are exchanging information with each other over time, and the type and volume of traffic being generated by each node. Such databases may in turn be used by other applications that perform a wide range of functions such as billing users for network bandwidth consumption, predicting future bandwidth requirements, and troubleshooting long-term or infrequently occurring problems. Continuous traffic monitoring can also be used as a real-time method for detecting when the network is inaccessible so that the network administrator can be alerted to outages or other problems that inhibit the network""s function.
A conventional network management system (xe2x80x9cNMSxe2x80x9d) that continuously monitors traffic supports data acquisition methods that utilize dedicated probe devices such as RMON or RMON-II. This type of NMS runs continuously in the sense that on the segments where probes reside, the probes continually gather, analyze and store detailed traffic information on that segment. The software applications that retrieve and display such information to the user may or may not run continually; if they do, it is to receive notification from a probe that collected data about a network activity is worthy of inspection by the administrator.
The cost and complexity of the above solution usually prevents an administrator from monitoring every segment in their network even when equipped with infrastructure devices (hubs, switches, and routers) that implement RMON internally. Consequently, most administrators that utilize an NMS that continuously monitors network traffic can only monitor business-critical portions of their networks.
Other NMS applications take advantage of simple numeric counters that are available in almost all infrastructure devices. Industry-standard specifications, called management information bases (xe2x80x9cMIBsxe2x80x9d), dictate which numeric counters a device should keep and what types of occurrences should be counted. Several MIBs specify counters for different types of network traffic, and virtually every networking infrastructure device implements one or more of these MIBs. Monitoring systems that rely on such counters normally consist of a software application that executes on a workstation or personal computer.
The user is required to select a segment from those listed by the application, specify which MIB counters are to be monitored on the segment, and give a frequency with which the counter values should be retrieved. Then the application periodically retrieves the specified counter values from the segment until monitoring is terminated at the user""s request. Some applications support this type of counter retrieval on several segments simultaneously. This type of application usually runs only upon user demand, and the set of counters retrieved by it is almost always variable depending upon user configuration.
The monitoring applications described above each have different strengths and weaknesses. The detailed monitoring mechanism first described is too costly for most network administrators to implement everywhere in their networks. The volume of detailed data that results is overwhelming to analyze, and most of the collected data would hold relatively little importance to themxe2x80x94such information is usually analyzed only after an anomalous condition is detected on a segment and a diagnosis is required.
The second system, a less detailed approach to network monitoring, relies on the retrieval of standardized counter values. Although this system is within the budget of almost every network administrator and may detect problem conditions on a segment, it usually cannot obtain the type of detailed information needed to determine whether a problem really exists and subsequently provide a diagnosis of the problem""s cause.
Both types of NMS applications usually limit the number of segments that data can be retrieved from the network at any one time without regard to the type of host system they are executing on. Consequently, when the resources of a host system vary, so do the reliability and function of the monitoring applications.
The present invention is directed to overcoming, or at least reducing the effects of, one or more of the problems set forth above.
This invention provides an operational adapter for a network management system (xe2x80x9cNMSxe2x80x9d) running on a host computer. The inventive network traffic analysis system (xe2x80x9cNTASxe2x80x9d) systematically prioritizes the nodes of a network for collecting basic and/or detailed network traffic information. More specifically, if traffic information can not be collected from all network nodes, the NTAS application provides an algorithm that can be used to intelligently select a subset of segments for monitoring that will accommodate the host system resources. If the host system resources will allow for the collection of basic traffic information from all of the segments then the same algorithm can determine which segments should be monitored at a more detailed level than the rest. In effect, this invention will allow a conventional NMS, running on a workstation or personal computer, to monitor networks that range in size from one to several thousand segments while consuming a bounded portion of its host system""s resources. In turn, this invention will allow a conventional NMS to dynamically alter the traffic information that it will collect as the network conditions change over time.
In one aspect of the present invention, an adaptive system module interacts with an NMS to dynamically determine what network traffic information should be collected and stored for analysis. The module and NMS application are operable on a host computer being coupled to a network having multiple segments that may utilize various data acquisition methods. The adaptive system module includes a network organizer that categorizes the multiple segments of the network, a network prioritizer that ranks the categorized segments amongst themselves according to a necessity to obtain data traffic information for analysis, and a system optimizer that determines how many of the ranked segments can provide data traffic information within a set protocol data unit (xe2x80x9cPDUxe2x80x9d) credit limit.
In another aspect of the instant invention, an adaptive system module interacts with an NMS application to provide a method that can determine what network traffic information should be collected and stored for analysis by a network management system. The module and system are operable on a host computer being coupled to a network having multiple segments that may utilize various data acquisition methods. The method includes steps of categorizing the multiple segments of the network, ranking the categorized segments amongst themselves according to a necessity to obtain data traffic information for analysis, and determining how many of the ranked segments can provide data traffic information within a PDU credit limit.