1. The Field of the Invention
The present invention relates generally to analysis of data transmitted over a communication link. More specifically, the present invention relates to the distributed analysis of network data transmitted at a high rate of speed using multiple processors.
2. The Relevant Technology
Many data communications systems use a variety of different transmission mechanisms to enable communication between and among associated subsystems. In general, the type of transmission mechanism employed in a given situation is determined with reference to the particular tasks desired to be accomplished in connection with those transmission mechanisms and associated systems. In turn, each transmission mechanism is associated with a particular transmission, or communication, protocol that defines various parameters concerning the transmission of data in connection with the transmission mechanism. Such communication protocols commonly specify, for example, the manner in which data is encoded onto a transmission signal, the particular physical transmission media to be used with the transmission mechanism, link layers, and other attributes concerning the transmission of data.
As network data moves from a point of origin to a destination by way of communication links, the network data passes through a variety of devices collectively representing multiple protocols and types of hardware. Typically, each device modifies the network data so that the network data can be transmitted by way of a particular communication link. However, modification of the network data in this manner often causes errors or other problems with the network data. Such errors may occur as the result of various other processes and conditions in the transmission mechanisms as well. Thus, the various links in a communications system may be particularly prone to introduce, or contribute to the introduction of errors in the network data. Moreover, errors and other problems present at one location in the network data stream can cause additional errors or other problems to occur at other locations in the network data stream and/or at other points in the communications system and associated links.
One approach to the identification, analysis, and resolution of problems in communications systems involves capturing a portion of the network data traffic for review and analysis. In some cases, such data capture is performed in connection with an analyzer that includes various hardware and software elements configured to capture data from communications links in the communications system, and to present the captured data in various formats to a user or technician by way of a graphical user interface or other output device.
Generally, such analyzers capture data traffic in the communications system over a defined period of time, or in connection with the occurrence of predefined events. Use of the analyzer can allow a network administrator to track the progress of selected data as that data moves across the various links in the communications system. Corrupted or altered data can then be identified and traced to the problem link(s), or other parts of the communications system. Analyzers can provide useful results, but it is often the case that employment of typical protocol analyzers imposes unacceptable costs in terms of communications system performance and down time. Often, analyzers have also been unable to increase processing speeds to match the increasing rates of data transfer.
Errors in a communication link can occur at various layers of hardware and software. Ideally, it is preferred to conduct analysis of every layer to detect such errors. Example layers of analysis include the physical layer, the packet layer, the command layer, the application layer, and the network layer. Several different analysis tools have been produced to analyze network data so as to detect errors at these different layers of processing. However, analyzers have generally been limited in the number of layers and the amount of data that can be analyzed.
In addition, at one level of intelligence an analysis tool may be able to decode an event and present the decoded event to a user or technician. Above this level of analysis intelligence is an analysis tool that looks at a string of data events that occur over seconds or minutes of time and intelligently analyzes the network data to explain what is occurring at a higher level. This may include checking large sequences of packets and primitives using different algorithms and tests to insure that each protocol and application was followed correctly.
Another level of analysis intelligence includes the ability for an analyzer to look at a higher level of a data communication system and make sense of the large amount of data transmitted so that the analyzer can indicate to the user or technician what went wrong and also provide instructions to the user or technician for fixing the problem. However, as these levels of analysis intelligence increase, the amount of data processing power required to perform the analysis also increases.
Another problem with looking at these higher layers is that there can be several packets of data making up a transaction between a source and a destination. These data packets can be interleaved with other packets of data from different network transactions (e.g., between different sources and destinations). Thus, to analyze a specific network transaction, an analyzer must first receive, identify, and associate the different packets from each transaction in order to apply algorithms and other checks to the entire transaction. This becomes even more difficult for a processor to accomplish as the rate of data transmission, number of network transactions, and amount of data in each transaction increases.