The present invention generally relates to data processing. The invention relates more specifically to generating reports that show information relating to networks, and further relates to methods and apparatus for generating user-specified reports of network accounting information.
A network system generally includes a number of network devices, such as switches, routers, and others, connected so as to allow communication among the devices and end station devices such as desktop machines, servers, hosts, printers, fax machines, and others. Many companies have a desire to provide remote access to their computer networks. By allowing remote access, individuals can connect to the computer network to use it to work and obtain resource information while located at a remote site.
A popular method of providing remote access to a network is through the use of a dial-in network access server (NAS) that controls access to the network. For example, the server model AS5300, commercially available from Cisco Systems Inc., can be used to provide dial-in access to a company""s network. Individuals can access the network system by dialing into the network access server from a Remote Node to establish a connection. In this context, the term Remote Node refers to a client device such as a personal computer (PC) or router that can be used to dial in and establish a connection with the network access server.
Managing the dial-in connections that are made to a large number of network access servers can require significant administrative support. Not only must administrative support personnel ensure that network security is maintained, but they must also ensure that remote access to the network is properly provided to those individuals that are authorized to access the network remotely, and that appropriate response times are maintained once a connection is established. When the network access servers are part of an Internet Service Provider (ISP) or other commercial institution, accurate accounting of connection time is required so that customers may be billed correctly. These functions are generically known as authorization, authentication and accounting (AAA).
One method of managing connections to a group of network access servers is through use of a shared accounting server, such as authorization, authentication and accounting (AAA) server software component of CiscoSecure ACS, which is commercially available from Cisco Systems Inc. With a shared accounting server, connection accounting information that is associated with the dial-in connections that are established with the different network access servers can be maintained at one location. In this context, the connection accounting information represents statistical data about the connections that were made or which were attempted to be made with a group of network access servers. For standardization purposes, certain accounting protocols have been developed that define the accounting information that is to be communicated between a network access server and a shared accounting server. For example, the Remote Authentication Dial In User Service (RADIUS) Accounting protocol can be used for carrying accounting information between network access servers and a shared accounting server. The RADIUS Accounting protocol is defined in detail in such documents as Request For Comment (RFC) 2138 and RFC 2139. Existing network systems are based on standard accounting protocols such as the RADIUS Accounting protocol. In these systems, a shared accounting server typically stores the accounting information in one or more files.
FIG. 3 illustrates RADIUS accounting data 300 in a file containing two exemplary RADIUS Accounting records 302, 304 that describe connections that were made between a shared accounting server and a group of network access servers. Timestamp values 306, 308 indicate the respective creation date and time for records 302, 304. Once the RADIUS Accounting information is stored, an administrator may access the information to determine specific information about particular connection that was established with a particular network access server.
However, a drawback with storing the RADIUS Accounting information in a file, as depicted in Table 1, is that interpreting the significance of the data can be both difficult and extremely time consuming. Thus, to aid in the interpretation of the data, a mechanism may generate a report that summarizes or interprets certain information about the connections. For example, a report may indicate the number of times a particular port was used by each of the network access servers. Alternatively, a report may indicate the connection speed used for a particular connection. In another alternative, a report indicates the total number of connections that were established with the group of network access servers for a particular day.
However, a drawback with generating such reports is that different information may be important to different network administrators. For example, a particular administrator may require a report that depicts the number of connections that were established with a particular network access server, while a different administrator may require a report that depicts the connection speed that was established for each connection.
In addition, different administrators may require that the information be displayed in different formats. For example, one administrator may require that a report be generated that depicts the number of connections that were established with a network access server on a week-by-week basis. Alternatively, another administrator may require that a report be generated that depicts the number of connections that were established with a network access server on an hour-by-hour basis. Thus, each administrator may require that different types of reports be generated.
As a result, in past approaches, generating such different reports has required custom, hard-coded software that must be modified whenever a new report is created. In addition, if an administrator later determines that a new report type is required, additional software will typically be required to produce the new report type. The software that generates a particular report is typically fixed and must undergo frequent revision as the administrator requests new capabilities. Based on the foregoing, there is a clear need for a mechanism that can produce reports that contain accounting information that is desired by a particular individual.
There is also a need for a mechanism that can produce reports that contain information in the particular format that is desired by the individual.
Requests for new reports may cause projects to have larger than normal maintenance efforts. Further, requests for new reports typically are handled by the vendor of the network equipment or the vendor of the AAA server software. If the vendor has insufficient engineering resources available, further delay is caused until an engineer becomes available. Thus, there is a need for a mechanism whereby a third party, such as a customer or a value-added reseller (VAR) of the vendor""s equipment or software, can create reports or modify existing reports.
The foregoing needs, and other needs and objects that will become apparent from the following description, are achieved in the present invention, which comprises, in one aspect, a method of generating a report that describes performance characteristics of a computer network based on RADIUS accounting information that is produced by the network in operation, comprising the steps of creating and storing archive data comprising a selected portion of the RADIUS accounting information; creating and storing configuration information that defines the report and comprises a report type identifier that is associated with one or more RADIUS attributes that identify data values in the archive data and that is associated with a generic report type; and one or more attribute values that specify bounds of ranges of the data values; retrieving and parsing the configuration information to create and store one or more buckets associated with the ranges of the data values for receiving data values falling within such ranges; reading the archive data and selectively storing its data values in the buckets based on the configuration information; and generating a report by displaying the values that are in the buckets.
According to one feature, creating and storing the configuration information comprises creating and storing configuration information that defines the report and comprises a report type identifier that is associated with one or more RADIUS attributes that identify data values in the archive data and that is associated with a generic report type; one or more attribute values that specify bounds of ranges of the data values; and an abbreviation of a name associated with the report; storing a label, which includes the abbreviation, in a section of the configuration information that identifies the bounds of ranges.
According to another feature, the step of generating a report comprises the step of generating a report by displaying the values that are in the buckets only when an attribute in the archive data indicates that an end of the report has been reached. Another feature is that the step of reading the archive data and selectively storing its data values further includes the step of rolling the data values in the buckets when a new time period is identified in the archive data.
According to another feature, the step of generating a report further comprises the step of creating and storing report data in the form of a matrix having rows corresponding to time periods and columns corresponding to customers, and wherein the step of reading the archive data and selectively storing its data values further includes the step of, when a new customer is identified in the archive data, creating a new column in the matrix and creating rows containing zero data from the starting time period up to the time period currently being processed.
In another feature, the step of reading the archive data and selectively storing its data values in associated buckets only when the data values are needed by the current report and its associated buckets. In still another feature, creating and storing configuration information comprises creating and storing configuration information that defines a plurality of reports, the configuration information comprising, for each of the plurality of reports: a report type identifier that is associated with one or more RADIUS attributes that identify data values in the archive data and that is associated with a generic report type; a time interval value that indicates a period of time to be covered by information in the report; and one or more category values that specify bounds of ranges of the data values. In a related feature, the configuration information includes one or more category values that specify bounds of ranges of the data values; and an abbreviation of a name associated with the report. Creating and storing the configuration information may involve a label, which includes the abbreviation, in a section of the configuration information that identifies the bounds of ranges.
According to another feature, the method further comprises the steps of receiving and storing non-RADIUS network accounting data; selectively archiving a portion of the non-RADIUS network accounting data in a non-RADIUS archive; storing a sub-portion of information from the non-RADIUS archive in the archive data, based on non-RADIUS archive configuration control information.
In another feature, creating and storing configuration information comprises creating and storing configuration information that defines a plurality of reports, the configuration information comprising, for each of the plurality of reports: a report type identifier that is associated with one or more RADIUS attributes that identify data values in the archive data and that is associated with a generic report type selected from among: a numeric value counting report type; a string value counting report type; and an accumulating report type.
The invention also encompasses a computer-readable medium, and a computer data signal embodied in a carrier wave, configured to carry out the foregoing steps.