The marketplace for many companies has expanded from a national to a world marketplace. Large international companies have expanded into global companies and smaller companies have become international competitors. This market expansion has been driven by technology that has made both voice and data communication easier.
An enterprise network is a network for an enterprise, including multiple LANs, routers and servers, typically geographically separated. The networks of the enterprise network can be connected together over a wide area network. Enterprise network management that has evolved from the mainframe environment is still centered mainly on the operating systems and is mostly manual and resource intensive.
Numerous tools have been developed to aid in network management involving capacity planning, fault management, network monitoring, and performance measurement. Such tools are often referred to as network analyzers.
In general, a “network analyzer” is a program that monitors and analyzes network traffic, detecting bottlenecks and problems. Using this information, a network manager can keep traffic flowing efficiently. A network analyzer may also be used to capture data being transmitted on a network. The term “network analyzer” may further be used to describe a program that analyzes data other than network traffic. For example, a database can be analyzed for certain kinds of duplication. One example of a network analyzer is the SNIFFER ANALYZER™ device manufactured by NETWORK ASSOCIATES, INC™.
FIG. 1 shows a typical network analyzer 100 deployment attached to a single switch 102. As shown, several personal computers 104 are coupled to Server A 106 and Server B 108 via a switch array 110. This deployment sees broadcast and multicast traffic plus any unicast traffic to or from the network analyzer 100 only. In other words, the network analyzer 100 provides only a constrained view that is incapable of providing a complete picture of traffic between the personal computers and servers.
FIG. 2 depicts a network analyzer 200 deployment using spanning. This deployment sees all broadcast and multicast traffic, plus any unicast traffic to and from Server A. However, extra load has been added to the switch 202.
FIG. 3 depicts a network analyzer 300 deployment using a Virtual Local Area Network (VLAN) 302. This deployment sees broadcast and multicast traffic and any unicast traffic to or from the computers on VLAN 1, but the load on the switch 304 is now excessive.
At one time, repeated flat networks were the standard in an enterprise setting. Prior art network analyzer systems can only typically see one broadcast domain. This is due in large part to the fact that these systems were designed for flat repeated networks. Thus, such network analyzer systems function as an adequate solution in a “point” troubleshooting role, but do not scale to provide a true enterprise troubleshooting and monitoring capability.
Over time, there has been a steady migration away from flat networks towards fully switched networks. Given network topologies today, prior art network analyzer systems, as currently designed, cannot provide a complete solution that is capable of monitoring, detecting and troubleshooting problems on a corporate enterprise level. Even with monitoring modules on every switch, everything still cannot be seen, and there is a high cost associated with deploying this many monitoring modules.
This trend has spawned additional network analyzer functionality in an enterprise-wide fashion to allow company network managers to monitor their geographically dispersed networks from a central location. With this additional ability to analyze enterprise networks, there has been a coinciding need to report such analysis. Unfortunately, the differences between traditional network analyzer and enterprise network analyzer functionality spawn differing reporting requirements.
There is thus a need for techniques of reporting that are tailored to enterprise network analysis.