The present invention relates to network monitoring systems. More particularly, the present invention relates to an apparatus and method to analyze the performance of a network switch by monitoring port interfaces of the switch.
In a switched network, the problems and solutions of a shared network do not always apply. Each node may have a dedicated switched port, so bad packets from that node do not affect the rest of the nodes on the network. This feature is somewhat offset by the fact that troubleshooting switched networks is more difficult and requires more specialized tools. No longer can a conventional local area network (LAN) analyzer see all packets and determine which node is the cause of the problem. For this reason, measuring overall traffic levels and studying individual frame statistics is not straightforward in a switched environment. Several switch vendors have proposed ways to remedy this problem with innovative techniques, such as internal RMON data collection and switch port aliasing.
A packet is only forwarded to one port on the switch, so a LAN analyzer connected to one port of a switch will not, by definition, catch all packets flowing through the switch. Many switch vendors have attempted to solve the traffic-monitoring problem by designing statistic collecting modules into the switch. These modules are either based on RMON statistics or a proprietary collection mechanism. For instance, some commercially available network switches keep RMON and SNMP statistics on each packet and can report overall switch traffic levels to any SNMP agent or any proprietary management software.
These modules can diagnose traffic-level problems on a switch with the previously mentioned techniques. Unlike shared networks, however, switched networks do not suffer from throughput degradation due to faster nodes and too many nodes, so these may not cause problems on a switched network. In a workgroup switch, each new user receives a certain amount of dedicated bandwidth. As long as the high bandwidth connection to the switch can handle the traffic, no traffic-level problems should occur.
Individual frame analysis on a switch provides an interesting proposition. Packets are not forwarded to all ports on a switch, so there is no logical place to plug in a LAN and view all packets. Switch vendors have designed many ways to overcome this troubleshooting drawback. Two ways are port aliasing and adding a repeater to monitor a port.
Port aliasing, also called port mirroring or port spanning, is a mechanism by which a switch monitors all traffic flowing through one or any combination of selected ports and mirrors the network traffic to a special alias port. In additional, in some designs, only a portion of the network traffic of the selected port(s) is mirrored to the alias port for analysis. This allows a LAN administrator to examiner switch traffic one port at a time. If problematic packets are coming from a switch, they can usually be isolated in this fashion. FIG. 1 shows how port aliasing works.
Even if a switch does not have advanced troubleshooting features, such as statistics-gathering modules and port aliasing, a few tricks can still be used to troubleshoot problematic switched networks. Adding a repeater is one such method. Adding a repeater refers to cascading a suspected problem node through a repeater into a switch, as shown in FIG. 2. A port and a LAN analyzer are both connected to the repeater, and the repeater is, in turn, connected to the switch port. In this fashion, the analyzer can monitor any port on a switch for bad frames and other error conditions.
Although adding a repeater is a cheap and simple way to troubleshoot a switched network, it does have its drawbacks. When a repeater is inserted between the end node and the switched port, it is effectively changing the characteristics of the connection. For instance, collisions may now occur on the wire, whereas before they did not. If the switch-to-client connection was full-duplex before, it will become half-duplex after adding a repeater. These subtle changes in the connection could change the dynamics of the problem the system is trying to troubleshoot. There have also been some recent developments in using optical links to passively tap the switched port so that the basic characteristics of the connection are not changed.
However, unfortunately, the data produced by the protocol analyzer does not accurately reflect the traffic patterns with the switch, especially if more than one port is being mirrored. This is because the protocol analyzer is unable to distinguish the port that the packet was received on or sent to. Understanding how the packets are flowing through the switch is crucial to properly understanding which resources within the switch are being stressed. Ideally measurements should be made within the switch that captures these relationships. A novel method of monitoring and measuring the network traffic is disclosed in a copending U.S. patent application Ser. No. 09/438,680, titled “INTELLIGENT COLLABORATION ACROSS NETWORK SYSTEM,” filed by the same inventor of the present invention, and the patent application is hereby incorporated entirely by reference.