1. Field of the Invention
The present invention relates to an apparatus for detecting the failures of a communication network by analyzing the flow of traffic in the network.
2. Description of the Related Art
As technologies for detecting failures within a communication network, the following ones are conventionally known:
(1) Error Message Catching
A monitor device observes an error message generated by network equipment where there is a failure. When catching the generated error message, the equipment outputs an alarm and notifies the network manager of the failure (for example, see Non-patent Reference 1)
(2) Packet Capturer
Whether there is a failure is determined by catching packets flowing through a network and checking them one by one (for example, see Non-patent Reference 2).
Several network analyzing methods using a traffic matrix are also known (for example, see Non-patent References 3 and 4).
Non-patent Reference 1:
“Remote Network Monitoring Management Information Base”, on line, RFC 1757, retrieved Jul. 18, 2003, Internet URL:http://www.faqs.org/rfcs/rfcl757.html
Non-patent Reference 2:
“SnifferTechnologies (Registered trademark)”, on line, Network Associates, Retrieved Jul. 18, 2003, Internet URL:http://www.nai.com/japan/products/sniffer/home. asp
Non-Patent Reference 3:
J. Cao, D. Davis, S. Vander Wiel, and B. Yu, “Time-Varying Network Tomography: Router Link Data”, Journal of the American Statistical Association, 200
Non-patent Reference 4:
C. Tebaldi and M. West, “Bayesian Inference on Network Traffic Using Link count Data”, Journal of the American Statistical Association. 1988
However, the above-mentioned conventional failure detecting methods have the following problems.
In the above-mentioned method (1), for example, ICMP (Internet Control Message Protocol) destination unreachable errors or ICMP time-exceeded errors in an IP (internet protocol) are observed and the existence of failures is confirmed based on the generation/non-generation of those error messages.
However, there are a lot of failures that do not generate these error messages. These error messages exist steadily in a network due to the execution of a rout checking tool “trace route” by a user, the wrong designation of a destination IP address at the time of access and the like. Therefore, if the scale of a failure is small, the issuance frequency of these error messages is also small. Therefore, generally it is difficult to detect a failure, based on the existence/non-existence of these error messages.
In the above-mentioned method (2), packet capturers must be disposed in places where packets generated due to a failure flow. Therefore, if monitoring a wide network, a lot of packet capturers must be disposed. Furthermore, since a lot of full packet data must be recorded at high speed, a lot of resources must be consumed for that purpose. Accordingly, such a failure detecting method using a packet capturer is not practical since it costs greatly.