1. The Field of the Invention
The present invention is generally directed to communications networks. More particularly, the present invention is directed to the use of statistical measures of network traffic to trigger equipment in real time.
2. The Related Technology
A protocol analyzer (“PA”) is a fundamental and highly useful tool for testing and debugging various types of communications networks, including computing and computer storage networks, such as a storage area network (“SAN”). A PA operates by capturing selected portions of data from a data stream that is transmitted via the communications network. The captured information may then be analyzed by the PA to extract desired information. For instance, data transmission faults or errors, or performance errors, known generally as problem conditions, may be diagnosed by examining the captured data that is related to the problem. Thus it is seen that, in order to properly diagnose and correct problem conditions in a communications network, one must capture the data relating to the condition.
A PA uses triggers to direct the capture of the desired data in order to detect and diagnose the problem condition. In operation, the PA continually captures consecutive batches of data from the data stream. This captured data is temporarily stored in a capture buffer, where the data remains for a certain length of time before being overwritten by subsequent batches of captured data. Essentially, a trigger is a command that, if actuated, directs the PA to retain in the capture buffer a selected portion of the data stream intercepted from the communications network, thus preventing it from being overwritten and enabling the data to be further analyzed at a later time. This process is generally known as “triggering.”
A trigger is typically programmed to trigger data retention based on the detected presence of a trigger condition. A trigger condition is a condition contained in or associated with the data stream that, when present, causes the PA to trigger. As already mentioned, the triggering by the PA causes it to retain a specified portion of the data stream in the capture buffer for later analysis. For example, known PAs are programmed to trigger based on discrete events as defined by a specific bit pattern present in the data stream, such as a specific SCSI command frame. If a bit pattern in the data that is processed by the PA matches the desired command frame bit pattern programmed as the trigger, the PA is triggered and that portion of the data stream is captured by the PA for later analysis. Triggers are typically programmed into the hardware or software of the PA. One of the key attributes of triggering is latency. The PA must be triggered while the data which caused the trigger is still in the capture buffer. This requires the detection of the trigger to occur at a rate approximate to the rate at which data is entering the buffer.
Though the above triggering scheme may sometimes yield the desired results, several problems nonetheless exist. For example, the correct choice and characterization of a trigger to capture a desired portion of the data stream is difficult. Indeed, in order to correctly program a trigger into the PA, a user must know many low level details about the communication protocol entities (e.g. frame formats) in order to know what specific bit pattern to set the trigger to find. This requires in depth knowledge of the nature of the physical and logical protocols of the data stream sent over the communications network. However, as communications networks such as computing and computer storage networks come into more common use, many operators in charge of such networks do not have the requisite knowledge to properly set triggers in order to detect and capture the needed information so as to be able to decipher, detect, and correct problem conditions related to the data stream. As a result, poorly chosen triggers are used, which fails to capture the data necessary for actual problem resolution. This situation can greatly extend the time needed to resolve the problem conditions.
Furthermore, some problem conditions, such as a related sequence of discrete events, or a transactional exchange between network components, cannot be captured by triggering schemes that are based on the simple, bit pattern matching described above. This results in a broad range of problem conditions that are uncapturable based on current triggering techniques.
Another problem has recently developed with respect to the proper triggering and capturing of desired data. Capturing the correct data from the communications network data stream has been made more difficult with the development and increasing use of high-speed network communications equipment and systems that are capable of transmitting information at rates exceeding one and two gigabits (“Gbit”) per second. As mentioned above, the PA continually feeds batches of data from the data stream into a capture buffer. This data remains in the capture buffer until overwritten by subsequent batches of data from the data stream, or until a specified trigger is activated, at which point the buffer contents are retained in the capture buffer and the capture of further data from the data stream is terminated. However, in the case of high speed communications networks that transmit at rates exceeding one and two Gbits/second, the PA may not be able to acquire and process incoming data packets fast enough in order to trigger the capture of desired data packets before they are overwritten by new, incoming data in the buffer. In other words, by the time the PA has processed the data and activated the trigger, the desired data packets that were temporarily held in the buffer have already been overwritten by subsequent incoming batches of data from the high speed data stream. This delay between triggering and capturing the desired data is exacerbated if the trigger code is software-based as opposed to hardware or firmware-based. In such a case, the buffer has often already overwritten the data of interest by the time the software has processed and activated the trigger. Moreover, data received from a high-speed communications network fills up the buffer faster than data from a relatively lower-speed network, thus further exacerbating the problem of adequate data capture with known triggering systems.
A need therefore exists for a PA or associated apparatus that enables triggering based upon parameters that are easily determined by end users who are not intimately familiar with the in-depth characteristics of data traffic and protocol typical of high-speed communications networks. Such an apparatus should also enable triggering on a different and wider range of traffic characteristics than what is currently possible with known systems. A further need exists for a PA that possesses this trigger capability while operating at the line speed of high-speed communications networks so as to avoid the loss of captured data as a result of latency between the triggering and overwriting of data within the buffer.