1. Field of the Invention
The invention relates to a network traffic monitoring system and a network traffic monitoring method which is used in the system and, in particular, to the traffic monitoring method which is used in a large scale IP (Internet Protocol) network.
2. Description of the Related Art
In a conventional traffic monitoring method, it is usual that a source IP address and a destination IP address are read from an IP header, and counting operation of packets is performed based on a species of an upper or a host application which is identified from a pair of the source and the destination IP addresses together with a port number defined on the fourth layer of the hierarchical model known in the art. Briefly, traffic is monitored on the basis of counts of the counting operation in the conventional traffic monitoring method.
On the other hand, a new protocol has been proposed by IETF (Internet Engineering Task Force). The new protocol introduces the concept of a priority level so as to grade transferring services of IP packets from one to another, although, in a traditional way, each IP packet is equally transferred without any distinction. The new protocol is referred to as “Diffserv (Differentiated Service)” protocol.
In a terminal adapted to the Diffserv protocol or in a router which is located at a boundary to the Diffserv protocol, IP packets are classified into a plurality of service levels or classes (fourteen classes prescribed in IETF RFC 2475) based on a source IP address, a destination IP address, a port number used by IP packet, and other elements. In addition, packet transmission is carried out with DSCP (Diffserv Code Point) embedded as information in an IP header.
A router which supports the Diffserv protocol is specified by architecture such that each priority level is determined from a value of DSCP embedded in the IP header, and a transferring method is determined based on each priority level. Thereby, the IP packets are treated as a plurality of kinds of flows which are classified into classes As a result, it is possible to lower a discard rate of IP packets in a specified host or to transfer IP packets from a specified application in a short delay time.
However, when the conventional traffic monitoring method is operated in accordance with the Diffserv protocol, the method can not capture the transferring priority provided by Diffserv protocol and can not monitor what service is assigned to a network. This is because the conventional traffic monitoring method classifies whole packets only on the basis of a port number of the fourth layer for each application.
Further, since the conventional traffic monitoring method also classifies packets transferred by using end-to-end protocol, the number of IP addresses to be treated is inevitably increased. In consequence, a memory capacity of traffic monitor unit is increased and a burden on a network manager is increased, as the scale of a network becomes large. Therefore, the conventional traffic monitoring method can not cope with enlargement of the network.
Furthermore, in a protocol, such as IPsec (Security Architecture for Internet Protocol) or IPoverIP, each packet can not be classified for each application, since it is not able to monitor a port number of the fourth layer protocol in a network using the above-exemplified protocols.