1. The Field of the Invention
The present invention generally relates to data analysis in a network. More particularly, the present invention relates to intelligent analysis of a plurality of traces received from a plurality of protocol analyzers in a network.
2. The Relevant Technology
Computer and data communications networks continue to develop and expand due to declining costs, improved performance of computer and networking equipment, and increasing demand for communication bandwidth. Generally, networks are shared access arrangements in which several network devices, such as computers or workstations (collectively termed “stations”), are interconnected by a common communications medium that allows the users of the stations to share computing resources, such as file servers, printers, and storage, as well as application software and user work product.
Moreover, as organizations have recognized the economic benefits of using communications networks, network applications such as electronic mail, voice and data transfer, host access, and shared and distributed databases are increasingly used as a means to increase user productivity. This increased demand, together with the growing number of distributed computing resources, has resulted in a rapid expansion of the number of installed networks.
The respective networks may range from bridged segments of local area networks (LANs) located in a department or single floor of a building, to a wide area network (WAN) wherein a plurality of LANs are geographically distributed and interconnected through switching devices, such as routers or bridges. Alternately, the networks may represent Storage Area Networks (SAN) or Network Attached Storage (NAS) configuration deployed in LAN, WAN or more or less private interconnections using specialized high-speed protocols, such as Fibre Channel (FC) or Serial Attached SCSI (SAS). The network communication medium may be wired, such as coaxial, twisted pair, or fiber optic cable, or wireless, such as a cellular or radio frequency (RF) transmission system.
Depending on performance requirements, the different LANs within a WAN may have different physical connection configurations (or “topologies”), such as Ethernet or Token Ring. They may also have different vendor proprietary LAN hardware and software with different signal protocols that govern the exchange of information between the stations in the LAN. When these different topology and different protocol LANs are interconnected, which is referred to as “internetworking,” there must be an exchange of signal protocols. The open Standards Interconnect (OSI) seven layer interconnect model developed by the International Organization for Standardization describes how information is exchanged between software applications on workstations in different networks by passing the information through a hierarchy of protocol layers.
As a result, networks present a complicated arrangement of devices in various topologies capable of supporting different protocols. To ensure performance, networks must be managed. Management includes monitoring signal traffic for trends related to signal volume, routing, and transmission speed to proactively plan for network growth and to avoid signal congestion and network downtime. This also includes detecting and diagnosing network operational problems which affect performance to both prevent problems and to restore network operation with minimum downtime following the detection of a problem. These are the responsibilities of a network administrator, whose network duties require both anticipation of performance changes and diagnosis of performance failures.
The administrator's responsibilities require the availability of network statistics related to performance, and network administrators commonly collect an archive of network management statistics that indicate network utilization, growth and reliability, facilitate near-term problem isolation, and longer-term network planning. In general, categories of statistics to be monitored include those related to utilization, performance, availability, and stability) degrade service, including: number of fast line status transitions, number of fast root changes (root flapping, next hop count stability, and short term ICM behavior).
In addition, and as communication networks have increased in number, size and complexity, they have become more likely to develop a variety of problems that are increasingly difficult to diagnose and resolve. Moreover, the demands for network operational reliability and increased network capacity, for example, emphasize the need for adequate diagnostic and remedial systems, methods and devices.
Exemplary causes of network performance problems include the transmission of unnecessarily small frames of information, inefficient or incorrect routing of information, and improper network configuration and superfluous network traffic, to name just a few. Such problems are aggravated by the fact that many networks are continually changing and evolving due to growth, reconfiguration and introduction of new network typologies and protocols, as well as the use of new interconnection devices and software applications.
Consequently, as high speed data communications mature, many designs increasingly focus on reliability and performance issues. In particular, communications systems have been designed to respond to a variety of network errors and problems, thereby minimizing the occurrence of network failures and downtimes. In addition, equipment, systems and methods have been developed that allow for the testing and monitoring of communications systems.
The data to produce the foregoing statistics and help identify problems can be collected by instruments known as protocol analyzers. In particular, protocol analyzers are used as diagnostic and testing tools at various stages of the development, integration and maintenance of electronic computing devices. Typically, a protocol analyzer is designed for use with a particular electrical communication interface protocol, such as ATA, SCSI, Ethernet, or FC. In a typical use, the protocol analyzer is connected to the communication interface of the computing system being tested to record communication activity on the interface. The communication activity is captured and recorded in a dedicated trace buffer associated with the protocol analyzer, and then analyzed or presented to the user for the purpose of diagnosing, testing or maintaining the communication interface in a trace viewer format. In a given environment, one or more analyzers may be placed in selected locations according to the devices of interest. One known analyzer is the GTX Analyzer commercially from Finisar Corporation of Sunnyvale, Calif.
One limitation with many existing protocol analyzers is that such analyzers do not actually “analyze” the data captured by the analyzer. Rather, the data captured by an analyzer is presented to a user, for example in a trace file, for inspection and determination of whatever faults, errors, or other unwanted conditions exist in the network. Since a trace file may easily contain several million entries, manual or brute force analysis of these traces is extremely time consuming.
Another limitation with conventional tools that perform a very limited degree of real intelligent analysis (as opposed to merely capturing data) is they do not support numerous data transmission technologies (including several emerging and popular technologies) such FC.
FC is a general name for an integrated set of standards being developed by ANSI (American National Standards Institute), whose purpose is to act as a universal high-speed interface for computers and mass storage. FC is designed to combine the best features of channels and networks, namely the simplicity and speed of channel communications and the flexibility and interconnectivity of protocol-based network communications. FC is a highly-reliable, gigabit interconnect technology that allows concurrent communications among workstations, mainframes, servers, data storage systems, and other peripherals using well-know protocols, such as Systems Interface (SCSI), Internet protocol (IP), FICON and VI protocols. FC provides interconnect systems for multiple topologies (e.g., point-to-point, switched, and arbitrated loop (FC-AL)) that can scale to a total system bandwidth on the order of terabits per second. One area in which FC has been implemented with significant success is in storage environments such as Storage Area Networks (SANs) and Network Attached Storage (NAS). However, system performance limitations may be introduced as a result of inefficient system configuration, e.g., where a legacy device on a network bus determines the overall bus speed. In such situations, intelligent analysis of the network is clearly beneficial to facilitate optimization of its configuration and/or diagnosis of faults.
Typical serial analyzers contain two ports, one to capture transmitted information from a device, the other to capture the information from the opposite direction that is directed to the device. A typical analyzer allows for searching and filtering of the data, but the data is presented without any regards to the actual traffic or topology involved. Searches and filters are fairly simple bit and byte-level matching comparisons on single events. As network analysis evolves, however, it becomes increasingly important to look beyond the single analyzer and simultaneously evaluate the results of multiple analyzers. Such multi-channel analyzers are made up of multiple systems. Still, conventional multi-channel analyzers do not demonstrate the capabilities to present an aggregate analysis that details traffic behavior patterns occurring between devices in a network.
Therefore, there exists a continuing need for improved intelligent analysis tools capable of efficiently and accurately analyzing various networks. In particular, there is a continuing need to provide intelligent analysis tools for multi-channel analyzers.