The present invention relates to a network traffic monitoring system applied to a wide area network.
In a conventional traffic monitoring apparatus applied to a LAN (Local Area Network), source IP (Internet Protocol) addresses and destination IP addresses are read out, and a totalization table associated with the traffic transmitted with combinations of source and destination IP addresses is generated, thus performing data collection. For example, such a conventional technique is disclosed in Japanese Patent Laid-Open Nos. 5-075621, 6-318944, 8-181711, and 9-191327.
When the above conventional scheme is to be applied to a wide area network (WAN) without any modification, the following problems arise.
First, in a WAN, an enormous number of combinations of source and destination IP addresses will be collected. For example, in a WAN including n hosts, the number of combinations of source and destination IP addresses for communication between the IP hosts within a unit collection time may become n(nxe2x88x921) in the worst case depending on the network arrangement. The traffic trend in a large-scale WAN cannot be properly analyzed by using IP host communication information alone.
Second, in a traffic monitoring apparatus, a large memory is required to store combinations of source and destination IP addresses, and a long CPU processing time is required to search the table. In addition, the performance of the monitor deteriorates as the amounts of data collected and analyzed/displayed increase.
It is an object of the present invention to provide a network traffic monitoring system which can collect statistic information in units of subnets and totalize/monitor the traffic suitable for a WAN.
In order to achieve the above object, according to the present invention, there is provided a network traffic monitoring system comprising a router to which a subscriber line is connected, a terminal adaptor for interfacing the router to a network side, a digital service unit connected to the terminal adaptor through an I interface, a frame relay/leased network made up of at least one of a higher-speed relay router and a switching unit and transmission lines, a traffic monitoring means for monitoring internet traffic on a physical line between the terminal adaptor and the digital service unit, and monitor means for controlling the traffic monitoring means to start and stop totalization processing, setting a subnet mask for determining a totalization unit, and acquiring traffic information as a totalization result from the traffic monitoring means.