The present invention relates to network management and, more particularly, to a system and method for the efficient encoding and decoding of protocol messages.
As conventional networks have grown in size and complexity, the need for centralized management has grown. Because of this growth, systems administrators have need to manage hardware, software, users, updates, continuations, and security on an ongoing basis.
Network management involves the active and passive monitoring of network resources for the purpose of troubleshooting problems, detecting potential problems, improving performance, documenting problems and performance, and reporting network activity. Currently, a wide variety of management applications and protocols are available. Certain network management packages use agents or probes to collect information from devices throughout the enterprise network and send the collected information back to centralized network analyzing consoles. In addition, management applications have been designed to remotely manage client systems and control local area networks, using both permanent and temporary network analyzing consoles. A network administrator, working from a network analyzing console, may produce reports and graphs concerning state of the network from the information collected by the agents.
In certain applications, the network analyzing console also acts as an agent. Network agents operate in promiscuous mode in which they monitor all traffic on the network, not just traffic that has been addressed to the particular network node. In addition, administrators may also choose to capture frames transmitted by a particular network computer that carry information for a particular application or service. The captured information is monitored to value network performance, locate bottlenecks or even track security breaches. Agents may also provide warnings of problems of performance degradation.
Basic network management applications have been built around the Simple Network Management Protocol (SNMP). An extension to this protocol is Remote monitoring (RMON) management information database (MIB). RMON is an Internet Engineering Task Force network monitoring analysis standard. Basic RMON monitors all traffic within the network on the physical layer of the network protocol stack. A newer extension, RMON2, monitors all protocol traffic within all levels of the network protocol.
RMON employs agents, sometimes referred to as probes, which are software processes running on network devices to collect information about network traffic and store the information in a local management information database (MIB). With SNMP, a network management analyzing console continuously polls the SNMP agents to obtain the MIB information, the information which is collected to monitor historical trends. SNMP management may increase congestion on the network and place a large burden on the network analyzing console to gather the information.
Within RMON, the agents may be located in network devices such as hubs, routers, and switches to collect and maintain the MIB information. The network analyzing console does not need to constantly poll the agents in order to ensure that the historical information is properly collected. Real-time data, however, needs to be polled for effective use. Within the RMON protocol, the agents may be thought of as the servers and the management network analyzing console as the client in a client/server relationship. Within RMON, SNMP provides the communication layer for transmitting information between RMON agents and the network analyzing console. SNMP encodes and decodes Protocol Data Units (PDUs) in order to communicate between network nodes.
SNMP based mid-level manager (middleware) programs need to decode hundreds to thousands of PDUs per second. This requires efficient management of both CPU and memory resources. The PDUs contain an arbitrary number of Object Identifiers (OIDs), each of which has an arbitrary length. Pre-allocating storage for the maximum number of OIDs of the maximum length quickly exhausts available memory while dynamically allocating each field as it is decoded consumes a significant amount of CPU resources. For example, in an implementation that supports simultaneous processing of up to 1000 PDUs per second, with each PDU allowed to have up to 50 OIDs, fixed pre-allocation may require up to 25,600,000 bytes of memory while dynamic allocation may require 50,000 to 100,000 dynamic memory allocations per second.
A system and method for the efficient encoding and decoding of protocol messages is described. In one embodiment, an offset from a beginning of a memory buffer is calculated based upon a maximum size of a header portion of the message. A variable length portion of the message is encoded beginning at the offset, and the header portion of the message is encoded based upon an encoded size of the variable portion and a size of the header portion. The encoding of the header portion begins at the offset less the encoded size of the header portion. Further, a set of object identifiers are decoded into a data structure. If a value portion corresponding to an object identifier of the set of object identifiers is variable in length, the value portion is decoded into the data structure.