Distributed computing environments, particularly enterprise computing environments, typically comprise an collection of individual subnetworks interconnected both within and externally via hubs, routers, switches and similar devices. These subnetworks generally fall into two categories. Intranetworks, or Local Area Networks (LANs), are computer networks physically defined within a geographically limited area, such as within an office building. Devices operating within an intranetwork share the same subnetwork address space.
Internetworks, or Wide Area Networks (WANs), are computer networks physically defined over a geographically distributed area utilizing private and leased lines obtained through digital communications service providers. The Internet is an example of a widely available public internetwork. Devices operating within an internetwork operate with unique domain address spaces.
Commonly, both intranetworks and internetworks operate in accordance with the Transmission Control Protocol/Internet Protocol (TCP/IP), such as described in W. R. Stevens, “TCP/IP Illustrated, Vol. 1, The Protocols,” Chs. 1–3, Addison Wesley (1994), the disclosure of which is incorporated by reference. TCP/IP is a layered networking protocol, comprising a media layer on the physical side, upwards through link, network, transport and application layers. The link and network layers are point-to-point layers and the transport and application layers are end-to-end layers. Packets travel end-to-end and include source and destination addresses to identify their originating and receiving hosts, respectively. Intranetworks are often interconnected to internetworks and gateway routers are used to provide transparent translations of device addresses between subnetwork address spaces and the internetwork domain address spaces.
A traffic manager can be co-located at the network domain boundary with a gateway router to monitor and analyze transient packet traffic for use in traffic analysis and flow control. Traffic managers optimize bandwidth utilization on internetwork connections, as these connections are costly and relatively slow compared to intranetwork connections.
A problem arises in accurately counting and analyzing transient packet traffic in devices that observe traffic flow, either passively or actively, such as traffic manager or network sniffer-type devices. Passive traffic observation is performed by placing the device in a promiscuous mode, wherein all network traffic passes through the device. The term “traffic manager” is used throughout this document, although one skilled in the art would recognize that other related devices within the broader category of traffic flow observation devices may also apply. In a distributed computing environment including multiple subnetworks, packets traveling between separate intranetworks can be double counted: once for the originating host to gateway router hop and twice for the gateway router to receiving host hop. Double counting can hinder efforts at traffic analysis and flow control.
In the prior art, there are two approaches to addressing the double-counting problem. First, the subnetwork addresses can be manually configured into the traffic manager to enable the traffic manager to ignore those packets originating from within an internetwork located within the network domain boundary. Transient packets are identified based on their originating subnetwork, and subnetwork-to-subnetwork traffic is ignored and omitted from counting. However, the manual approach is error prone and imposes an increased administrative burden on network administrators to continually reflect all current subnetwork addresses in the traffic manager.
In a second approach, the traffic manager monitors the routing tables to identify those packets transiting the gateway router from originating hosts operating within an internetwork located within the network domain boundary. This approach also imposes an increased administrative burden and requires up-to-date routing tables.
Therefore, there is a need for an approach to dynamically determining host locations by distinguishing traffic types in heterogeneous distributed computing environments that include multiple subnetworks. Preferably, such an approach would be provide a semi-transparent pass-through for categorizing packet traffic.
There is a further need for an approach to implementing a finite state machine to observe transient packet traffic and determine a state classification based on the source and destination addresses and direction of travel of the packets.