The present invention relates to enterprise network systems, and more particularly to analyzing enterprise network systems.
Numerous tools have been developed to aid in network management involving measurement. One example of such tools is the network analyzer.
In general, a xe2x80x9cnetwork analyzerxe2x80x9d is a program that monitors and analyzes manager can keep traffic flowing efficiently. A network analyzer may also be used to capture data being transmitted on a network. The term xe2x80x9cnetwork analyzerxe2x80x9d may further be used to describe a program that analyzes data other than network traffic. For example, a database can be analyzed for certain kinds of duplication. One example of a network analyzer is the SNIFFER ANALYZER(trademark) device manufactured by NETWORK ASSOCIATES, INC(trademark).
FIG. 1 shows a typical network analyzer 100 deployment attached to a single switch 102. As shown, several personal computers 104 are coupled to Server A 106 and Server B 108 via a switch array 110. This deployment sees broadcast and multicast traffic plus any unicast traffic to or from the network analyzer 100 only. In other words, the network analyzer 100 provides only a constrained view that is incapable of
FIG. 2 depicts a network analyzer 200 deployment using spanning. This deployment sees all broadcast and multicast traffic, plus any unicast traffic to and from Server A. However, extra load has been added to the switch 202.
FIG. 3 depicts a network analyzer 300 deployment using a Virtual Local Area Network (VLAN) 302. This deployment sees broadcast and multicast traffic and any unicast traffic to or from the computers on VLAN 1, but the load on the switch 304 is now excessive.
At one time, repeated flat networks were the standard in an enterprise setting. Prior art network analyzer systems can only typically see one broadcast domain. This is due in large part to the fact that these systems were designed for flat repeated networks. Thus, such network analyzer systems function as an adequate solution in a xe2x80x9cpointxe2x80x9d troubleshooting role, but do not scale to provide a true enterprise troubleshooting and monitoring capability.
Over time, there has been a steady migration away from flat networks towards fully switched networks. Given network topologies today, prior art network analyzer systems, as currently designed, cannot provide a complete solution that is capable of monitoring, detecting and troubleshooting problems on a corporate enterprise level. Even with monitoring modules on every switch, everything still cannot be seen, and there is a high cost associated with deploying this many monitoring modules.
There is thus a need to provide network analyzer functionality in an enterprise-wide fashion to allow company network managers to monitor their geographically dispersed networks from a central location. Additionally, companies need the ability to accomplish this in a rapid, dynamic way to facilitate quick reaction to problems that can occur at any point within a corporate network.
What is further needed is a network analyzer solution that is capable of scaling to a total enterprise solution, and further capable of monitoring the entire corporate network at once while fully addressing the current paradigm of fully switched environments.
A system, method, and computer program product are provided for analyzing a network utilizing an agent/host controller interface. Initially, an agent is sent an interval setting from a host controller. Such agent is adapted to transmit network traffic information based on the interval setting. Such network traffic information is then received from the agent in accordance with the interval setting.
In one embodiment, a signal may be received from the agent. Further, the interval setting may be sent in response the receipt of the signal. Still yet, configuration data may be sent with the interval setting. Moreover the agent may be adapted to operate based at least in part on the configuration data.
In another embodiment, unicast network traffic may be filtered by the host controllers. Further, the receipt of the network traffic information from a plurality of the agents may be synchronized. In use, the host controller may communicate with the agent utilizing a layer three protocol. Further, a map may be generated based on the network traffic information.