1. Field
Embodiments of the invention generally relate to network traffic analysis and reporting. More particularly, examples of the invention are directed to methods, systems, and computer programs for reporting on network traffic flow data.
2. Description of the Related Art
Network traffic flow data is of interest to network administrators for a number of reasons, including analyzing the impact of a new application on the network, troubleshooting network pain points, detecting heavy users of bandwidth, and securing networks. The primary protocol associated with traffic flow data is NetFlow which was developed by Cisco Systems®. There are also several other varieties of flow protocols, such as sFlow, IPFIX, Jflow, NetStream, and Cflowd. All of these protocols support flows that are similar to NetFlow and contain similar types of information, such as source internet protocol (IP) address, destination IP address, source port, destination port, IP protocol, ingress interface, IP Type of Service, start and finish times, number of bytes, and next hop.
As networks become larger and more complex, systems that analyze and report on traffic flow data must become more efficient at handling the increasing amount of information generated about network traffic. Aggregating data from many network devices can result in datasets that contain billions of entries or flows. Additionally, running reporting queries on a dataset of large size can be taxing on the storage system or database. Traditional methods for solving this data overflow problem have been to improve the quantity or quality of the hardware that hosts the storage system.