A network generally includes a number of devices connected to allow inter-device communication. As the size of a network increases, it becomes increasingly important to effectively and efficiently monitor and manage the network. Typically, a site commonly referred to as a management control console (also known as a central management station) may communicate with an entity (commonly referred to as an agent) in a device, e.g., router, switch, in order to be able to monitor and manage that device. The management control console may be able to monitor and manage the device by obtaining and configuring various parameters. Usually, the agent is comprised of software that may be running on an embedded device microprocessor (internal to the networking hardware). The management control console may communicate with the agent using a transport mechanism such as the Simple Network Management Protocol (SNMP) to monitor and configure the attributes of the device.
The parameters or attributes that an agent can monitor may be described in a Management Information Base (MIB). MIB specifications are typically stored in text files where each entry in the MIB may describe some attribute the agent can monitor. For example, the agent may be able to monitor the processor and/or co-processor utilization over time and peak utilization levels for the monitored network device. Other examples may include packet arrival rates, packet peak rates, packet size distribution, packet clustering tendencies, buffer usage patterns, occurrence of peak utilization, out-of-buffer conditions and packet discard rates.
Under normal conditions, network traffic flows through multiple intermediate devices to reach a specific destination. However, during periods of network instability, data may be discarded or lost due to hardware or software failures. Network instability may refer to abnormal situations that cause a device in the network to become overloaded thereby causing the device to process packets at a slower rate or even crash. For example, the device may receive an inordinate amount of packets to be processed exceeding its processing capability. In another example, the device may receive an inordinate amount of requests to be serviced such as in a denial-of-service attack that exceeds the processing capacity of the device.
Typically, network instability situations that cause one or more network devices to become overloaded do not become detected until well after the loss or discarding of data. If, however, a parameter that indicates network instability situations was monitored, then a network instability situation may be detected prior to the instability situation significantly affecting the network. Some of the parameters that indicate network instability may be the attributes found in the MIB.
It would therefore be desirable to detect conditions of network instability by monitoring a parameter or attribute of a network device, e.g., router, switch, that may be used to indicate network instability thereby detecting network instability situations earlier than in prior art.