The present invention relates generally to methods and apparatus for providing network troubleshooting tools for detecting, diagnosing, and repairing network failures, and more particularly is related to the expansion and improvement of such methods and apparatus for use in association with high-speed connection-oriented multiplexing and switching networks, including Asynchronous Transfer Mode (ATM) networks.
Many different types of networks have been developed for permitting computers to communicate with each other in an organized manner. One such network for use within the same building by a plurality of computer users is known as a local area network (LAN). After the development of LAN networks, network systems were further developed for permitting computer users over a wide area, such as those located in a large industrial site, to communicate over a wide area network (WAN). As these networks have grown in size and complexity, it became increasingly difficult to troubleshoot, maintain, and optimize the performance of such networks, particularly wide area networks.
With the invention of the World Wide Web (WWW); and the associated Internet, the complexities of maintaining such world wide advanced data communications far exceed the complexities of the largest WAN systems or networks. To improve communication over the Web or Internet, the ATM system was developed for providing technology for simultaneously transmitting data, voice and video traffic, and information over high band width circuits. An ATM system network is one example of a high-speed connection-oriented multiplexing and switching network developed for the WWW. In the prior art, hardware has been developed for ATM systems, in conjunction with associated software platforms, to form a communications architecture based on the switching and relaying of small units of data, typically called xe2x80x9ccellsxe2x80x9d. These xe2x80x9ccellsxe2x80x9d may also be grouped into frames or xe2x80x9cpacketsxe2x80x9d. ATM systems or networks incorporate technology that advances the state-of-the-art to include a protocol structure for effectively integrating voice, data, and video over the same communications channel at virtually any speed. Other known services for providing data communication, such as the Internet, Internet protocol (IP), frame relay, Switched Multimegabit Data Service (SMDS), and Ethernet, cannot provide the aforesaid integration of voice, data, and video over the same communications channels, as provided by ATM-based services.
In other words, an ATM network consists of configurable networks between source devices and destination devices, with the network being formed by switches interconnected by links. Typically, cells of data which are 53 bytes in length, also grouped as packets, are routed by the switches. A virtual circuit (VC) is established between source devices and destination devices, and the cells or packets are routed across these virtual circuits. One or a plurality of links and switches typically comprise a virtual circuit. Note that a plurality of virtual circuits can be routed across a single link, the latter not being dedicated to any single virtual circuit.
Network Associates, Inc., of Santa Clara, Calif., has been in the forefront of technology for many years in developing and providing software for managing and trouble-shooting computer networks. The software is known as Sniffer Software. The most recent Sniffer systems or software readily permit LAN and WAN networks to be rapidly trouble-shooted for resolving problems in the associated network that are interfering with user communication within the network. Network Associates, Inc. (hereinafter NAI), has developed a Sniffer Enterprise Expert System, that provides for the rapid detection, diagnosis, and repair of network failures. NAI regularly publishes technical white papers on its public web site at http://www.nai.com/asp set/buy try/try/whitepapers.asp that can be selected. Page down to the section Sniffer Total Network Visibility for a listing of associated papers. Certain of these papers may be of interest relative to the present invention, and are incorporated herein as of the date of filing this Application, to the extent they do not conflict herewith.
For the purposes of this invention, a frame is a known data stream that contains a header, a trailer, and data of some type in between the header and the trailer. The combination of the header and the trailer, per frame, specifies the overall length of the frame, including the contents made up of the header and the trailer, as well as the type of data that resides between the header and the trailer within the frame. An ATM Sniffer is a newly introduced product of Network Associates, Inc. that permits a user to extract full duplex or bidirectional individual and successive frames that are being communicated between an ATM host device or switch, and an ATM network to which a number of user devices may be connected. Note that the Sniffer product simply is connected to a subsection of an ATM network, and it is not necessarily extracting frames that are being outputted by host device (s), but frames that are being communicated over a given network path between a number of devices. Note that for the purposes of this Application, connection to an ATM network means connection to a subsection of the network. These devices are ATM devices. Note that an ATM host device can be an individual personal computer (PC) that has a special card installed in it to permit it to interface with an ATM network for the purposes of communicating data. Also, an ATM edge device is a type of server device that permits an ATM network to be connected through the device to a number of work stations, for example, or other computer devices connected into a network that is connected to the server or edge device. Note that there are a plurality of different types of ATM frames, and the present invention can be utilized with any particular type of frame through appropriate design of the software.
A problem in the prior art using the present NAI Sniffer system or product, for example for monitoring an ATM network subsection, is that each ATM related frame must be reviewed individually in order to determine, during troubleshooting, why a particular device is not able to communicate with another device through the ATM network. The present inventor recognized that this is a critical problem, and requires a great deal of time for a user to determine where the problem exists in preventing the communication between devices. Note that Network Associates, Inc, (hereinafter NAI) has been marketing for about 7 years a software system known as xe2x80x9cSniffer Expert Systemxe2x80x9d for local area network analysis, and for wide area network analysis, but not for ATM. The present ATM Sniffer Expert System invention permits a user to have the system itself analyze all of the ATM frames extracted by the Sniffer, and to extract from the frames the objects that are involved, such as individual devices, connections, applications, and so forth. The present Expert System, from the data extracted and the various objects that are involved, then analyzes the same and presents information for describing reasons why there may not have been communication between the objects, or that there has been a failure in a data transfer between objects. For example, the present Expert System may tell the user that a particular host was unreachable, and that is why the data was unable to be transferred to that host. Also, the present Expert System may indicate that a required time for transmission of data was exceeded, and for that reason data was not transferred. Other descriptions of problems may also be provided by the Expert System.
In an earlier stage of development, the present inventor expanded the Expert System to permit it to extract very narrow ATM information, such as the identification of a LAN, or edge device, where the ATM headers and trailers of the frames are stripped off and just the relevant LAN protocol encrypted frame (Ethernet, IEEE 802.3 or 802.5 encoded frames) of the associated device is provided and permitted to be used by the standard LAN Expert System in performing a very crude analysis of events in the ATM system. This development permitted ATM Encapsulated LAN type data to be extracted from the ATM frame and communicated to the present LAN Expert System of NAI for permitting the associated frames to be analyzed by the LAN Expert System. The frames that are so transferred are known as xe2x80x9cencapsulated framesxe2x80x9d, and in effect are allowing the Expert System to analyze the frames as if they were all originated in a LAN type network, even though they may have been associated with an ATM network that is far beyond the distances involved between devices in a LAN network. However, such use of the encapsulated frames is very limited, and permits only a very limited type of analysis, virtually only permitting a user to know that a particular frame has not been communicated between certain devices. No other meaningful information can typically be extracted at the ATM level. The Expert System so expanded can provide certain statistics, but is not capable of providing close correlation between the types of devices that are interacting between one another with reference to the ATM frames that are being transferred.
The purpose of the present invention is to provide an ATM capability to the existing Sniffer Expert System of NAI (capable of retrieving and analyzing LAN/WAN frames) through the addition of software for dealing with ATM networks. As previously mentioned, ATM networks are worldwide networks in the extreme for permitting devices to operate though the ATM network that are located at very distant locations, such as different countries, for example. The present invention permits very detailed analysis of the frames derived from the ATM network of virtual circuits (VC), including identifying all of the hosts, and connections for all of the various types of entities, known broadly as objects, which include the hosts, connections, flows, and so forth in a subsection of the ATM network. Note that through use of modified programming, the present invention can be applied for use with connection-oriented multiplexing and switching networks other than ATM.
Currently there are four main areas that the ATM Expert supports, the signaling protocols (Q.2931), the LAN emulation (LANE) protocols, the Multi-Protocol Over ATM (MPOA) protocols, and multiplexed frames under the guise of RFC 1483 specification support. As more and more protocols become known under ATM, ATM Expert support will be expanded by NAI. The current model may also be expanded to include those as needed. The model itself is currently generic enough to handle the cases just mentioned, and future cases.
The present invention is representative of a relational database in order to accomplish the previous mentioned aspects of the invention. The invention creates a logical representation of an ATM model which identifies key ATM specific objects extracted and further synthesized from an ATM data stream, and identifies the relationships and connections between these key objects in a higher form. In effect, a relational database is created. An object, in this case, is meant to be a database representation of an ATM end point (host), a connection between end points Flow or Flows detected on the connection, and an Application which correlates multiple Flows to a common ATM host or end point. An ATM system consists of quite a number of parts, including host objects, which can be a device that is used to gain entry into the ATM system, and connections between these host objects. Data flows can also be included that are associated with or carried on the connections. What is required is to extract, or synthesize, these various entities or objects from the data stream, create a small database that represents each of these objects, and to create the relationships between these database objects. These objects-in turn are displayed in hierarchical form in the Sniffer product of the present invention, so that a user who is trying to analyze various aspects of the ATM network can see which host objects are detected, what connections are seen in this data stream, what the relationships are between these connections and host objects, what data flows, or control flows, that is binary flows are actually flowing between these host objects across these connections, and with the highest of the application layers how many of these flows and what types of flows are originating or terminating at a particular host object, referred to as a client. To accomplish these features the inventor has generally divided an ATM network into a plurality of virtual channel characterization layers or levels, interconnecting hosts. Programming permits users to xe2x80x9cclickxe2x80x9d on an Application layer to go into the underlying virtual characterization layers which correlate to the same ATM host acting as a client, for example.