1. Field
Embodiments of the invention relate to the field of network processing; and more specifically, to dynamic management of network flows.
2. Background
Network flow mechanisms provide statistics on packets flowing through network equipment (e.g., routers). A network flow is a series of packets, typically transmitted from one point to another point (e.g., one IP address to another IP address, one port to another port, label switching, etc.) during a certain interval of time. A network flow can be defined in many ways. Typically, all packets belonging to a particular flow have a set of common properties. For example, the common properties may include the same packet header fields (e.g., source IP address and/or destination IP address), transport header fields (e.g., source UDP or TCP port and/or destination UDP or TCP port), application header fields (e.g., Real Time Protocol (RTP) header fields), one or more characteristics of the packet (e.g., number of MPLS labels, etc.), and/or one or more fields derived from packet treatment (e.g., next hop IP address, output interface, etc.).
Several IP flow measurement and export technologies exist to monitor flows at the port level or virtual router level and provide statistics at various network level entities. Typically in such network flow mechanisms, one or more routers monitor packets flowing on a port and/or a virtual router, and send flow records to a remote device for collection and further processing. The routers may output the flow records in numerous situations. For example, a router may output a flow record when it determines that a corresponding flow is finished. Determining that a flow is finished may be accomplished by flow aging (e.g., the router maintains an aging counter or each flow and when the router observes new traffic for an existing flow it resets the aging counter). As another example, TCP session termination in a TCP flow may cause the router to export the corresponding flow record. As yet another example, routers may be configured to output flow records at fixed intervals even if the flows are still ongoing. Statistics about specific routers, or multiple routers (e.g., a network view) may be obtained from the stored statistics in the remote device. Flow records are not typically maintained at the subscriber level.