This invention relates to the field of network analysis, and in particular to a system and method for tracing packets in a multi-tier environment.
Network analysis includes a variety of tools that address the overall performance or throughput of a network, as well as a network's efficiency for communicating packets related to a particular transaction. Monitoring devices are placed at key nodes in a network and are configured to collect information related to each transmission to and from the node. Typically, the communication information includes an identification of the transmitter or receiver of the data being received or transmitted by the node, the time of the communication, the number of bytes being transmitted or received, and so on. In some instances, the data content, or parts thereof, is also included in the communication information. Some communication information, such as the protocol or format used, may be implicitly deduced from the configuration of the device or communication channel being used at the time of the communication.
In a typical network, multiple transactions from multiple applications are communicated through the same node. If the node is configured to handle only the single transaction, so that the communication information for this transaction can be isolated, the communication information will not adequately reflect the network's performance under a typical multi-application, production environment, and thus will not be useful for isolating and correcting network bottle-necks or other deficiencies. Thus, the collection of communication information at a node will typically include information related to these multiple applications and multiple transactions, and it becomes difficult to assess the network's performance in processing a particular application or transaction. This difficulty is further compounded in a multi-tier network, wherein, for example, a transaction between node A to node B causes node B to initiate communications with one or more other nodes C, and the association of these communications between nodes B and C with the transaction between A and B is not apparent in the communications between nodes B and C.
It is an object of this invention to identify target transactions among a plurality of transactions corresponding to a particular application. It is a further object of this invention to identify target transaction corresponding to a particular application in a multi-tier network. It is a further object of this invention to extract the target transactions to facilitate the analysis of the network in processing the transaction.
These objects, and others, are achieved by a system and method that compares communications in a production environment to ‘reference’ communications corresponding to a target transaction. Preferably, the reference communications are recorded in a laboratory environment that models the production environment, or recorded from the production environment during a period of minimal other activities. A variety of filters are used to eliminate communications in the production environment that are apparently unrelated to the target transaction, including filters based on the time-order of communications among the nodes, the size of the packets being communicated, and the content of the communications. If necessary, after eliminating the apparently unrelated communications from consideration, the remaining production communications are compared to the reference communications to identify the most likely production communications corresponding to the reference communications.
Throughout the drawings, the same reference numerals indicate similar or corresponding features or functions. The drawings are included for illustrative purposes and are not intended to limit the scope of the invention.