In computer networks, it is frequently of interest to monitor and analyse network traffic flows for any number of purposes, such as network capacity planning, user billing, or security reasons for example.
In Internet Protocols (IP) networks, a network traffic flow may be defined as a unidirectional sequence of packets that all share a number of attribute values such as IP source and destination address, port numbers, etc. An article at Wikipedia entitled “Netflow”, cited in the information disclosure statement for this application, describes a network traffic flow reporting protocol that was originally introduced by Cisco Corporation under the name NetFlow.
Methods for recording and displaying such network traffic flow information are described in the prior art, for example in US patent application 2012/0310952 and U.S. Pat. No. 8,510,830. Because of the increasingly high volume of network traffic flows, the implementation of efficient monitoring and analysis poses unique challenges, requiring optimizations which depend on the purpose of obtaining the network traffic flow information and analyzing or displaying it. Because of the large amount of network traffic to be analyzed, efficient near real-time processing of network traffic flow data continues to be a problem.