Advances in telecommunication networks have facilitated communication between users who are geographically dispersed. Communication may include transmission of data packets, such as media and voice packets, between a plurality of network devices, such as routers and switches. In a telecommunication-centric society, millions of data packets may be transmitted daily within a single network. To ensure the viability of its network, a company may monitor its network.
Monitoring may be performed by connecting monitoring network appliances, such as network taps, to the network to gather information about the data traffic. To facilitate discussion, FIG. 1 shows a simple logistical diagram of a monitoring network appliance. Consider the situation wherein, for example, a simple network exists in which data is flowing between a pair of network devices 102 (e.g., routers, switches, endpoints, etc.). To monitor the network data traffic, a monitoring network appliance 100 may be employed. In an example, the data traffic may flow from network device A to network device B via one of the data ports (104, 106, 108, etc.) of monitoring network appliance 100.
Data traffic flowing through monitoring network appliance 100 may be processed by a functionality module 112 before being forwarded to a monitoring tool. The processing capability of monitoring network appliance 100 may vary. In an example, functionality module 112 may be configured to perform switching and filtering. In another example, functionality module 112 may be configured to perform aggregation.
In addition, monitoring network appliance 100 may also include a traffic counter module 110, which may be configured to gather information about the data traffic flowing through monitoring network appliance 100. In an example, information gathered may include the number of bytes, the number of packets, the packet size distribution, and the like.
The data gathered by traffic counter module 110 may then be processed by a statistical logging subsystem 114. In an example, statistical logging subsystem 114 may perform statistical analysis (e.g., calculate average, mean, rates, and the like). Once the data has been processed, the statistical data may be stored within a storage module 116, such as a solid state memory device, a rotating memory device, and the like.
Given the high volume of data that may be gathered and processed, storage module 116 tends to only store real time data. In an example, data from the last five seconds may be stored. All other data is usually discarded. As a result historical data is not available to perform analysis on the data traffic if a problem arises.
In some situation, a user (such as a human user, a management tool, and the like) may request for the statistical data. To request for the data stored on storage module 116, a user 122 may send a request to monitoring network appliance 100 via a management subnet 120. The request may be received by monitoring network appliance 100 via a management port, such as port 118. The request may then be processed by statistical logging subsystem 114. In an example, statistical logging subsystem 114 may analyze the request and retrieve the requested data from storage module 116. The requested data may then be forwarded to user 122 via port 118 and management subnet 120.
As can be appreciated from the aforementioned, a conventional monitoring network appliance usually employs a data pull technique. In other words, the data gathered by traffic counter module 110 and/or processed by statistical logging subsystem 114 is usually not forwarded to an external source unless the data is specifically requested (pull) by a user, such as a management tool. Thus, the data pull technique usually places the burden of pulling the data on the external user. In addition, the data pull technique usually requires higher processor consumption since monitoring network appliance 100 may have to dedicate a portion of its processing power to analyzing and processing the data request.
Another disadvantage of the data pull technique is that the data can only be pulled if user 122 is aware of its existence. In an example, monitoring network appliance is a new network tap device. User 122 is not able to query monitoring network appliance if the user is unaware of the new network tap device (e.g., do not know internet protocol address). As a result, important data may be “lost”. In addition, a user, such as user 122, may have to send individual request to each monitoring network appliances, if there is more than one in a network.
Accordingly, an integrated network data collection arrangement for storing and archiving data collected by a plurality of monitoring network appliances is desirable.