1. Field of the Invention
The present invention relates to a computer-readable recording medium, fault analysis device and fault analysis method. More particularly, the invention relates to a computer-readable recording medium recording program for analyzing the cause of a fault in performance occurring on a network, fault analysis device and fault analysis method.
2. Description of the Related Art
As IP (Internet Protocol)-based networks have come to be used as a social infrastructure, there has been a need for techniques capable of promptly and appropriately coping with not only a functional fault such as communication inability but a fault in performance such as slow response time.
To monitor a fault occurring on a network, a method using SNMP (Simple Network Management Protocol), which is a representative network management protocol associated with TCP (Transmission Control Protocol)/IP, has conventionally been adopted. According to SNMP, information called MIB (Management Information Base) and system messages generated and transmitted from the system are collected and analyzed. MIB holds traffic information such as the number of outgoing/incoming IP packets, as well as the count of lost packets, and based on such information, a fault of network equipment etc. is detected. Also, a system message includes a description of an anomaly status directly detected by equipment and thus is used for fault detection.
Conventional network management systems adopt a method wherein the collection and tracing of fault information indicated by MIB and system messages are centrally managed by a network monitoring terminal (SNMP manager) operated by a system administrator, for example. The paper “Analysis of DNS Traffic at a DNS Server in an ISP” by Kato and Sekiya, in the Transactions of the Institute of Electronics, Information and Communication Engineers, B, J87-B, No. 3, pp. 327–335, March 2004, deals with the technique of collecting and analyzing the traffic information of a DNS (Domain Name System) server in a commercial ISP (Internet Service Provider).
However, information to be collected is more and more expanding due to enlargement in the scale of networks and diversification/functional sophistication of network equipment, giving rise to a problem that because of the size of information, it is hardly possible to centrally manage detailed information such as records of individual outgoing and incoming packets. For example, the above paper reports that in the case of a commercial ISP, packet information collected by a DNS server is as much as 0.7 GB/hour. Also, it is difficult in particular to sort out and appropriately analyze relevant information from among a vast amount of collected information. Thus, there is a limit to the analysis of performance faults by the centralized management method.
As an example of non-centralized management, an analysis method has also been used in which a measurement-analysis device (Sniffer etc.) is introduced when a fault has occurred, to trace packets to a faulty spot. In cases where the network is functioning normally but the performance thereof involves a problem such as slow Web access or poor speech quality of IP telephones, it is essential to carry out detailed tracing of the transmission/reception time, status, etc. of individual packets by using the packet tracing function, in order to find the cause of such a fault. However, the conventional measurement-analysis device can collect only limited items of information such as loss rate, and where the throughput lowers due to a cause other than packet loss, it is difficult to find the cause. Moreover, since the actual analysis is performed by a person, he/she is required to have great skill in the analysis.