1. Field of the Invention
The invention relates generally to measurement processes and subsequent electronic manipulation, archiving or aggregation of data, and more particularly, to improved system and method for measuring, collecting, aggregating and transmitting network flow data.
2. Description of the Prior Art
Analysis and visualization of network traffic is important for optimizing and protecting the operation of networked IT infrastructures.
Standard transmission of the activity of a network flow, from the de-facto standard “netflow” (see, e.g., http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml incorporated by reference herein) and the IETF standard IPFIX (see, e.g., http://en.wikipedia.org/wiki/IP Flow Information Export incorporated by reference herein), consists solely of the start and end time of the flow, and how many bytes and packets from this flow that were observed. This information is minimal—only the average rate at which the flow sent is known, with no knowledge as to whether these packets occurred at the beginning or the end. This limits dramatically the usefulness of Netflow data for extrapolating activity on a link or for using it in dimensioning.
For example, IBM's Aurora product (See, e.g., http://aurora.zurich.ibm.com) uses netflow packets to show activity. It, however, must assume that each flow sent at its average rate (or some other crude extrapolation). This necessarily results in errors in the accuracy of the reported traffic activity as a function of time.
For example, via Aurora, only the average rate at which a flow sends is known, which may be an inaccurate gauge of activity if the rate varied a lot during that time period (i.e., high variance). For example, as shown in FIG. 1, there is depicted a plot 10 showing network packet flow 12 that had a lot of activity not reflected in its average rate depicted as a line 15 as would be output by the conventional analyzer.
That is, Netflow's activity monitor's effectiveness is thus curtailed.
Users of the netflow and like network packet traffic monitoring systems would benefit from a scheme that provides more accurate information of a flow's activity within a network.