In general, a “network analyzer” is a program that monitors and analyzes network traffic, detecting bottlenecks and problems. Using this information, a network manager can keep traffic flowing efficiently. A network analyzer may also be used to capture data being transmitted on a network. The term “network analyzer” may further be used to describe a program that analyzes data other than network traffic. For example, a database can be analyzed for certain kinds of duplication. One example of a network analyzer is the SNIFFER ANALYZER™ device manufactured by NETWORK ASSOCIATES, INC™.
FIG. 1 shows a typical network analyzer 100 deployment attached to a single switch 102. As shown, several personal computers 104 are coupled to Server A 106 and Server B 108 via a switch array 110. This deployment sees broadcast and multicast traffic plus any unicast traffic to or from the network analyzer 100 only. In other words, the network analyzer 100 provides only a constrained view that is incapable of providing a complete picture of traffic between the personal computers and servers.
FIG. 2 depicts a network analyzer 200 deployment using spanning. This deployment sees all broadcast and multicast traffic, plus any unicast traffic to and from Server A. However, extra load has been added to the switch 202.
FIG. 3 depicts a network analyzer 300 deployment using a Virtual Local Area Network (VLAN) 302. This deployment sees broadcast and multicast traffic and any unicast traffic to or from the computers on VLAN 1, but the load on the switch 304 is now excessive.
At one time, repeated flat networks were the standard in an enterprise setting. Prior art network analyzer systems can only typically see one broadcast domain. This is due in large part to the fact that these systems were designed for flat repeated networks. Thus, such network analyzer systems function as an adequate solution in a “point” troubleshooting role, but do not scale to provide a true enterprise troubleshooting and monitoring capability.
Over time, there has been a steady migration away from flat networks towards fully switched networks. Given network topologies today, prior art network analyzer systems, as currently designed, cannot provide a complete solution that is capable of monitoring, detecting and troubleshooting problems on a corporate enterprise level. Even with monitoring modules on every switch, everything still cannot be seen, and there is a high cost associated with deploying this many monitoring modules.
There is thus a need to provide network analyzer functionality in an enterprise-wide fashion to allow company network managers to monitor their geographically dispersed networks from a central location. Additionally, companies need the ability to accomplish this in a rapid, dynamic way to facilitate quick reaction to problems that can occur at any point within a corporate network.
What is further needed is a network analyzer solution that is capable of scaling to a total enterprise solution, and further capable of monitoring the entire corporate network at once while fully addressing the current paradigm of fully switched environments.