1. Field of the Invention
The present invention relates generally to an apparatus and method for the management of a network, and more particularly to a network management apparatus and method for monitoring the stress of a network, and generating events when high stress conditions are detected.
2. Description of the Related Art
The following description is concerned with a data communications network, and in particular a local area network (LAN). It will be appreciated, however, that the invention but has more widespread applicability to other managed communications systems including wide area networks (WANs) or wireless communications systems.
Networks typically comprise a plurality of computers, peripherals and other electronic devices capable of communicating with each other by sending and receiving data packets in accordance with a predefined network protocol. Each computer or other device on the network is connected by a port to the network media, which in the case of a LAN network may be coaxial cable, twisted pair cable or fibre optic cable. Each device on the network typically has hardware for media access control (MAC) with its own unique MAC address. Data packets are sent and received in accordance with the MAC protocol (e.g. CSMA/CD protocol as defined by the standard IEEE 802.2, commonly known as Ethernet). Data packets transmitted using the MAC protocol identify the source MAC address (i.e. the MAC address of the device sending the data packet) and the destination MAC address (i.e. the MAC address of the device for which the data packet is destined) in the header of the data packet.
A network is generally configured with core devices having a plurality of ports, which can be used to interconnect a plurality of media links on the network. Such devices include hubs, routers and switches which pass data packets received at one port to one or more of its other ports, depending upon the type of device. Such core devices can be managed or unmanaged.
A managed device is capable of monitoring data packets passing through its ports. For example, a managed device can learn the physical or MAC addresses of the devices connected to its ports by monitoring the source address of data packets passing through the respective ports. Identified source and destination addresses transmitted from or to a port of a managed network device, such as a router, hub, or switch, are stored in a respective xe2x80x9caddress tablexe2x80x9d associated with the port.
Managed devices additionally have the capability of communicating with each other using a management protocol such as the SNMP (Simple Network Management Protocol), as described in more detail below. Whilst the following description is concerned with the SNMP management protocol, the skilled person will appreciate that the invention is not limited to use with SNMP, but can be applied to managed networks using other network management protocols.
SNMP forms part of the TCP/IP protocol suite, which is a number of associated protocols developed for networks connected to the Internet. SNMP defines agents, managers and MIBs (where MIB is Management Information Base), as well as various predefined messages and commands for data communication. An agent is present in each managed network device and stores management data, responds to requests from the manager using the GETRESPONSE message and may send a TRAP message to the manager after sensing a predefined condition. A manager is present within the network management station of a network and automatically interrogates the agents of managed devices on the network using various SNMP commands such as GET and GETNEXT commands, to obtain information suitable for use by the network administrator, whose function is described below. A MIB is a managed xe2x80x9cobjectxe2x80x9d database which stores management data obtained by managed devices, and is accessible to agents for network management applications.
It is becoming increasingly common for an individual, called the xe2x80x9cnetwork administratorxe2x80x9d, to be responsible for network management, and his or her computer system or workstation is typically designated the network management station. The network management station incorporates the manager, as defined in the SNMP protocol, i.e. the necessary hardware, and software applications to retrieve data from MIBs by sending standard SNMP requests to the agents of managed devices on the network.
An example of a known network management software application capable of determining monitoring the stress of a network is the 3Com(copyright) Network Supervisor available from 3Com Corporation of Santa Clara, Calif., USA. This application, and similar applications, uses SNMP commands to retrieve relevant management data from managed network devices, and processes the data as described below.
A part of the network administrator""s function is to identify and resolve problems occurring on the network, such as device or link malfunction or failure. In order to provide the network administrator with the necessary information to identify such problems, the network management application monitors the devices on the network. An example of such monitoring is described in co pending UK Patent Application No 9917993.9 entitled xe2x80x9cManagement System and Method for Monitoring Stress in a Networkxe2x80x9d in the name of the present applicant. In the system and method described in UK Patent Application No 9917993.9 the SNMP manager in the network management station requests the agents of managed network devices on the network to retrieve selected MIB data indicative of device and link operation, and performs tests for device activity and service availability. Such MIB data may relate to characteristics such as traffic activity or errors occurring at a particular port in the relevant network device. Tests may include sending ICMP Ping requests to each device on the network, or sending selected requests for services such as SMTP, NFS and DNS to servers, and monitoring the time taken to receive a response. The monitored parameters or characteristics are referred to herein as xe2x80x9cstress metricsxe2x80x9d.
The network management application compares, for each stress metric, the retrieved data or test results against a corresponding threshold level for the stress metric. The threshold level is the level above (or below) which performance is considered to be unacceptable. For simplicity, the following description is based on a maximum threshold, that is, a threshold level above which performance is considered to be unacceptable. The skilled person will appreciate that for some stress metrics the threshold level could be a level below which performance is unacceptable. Default values for threshold levels of monitored stress metrics are typically preset by the application vendor, but may be adjusted by the network administrator.
Each time a threshold is exceeded, the application logs an xe2x80x9cEventxe2x80x9d. The xe2x80x9cEvent logxe2x80x9d lists each Event, and includes information such as the date and time of the Event, the identity of the device affected and the nature of the Event. The network administrator can then review the Event list to identify problems on the network.
It is important that the thresholds for the monitored stress metrics are chosen so that the number of Events presented in the Event log for review is minimised whilst still keeping the network administrator informed of Events which indicate genuine problems on the network. It can be difficult for the network administrator to choose a threshold level which will be exceeded only if genuine problems exist on his particular network. Accordingly, there is a need for a system and method which can be used to assist the network administrator in the task of setting the threshold levels.
In the present applicant""s UK Patent Application number 0009050.6 entitled xe2x80x9cNetwork Management Apparatus and Method for Monitoring Stress in a Networkxe2x80x9d, a method is proposed to assist the network administrator in setting threshold levels. In the method the administrator moves the threshold value up or down and the program simulates the Events which would have been generated if the threshold had been set at the changed value using previously received stress values from the network devices. The administrator can use the simulated Event lists to select a threshold level which generates only significant Events.
A problem with the method proposed in UK Patent Application number 0009050.6 is that the network administrator must have sufficient knowledge of the nature and type of Events generated so that he or she can determine which simulated Event list produced by the method includes all significant Events but few, and preferably no, unimportant Events. It cannot assist the inexperienced network administrator who does not have this knowledge.
The present invention seeks to address this problem, and provide a method and apparatus which can be used by even the most inexperienced network administrator in setting threshold levels.
In accordance with a first aspect, the present invention provides a method for determining an optimum threshold value for a monitored characteristic of a managed network, the method comprising the steps of: for a preceding time period, counting a number of values for a monitored characteristic, received during the time period, which exceeded an existing threshold value for said monitored characteristic, and determining an optimum threshold value for the monitored characteristic in dependence on the number determined by the counting step.
The method of the present invention thus provides the user with a suggested optimum threshold value for a monitored characteristic based on the number of previously received monitored values for the characteristic. The network administrator does not need to have knowledge of the nature and type of Events in order to adjust the threshold setting for the monitored characteristic. By using previously received monitored values, the suggested optimum threshold level is specific to the particular network.
In accordance with a second aspect, the present invention provides a computer readable medium carrying a computer program for carrying out the method of the first aspect of the present invention.
In accordance with a third aspect, the present invention provides a network management apparatus for monitoring a network and for determining an optimum threshold value for a monitored characteristic of the network, the apparatus comprising: a processor configured to count the number of values for a monitored characteristic which exceeded an existing threshold value for said monitored characteristic, said values previously received during a preceding time period, and configured to determine an optimum threshold value for the monitored characteristic in dependence on the number determined by the counting step.
Other preferred features of the present invention will be apparent from the following description and accompanying claims.