One of the key challenges in modern enterprise networks is monitoring network traffic across nodes that simultaneously play multiple diverse roles within the network. Examples of network nodes include an employee's personal computer, an email server, a web application server, a database server, and a file server. The applications running on these nodes use the IP Protocol layer to establish inter-nodal connections for communication and information transfer.
Each IP connection consists of a client (typically the node that initiates the connection) and a server. Networked nodes may concurrently act as both a client and a server, depending on the applications they run. For example, a personal computer node can act as a client, by browsing and downloading web pages, at the same time as it is acting as a server, by sending email attachments. A web application server can act as a client by requesting information from a database server, while it also performs its function as a server in responding to application requests by clients that connect with it. Furthermore, while nodes are acting as both a server and client, they are often members of one or more logical groups.
Traditional network monitoring solutions group network traffic according to whether a network node is a client or a server. Useful metrics such as total throughput for the node disregard whether the node is acting as a server or a client. Other metrics, such as total response time, requests served, and connections established require knowledge of whether the node is acting as a client or a server but are more meaningful when aggregated with other node metrics.
In addition, traditional device-centric methods of measuring network utilization require that device-specific diagnostics or parameters (e.g., the number of packets passing through a particular router) be read and then later aggregated at some central location to determine overall utilization of network resources. These processes are manually intensive and rapidly become unmanageable in the face of network reconfigurations and scaling. While such processes may ultimately provide indications of some parameters, for example bandwidth utilization, they often provide little or no information about the actual end-to-end performance for servers and clients passing traffic across the link of interest. Furthermore, information at the individual node level in a large network comprises information at thousands of nodes and is often too much to process in order to receive a real-time picture of the network. Therefore, a new method of grouping diagnostic information is required.