Networks are used to interconnect multiple devices, such as computing devices, and allow the communication of information between the various interconnected devices. The large impact that information technologies have on our daily lives are primarily enabled by the ability of networks to carry data from one place to another almost instantly. Most people today use data transferred through a network in their daily activities, such as using the Internet to get information, communicate (e.g., with cellular phones, e-mail devices, mobile computing devices, or the like), conduct electronic business, and many other daily activities. In the work environment, many organizations rely on networks to communicate information between different individuals, departments, work groups, and geographic locations. In many organizations, a network is an important resource that must operate efficiently. For example, networks are used to communicate electronic mail (e-mail), share information between individuals, and provide access to shared resources, such as printers, servers, and databases, or to collaborate in the preparation of documents. Therefore, a network failure or inefficient operation significantly impacts the ability of enterprises, individuals, or groups to perform their functions.
A typical network contains multiple interconnected devices, including computers, servers, printers, and various other network communication devices such as routers, bridges, switches, and hubs. The multiple devices in a network are interconnected with multiple communication links that allow the various network devices to communicate with one another. If a particular network device or network communication link fails or underperforms, multiple devices, or the entire network, may be affected. To avoid network failures or performance problems network monitoring and management tools are provided to mange the networks.
Network management is the process of managing the various network devices and network communication links to provide the necessary network services to the users of the network. Typical network management systems collect information regarding the operation and performance of the network and analyze the collected information to detect problems in the network. For example, a high network utilization or a, high network response time may indicate that the network (or a particular device or link in the network) is approaching an overloaded condition. In an overloaded condition, network devices may be unable to communicate at a reasonable speed, thereby reducing the usefulness of the network. In this situation, it is important to identify the network problem and the source of the problem quickly and effectively such that the proper network operation can be restored.
One purpose of a network is to provide a forum in which applications can pass information from one location to another across the network. These are commonly referred to as networked applications and are typically designed for specific usage. Examples may include mail applications, financial transactions, streaming media, medical imagery, or airline travel reservations. A given corporate or government network may have dozens or thousands of such applications simultaneously in use.
Timely determination and resolution of network failure and/or application performance problems is very important and even critical to the viability of many business enterprises. A network failure can cause very large financial losses. For example, businesses relying on electronic transactions for the sale of products have a critical need for their networks to be operating to enable sales. Even a slowdown of data transfer rates can have a large financial impact due to lower productivity, sales, customer frustration, and the like.
To avoid and quickly resolve network and application problems, operators are required to monitor and troubleshoot network traffic and correlate application performance with network problems. They are also required to perform service-level agreement (“SLA”) verification and profile based monitoring for critical entities such as servers and applications. For operators to achieve all these tasks efficiently, traffic data has to be quickly collected, aggregated, and analyzed in a flexible manner. The operator may start down one path and uncover information the leads to an unanticipated problem. As a result, all data should continue to remain available for the user to be able to restart the process of drill down based on the new information.
This typically results in very large datasets and requires slicing, dicing, and pivoting on multiple points of references to view the data from multiple perspectives. Conventional online analytical processing (“OLAP”) techniques, such as Multidimensional OLAP (“MOLAP”), Relational OLAP (“ROLAP”), and Hybrid OLAP (“HOLAP”), are data cube based solutions that enable slicing and dicing by providing aggregates on multi-dimensional groups that satisfy some user defined criteria.
However, the data-cube operations require computation of aggregations on all possible combinations of each dimension attribute. As the number of dimensions increases, it becomes very expensive to compute data cubes, because the required computation cost grows exponentially with the increase of dimensions.
In addition, some of the end users, e.g., managers, lower level support, and the like, may not fully understand the aggregate results or be able to use them directly to make a decision. Moreover, executives and managers are typically interested in the most significant asset groups. Several techniques have been proposed for efficient computation of the top N groups. However, they work very well for simple aggregates and are computationally very expensive when computing complex aggregates and the time complexity becomes either O(n) or O(n2) depending on the number of passes required to aggregate the data.
Accordingly, there is thus a continuing need for a network-monitoring systems and methods for network monitoring and management that can quickly and efficiently compute traffic data aggregations based on any user defined criteria, provide real-time visualizations, and allow slicing and dicing of the data dynamically in order to isolate and find the factors causing network performance problems.