In networking, computers communicates with each another by sending and receiving information through shared channels, which are designed for networking purposes. Network interface cards (NICs), which are hardware devices that are installed on computers, are used to enable networking and to support the networking preferences that are maintained by computer users. For example, NICs are used to assign unique addresses called a MAC (media access control) to the computer on which it is installed. NICs also include hubs or switches, which behave like relays that pass information between computers using the MAC addresses. NICs are used by computers to receive incoming data streams.
Since most operating systems include a general utility for reading all packets coming to a NIC, computers usually use this general utility to operate the installed NIC. Applications typically incorporate this general utility by either using the general utility, as provided in the operating system, or by using a similar utility. In this context, typical processing of incoming data streams would include receiving packets, examining the packets and maintaining some main-memory data structure(s) with information about the packets. FIG. 1 illustrates this processing.
In FIG. 1, a computer 110 with multiple central processing units, receives three full packet data streams 120a, 120b, and 120c, which are processed using the three different processes, Process I (140a), Process II (140b), and Process III (140c). The three processes 140a, 140b, and 140c are independent processes. There are several disadvantages associated with the prior art architecture. First, there are inefficiencies that result from running more than one full bore network interface packet capture process. For example, significant computer processing resources are required to handle such a stream. If each process is separate, then the computer resources needed rapidly increase to the point where it is not feasible to run multiple applications. The second disadvantage arises from the need to dump the main memory data structures to disk files. During the dumping process, packets can be dropped and not counted by the application. These disadvantages cause problems when incoming data is monitored because of the large resources which are required to monitor data when there are multiple independent processes and applications simultaneously running on computer.
Therefore, a computer architecture, which enhances data monitoring capabilities and efficiently captures and processes streams of packets, while reducing dropped data, hardware/software cost, operational cost, and network cost, is desired.