Network providers, such as Internet service providers (ISPs), typically monitor Internet Protocol (IP) traffic and network conditions using probe devices. Conventionally, probes receive a copy of traffic or are in the forwarding plane of the traffic, but the probe does not necessarily participate in the routing decisions of the network or act as an end-point. The probe is generally considered to be outside of the system the probe is monitoring. One class of probes inspects Internet packets and generates one or more of demographic (summary) reports, alerts, subscriber billing information, subscriber quota accounting or lawful interception/capture based on, for example:
Network conditions (e.g., outages, congestion);
Type of traffic (e.g., bulk or interactive);
Configured filter rules;
Subscriber attributes (e.g., contract-defined attributes); and
Subscriber state (e.g., within quota vs. over quota; worm infection).
The last two types of reports, in particular, require the probe device to associate packets with subscribers. This is typically done by using one of the IP addresses in the packet as a unique key and subscriber identifier.
Typically, ISPs provide connectivity to subscribers on the Internet, namely by forwarding IP packets to and from subscribers' devices, under various forms of contract. To enforce contract restrictions and to deliver upon obligations, it is important that ISPs be able to identify the subscriber associated with each IP packet.
Conventionally, Internet service providers allocate a public IP address to each subscriber, such that the IP address can be considered globally unique in representing the subscriber. However, the recent exhaustion of IPv4 addresses has led service providers to use or reuse private IP addresses among their subscribers such that the IP addresses may no longer be unique within the world or even unique within an ISP's network. In some cases, the IP addresses may only be unique within a private Local Area Network (LAN) or Virtual LAN (VLAN). These private networks are connected to the Internet through Network Address Translation (NAT) or Network Port Address Translation (NPAT) devices that dynamically map private IP addresses to public IP addresses and port ranges. An ISP may now assign “dynamic” IP addresses to subscribers, meaning a subscriber may be assigned any available address as opposed to being assigned a static address for an extended period of time.
This dynamic assignment of IP addresses can create difficulties in tracking subscriber specific data, with regard to at least the reports described above. Further, in a developing area of this nature, it is generally advantageous to improve on previous systems and methods.