The present invention relates to enterprise network systems, and more particularly to analyzing enterprise network systems.
Numerous tools have been developed to aid in network management involving capacity planning, fault management, network monitoring, and performance measurement. One example of such tools is the network analyzer.
In general, a xe2x80x9cnetwork analyzerxe2x80x9d is a program that monitors and analyzes network traffic, detecting bottlenecks and problems. Using this information, a network manager can keep traffic flowing efficiently. A network analyzer may also be used to capture data being transmitted on a network. The term xe2x80x9cnetwork analyzerxe2x80x9d may further be used to describe a program that analyzes data other than network traffic. For example, a database can be analyzed for certain kinds of duplication. One example of a network analyzer is the SNIFFER ANALYZER(trademark) device manufactured by NETWORK ASSOCIATES, INC(trademark).
FIG. 1 shows a typical network analyzer 100 deployment attached to a single switch 102. As shown, several personal computers 104 are coupled to Server A 106 and Server B 108 via a switch array 110. This deployment sees broadcast and multicast traffic plus any unicast traffic to or from the network analyzer 100 only. In other words, the network analyzer 100 provides only a constrained view that is incapable of providing a complete picture of traffic between the personal computers and servers.
FIG. 2 depicts a network analyzer 200 deployment using spanning. This deployment sees all broadcast and multicast traffic, plus any unicast traffic to and from Server A. However, extra load has been added to the switch 202.
FIG. 3 depicts a network analyzer 300 deployment using a Virtual Local Area Network (VLAN) 302. This deployment sees broadcast and multicast traffic and any unicast traffic to or from the computers on VLAN 1, but the load on the switch 304 is now excessive.
At one time, repeated flat networks were the standard in an enterprise setting. Prior art network analyzer systems can only typically see one broadcast domain. This is due in large part to the fact that these systems were designed for flat repeated networks. Thus, such network analyzer systems function as an adequate solution in a xe2x80x9cpointxe2x80x9d troubleshooting role, but do not scale to provide a true enterprise troubleshooting and monitoring capability.
Over time, there has been a steady migration away from flat networks towards fully switched networks. Given network topologies today, prior art network analyzer systems, as currently designed, cannot provide a complete solution that is capable of monitoring, detecting and troubleshooting problems on a corporate enterprise level. Even with monitoring modules on every switch, everything still cannot be seen, and there is a high cost associated with deploying this many monitoring modules.
There is thus a need to provide network analyzer functionality in an enterprise-wide fashion to allow company network managers to monitor their geographically dispersed networks from a central location. Additionally, companies need the ability to accomplish this in a rapid, dynamic way to facilitate quick reaction to problems that can occur at any point within a corporate network.
What is further needed is a network analyzer solution that is capable of scaling to a total enterprise solution, and further capable of monitoring the entire corporate network at once while fully addressing the current paradigm of fully switched environments.
A system, method and computer program product are provided for analyzing a network utilizing an agent. Initially, a signal is sent from a computer to a host controller utilizing a network. Next, a response to the signal is received from the host controller. Information is then collected relating to network traffic involving the computer based on the response. The information is subsequently sent to the host controller on a periodic basis.
In one embodiment, a boot on the computer may be detected. Moreover, the signal may be sent in response to the detection of the boot. As an option, the signal is repeatedly sent until the cessation of a predetermined time interval, or until the response is received from the host controller.
In another embodiment, flow control may be established with the host controller upon receiving the response. Further, error correction may be established.
In still another embodiment, the information relating to network traffic involving the computer may be collected for a predetermined time interval. Such predetermined time interval may be dictated by the response from the host controller.
In still yet another embodiment, an acknowledgment may be received from the host controller in response to sending the information. The foregoing operations may be repeated upon the lack of receipt of the acknowledgement. As an option, broadcast and multicast network traffic may also be filtered.