U.S. patent application number 10/237597 was filed with the patent office on 2003-01-16 for promiscuous network monitoring utilizing multicasting within a switch.
Invention is credited to Ramakrishnan, Kadangode K..
Application Number | 20030012196 10/237597 |
Document ID | / |
Family ID | 25000528 |
Filed Date | 2003-01-16 |
United States Patent
Application |
20030012196 |
Kind Code |
A1 |
Ramakrishnan, Kadangode K. |
January 16, 2003 |
Promiscuous network monitoring utilizing multicasting within a
switch
Abstract
Multicasting within a switch is utilized to promiscuously
monitor switched communication networks. The switch routes data
packets from input ports to data output ports and routes copies of
the data packets to a monitor output port. A monitor processor is
connected to the switch to receive copies of all data packets
received at the switch, and thereby monitor the communication
network.
Inventors: |
Ramakrishnan, Kadangode K.;
(Berkeley Heights, NJ) |
Correspondence
Address: |
KENYON & KENYON
1500 K STREET, N.W., SUITE 700
WASHINGTON
DC
20005
US
|
Family ID: |
25000528 |
Appl. No.: |
10/237597 |
Filed: |
September 10, 2002 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
10237597 |
Sep 10, 2002 |
|
|
|
08746364 |
Nov 8, 1996 |
|
|
|
Current U.S.
Class: |
370/390 |
Current CPC
Class: |
H04L 49/25 20130101;
H04L 49/203 20130101; H04L 63/30 20130101; H04L 49/50 20130101;
H04L 49/30 20130101; H04L 2012/5625 20130101; H04L 43/00 20130101;
H04L 49/201 20130101; H04L 49/3081 20130101 |
Class at
Publication: |
370/390 |
International
Class: |
H04L 012/28 |
Claims
What is claimed is:
1. A method of promiscuous monitoring in a switched communications
network, using multicasting within a switch, comprising: receiving
a data packet at a first input port of the switch, the first input
port being one of one or more input ports; multicasting the
received data packet via one or more virtual circuits, the virtual
circuits being located within the switch between the first input
port and at least a first output port and at least a first
monitoring port, the first output port being one of one or more
output ports, the first monitoring port being one of one or more
monitoring ports; and promiscuously monitoring the first input port
using the first monitoring port.
2. The method of claim 1, wherein the virtual circuits are
established on a dynamic basis.
3. The method of claim 1, wherein the virtual circuits are
established on a permanent basis.
4. A method of promiscuous monitoring in a switched communications
network, using multicasting within a switch, comprising: receiving
a data packet at a first input port of the switch, the first input
port being one of one or more input ports; multicasting the
received data packet via one or more virtual circuits, the virtual
circuits being located within the switch between the first input
port and at least a first output port and at least a first
monitoring port, the first output port being one of one or more
output ports, the first monitoring port being one of one or more
monitoring ports; and promiscuously monitoring the first output
port using the first monitoring port.
5. The method of claim 4, wherein the virtual circuits are
established on a dynamic basis.
6. The method of claim 4, wherein the virtual circuits are
established on a permanent basis.
7. A method of promiscuous monitoring in a switched communications
network, using multicasting within a switch, comprising: receiving
a data packet at a first input port of the switch, the first input
port being one of one or more input ports; multicasting the
received data packet via one or more virtual circuits, the virtual
circuits being located within the switch between the first input
port and at least a first output port and at least a first
monitoring port, the first output port being one of one or more
output ports, the first monitoring port being one of one or more
monitoring ports, the received data packet identifying the first
output port as a destination output port, a monitoring processor
identifying the first input port as a port selected for promiscuous
monitoring; and promiscuously monitoring the first input port using
the first monitoring port.
8. The method of claim 7, wherein the virtual circuits are
established on a dynamic basis.
9. The method of claim 7, wherein the virtual circuits are
established on a permanent basis.
10. A method of promiscuous monitoring in a switched communications
network, using multicasting within a switch, comprising: receiving
a data packet at a first input port of the switch, the first input
port being one of one or more input ports; multicasting the
received data packet via one or more virtual circuits, the virtual
circuits being located within the switch between the first input
port and at least a first output port and at least a first
monitoring port, the first output port being one of one or more
output ports, the first monitoring port being one of one or more
monitoring ports, the received data packet identifying the first
output port as a destination output port, a monitoring processor
identifying the first output port as a port selected for
promiscuous monitoring; and promiscuously monitoring the first
output port using the first monitoring port.
11. The method of claim 10, wherein the virtual circuits are
established on a dynamic basis.
12. The method of claim 10, wherein the virtual circuits are
established on a permanent basis.
13. A promiscuous monitoring system, in a switched communication
network, comprising: a monitoring processor; and a switch
including: one or more input ports, one or more output ports, and
one or more monitoring ports, the monitoring processor coupled to
the switch through the first monitoring port, one or more virtual
circuits, the virtual circuits multicasting a data packet received
at one or more input ports to at least one output port and at least
one monitoring port, the output port designated by the received
data packet as a destination port, the monitoring port designated
by the monitoring processor as the port to which a multicast copy
of the received data packet is to be transmitted for promiscuous
monitoring.
14. The system of claim 13, wherein the virtual circuits are
established on a dynamic basis.
15. The system of claim 13, wherein the virtual circuits are
established on a permanent basis.
Description
[0001] This application is a continuation of U.S. patent
application Ser. No. 08/746,364, filed Nov. 8, 1996, and
incorporated herein by reference in its entirety. This application
is related to U.S. patent application Ser. No. 09/388,529, filed
Sep. 2, 1999 (now abandoned), which is a continuation of U.S.
patent application Ser. No. 08/746,364, filed Nov. 8, 1996, and
incorporated herein by reference in its entirety.
FIELD OF THE INVENTION
[0002] The present invention relates to promiscuous monitoring of
communication networks. Specifically, this invention relates to a
method and apparatus for providing promiscuous monitoring of a
communication network through the use of multicasting within an ATM
switch.
BACKGROUND
[0003] A communication network needs to be monitored to evaluate
its performance and to diagnosis any potential problems. Typically,
an end-station communication device(s) is connected to the network
in such a manner that the end-station(s) receive all the data
transmitted within the network: this is known as promiscuous
monitoring. The configurations by which promiscuous monitoring can
be performed will vary depending upon the type of network.
[0004] Multi-access networks, such as an FDDI (fiber distributed
data interface) and Ethernet local-area network (LAN), allow
multiple points of access. In these multi-access networks, a
monitoring point can be easily established through which all of the
network communication traffic passes. In such a case, an
end-station can be connected to the network to easily perform
promiscuous monitoring of the network. By disabling the
end-station=s filtering functions, it can receive and promiscuously
monitor all communication traffic transmitted over the network.
[0005] With asynchronous transfer mode (ATM) and other switched
networks, however, such as switched Fast Ethernet or switched FDDI,
promiscuous monitoring cannot be as easily performed because the
links are point to point. Thus, in such networks, no one place
exists within the network where a promiscuous monitor can be
located to receive all the data packets/frames. A typical prior art
approach is to promiscuously monitor each link going out of a
switch output port by inserting a T-connector, such as an optical
splitter, into the link.
[0006] FIG. 1 illustrates a prior art approach for promiscuous
monitoring of a communication network. Sender communication devices
100a and 100b are connected to switch 110 which is connected to
receiver communication devices 120a and 120b on links 130a and
130b, respectively. The communication network shown in FIG. 1 is
simplified for illustrative purposes; thus, a typical communication
network has a vast number of nodes with switches, sender and
receiver communication devices, and links interconnecting the
switches. Unlike the simple case shown in FIG. 1 having a single
switch 110, communication data sent by a sender communication
device will typically pass through multiple switches 110 before
reaching a receiver communication device.
[0007] Using T-connector 140a and 140b, a copy of the packets
transmitted on links 130a and 130b, respectively, will be received
by not only the intended receiver, 120a and 120b, respectively, but
also can be received by an end-station performing promiscuous
monitoring. Within a communication network, the point of access for
promiscuous monitoring is usually selected at the switch through
which most of the communication traffic passes. Promiscuous
monitors 150a and 150b are connected to each T-connector 140a and
140b, respectively, thereby monitoring links 130a and 130b,
respectively. Alternatively, a single promiscuous monitor can be
connected to multiple T-connectors through multiple input ports in
the promiscuous monitor thereby monitoring several individual links
at the same monitor.
[0008] The prior art configurations present several shortcomings.
As the number of switch output ports increases, the necessary
number of T-connectors increases, and correspondingly the required
number of monitoring end-stations or input ports at the monitoring
end-station also increases. Of course, with such a monitoring
configuration, monitoring costs will increase as the number of
switch output ports increase. Additionally, such hardware-based
monitoring techniques lack the flexibility to change as the network
characteristics change. For example, although the amount of traffic
over certain links may change over time, the configuration of the
monitoring systems can be modified only inconveniently by changing
the hardware connections or by having a large number of
T-connectors and selectively enabling the reception of the ports in
the promiscuous monitor.
SUMMARY OF THE INVENTION
[0009] The present invention utilizes multicasting within a switch
to promiscuously monitor a switched communication network at a
single point in the network. At least one port per switch is
established as a monitor port, where the switch has sufficient
capacity to allow the port to be used for monitoring. The switch
comprises input ports, data output ports, and monitor output ports.
An interconnection network within the switch is connected to the
input ports, the data output ports, and the monitor output port.
The interconnection network routes data packets from input ports to
data output ports and routes copies of the data packets to the
monitor output port. A monitor processor is connected to the switch
at the monitor output port to receive copies of data packets
received at the switch, and thereby monitor the communication
network. The promiscuous monitor can receive copies of all data
packets received at the switch or receive copies of just a
selective set of data packets received at the switch.
[0010] In another embodiment of the present invention, the switch
routes copies of the data packets from some of the input ports or
output ports to one monitor output port and routes copies of the
data packets arriving at the remaining input ports or output ports,
respectively, to another monitor output port. The present invention
can also allow modification of which input ports=or output
ports=data packet copies are routed to which monitor output ports.
Of course, the present invention can be configured with more than
two monitor output ports.
BRIEF DESCRIPTION OF THE DRAWINGS
[0011] FIG. 1 illustrates a prior art approach for promiscuous
monitoring of a communication network.
[0012] FIG. 2 shows a wide area network illustrative of the
configuration and operation of a contemporary communications
network.
[0013] FIG. 3 illustrates a switch and promiscuous monitor
according to an embodiment of the present invention.
[0014] FIG. 4 illustrates a multicasting routing methodology to
perform promiscuous monitoring within the switch shown in FIG.
3.
[0015] FIGS. 5A and 5B shows a switch with multiple monitor output
ports according to a second embodiment of the present
invention.
[0016] FIG. 6 shows a switch with multiple monitor output ports and
output port-based monitoring according to a third embodiment of the
present invention.
DETAILED DESCRIPTION
[0017] Networks are a principal means of exchanging or transferring
information (e.g., data, voice, text, video, etc.) among
communications devices (i.e., devices for inputting and/or
outputting information such as computer terminals, multimedia
workstations, fax machines, printers, servers, telephones,
videophones, etc.) connected to the network(s). A network typically
comprises switching nodes connected to each other, and to
communication devices, by links.
[0018] FIG. 2 shows a wide area network illustrative of the
configuration and operation of a contemporary communications
network. Network 10 comprises a plurality of switching nodes 20 and
links 30. Each of the switching nodes 20 may also have associated
therewith a buffer of predetermined size and each of the links 30
will have associated therewith a predetermined traffic handling
capacity. Note that the depiction of a network comprising only five
switching nodes is for convenience of illustration, and that an
operating network may have a much larger number of switching nodes
and associated connecting links.
[0019] Various switching nodes are shown illustratively connected
to communications devices 40. It should be understood that the
single communications devices shown connected to the switching
nodes in the figure are used for simplicity of illustration, and
that an actual implementation of such a network would ordinarily
have a number of communications devices connected at such switching
nodes. Note, as well, that the illustrated communications devices
may also represent another network, such as a LAN, which is
connected to network 10.
[0020] Each communications device 40 generates information for use
by, or receives information from, other communications devices in
the network. The term "information" as used herein is intended to
include data, text, voice, video, etc. Information from
communications device 40 is characterized by a set of transmission
and/or rate parameters related to network link and buffer
requirements needed to accommodate transmission of such
information. Control information can be communicated from
communication device 40 to a switch at switching node 20 to specify
the rate/buffer requirements.
[0021] Communications networks will often use a networking protocol
called Asynchronous Transfer Mode (ATM). In these networks, all
communication at the ATM layer is in terms of fixed-size
information segments, called "cells" in ATM terminology. An ATM
cell consists of 48 bytes of payload and 5 bytes for the ATM-layer
header. Routing of cells is accomplished through cell switches.
Packets of information may be broken up (or segmented) into
multiple cells, each cell carrying the 48 bytes of information
sequentially. The destination reassembles the cells received into
the original packet.
[0022] ATM cells can be carried on a virtual circuit (VC) that must
be set up such that received cells can be routed to multiple ports
at a switch. Permanent VC connections can be easily set up through
switch management; switched VC connections, however, need to be set
up on a more dynamic basis.
[0023] FIG. 3 illustrates a switch and promiscuous monitor
according to an embodiment of the present invention. As shown in
FIG. 3, switch 200 has three input ports, three data output ports,
and a monitor output port. Although switch 200 shown in FIG. 3 has
a certain number of ports for illustrative purposes, the present
invention is equally applicable for any switch having any number of
ports.
[0024] Input links 201, 202 and 203 are connected to switch 200 at
input ports 1, 2 and 3, respectively, which are connected to
interconnection network 210. Interconnection network 210 is
connected to data output ports 1, 2 and 3. Output links 221, 222
and 223 are connected to data output ports 1, 2 and 3,
respectively. Interconnection network 210 is also connected to
monitor port 1 which is connected to promiscuous monitor processor
230.
[0025] Interconnection network 210 routes data packets received at
an input port to the appropriate destination data output port(s).
The number of input ports and/or output ports for switch 200 can
exceed the number of links of the network connected to switch 200.
Additional output ports therefore are available for connecting one
or more promiscuous monitors. In addition to switching
communication data packets between the input ports and the data
output ports, interconnection network 210 also routes a copy of
data packets received at each input port or output port to the
monitor output port 1 through the use of known point-to-multipoint
multicasting techniques within a single switch. Point-to-multipoint
multicasting is the routing of a single message to multiple
recipients. Typically, multicasting is utilized to allow a single
sender to transmit a message, through the various switches of a
network, to multiple senders connected to the network at various
locations. To support such multicasting, switches incorporate
internal mechanisms to multicast incoming data to more than one
output port; at least one of these additional output ports can then
act as a monitor port. The present invention takes advantage of
this multicasting capability of the network by treating traffic on
each input port of the switch as being from a sender which has
receivers downstream on more than one output port. Thus, by
multicasting within the switch, the network data traffic that
passes through this switch can be promiscuously monitored.
[0026] FIG. 4 illustrates a multicasting routing methodology to
perform promiscuous monitoring within the switch shown in FIG. 3.
As a data packet is received at input port 2, interconnection
network 210 routes the data packet to the destination data output
port, for example, data output port 1; this is represented in FIG.
4 as a dotted line. Interconnection network 210 also routes a copy
of the data packet to monitor output port 1; this is represented in
FIG. 4 as a solid line. Similarly, as a data packet is received at
input port 1, interconnection network 210 routes the data packet to
the destination data output port, for example, data output port 3;
this is represent in FIG. 4 as a dotted line. Interconnection
network 210 also routes a copy of the data packet to monitor output
port 1; this is represented in FIG. 4 as a solid line. Although not
shown in FIG. 4, interconnection network 210 routes each data
packet received at each input port to the appropriate destination
data output port(s), while also routing a copy of all data packets
or routing a selective set of data packets to monitor output port
1.
[0027] In a second embodiment of the present invention, multiple
monitor output ports are connected to the switch. By configuring
the switch with multiple monitor output ports, the present
invention can perform load balancing to better distribute the data
packets copied for promiscuous monitoring among multiple monitor
output ports. Thus, if certain input ports receive more
communication data traffic than other input ports, the task of
promiscuously monitoring these input ports having heavy
communication traffic can be divided among the various monitor
processors connected to the various monitor output ports of the
switch. A similar function can be used to balance the load among
output ports as well. Therefore, no one monitor processor is
disproportionally monitoring more communication data than the other
monitor processors.
[0028] FIGS. 5A and 5B shows a switch with multiple monitor output
ports according to the second embodiment of the present invention.
Switch 300, as shown in FIGS. 5A and 5B, has three input ports,
three data output ports and two monitor output ports. FIG. 5A
illustrates a configuration where as a data packet is received at
input port 1 and forwarded to the proper destination data output
port(s) (not shown), interconnection network 310 also routes a copy
of the data packet to monitor output port 2. Also shown in FIG. 5A,
as a data packet is received at either input port 2 or input port 3
and forwarded to the proper destination output port(s) (not shown),
interconnection network 310 also routes a copy of the data packet
to monitor output port 1. The routing of the data packet copies to
the monitor output ports are shown in FIG. 5A as solid lines.
[0029] FIG. 5B illustrates an alternative configuration where as a
data packet is received at either input port 1 or input port 2 and
forwarded to the proper destination data output port(s) (not
shown), interconnection network 310 also routes a copy of the data
packet to monitor output port 2. Also shown in FIG. 5B, as a data
is received at input port 3 and forwarded to the proper destination
data output port(s) (not shown), interconnection network 310 also
routes a copy of the packet to monitor output port 1.
[0030] In a third embodiment of the present invention, the
multicasting can be based on the data packets having been forwarded
to output ports, rather than the data packets received at input
ports as was the case with FIGS. 4, 5A and 5B. FIG. 6 shows a
switch with multiple monitor output ports and output port-based
monitoring according to the third embodiment of the present
invention. Switch 400, as shown in FIG. 6, has three input ports,
three data output ports and two monitor output ports. As a data
packet is received at input ports 1 and 2, interconnection network
410 routes a copy of the data packet to destination data output
port 1; this is represented in FIG. 6 as dotted lines.
Interconnection network 410 also routes a copy of the data packet
to monitor output port 2; this is represented as solid lines.
Similarly, as a data packet is received at input ports 1 and 3,
interconnection network 410 routes a copy of the data packet to
destination data output port 3; this is represented as dotted
lines. Interconnection network 410 also routes a copy of the data
packet to monitor output port 2; this is represented in FIG. 6 as
solid lines.
[0031] In embodiments of the present invention having multiple
monitor output ports, the characteristics of the interconnection
network controlling the routing of data between input ports and
monitor output ports can be modified as the traffic patterns of the
connected links change over time. Modifications to the
interconnection network can be performed easily because the routing
of data is controlled through software rather than through the
hardware configurations of the prior art, such as optical
splitters, which are comparatively inflexible.
[0032] It should, of course, be understood that while the present
invention has been described in reference to switches having
particular characteristics, switches of other characteristics
should be apparent to those of ordinary skill in the art. For
example, the switch can have any number of input ports, data output
ports and monitor output ports. Similarly, any number of
promiscuous monitor processors can be connected to the switch on
monitor output ports, or in other words, output ports not being
utilized. The present invention is equally applicable for any type
of switch, such as an input-buffered switch, output-buffered switch
and shared-memory switch.
* * * * *