Method and System for Annotating Network Flow Information

Abstract

A scalable flow monitoring solution takes in standard flow records exported from network devices such as routers, switches, firewalls, hubs, etc., and annotates the flow with additional information. This information is derived from a number of sources, including Border Gateway Protocol (BGP), Simple Network Management Protocol (SNMP), user configuration, and other, intelligent flow analysis. These annotations add information to the flow data, and can be used to perform value-added flow analysis. The annotated flow is then resent to a configurable set of destinations using standard flow formatting, e.g., Cisco System Inc.'s NetFlow, in one implementation. This allows the annotated flow to be processed and the enhanced information to be used by other flow analysis tools and existing flow analysis infrastructure.

Description

BACKGROUND OF THE INVENTION[0001]Host computers, including servers and client computers, are typically interconnected to form computer networks. A computer network, and more generally a communications network, is a group of devices or network entities that are interconnected by one or more segments of transmission media on which communications are exchanged between those network entities. The communications can be transmitted electrically, including wireless links, or optically. The computer networks typically further comprise separate network communications devices, such as routers, switches, bridges, and hubs, for transmitting and relaying the communications between the network entities through the network's mesh.[0002]Computer networks are typically classified by their size or by the type of entity that owns the network. Often, business organizations maintain large computer networks. These computer networks are referred to as enterprise networks. Enterprise networks are typically...

AI Technical Summary

Benefits of technology

[0016]The present invention can be used to facilitate the creation of scalable flow monitoring solutions. The invention also demonstrates that there can be a reasonably low overhead for this approach.

[0017]An embodiment of the present invention takes in standard flow records exported from network devices such as routers, switches, firewalls, hubs, etc., and annotates the flow with additional information. This information is derived from a number of sources, including Border Gateway Protocol (BGP), Simple Network Management Protocol (SNMP), user configuration, and other, intelligent flow analysis. These annotations add information to the flow data, and can be used to perform value-added flow analysis. The annotated flow is then resent to a configurable set of destinations using standard flow formatting, e.g., Cisco System Inc.'s NetFlow technology, version 9, in one implementation. This allows the annotated flow to be processed and the enhanced information to be used by other flow analysis tools and existing flow analysis infrastructure.

[0019]Advantages over existing systems include real-time data collection, scalability and intelligence. In contrast, currently used systems require data to be collected and analyzed after the fact, often accompanied by long delays between the sending of the original flow information from the network devices and the availability of the additional information generated by the flow analysis tools.

Problems solved by technology

The standard flow information that is available from network devices is limited, however.

These solutions do not provide real-time flow information, nor is their information made available using existing flow export methods.

Thus, these solutions are not nearly as scalable, and are much more restricted in the type of data they can provide.

It also means that accessing the data they provide requires writing custom software, rather than being able to reuse existing flow collection and analysis infrastructure.

Images