Techniques are presented herein to facilitate the monitoring of occupancy of a buffer in a network device. Packets are received at a network device. information is captured describing occupancy of the buffer caused by packet flow through the buffer in the network device. Analytics packets are generated containing the information. The analytics packets from the network device for retrieval of the information contained therein for analysis, replay of buffer occupancy, etc.
|
1. A method comprising:
at a collector device configured to be in communication with a network device operating in a network:
receiving analytics packets containing information describing occupancy of a buffer of the network device caused by packet flow through the buffer in the network device, each analytics packet including a record summarizing characteristics of a packet enqueued in the buffer or of a packet dequeued from the buffer; and
replaying the information pertaining to the occupancy of the buffer over time based on the analytics packets, by generating data for visually presenting to a user the information pertaining to the occupancy of the buffer over time.
9. An apparatus comprising:
a memory;
a processor coupled to the memory and configured to be in communication with a network device operating in a network, and configured to:
receive analytics packets containing information describing occupancy of a buffer of the network device caused by packet flow through the buffer in the network device, each analytics packet including a record summarizing characteristics of a packet enqueued in the buffer or of a packet dequeued from the buffer; and
replay the information pertaining to the occupancy of the buffer over time based on the analytics packets, by generating data for visually presenting to a user the information pertaining to the occupancy of the buffer over time.
0. 27. A method for analyzing packets, comprising:
receiving a plurality of packets from a plurality of ingress ports;
temporarily storing one or more received packets in a buffer of a network device;
analyzing a first packet from the one or more received packets to generate an indication of an ingress port of the first packet, a timestamp representing a time of reception of the first packet at the ingress port, a device identifier associated with the first packet, and a packet error properties field;
generating a second packet including information from the first packet as well as the indication of the ingress port, the timestamp, the device identifier, and the packet error properties field; and
sending the first packet out a first egress port.
0. 21. A network device, comprising:
a plurality of ingress ports and a plurality of egress ports;
a buffer to temporarily store one or more packets received by the network device through one of the ingress ports; and
analytics logic comprising digital logic gates and/or software that provide information associated with a first packet from the one or more packets, wherein the information comprises an indication of an ingress port of arrival of the one or more packets, a timestamp representing a time of capturing the one or more packets at the ingress port, a device identifier, and a packet error properties field;
wherein the analytics logic generates a second packet including the information and sends the first packet to one of the plurality of egress ports.
16. A non-transitory computer readable tangible storage media encoded with instructions that, when executed by a processor of a collector device in communication with a network device operating in the network, cause the processor to:
receive analytics packets containing information describing occupancy of a buffer of the network device caused by packet flow through the buffer in the network device, each analytics packet including a record summarizing characteristics of a packet enqueued in the buffer or of a packet dequeued from the buffer; and
replay the information pertaining to the occupancy of the buffer over time based on the analytics packets, by generating data for visually presenting to a user the information pertaining to the occupancy of the buffer over time.
0. 34. A non-transitory computer readable medium storing instructions that, when executed, cause a logic circuit to:
receive a plurality of packets from a plurality of ingress ports;
temporarily store one or more received packets in a buffer of a network device;
analyze a first packet from the one or more received packets to generate an indication of an ingress port of the first packet, a timestamp representing a time of reception of the first packet at the ingress port, a device identifier associated with the first packet, and a packet error properties field;
generate a second packet including information from the first packet as well as the indication of the ingress port, the timestamp, the device identifier, and the packet error properties field; and
send the first packet out a first egress port.
2. The method of
3. The method of
4. The method of
5. The method of
6. The method of
7. The method of
8. The method of
10. The apparatus of
11. The apparatus of
12. The apparatus of
13. The apparatus of
14. The apparatus of
15. The apparatus of
17. The non-transitory computer readable tangible storage media of
18. The non-transitory computer readable tangible storage media of
19. The non-transitory computer readable tangible storage media of
20. The non-transitory computer readable tangible storage media of
0. 22. The network device of claim 21, wherein the second packet is transmitted on an egress port different from the first packet.
0. 23. The network device of claim 21, wherein the analytics logic further performs admission control or departure control.
0. 24. The network device of claim 23, wherein the departure control includes one of dropping, scheduling rate limiting, policing, or shaping with respect to one or more packets sent out an egress port.
0. 25. The network device of claim 23, wherein the admission control includes one of dropping, scheduling, rate limiting, policing, or shaping with respect to packets arriving at an ingress port.
0. 26. The network device of claim 22, further comprising a collector device, wherein latency analysis is performed by the collector device on a packet flow associated with the first packet through analysis of the second packet.
0. 28. The method of claim 27, wherein the method further comprises sending the second packet out a second egress port, different than the first egress port.
0. 29. The method of claim 27, further comprising performing admission control or departure control.
0. 30. The method of claim 29, wherein the departure control includes one of dropping, scheduling, rate limiting, policing, or shaping with respect to one or more packets sent out an egress port.
0. 31. The method of claim 29, wherein the admission control includes one of dropping, scheduling, rate limiting, policing, or shaping with respect to packets arriving at an ingress port.
0. 32. The method of claim 27, wherein the second packet contains information included in the first packet.
0. 33. The method of claim 27, wherein the second packet includes one or more user-defined fields.
0. 35. The non-transitory computer readable medium of claim 34, wherein the instructions further cause the logic circuit to send the second packet out a second egress port, different than the first egress port.
0. 36. The non-transitory computer readable medium of claim 34, wherein the instructions further cause the logic circuit to generate the packet error properties field and include it in the second packet.
0. 37. The non-transitory computer readable medium of claim 34, wherein the instructions further cause the logic circuit to generate information identifying a particular network device and include it in the second packet as the device identifier.
0. 38. The non-transitory computer readable medium of claim 34, wherein the instructions further cause the logic circuit to perform admission control including one of dropping, scheduling, rate limiting, policing, or shaping with respect to packets arriving at an ingress port.
0. 39. The non-transitory computer readable medium of claim 34, wherein the instructions further cause the logic circuit to perform departure control including one of dropping, scheduling, rate limiting, policing, or shaping with respect to one or more packets sent out an egress port.
|
This application is a continuation of U.S. application Ser. No. 14/707,139, filed May 8, 2015, which in turn is turn is a continuation of U.S. application Ser. No. 13/708,265, filed Dec. 7, 2012, now U.S. Pat. No. 9,077,619, which in turn claims priority to U.S. Provisional Application No. 61/702,320, filed Sep. 18, 2012, entitled “Exporting Real Time Network Traffic Latency and Buffer Occupancy.” The entirety of these applications is incorporated herein by reference.
The present disclosure relates generally to analysis of occupancy of a buffer in a network device.
In a computer network, data is transmitted from a source to a destination in the form of packets that generally pass through one or more network devices (e.g., switches, routers, firewalls, etc.). During the transmission, certain errors may arise that result in, for example, redundant data being added to the original data, dropped packets, etc. Massively Scalable Data Center and Cloud Computing systems are putting more traffic load on network equipment such that over-provisioned networks are no longer possible. Monitoring of a buffer in a network device is useful to gain knowledge for network administration, analysis, and performance.
Techniques are presented herein to facilitate the monitoring of occupancy of a buffer in a network device. Packets are received at a network device. Information is captured describing occupancy of the buffer caused by packet flow through the buffer in the network device. Analytics packets are generated containing the information. The analytics packets from the network device for retrieval of the information contained therein for analysis, replay of buffer occupancy, etc.
Complete network visibility into buffer occupancy and the ability to replay occupancy via export and post processing is important since network disruptions (e.g., microbursts) can occur at any time. Furthermore, the ability to replay buffer occupancy allows for effective diagnosis of network issues to provide corrective actions. Existing solutions such as port mirroring (i.e., Switched Port Analyzer (SPAN)) do not provide visibility of buffer occupancy. As such, presented herein are techniques for monitoring and replaying buffer occupancy.
Referring now to
Packets 20 arrive at the network device 10 via any of the ports 12(1)-12(N).
Generally, the buffer analytics logic 16 captures information describing occupancy of the buffer 14 caused by packet flow through the buffer in the network device 10, and generates buffer analytics packets 30 containing the information. As will become apparent from the description below in connection with
First, the network device 10 may insert into buffer analytics packets 30 an address for a destination of the buffer analytics packet, e.g., address for any device connected to the network 40, such as collector device 60 having a CPU 62 and memory 64. The network device 10 sends the analytics packet 30 via network 40 to the destination collector device 60, which may be at any location, local or remote from network device 10.
Second, the network device 10 may output the analytics packet 30 to a dedicated port, e.g., port 12(4) of the network device 10 to which a collector device 70 is connected. The dedicated analytics port 12(4) can participate in port channel or fixed port distribution to expand bandwidth to a single or multiple monitor ports. The collector device 70, since it is connected directly to port 12(4), is usually local to the network device 10. The collector device 70 includes a CPU 72 and memory 74.
Third, the analytics packets 30 may be output to the onboard CPU 18 and memory 19 in the network device 10, such that CPU 18 and memory 19 also serve as a collector device. In any of these scenarios, the CPUs 18, 62 and 72 may replay and analyze the occupancy of the buffer 14 based on software instructions stored in its associated memory 19, 64 and 74, respectively. Moreover, the analytics packets are stored in the memory 19, 64 and 74 for the associated CPU 18, 62 and 72, respectively.
The network device 10 can be any network device now known or hereinafter developed, including a switch, router, gateway, a software stack on a host device, virtual network interface cards (VNICs) virtual switches, physical network interface cards (including those that support virtualization).
Memory 19, 64 and 74 may comprise read only memory (ROM), random access memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, the memory 19, 64 and 74 may comprise one or more tangible (non-transitory) computer readable storage media (e.g., a memory device) encoded with software comprising computer executable instructions and when the software is executed (by the associated CPU) it is operable to perform the operations described herein.
Reference is now made to
The enqueue analytics packet generator 80 is configured to generate an analytics packet, called an enqueue buffer analytics packet shown at reference numeral 32, that describes/summarizes a packet being enqueued into buffer 14. Similarly, the dequeue analytics packet generator 82 is configured to generate an analytics packet, called a dequeue buffer analytics packet shown at reference numeral 34, that describes/summarizes a packet being dequeued from buffer 14. The packet assembler 88 assembles a packet 20 ready out from the buffer 14 for output from the network device.
The enqueue analytics packet generator 80 captures, for a packet enqueued to buffer 14, information describing one or more of identification of ingress port of arrival of the packet at the network device, Layer 2 source address and destination address, Layer 3 source address and destination address, Layer 4 source address and destination address, class of service, and timestamp of arrival at the ingress port. Similarly, the dequeue analytics packet generator 82 captures, for a packet dequeued from the buffer 14, information describing one or more of identification of egress port for departure of the packet from the network device, Layer 2 source address and destination address, Layer 3 source address and destination address, and timestamp of departure from the egress port.
The enqueue buffer analytics packet 32 generated by the enqueue analytics packet generator 80, dequeue buffer analytics packet 34 generated by the dequeue analytics packet generator 82, and packet 20 output by the packet assembler 88, are all supplied to a corresponding input of the multiplexer 90. The multiplexer 90 selectively outputs, at any given time, either a packet 20, an enqueue buffer analytics packet 32 or a dequeue buffer analytics packet 34. Priority is given to output of a packet 20 in order to maintain proper flow of network traffic through the network device 10. Trigger for output of an analytics packet may be based on time (according to a schedule) or size of a packet enqueued to the buffer or dequeued from the buffer.
Reference is now made to
The Ethernet header field 110 is field that is used to encapsulate the destination address of the analytics packet, e.g., to direct the analytics packet to a destination, i.e., a local or remote collector device (as indicated in
The common header field 110 contains information captured from the header of a packet that has been enqueued to or dequeued (as the case may be) from the buffer. Thus, the common header field summarizes the header of a packet that is enqueued to and dequeued from the buffer in the network device. For example, the common header field includes information for a common header version (to allow for backward/future compatibility), timescale information representing the timescale of the enqueued or dequeued packet, a timestamp of the packet arrival and/or departure to/from the buffer to allow for replay, a record number to allow a collector to determine how many, if any records, have been lost in between the current analytics packet and the last received analytics packet, and one or more user defined fields such as class of service, type of service, etc.
The record field 120 contains data for an enqueued or dequeued packet that a user configures the buffer analytics logic to capture. Examples of data that may be include in a record field includes:
Format version to indicate a format version of the record field for backward/future compatibility.
L2 Header Fields (MAC SA/DA) or compressed versions (i.e. last 24 bits) and priority
L3 Header (IP SA/DA) or compressed versions (i.e. last 16 bits) and priority and protocol type
L4 Header (TCP/UDP SA/DA)
User defined fields, including one or more of:
Thus, to summarize, the record field 120 for an analytics packet contains information about an enqueued packet or dequeued packet to describe buffer occupancy characteristics such as overall buffer occupancy, buffer occupancy based on packet priority, unicast queue length, multicast queue length; packet properties such as drop, port mirrored, load balanced, bridged or routed, and packet length; and packet error properties such as Cyclic Redundancy Check (CRC), and various error protocols such as Runt, Giant, and Jabber. More specifically, for a packet enqueued to the buffer, information is included in the record field describing one or more of identification of ingress port of arrival of the packet at the network device, Layer 2 source address and destination address, Layer 3 source address and destination address, Layer 4 source address and destination address, class of service, and timestamp of arrival at the ingress port. Similarly, for a packet dequeued from the buffer, information is included in the record field describing one or more of identification of egress port for departure of the packet from the network device, Layer 2 source address and destination address, Layer 3 source address and destination address, and timestamp of departure from the egress port. Other examples of data captured into user defined fields include an indication of a packet being rate limited, shaped, policed as well as any programmable bytes of the packet including payload.
The size of the analytics packet (Ethernet header field, common header field and records) may be the Maximum Transmit Unit (MTU), a switch specific analytics MTU, determined using a time-based method (e.g., analytics packet generated and transmitted at predetermined times), determined based on a selected number of packets, or by other techniques.
Reference is now made to
By generating and exporting analytics packets that summarize properties of packets enqueued to and dequeued from a buffer in a network device, a replay of the buffer may be achieved using specific pieces of information that are of interest to network administrators and application developers. Recording each of these categories would require enormous bandwidth if a complete enqueued or dequeued packet is captured.
In summary, presented herein are techniques that enable a time-based complete replay of the buffer occupancy with resolution determined by a sampling period. These techniques provide visibility of traffic flows received by network devices. The information provided can be used by network administrators to gain insight into their specific network traffic, such as per-packet latency, buffer occupancy, and possible congestion sources. This information can lead to better allocation and provisioning of network resources, reduced congestion, and higher overall throughput. By parsing and aggregating relevant characteristics from each packet according to the techniques presented herein, bandwidth requirements associated with network monitoring are greatly reduced. As such, these techniques assist in reducing the amount of data exported for analysis.
The above description is intended by way of example only.
Edsall, Thomas J., Huang, Wei-Jen, Huang, Chih-Tsung, Yang, Yue J.
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
6246684, | Dec 24 1997 | RPX CLEARINGHOUSE LLC | Method and apparatus for re-ordering data packets in a network environment |
6690646, | Jul 13 1999 | GOOGLE LLC | Network capacity planning based on buffers occupancy monitoring |
6853623, | Mar 05 1999 | Cisco Technology, Inc. | Remote monitoring of switch network |
6892237, | Mar 28 2000 | Cisco Technology, Inc. | Method and apparatus for high-speed parsing of network messages |
6990202, | Oct 04 2001 | HEWLETT-PACKARD DEVELOPMENT COMPANY L P | Packetizing devices for secure scalable data streaming |
7106731, | Dec 31 1997 | Cisco Technology, Inc. | Router with class of service mapping |
7395332, | Mar 28 2000 | Cisco Technology, Inc. | Method and apparatus for high-speed parsing of network messages |
7474666, | Sep 03 2003 | Cisco Systems, Inc; Cisco Technology, Inc | Switch port analyzers |
7656818, | Oct 28 2005 | Cisco Technology, Inc. | Customizable network device management methods and systems |
7792130, | Aug 12 2007 | VIVO MOBILE COMMUNICATION CO , LTD | Wireless device and method of transmitting uplink data and buffer status reports in a wireless communications system |
7830793, | Oct 22 2004 | Cisco Technology, Inc. | Network device architecture for consolidating input/output and reducing latency |
7899048, | Jan 15 2003 | Cisco Technology, Inc. | Method and apparatus for remotely monitoring network traffic through a generic network |
7961621, | Oct 11 2005 | Cisco Technology, Inc. | Methods and devices for backward congestion notification |
7969971, | Oct 22 2004 | Cisco Technology, Inc. | Ethernet extension for the data center |
8116307, | Sep 23 2004 | Juniper Networks, Inc | Packet structure for mirrored traffic flow |
8208389, | Jul 20 2006 | Cisco Technology, Inc.; Cisco Technology, Inc | Methods and apparatus for improved determination of network metrics |
8274905, | Aug 22 2006 | CenturyLink Intellectual Property LLC | System and method for displaying a graph representative of network performance over a time period |
8605588, | May 08 2007 | Cisco Technology, Inc. | Packet drop analysis for flows of data |
8640036, | Apr 07 2010 | Cisco Techology, Inc. | Messaging and presence protocol as a configuration and management bus for embedded devices |
8681806, | Jun 23 2008 | Koninklijke Philips Electronics N V | Method for communicating in a network and radio stations associated |
8767551, | Jan 27 2011 | Cognyte Technologies Israel Ltd | System and method for flow table management |
20030007456, | |||
20030231596, | |||
20050182850, | |||
20050240745, | |||
20060062209, | |||
20060253900, | |||
20060268847, | |||
20080285463, | |||
20090034416, | |||
20090041011, | |||
20090100040, | |||
20090171474, | |||
20100054152, | |||
20100154033, | |||
20100287297, | |||
20120093505, | |||
20120215909, | |||
20130155858, | |||
20130194923, | |||
20150244637, | |||
GB2477640, | |||
WO2008097001, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Dec 04 2012 | YANG, YUE J | Cisco Technology, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 055443 | /0922 | |
Dec 04 2012 | HUANG, WEI-JEN | Cisco Technology, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 055443 | /0922 | |
Dec 04 2012 | HUANG, CHIH-TSUNG | Cisco Technology, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 055443 | /0922 | |
Dec 07 2012 | EDSALL, THOMAS J | Cisco Technology, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 055443 | /0922 | |
May 01 2019 | Cisco Technology, Inc. | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
May 01 2019 | BIG: Entity status set to Undiscounted (note the period is included in the code). |
Oct 21 2024 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Date | Maintenance Schedule |
Jul 13 2024 | 4 years fee payment window open |
Jan 13 2025 | 6 months grace period start (w surcharge) |
Jul 13 2025 | patent expiry (for year 4) |
Jul 13 2027 | 2 years to revive unintentionally abandoned end. (for year 4) |
Jul 13 2028 | 8 years fee payment window open |
Jan 13 2029 | 6 months grace period start (w surcharge) |
Jul 13 2029 | patent expiry (for year 8) |
Jul 13 2031 | 2 years to revive unintentionally abandoned end. (for year 8) |
Jul 13 2032 | 12 years fee payment window open |
Jan 13 2033 | 6 months grace period start (w surcharge) |
Jul 13 2033 | patent expiry (for year 12) |
Jul 13 2035 | 2 years to revive unintentionally abandoned end. (for year 12) |