| 摘要 |
Passive monitoring of a large-scale network using multiple tiers of ordinary network switches, as opposed to purpose-built network monitoring hardware, is accomplished by initially providing network communications to an initial tier of monitoring switches, either from existing switches that copy frames and provide them to the monitoring switches, or from network taps to which the monitoring switches are connected. The initial tier of monitoring switches comprises flow tables that initially simply drop all frames provided to those switches and, subsequently, when specific network issues arise, they are modified to include a specification particular frame criteria whose frames are either forwarded to subsequent tiers of monitoring switches, or statistics regarding those frames are collected. Subsequent tiers of monitoring switches receive frames from the initial tier and direct them to one or more appropriate analysis computing devices. Ordinary network switches are selected based on their ability to provide low latency forwarding. |
