公开(公告)号：US20160359679A1

公开(公告)日：2016-12-08

申请号：US15140376

申请日：2016-04-27

Applicant: Cisco Technology, Inc.

Inventor： Ali Parandehgheibi ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Ellen Christine Scheib ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/24

Abstract: This disclosure generally relate to a method and system for mapping network information. The present technology relates techniques that enable full-scale, dynamic network mapping of a network system. By collecting network and computing data using built-in sensors, the present technology can provide network information for system monitoring and maintenance. According to some embodiments, the present technology enables generating and displaying of network connections and data processing statistics related to numerous nodes in a network. The present technology provides useful insights and actionable knowledge for network monitoring, security, and maintenance, via intelligently summarizing and effectively displaying the complex network communications and processes of a network.

Abstract translation: 本公开一般涉及用于映射网络信息的方法和系统。 本技术涉及能够实现网络系统的全面，动态网络映射的技术。 通过使用内置传感器收集网络和计算数据，本技术可以提供网络信息进行系统监控和维护。 根据一些实施例，本技术能够生成和显示与网络中的许多节点相关的网络连接和数据处理统计。 本技术通过智能总结和有效显示网络的复杂网络通信和过程，为网络监控，安全和维护提供有用的见解和可操作的知识。

公开(公告)号：US09502111B2

公开(公告)日：2016-11-22

申请号：US14450106

申请日：2014-08-01

Applicant: Cisco Technology, Inc.

Inventor： Sarang Dharmapurikar ,  Mohammadreza Alizadeh Attar ,  Navindra Yadav ,  Ramanan Vaidyanathan ,  Kit Chiu Chu

IPC: H04L12/28 ,  G11C15/04 ,  H04L12/707 ,  H04L12/803

CPC classification number: H04L45/7453 ,  G06F9/30018 ,  G06K15/107 ,  G11C11/4096 ,  G11C15/00 ,  G11C15/04 ,  G11C2207/002 ,  H04L45/24 ,  H04L47/125

Abstract: In some implementations, network traffic can be routed along equal cost paths based on weights assigned to each path. For example, weighted equal cost multipath routing can be implemented by assigning weights to each equal cost path (e.g., uplink, next hop node) to a destination device. When the network device receives a packet, the network device can generate a key (e.g., a random value, a hash value based on packet data, a value between 0 and n, etc.). The key can be used to select an uplink or path upon which to forward the packet. A key can be generated for a packet flow or flowlet. Each flow can be associated with the same key so that each packet in a flow will be forwarded along the same path. Each flowlet can be forwarded along a different uplink.

Abstract translation: 在一些实现中，基于分配给每个路径的权重，网络流量可以沿着相等的成本路径路由。 例如，可以通过向目标设备分配权重给每个相等成本路径（例如，上行链路，下一跳节点）来实现加权等成本多径路由。 当网络设备接收到分组时，网络设备可以生成密钥（例如，随机值，基于分组数据的哈希值，0和n之间的值等）。 密钥可以用于选择转发数据包的上行链路或路径。 可以为分组流或小流生成密钥。 每个流可以与相同的密钥相关联，使得流中的每个分组将沿着相同的路径被转发。 每条流都可以沿不同的上行链路转发。

公开(公告)号：US12218846B2

公开(公告)日：2025-02-04

申请号：US18418169

申请日：2024-01-19

Applicant: Cisco Technology, Inc.

Inventor： Mohammadreza Alizadeh Attar ,  Thomas J. Edsall ,  Sarang M. Dharmapurikar ,  Janakiramanan Vaidyanathan

IPC: H04L47/125 ,  H04L45/00

Abstract: In accordance with one embodiment, a source leaf device receives a packet.
The source leaf device identifies a flowlet associated with the packet and a destination leaf device to which the packet is to be transmitted. The source leaf device may determine whether the flowlet is a new flowlet. The source leaf device may select an uplink of the source leaf device via which to transmit the flowlet to the destination leaf device according to whether the flowlet is a new flowlet. The source leaf device may then transmit the packet to the destination leaf device via the uplink.

公开(公告)号：US20240163215A1

公开(公告)日：2024-05-16

申请号：US18416722

申请日：2024-01-18

Applicant: Cisco Technology, Inc.

Inventor： Mohammadreza Alizadeh Attar ,  Thomas J. Edsall ,  Sarang M. Dharmapurikar ,  Janakiramanan Vaidyanathan

IPC: H04L47/125 ,  H04L45/00

CPC classification number: H04L47/125 ,  H04L45/38

Abstract: In accordance with one embodiment, a source leaf device receives a packet. The source leaf device identifies a flowlet associated with the packet and a destination leaf device to which the packet is to be transmitted. The source leaf device may determine whether the flowlet is a new flowlet. The source leaf device may select an uplink of the source leaf device via which to transmit the flowlet to the destination leaf device according to whether the flowlet is a new flowlet. The source leaf device may then transmit the packet to the destination leaf device via the uplink.

公开(公告)号：US11128552B2

公开(公告)日：2021-09-21

申请号：US16173400

申请日：2018-10-29

Applicant: Cisco Technology, Inc.

Inventor： Mohammadreza Alizadeh Attar ,  Navindra Yadav ,  Abhishek Ranjan Singh ,  Vimalkumar Jeyakumar ,  Shashidhar Gandham ,  Roberto Fernando Spadaro

IPC: H04L12/26 ,  H04L9/32 ,  H04L12/24 ,  H04L12/715 ,  H04L12/723 ,  H04L29/06 ,  H04L29/08 ,  H04L12/851 ,  H04W84/18 ,  H04W72/08 ,  G06F16/17 ,  G06F16/16 ,  G06F16/13 ,  G06F16/23 ,  G06F16/9535 ,  G06F16/174 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/11 ,  G06N20/00 ,  G06F9/455 ,  G06F21/55 ,  G06F21/56 ,  G06F16/248 ,  G06F16/29 ,  G06N99/00 ,  G06F21/53 ,  G06F3/0484 ,  H04L1/24 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725

Abstract: Systems, methods, and computer-readable media are provided for determining a packet's round trip time (RTT) in a network. A system can receive information of a packet sent by a component of the network and further determine an expected acknowledgement (ACK) sequence number associated with the packet based upon received information of the packet. The system can receive information of a subsequent packet received by the component and determine an ACK sequence number and a receiving time of the subsequent packet. In response to determining that the ACK sequence number of the subsequent TCP packet matches the expected ACK sequence number, the system can determine a round trip time (RTT) of the packet based upon the received information of the packet and the received information of the subsequent packet.

公开(公告)号：US10797973B2

公开(公告)日：2020-10-06

申请号：US16707756

申请日：2019-12-09

Applicant: Cisco Technology, Inc.

Inventor： Ali Parandehgheibi ,  Abhishek Ranjan Singh ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Ellen Christine Scheib ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F16/29 ,  G06F16/248 ,  G06F16/28 ,  G06F16/9535 ,  G06F16/2457 ,  G06F21/55 ,  G06F21/56 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06N99/00 ,  G06F16/174 ,  G06F16/23

Abstract: Systems, methods, and computer-readable media are provided for determining whether a node in a network is a server or a client. In some examples, a system can collect, from one or more sensors that monitor at least part of data traffic being transmitted via a pair of nodes in a network, information of the data traffic. The system can analyze attributes of the data traffic such as timing, port magnitude, degree of communication, historical data, etc. Based on analysis results and a predetermined rule associated with the attributes, the system can determine which node of the pair of nodes is a client and which node is a server.

公开(公告)号：US20200313986A1

公开(公告)日：2020-10-01

申请号：US16846149

申请日：2020-04-10

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Mohammadreza Alizadeh Attar ,  Shashidhar Gandham ,  Jackson Ngoc Ki Pang ,  Roberto Fernando Spadaro

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F16/29 ,  G06F16/248 ,  G06F16/28 ,  G06F16/9535 ,  G06F16/2457 ,  G06F21/55 ,  G06F21/56 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06N99/00 ,  G06F16/174 ,  G06F16/23

Abstract: An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to “hide” or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.

公开(公告)号：US10116531B2

公开(公告)日：2018-10-30

申请号：US15170837

申请日：2016-06-01

Applicant: Cisco Technology, Inc.

Inventor： Mohammadreza Alizadeh Attar ,  Navindra Yadav ,  Abhishek Ranjan Singh ,  Vimalkumar Jeyakumar ,  Shashidhar Gandham ,  Roberto Fernando Spadaro

IPC: H04L12/26 ,  H04L29/06 ,  H04L29/08 ,  H04L12/851 ,  H04L12/715 ,  H04L12/725 ,  H04L12/24 ,  H04W84/18 ,  G06F17/30 ,  G06F3/0482 ,  G06F9/455 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06T11/20 ,  H04L12/841 ,  G06F21/55 ,  G06F21/56

Abstract: Systems, methods, and computer-readable media are provided for determining a packet's round trip time (RTT) in a network. A system can receive information of a packet sent by a component of the network and further determine an expected acknowledgement (ACK) sequence number associated with the packet based upon received information of the packet. The system can receive information of a subsequent packet received by the component and determine an ACK sequence number and a receiving time of the subsequent packet. In response to determining that the ACK sequence number of the subsequent TCP packet matches the expected ACK sequence number, the system can determine a round trip time (RTT) of the packet based upon the received information of the packet and the received information of the subsequent packet.

公开(公告)号：US20180069783A1

公开(公告)日：2018-03-08

申请号：US15795541

申请日：2017-10-27

Applicant: Cisco Technology, Inc.

Inventor： Kit Chiu Chu ,  Jeff Hill ,  Thomas J. Edsall ,  Mohammadreza Alizadeh Attar

IPC: H04L12/703 ,  H04L12/26 ,  H04L12/46 ,  H04L12/741 ,  H04L29/12 ,  H04L12/751 ,  H04L29/06 ,  H04L12/58 ,  H04L29/08 ,  H04L12/707 ,  H04L12/709 ,  H04L12/723 ,  H04L12/24 ,  H04L12/931

CPC classification number: H04L45/28 ,  H04L12/18 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/4645 ,  H04L41/0654 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/02 ,  H04L45/021 ,  H04L45/22 ,  H04L45/24 ,  H04L45/245 ,  H04L45/48 ,  H04L45/50 ,  H04L45/64 ,  H04L45/74 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/125 ,  H04L49/70 ,  H04L51/14 ,  H04L61/2503 ,  H04L61/2592 ,  H04L67/10 ,  H04L69/22 ,  H04L2212/00

Abstract: The subject technology addresses the need in the art for directly measuring a maximum latency number with respect to a percentile of network traffic, which a network operator may utilize as an performance indication or metric. Given a traffic percentile, a tracking algorithm in accordance with embodiments described herein may be implemented in hardware and/or software to determine a maximum latency for this specific percentile of traffic.

公开(公告)号：US20180048571A1

公开(公告)日：2018-02-15

申请号：US15792587

申请日：2017-10-24

Applicant: Cisco Technology, Inc.

Inventor： Sarang M. Dharmapurikar ,  Mohammadreza Alizadeh Attar ,  Kit Chiu Chu ,  Francisco M. Matus ,  Adam Hutchin ,  Janakiramanan Vaidyanathan

IPC: H04L12/743

CPC classification number: H04L45/7453 ,  G06F9/30018 ,  G06K15/107 ,  G11C11/4096 ,  G11C15/00 ,  G11C15/04 ,  G11C2207/002 ,  H04L45/24 ,  H04L47/125

Abstract: Apparatus, systems and methods may be used to monitor data flows and to select and track particularly large data flows. A method of tracking data flows and identifying large-data (“elephant”) flows comprises extracting fields from a packet of data to construct a flow key, computing a hash value on the flow key to provide a hashed flow signature, entering and/or comparing the hashed flow signature with entries in a flow hash table. Each hash table entry includes a byte count for a respective flow. When the byte count for a flow exceeds a threshold value, the flow is added to a large-data flow (“elephant”) table and the flow is then tracked in the large-data flow table.