公开(公告)号：US20170104775A1

公开(公告)日：2017-04-13

申请号：US14878171

申请日：2015-10-08

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sukrit Dasgupta ,  Grégory Mermoud

IPC: H04L29/06 ,  G06F9/445 ,  H04L29/08

CPC classification number: H04L63/1425 ,  G06F8/60 ,  G06F11/00 ,  H04L41/00 ,  H04L67/34 ,  H04L69/40

Abstract: In one embodiment, a device in a network maintains information regarding anomaly detection models used in the network and applications associated with traffic analyzed by the anomaly detection models. The device receives an indication of a planned application deployment in the network. The device adjusts an anomaly detection strategy of a particular anomaly detector in the network based on the planned application deployment and on the information regarding anomaly detection models used in the network and the applications associated with the traffic analyzed by the anomaly detection models.

公开(公告)号：US20170104774A1

公开(公告)日：2017-04-13

申请号：US14878166

申请日：2015-10-08

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Fabien Flacher ,  Grégory Mermoud

IPC: H04L29/06 ,  G06N3/08

CPC classification number: H04L63/1425 ,  G06N99/005

Abstract: In one embodiment, a device in a network receives an output of an anomaly detection model. The device receives state information surrounding the output of the anomaly detection model. The device determines whether the state information supports the output of the anomaly detection model. The device causes the anomaly detection model to be adjusted based on a determination that the state information does not support the output of the anomaly detection model.

公开(公告)号：US09544220B2

公开(公告)日：2017-01-10

申请号：US13946268

申请日：2013-07-19

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Jonathan W. Hui

IPC: H04L12/751 ,  H04L12/24 ,  H04L12/26 ,  H04L12/703

CPC classification number: H04L45/08 ,  H04L41/0677 ,  H04L41/5009 ,  H04L43/106 ,  H04L45/28

Abstract: In one embodiment, nodes are polled in a network for Quality of Service (QoS) measurements, and a QoS anomaly that affects a plurality of potentially faulty nodes is detected based on the QoS measurements. A path, which traverses the plurality of potentially faulty nodes, is then computed from a first endpoint to a second endpoint. Also, a median node that is located at a point along the path between the first endpoint and the second endpoint is computed. Time-stamped packets are received from the median node, and the first endpoint and the second endpoint of the path are updated based on the received time-stamped packets, such that an amount of potentially faulty nodes is reduced. Then, the faulty node is identified from a reduced amount of potentially faulty nodes.

Abstract translation: 在一个实施例中，在用于服务质量（QoS）测量的网络中轮询节点，并且基于QoS测量来检测影响多个潜在故障节点的QoS异常。 然后，从第一端点到第二端点计算遍历多个潜在故障节点的路径。 此外，计算位于沿着第一端点和第二端点之间的路径的点处的中间节点。 从中间节点接收时间戳的分组，并且基于接收的时间戳分组来更新路径的第一端点和第二端点，使得可能故障节点的量减少。 然后，从减少量的潜在故障节点识别故障节点。

公开(公告)号：US09525617B2

公开(公告)日：2016-12-20

申请号：US14268627

申请日：2014-05-02

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Diane Bouchacourt

IPC: H04L12/721 ,  H04L12/727 ,  H04L12/26

CPC classification number: H04L45/124 ,  H04L43/0852 ,  H04L45/121 ,  H04L45/123 ,  H04L45/44

Abstract: In one embodiment, a method is disclosed in which a device receives delay information for a communication segment in a network. The device determines a predictability measurement for delays along the segment using the received delay information. The predictability measurement is advertised to one or more devices in the network and used as a routing constraint to select a routing path in the network.

Abstract translation: 在一个实施例中，公开了一种方法，其中设备接收网络中的通信段的延迟信息。 该设备使用接收到的延迟信息确定沿着该段的延迟的可预测性测量。 将可预测性测量通告给网络中的一个或多个设备，并用作路由约束来选择网络中的路由路径。

公开(公告)号：US20160352765A1

公开(公告)日：2016-12-01

申请号：US15072526

申请日：2016-03-17

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Yannick Weibel

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1458

Abstract: In one embodiment, a device in a network receives fingerprints of two or more network anomalies detected in the network by different anomaly detectors. Each fingerprint comprises a hash of tags that describe a detected anomaly. The device associates the fingerprints with network records captured within a timeframe in which the two or more network anomalies were detected. The device compares the fingerprints associated with the network records to determine that the two or more detected anomalies are part of a singular anomaly event. The device generates a notification regarding the singular anomaly event, wherein the notification includes those of the fingerprints that are associated with the singular anomaly event.

Abstract translation: 在一个实施例中，网络中的设备由不同的异常检测器接收在网络中检测到的两个或多个网络异常的指纹。 每个指纹包括描述检测到的异常的标签的散列。 该设备将指纹与在其中检测到两个或多个网络异常的时间范围内捕获的网络记录相关联。 设备将与网络记录相关联的指纹进行比较，以确定两个或多个检测到的异常是单个异常事件的一部分。 设备生成关于奇异异常事件的通知，其中通知包括与单个异常事件相关联的指纹的通知。

公开(公告)号：US09432248B2

公开(公告)日：2016-08-30

申请号：US14163488

申请日：2014-01-24

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Sukrit Dasgupta ,  Jonathan W. Hui

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04L41/0618 ,  H04L41/06 ,  H04L41/0604 ,  H04L41/0613 ,  H04L41/16 ,  H04L43/50 ,  Y02B60/33

Abstract: In one embodiment, a device (e.g., learning machine) determines a plurality of fate-sharing group (FSG) nodes in a computer network that are prone to simultaneously send an alarm upon detecting an event. As such, the device may elect one or more FSG owner nodes as a subset of the FSG nodes, and instructs the FSG group such that only FSG owner nodes send an alarm upon event detection.

Abstract translation: 在一个实施例中，设备（例如，学习机器）确定计算机网络中在检测到事件时容易同时发送警报的多个命运共享组（FSG）节点。 因此，设备可以选择一个或多个FSG所有者节点作为FSG节点的子集，并指示FSG组，使得只有FSG所有者节点在事件检测时发送报警。

公开(公告)号：US20160219070A1

公开(公告)日：2016-07-28

申请号：US14989920

申请日：2016-01-07

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Laurent Sartran

IPC: H04L29/06 ,  H04L12/751 ,  G06N99/00 ,  H04L12/707

CPC classification number: H04L63/1425 ,  G06F21/552 ,  G06N99/005 ,  H04L45/02 ,  H04L45/22 ,  H04L45/306

Abstract: In one embodiment, a device in a network receives traffic metrics for a plurality of applications in the network. The device populates a feature space for a machine learning-based anomaly detector. The device identifies a missing dataset in the feature space for a particular one of the plurality of applications. The device adjusts how traffic is sent in the network, to capture the missing dataset.

Abstract translation: 在一个实施例中，网络中的设备接收网络中的多个应用的​​业务量度。 该设备填充基于机器学习的异常检测器的特征空间。 所述设备识别所述多​​个应用中的特定空间的所述特征空间中的丢失数据集。 该设备调整网络中流量的发送方式，以捕获丢失的数据集。

公开(公告)号：US09374281B2

公开(公告)日：2016-06-21

申请号：US14164681

申请日：2014-01-27

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Jonathan W. Hui

IPC: H04L12/24 ,  H04L12/805 ,  H04W24/02 ,  H04L12/751 ,  H04L12/803 ,  H04L12/26 ,  H04W24/04 ,  H04L12/721

CPC classification number: H04L41/5025 ,  H04L41/12 ,  H04L43/0852 ,  H04L45/02 ,  H04L45/70 ,  H04L47/122 ,  H04L47/365 ,  H04W24/02 ,  H04W24/04 ,  Y04S40/164

Abstract: In one embodiment, a packet to be transmitted along a communication path in a network from a source to a destination is determined, the communication path having one or more hops between the source and the destination. An instruction is sent to one or more tracking nodes along the communication path to track a number of local retransmissions required to successfully transmit the packet from each tracking node to a respective next-hop destination. Then, reports indicating the number of local retransmissions are received from the one or more tracking nodes.

Abstract translation: 在一个实施例中，确定要沿着从源到目的地的网络中的通信路径发送的分组，该通信路径在源和目的地之间具有一个或多个跳。 沿着通信路径将一条指令发送到一个或多个跟踪节点，以跟踪成功将数据包从每个跟踪节点发送到相应的下一跳目的地所需的本地重发次数。 然后，从一个或多个跟踪节点接收指示本地重发次数的报告。

公开(公告)号：US20160028608A1

公开(公告)日：2016-01-28

申请号：US14591072

申请日：2015-01-07

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: H04L12/26

CPC classification number: H04L43/0894 ,  H04L43/0805 ,  H04L43/0852 ,  H04L43/103 ,  H04L43/16

Abstract: In one embodiment, a device in a network receives data indicative of traffic characteristics of traffic associated with a particular application. The device identifies one or more paths in the network via which the traffic associated with the particular application was sent, based on the traffic characteristics. The device determines a probing schedule based on the traffic characteristics. The probing schedule simulates the traffic associated with the particular application. The device sends probes along the one or more identified paths according to the determined probing schedule.

Abstract translation: 在一个实施例中，网络中的设备接收指示与特定应用相关联的业务的业务特性的数据。 该设备基于流量特征识别网络中的一个或多个路径，通过该路径发送与特定应用相关联的流量。 设备根据流量特性确定探测时间表。 探测时间表模拟与特定应用相关的流量。 设备根据确定的探测时间表沿着一个或多个识别的路径发送探测。

公开(公告)号：US20150332165A1

公开(公告)日：2015-11-19

申请号：US14120371

申请日：2014-05-14

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Diane Bouchacourt

IPC: G06N99/00 ,  H04L29/08 ,  G06N5/04

CPC classification number: G06N99/005 ,  G06N5/048 ,  H04L41/147 ,  H04L41/16 ,  H04L43/08 ,  H04L45/02 ,  H04L45/70 ,  H04L47/00 ,  H04L67/10

Abstract: In one embodiment, a machine learning model for predicting one or more metrics is run in a network which includes a centralized controller device interconnected with a plurality of edge devices. A batch version of the machine learning model that operates in batch mode is hosted at the centralized controller device. Then, an incremental version of the machine learning model that operates in incremental mode is pushed to an edge device of the plurality of edge devices, such that the incremental version of the machine learning model is hosted at the edge device. As a result, the batch version and the incremental version of the machine learning model run in parallel with one another.

Abstract translation: 在一个实施例中，用于预测一个或多个度量的机器学习模型在包括与多个边缘设备互连的集中式控制器设备的网络中运行。 在批处理模式下运行的批量版本的机器学习模型托管在集中控制器设备上。 然后，以增量模式运行的机器学习模型的增量版本被推送到多个边缘设备的边缘设备，使得机器学习模型的增量版本被托管在边缘设备处。 因此，批量版本和机器学习模型的增量版本彼此并行运行。