公开(公告)号：US20240348519A1

公开(公告)日：2024-10-17

申请号：US18351139

申请日：2023-07-12

Applicant: Cisco Technology, Inc.

Inventor： Stanley Wu ,  Yuefeng Jiang ,  Qiang Wang ,  Daemon Yang ,  Siwei Wu

IPC: H04L43/065 ,  H04L43/028

CPC classification number: H04L43/065 ,  H04L43/028

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for generating a report in response to detected conditions in a network environment. A method includes: generating one or more triggering policies; determining if the one or more of the triggering policies has been satisfied; starting a netflow process in response to the determination that the one or more of the trigger policies has been satisfied; collecting in real time data for connected devices that satisfy the one or more triggering policies; generating and saving a record associated with the collected data; generating a report based on analysis of the record; displaying a link to the report.

公开(公告)号：US20240056355A1

公开(公告)日：2024-02-15

申请号：US17973193

申请日：2022-10-25

Applicant: Cisco Technology, Inc.

Inventor： Yuefeng Jiang ,  Lijian Yang ,  Jiang Yu

IPC: H04L41/084 ,  H04L43/08

CPC classification number: H04L41/084 ,  H04L43/08

Abstract: Techniques for improving options templates for network traffic monitoring and analysis, using pull mode by a network collector device, and sending an acknowledgement, by the network collector device that the download was successfully received are described. The techniques may include transmitting, by a network collector device and to a network edge device, a request to download a full options template, receiving, by the network collector device, responses from the network edge device, each response including a segment of the full options template and each segment including a last segment flag indicating whether the segment is a last segment, and in response to receiving a segment having the last segment flag set, transmitting, by the network collector device and to the network edge device, an acknowledgement that the full options template has been received.

公开(公告)号：US11777966B2

公开(公告)日：2023-10-03

申请号：US16693884

申请日：2019-11-25

Applicant: Cisco Technology, Inc.

Inventor： Yu Jiang ,  Saravanan Radhakrishnan ,  Jeffrey Cai ,  Yuefeng Jiang

IPC: H04L9/40 ,  H04L43/087 ,  H04L43/16 ,  H04L43/0829

CPC classification number: H04L63/1425 ,  H04L43/087 ,  H04L43/0829 ,  H04L43/16 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/20

Abstract: Systems and methods for causation analysis of network anomalies in a network include detecting an alarm condition at a network device, the alarm condition pertaining to an anomaly or increase in a traffic condition such as packet loss. A dominant key is identified in each of one or more key types which contributed to the alarm condition, the key types including dimensions of traffic flow. Two or more dominant keys of two or more key types are aggregated and clustered to determine a combination of dominant keys which contributed to the alarm condition. A dominant traffic flow comprising the combination of dominant keys which contributed to the alarm condition is identified based on the aggregation and clustering. Malware or security threats can be identified from detecting a dominant source IP address or host which contributed to a predominant number of packet drops or retransmissions at ports of the network.

公开(公告)号：US20210160263A1

公开(公告)日：2021-05-27

申请号：US16693884

申请日：2019-11-25

Applicant: Cisco Technology, Inc.

Inventor： Yu Jiang ,  Saravanan Radhakrishnan ,  Jeffrey Cai ,  Yuefeng Jiang

IPC: H04L29/06 ,  H04L12/26

Abstract: Systems and methods for causation analysis of network anomalies in a network include detecting an alarm condition at a network device, the alarm condition pertaining to an anomaly or increase in a traffic condition such as packet loss. A dominant key is identified in each of one or more key types which contributed to the alarm condition, the key types including dimensions of traffic flow. Two or more dominant keys of two or more key types are aggregated and clustered to determine a combination of dominant keys which contributed to the alarm condition. A dominant traffic flow comprising the combination of dominant keys which contributed to the alarm condition is identified based on the aggregation and clustering. Malware or security threats can be identified from detecting a dominant source IP address or host which contributed to a predominant number of packet drops or retransmissions at ports of the network.

公开(公告)号：US09641417B2

公开(公告)日：2017-05-02

申请号：US14570821

申请日：2014-12-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yuefeng Jiang ,  Xiaopu Zhang ,  Fang Yang

IPC: H04L12/26 ,  H04L29/06 ,  H04L12/751

CPC classification number: H04L43/12 ,  H04L43/062 ,  H04L43/0817 ,  H04L43/10 ,  H04L45/026 ,  H04L69/28

Abstract: In one embodiment, a method includes receiving a packet from a host at a first hop router in a network site, the first hop router in communication with a core network and operable to encapsulate packets received from the host for transmission to a remote network site, setting a status for the host in a table at the first hop router as active, starting a timer for the host at the first hop router, transmitting a probe message from the first hop router to the host if a packet is not received at the first hop router from the host before the timer expires, updating the status of the host at the table based on whether a response message is received from the host, and using the host status to detect host migration. An apparatus and logic are also disclosed herein.

公开(公告)号：US20160330046A1

公开(公告)日：2016-11-10

申请号：US14705071

申请日：2015-05-06

Applicant: Cisco Technology, Inc.

Inventor： Yibin Yang ,  Liqin Dong ,  Chia Tsai ,  Weng Hong Chan ,  Yuchen Zhou ,  Fang Yang ,  Jeffrey Cai ,  Yuefeng Jiang ,  Xiaopu Zhang

IPC: H04L12/46 ,  H04L29/12 ,  H04L12/713

CPC classification number: H04L12/4641 ,  H04L12/4633 ,  H04L45/586 ,  H04L61/103 ,  H04L61/6022 ,  H04L2012/4629

Abstract: Techniques provided herein use aggregate endpoints in a virtual overlay network. In general, aggregate endpoints operate as a single receiving entity for certain packets/frames sent between different physical proximities of the virtual overlay network.

Abstract translation: 本文提供的技术使用虚拟覆盖网络中的聚合端点。 通常，聚合端点作为在虚拟覆盖网络的不同物理邻域之间发送的某些分组/帧的单个接收实体操作。

公开(公告)号：US20160173356A1

公开(公告)日：2016-06-16

申请号：US14570821

申请日：2014-12-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Yuefeng Jiang ,  Xiaopu Zhang ,  Fang Yang

IPC: H04L12/26 ,  H04L12/741 ,  H04L29/06 ,  H04L12/733

CPC classification number: H04L43/12 ,  H04L43/062 ,  H04L43/0817 ,  H04L43/10 ,  H04L45/026 ,  H04L69/28

Abstract: In one embodiment, a method includes receiving a packet from a host at a first hop router in a network site, the first hop router in communication with a core network and operable to encapsulate packets received from the host for transmission to a remote network site, setting a status for the host in a table at the first hop router as active, starting a timer for the host at the first hop router, transmitting a probe message from the first hop router to the host if a packet is not received at the first hop router from the host before the timer expires, updating the status of the host at the table based on whether a response message is received from the host, and using the host status to detect host migration. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括从网络站点中的第一跳路由器处接收来自主机的分组，所述第一跳​​跃路由器与核心网络通信并且可操作以将从所述主机接收的分组封装以传输到远程网络站点， 将第一跳路由器的表中的主机的状态设置为活动状态，在第一跳路由器上启动主机的定时器，如果第一跳路由器上没有接收到分组，则将探测消息从第一跳路由器发送到主机 根据主机是否收到响应消息，并使用主机状态来检测主机迁移，在定时器到期之前从主机跳转路由器，更新主机在表中的状态。 本文还公开了一种装置和逻辑。