公开(公告)号：US11018943B1

公开(公告)日：2021-05-25

申请号：US16878931

申请日：2020-05-20

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  David Tedaldi ,  Grégory Mermoud ,  Pierre-André Savalle

IPC: H04L12/24 ,  H04L12/26 ,  G06N20/00 ,  H04L29/06

Abstract: In various embodiments, a device classification service receives, from a networking device in a network, an indication that deep packet inspection (DPI) trace data is not available for an endpoint device in the network because the endpoint device does not match any DPI policies of the networking device. The service configures a first DPI policy on the networking device that causes it to capture a DPI trace of traffic associated with the endpoint device. The service receives, via a user interface, an indication that a subset of attributes of the endpoint device in the DPI trace is relevant to labeling the endpoint device with a device type. The service replaces the first DPI policy on the networking device with a second DPI policy that causes it to report only the subset of attributes of endpoint devices to the device classification service for endpoint devices that match the second DPI policy.

公开(公告)号：US20210144572A1

公开(公告)日：2021-05-13

申请号：US17152917

申请日：2021-01-20

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Pierre-André Savalle ,  Grégory Mermoud

IPC: H04W24/08 ,  H04W24/02

Abstract: In one embodiment, a device receives observed access point (AP) features of one or more APs in a monitored network. The device clusters the observed AP features within a latent space to form AP feature clusters. The device applies labels to the AP feature clusters within the latent space. The device uses the applied labels to the AP feature clusters to describe future behaviors of the one or more APs in the monitored network.

公开(公告)号：US10924393B2

公开(公告)日：2021-02-16

申请号：US16432038

申请日：2019-06-05

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Vinay Kumar Kolar ,  Grégory Mermoud ,  Pierre-Andre Savalle

IPC: H04L12/725 ,  H04L12/715 ,  H04L12/721 ,  G06N20/00 ,  H04L12/911 ,  H04L12/851 ,  H04L12/913

Abstract: In one embodiment, a device identifies a new traffic flow in a network. The device determines a service level agreement (SLA) associated with the new traffic flow. The device uses a machine learning model to predict whether a particular tunnel in the network can satisfy the determined SLA of the traffic were the traffic flow routed onto the tunnel. The device performs call admission control to route the new traffic flow onto the particular tunnel, based on a prediction that the tunnel can satisfy the determined SLA of the traffic.

公开(公告)号：US10924353B2

公开(公告)日：2021-02-16

申请号：US16424574

申请日：2019-05-29

Applicant: Cisco Technology, Inc.

Inventor： Pierre-Andre Savalle ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: G06F15/173 ,  H04L12/24 ,  H04L12/26 ,  G06N20/00

Abstract: In one embodiment, a device classification service classifies a device in a network as being of a first device type. The service applies a first network policy that has an associated expiration timer to the device, based on its classification as being of the first device type. The service determines whether the device was reclassified as being of a different device type than that of the first device type before expiration of the expiration timer associated with the first network policy. The service applies a second network policy to the device, when the service determines that the device has not been reclassified as being of a different device type before expiration of the expiration timer associated with the first network policy.

公开(公告)号：US20200382385A1

公开(公告)日：2020-12-03

申请号：US16425093

申请日：2019-05-29

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Pierre-Andre Savalle ,  Vinay Kumar Kolar

IPC: H04L12/24 ,  G06N20/00

Abstract: In one embodiment, a service in a network computes an expected information gain associated with rerouting traffic from a first tunnel onto a backup tunnel in the network. The service initiates, based on the expected information gain, rerouting of the traffic from the first tunnel onto the backup tunnel. The service obtains performance measurements for the traffic rerouted onto the backup tunnel. The service uses the performance measurements to train a machine learning model to predict whether rerouting traffic from the first tunnel onto the backup tunnel will satisfy a service level agreement (SLA) of the traffic.

公开(公告)号：US20200379839A1

公开(公告)日：2020-12-03

申请号：US16429379

申请日：2019-06-03

Applicant: Cisco Technology, Inc.

Inventor： Pierre-Andre Savalle ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: G06F11/07 ,  G06N20/00 ,  H04L12/24 ,  H04L12/28 ,  H04L12/46 ,  H04L12/703

Abstract: In one embodiment, a device predicts a failure of a first tunnel in a software-defined wide area network (SD-WAN). The device determines that no backup tunnel for the first tunnel exists in the SD-WAN that can satisfy one or more service level agreements (SLAs) of traffic on the first tunnel, were the traffic rerouted from the first tunnel onto that tunnel. The device predicts, using a machine learning model, that a backup tunnel for the first tunnel exists in the SD-WAN that can satisfy an SLA of a subset of the traffic on the first tunnel, in response to determining that no backup tunnel exists in the SD-WAN that can satisfy the one or more SLAs of the traffic on the first tunnel. The device proactively reroutes the subset of the traffic on the first tunnel onto the backup tunnel, in advance of the predicted failure of the first tunnel.

公开(公告)号：US20200322815A1

公开(公告)日：2020-10-08

申请号：US16905210

申请日：2020-06-18

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Grégory Mermoud ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: H04W24/02 ,  H04W36/32 ,  H04W64/00 ,  H04W36/00 ,  H04L12/753 ,  H04W40/22

Abstract: In one embodiment, a device receives data regarding usage of access points in a network by a plurality of clients in the network. The device maintains an access point graph that represents the access points in the network as vertices of the access point graph. The device generates, for each of the plurality of clients, client trajectories as trajectory subgraphs of the access point graph. A particular client trajectory for a particular client comprises a set of edges between a subset of the vertices of the access point graph and represents transitions between access points in the network performed by the particular client. The device identifies a transition pattern from the client trajectories by deconstructing the trajectory subgraphs. The device uses the identified transition pattern to effect a configuration change in the network.

公开(公告)号：US20200313979A1

公开(公告)日：2020-10-01

申请号：US16371556

申请日：2019-04-01

Applicant: Cisco Technology, Inc.

Inventor： Vikram Kumaran ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Vinay Kumar Kolar

IPC: H04L12/24 ,  G06N20/00 ,  H04L12/46 ,  H04L12/707 ,  H04L12/26

Abstract: In one embodiment, a supervisory service for a software-defined wide area network (SD-WAN) detects seasonal service level agreement (SLA) violations by one or more tunnels in the SD-WAN using a machine learning-based regression model. The service identifies a root cause of the seasonal SLA violations by determining whether the root cause of the seasonal SLA violations is associated with an internal network connected to the one or more tunnels. The service further identifies the root cause by determining whether the root cause of the seasonal SLA violations is associated with a particular service provider network over which the one or more tunnels traverse by associating the seasonal SLA violations with SLA violations by tunnels in other SD-WANs that also traverse the particular service provider network. The service initiates a corrective measure based on the determined root cause of the seasonal SLA violations by the one or more tunnels.

公开(公告)号：US10771331B2

公开(公告)日：2020-09-08

申请号：US16182761

申请日：2018-11-07

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Pierre-André Savalle ,  Jean-Philippe Vasseur ,  Kevin Gagnon

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/12 ,  H04L29/08

Abstract: In one embodiment, a device receives traffic telemetry data captured by a plurality of networks and used by device classification services in the networks to classify endpoints in the networks with device types. The device compares the telemetry data from a particular one of the networks to the telemetry data from the other networks to identify one or more traffic characteristics that are missing from the telemetry data for one or more endpoints of the particular network. The device identifies a networking entity in the particular network that is common to the one or more endpoints for which the one or more characteristics are missing. The device determines a configuration change for the networking entity by comparing a current configuration of the entity to those of one or more entities in the other networks. The device initiates implementation of the determined configuration change for the entity in the particular network.

公开(公告)号：US10764310B2

公开(公告)日：2020-09-01

申请号：US15211231

申请日：2016-07-15

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sukrit Dasgupta ,  Grégory Mermoud

IPC: H04L29/06 ,  G06N20/00

Abstract: In one embodiment, a device in a network receives anomaly data regarding an anomaly detected by a machine learning-based anomaly detection mechanism of a first node in the network. The device matches the anomaly data to threat intelligence feed data from one or more threat intelligence services. The device determines whether to provide threat intelligence feedback to the first node based on the matched threat intelligence feed data and one or more policy rules. The device provides threat intelligence feedback to the first node regarding the matched threat intelligence feed data, in response to determining that the device should provide threat intelligence feedback to the first node.