公开(公告)号：US20190363971A1

公开(公告)日：2019-11-28

申请号：US15988084

申请日：2018-05-24

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L12/751 ,  H04L12/46 ,  H04L12/26 ,  H04L12/24

Abstract: In one embodiment, a network assurance service that monitors a plurality of networks subdivides telemetry data regarding devices located in the networks into subsets, wherein each subset is associated with a device type, time period, metric type, and network. The service summarizes each subset by computing distribution percentiles of metric values in the subset. The service identifies an outlier subset by comparing distribution percentiles that summarize the subsets. The service reports insight data regarding the outlier subset to a user interface. The service adjusts the subsets based in part on feedback regarding the insight data from the user interface.

公开(公告)号：US20190356553A1

公开(公告)日：2019-11-21

申请号：US15983615

申请日：2018-05-18

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  David Tedaldi

IPC: H04L12/24 ,  H04L12/26 ,  G06K9/62

Abstract: In one embodiment, a network assurance service that monitors a network detects an anomaly in the network by applying an anomaly detector to telemetry data collected from the network. The service sends first data to a user interface that causes the interface to present the detected anomaly and one or more candidate root cause metrics from the telemetry data associated with the detected anomaly. The service receives feedback regarding the candidate root cause metric(s) and learns a root cause of the anomaly as one or more thresholds of the candidate root cause metric(s), based in part on the received feedback regarding the candidate root cause metric(s). The service sends second data to the user interface that causes the user interface to present at least one of the candidate root cause metric(s) as a candidate root cause of a subsequent detected anomaly, based on the learned threshold(s).

公开(公告)号：US20190356533A1

公开(公告)日：2019-11-21

申请号：US15983437

申请日：2018-05-18

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Santosh Ghanshyam Pandey ,  Vikram Kumaran

IPC: H04L12/24 ,  H04L12/26 ,  G06N99/00

Abstract: In one embodiment, a network assurance service associates a target key performance indicator (tKPI) measured from a network with a plurality of causation key performance indicators (cKPIs) measured from the network that may indicate a root cause of a tKPI anomaly. The network assurance service applies a machine learning-based anomaly detector to the tKPI over time, to generate tKPI anomaly scores. The network assurance service calculates, for each of cKPIs, a mean and standard deviation of that cKPI using a plurality of different time windows associated with the tKPI anomaly scores. The network assurance service uses the calculated means and standard deviations of the cKPIs in the different time windows to calculate cross-correlation scores between the tKPI anomaly scores and the cKPIs. The network assurance service selects one or more of the cKPIs as the root cause of the tKPI anomaly based on their calculated cross-correlation scores.

公开(公告)号：US10425310B2

公开(公告)日：2019-09-24

申请号：US14757525

申请日：2015-12-23

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Michel Levy-Abegnoli ,  Patrick Wetterwald ,  Jean-Philippe Vasseur

IPC: H04L12/26 ,  H04L12/24

Abstract: In one embodiment, a method comprises: a network device, having attached to a first parent device in a tree-based network topology, attaching to a second parent device advertising better network performance than the first parent device; and the network device detaching from the second parent device, and reattaching to the first parent device, in response to the network device determining the corresponding network performance via the second parent device is worse than any one of the advertised better network performance, the corresponding network performance via the first parent device, or an expected network performance via the second network device.

公开(公告)号：US10404728B2

公开(公告)日：2019-09-03

申请号：US15263487

申请日：2016-09-13

Applicant: Cisco Technology, Inc.

Inventor： Laurent Sartran ,  Sébastien Gay ,  Pierre-André Savalle ,  Grégory Mermoud ,  Jean-Philippe Vasseur

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: In one embodiment, a device in a network receives traffic records indicative of network traffic between different sets of host address pairs. The device identifies one or more address grouping constraints for the sets of host address pairs. The device determines address groups for the host addresses in the sets of host address pairs based on the one or more address grouping constraints. The device provides an indication of the address groups to an anomaly detector.

公开(公告)号：US10244525B2

公开(公告)日：2019-03-26

申请号：US15009872

申请日：2016-01-29

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Eric Michel Levy-Abegnoli ,  Jean-Philippe Vasseur

IPC: H04W72/04 ,  H04L12/44 ,  H04L12/24 ,  H04L5/00 ,  H04L12/751

Abstract: In one embodiment, a method comprises: promiscuously detecting, by a parent network device in a tree-based network topology, a data packet transmitted to a child network device attached to the parent network device, the data packet transmitted by a grandchild network device attached to the child network device; determining, by the parent network device, whether the data packet transmitted to the child network device is to be forwarded toward a destination via the parent network device; and the parent network device selectively initiating intercepted forwarding of the data packet toward the destination, on behalf of the child network device, based on determining that the data packet is to be forwarded toward the destination via the parent network device.

公开(公告)号：US10225789B2

公开(公告)日：2019-03-05

申请号：US15491203

申请日：2017-04-19

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jean-Philippe Vasseur ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04W48/14 ,  H04L1/18 ,  H04W24/02

Abstract: In one embodiment, a supervisory device in a network receives from a plurality of access points (APs) in the network data regarding a network availability request broadcast by a node seeking to access the network and received by the APs in the plurality. The supervisory device uniquely associates the node with a virtual access point (VAP) for the node and forms a VAP mapping between the VAP for the node and a set of the APs in the plurality selected based on the received data regarding the network availability request. One of the APs in the mapping is designated as a primary access point for the node. The supervisory device instructs the primary AP to send a network availability response to the node that includes information for the VAP. The node uses the information for the VAP to access the network via the set of APs in the VAP mapping.

公开(公告)号：US10212182B2

公开(公告)日：2019-02-19

申请号：US15485680

申请日：2017-04-12

Applicant: Cisco Technology, Inc.

Inventor： Patrick Wetterwald ,  Pascal Thubert ,  Jean-Philippe Vasseur ,  Eric Levy-Abegnoli

IPC: H04L29/06 ,  H04L12/46 ,  G06N99/00

Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server determines a node profile for the particular node based in part on an analysis of the redirected traffic. The server configures the particular node based on the determined node profile for the particular node.

公开(公告)号：US10212044B2

公开(公告)日：2019-02-19

申请号：US15466969

申请日：2017-03-23

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Pierre-André Savalle ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: G06F15/16 ,  H04L12/24 ,  G06N3/08 ,  G06N3/04 ,  H04L29/06 ,  H04L29/08 ,  H04N7/16

Abstract: In one embodiment, a device in a network maintains a machine learning-based recursive model that models a time series of observations regarding a monitored entity in the network. The device applies sparse dictionary learning to the recursive model, to find a decomposition of a particular state vector of the recursive model. The decomposition of the particular state vector comprises a plurality of basis vectors. The device determines a mapping between at least one of the plurality of basis vectors for the particular state vector and one or more human-readable interpretations of the basis vectors. The device provides a label for the particular state vector to a user interface. The label is based on the mapping between the at least one of the plurality of basis vectors for the particular state vector and the one or more human-readable interpretations of the basis vectors.

公开(公告)号：US10200404B2

公开(公告)日：2019-02-05

申请号：US15863257

申请日：2018-01-05

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L29/06

Abstract: In one embodiment, a traffic model manager node receives data flows in a network and determines a degree to which the received data flows conform to one or more traffic models classifying particular types of data flows as non-malicious. If the degree to which the received data flows conform to the one or more traffic models is sufficient, the traffic model manager node characterizes the received data flows as non-malicious. Otherwise, the traffic model manager node provides the received data flows to a denial of service (DoS) attack detector in the network to allow the received data flows to be scanned for potential attacks.