公开(公告)号：US20210176145A1

公开(公告)日：2021-06-10

申请号：US17110100

申请日：2020-12-02

Applicant: Cisco Technology, Inc.

Inventor： Ellen Christine Scheib ,  Ali Parandehgheibi ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/26 ,  H04L12/721 ,  H04L12/725 ,  H04L29/06 ,  H04L12/851 ,  G06F3/0484 ,  H04L12/24 ,  H04L29/08 ,  H04W84/18 ,  G06F16/17 ,  G06F16/174 ,  H04L12/723 ,  G06F16/16 ,  G06N99/00 ,  G06F9/455 ,  G06F16/23 ,  H04L9/32 ,  H04L12/833 ,  H04L12/813 ,  G06F16/28 ,  H04J3/06 ,  G06F16/2457 ,  H04L12/715 ,  H04L9/08 ,  H04W72/08 ,  G06F21/55 ,  G06F3/0482 ,  G06F16/29 ,  H04L1/24 ,  H04L29/12 ,  G06F21/53 ,  G06F21/56 ,  G06F16/248 ,  G06F16/13 ,  H04L12/741 ,  G06F16/11 ,  H04L12/823 ,  H04L12/841 ,  H04L12/801 ,  H04J3/14 ,  G06T11/20 ,  G06F16/9535 ,  G06N20/00

Abstract: Systems and methods are provided for automatically discovering applications/clusters in a network and mapping dependencies between the applications/clusters. A network monitoring system can capture network flow data using sensors executing on physical and/or virtual servers of the network and sensors executing on networking devices connected to the servers. The system can determine a graph including nodes, representing at least the servers, and edges, between pairs of the nodes of the graph indicating the network flow data includes one or more observed flows between pairs of the servers represented by the pairs of the nodes. The system can determine a dependency map, including representations of clusters of the servers and representations of dependencies between the clusters, based on the graph. The system can display a first representation of a first cluster of the dependency map and information indicating a confidence level of identifying the first cluster.

公开(公告)号：US10797970B2

公开(公告)日：2020-10-06

申请号：US15972033

申请日：2018-05-04

Applicant: Cisco Technology, Inc.

Inventor： Jackson Ngoc Ki Pang ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Navindra Yadav

IPC: G06F15/173 ,  H04L12/26 ,  H04L12/24

Abstract: The technology visualizes data flows within a datacenter in an interactive hierarchical network chord diagram. Based on analyzed data describing data flows, a portion of the data flows that originate at the same first endpoint and terminate at the same second endpoint can be grouped. Subsequently, the dataflow monitoring system displays an interactive hierarchical network chord diagram to include a chord with a first endpoint and a second endpoint. The chord represents the grouped portion of data flows that originate at the same first endpoint and terminate at the same second endpoint. Upon receiving a selection of the chord or the first endpoint of the chord, the dataflow monitoring system expands the grouped portion of the data flows into a more granular representation of the network.

公开(公告)号：US20200220780A1

公开(公告)日：2020-07-09

申请号：US16820404

申请日：2020-03-16

Applicant: Cisco Technology, Inc.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hoang Nguyen ,  Abhishek Singh ,  Shih-Chun Chang ,  Navindra Yadav ,  Ali Parandehgheibi ,  Paul Mach ,  Rachita Agasthy ,  Ravi Prasad ,  Varun Malhotra ,  Michael Watts ,  Sunil Gupta

IPC: H04L12/24

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

公开(公告)号：US20190306035A1

公开(公告)日：2019-10-03

申请号：US16443122

申请日：2019-06-17

Applicant: Cisco Technology, Inc.

Inventor： Ellen Christine Scheib ,  Ali Parandehgheibi ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/26 ,  G06F16/29 ,  G06F16/2457 ,  G06F16/9535 ,  G06F16/28 ,  G06F16/248 ,  G06N20/00 ,  G06F21/56 ,  G06F21/55 ,  H04L29/06 ,  H04L12/813 ,  H04L9/32 ,  H04L9/08 ,  H04L12/721 ,  G06F21/53 ,  H04L12/24 ,  H04L12/851 ,  H04L12/725 ,  H04L12/823 ,  H04L29/12 ,  H04J3/14 ,  H04J3/06 ,  H04W72/08 ,  H04L1/24 ,  H04L29/08 ,  G06F3/0484 ,  H04L12/723 ,  H04L12/833 ,  H04L12/741 ,  H04L12/801 ,  H04W84/18 ,  H04L12/715 ,  H04L12/841 ,  G06T11/20 ,  G06F3/0482 ,  G06F16/11 ,  G06F16/17 ,  G06F16/13 ,  G06N99/00 ,  G06F16/16 ,  G06F16/23 ,  G06F16/174 ,  G06F9/455

Abstract: Systems and methods are provided for automatically discovering applications/clusters in a network and mapping dependencies between the applications/clusters. A network monitoring system can capture network flow data using sensors executing on physical and/or virtual servers of the network and sensors executing on networking devices connected to the servers. The system can determine a graph including nodes, representing at least the servers, and edges, between pairs of the nodes of the graph indicating the network flow data includes one or more observed flows between pairs of the servers represented by the pairs of the nodes. The system can determine a dependency map, including representations of clusters of the servers and representations of dependencies between the clusters, based on the graph. The system can display a first representation of a first cluster of the dependency map and information indicating a confidence level of identifying the first cluster.

公开(公告)号：US10129117B2

公开(公告)日：2018-11-13

申请号：US15045210

申请日：2016-02-16

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L29/06 ,  H04L12/26 ,  G06F9/455 ,  G06F17/30 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F21/55 ,  G06F21/56

Abstract: Conditional policies can be defined that change based on security measurements of network endpoints. In an example embodiment, a network traffic monitoring system can monitor network flows between the endpoints and quantify how secure those endpoints are based on analysis of the network flows and other data. A conditional policy may be created that establishes one or more first connectivity policies for handling a packet when a security measurement of an endpoint is a first value or first range values, and one or more second connectivity policies for handling the packet. The connectivity policies may include permitting connectivity, denying connectivity, redirecting the packet using a specific route, or other network action. When the network traffic monitoring system detects a change to the security measurement of the endpoint, one or more applicable policies can be determined and the system can update policy data for the network to enforce the policies.

公开(公告)号：US20180287907A1

公开(公告)日：2018-10-04

申请号：US15471183

申请日：2017-03-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Ashutosh Kulshreshtha ,  Omid Madani ,  Vimal Jeyakumar ,  Navindra Yadav ,  Ali Parandehgheibi ,  Andy Sloane ,  Kai Chang ,  Khawar Deen ,  Shih-Chun Chang ,  Hai Vu

IPC: H04L12/26 ,  H04L12/24 ,  H04Q9/02

Abstract: An application and network analytics platform can capture telemetry from servers and network devices operating within a network. The application and network analytics platform can determine an application dependency map (ADM) for an application executing in the network. Using the ADM, the application and network analytics platform can resolve flows into flowlets of various granularities, and determine baseline metrics for the flowlets. The baseline metrics can include transmission times, processing times, and/or data sizes for the flowlets. The application and network analytics platform can compare new flowlets against the baselines to assess availability, load, latency, and other performance metrics for the application. In some implementations, the application and network analytics platform can automate remediation of unavailability, load, latency, and other application performance issues.

公开(公告)号：US20180278481A1

公开(公告)日：2018-09-27

申请号：US15470499

申请日：2017-03-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Rohit Prasad ,  Shashi Gandham ,  Hai Vu ,  Varun Malhotra ,  Sunil Gupta ,  Abhishek Singh ,  Navindra Yadav ,  Ali Parandehgheibi ,  Ravi Prasad ,  Praneeth Vallem ,  Paul Lesiak ,  Hoang Nguyen

IPC: H04L12/24 ,  H04L29/08 ,  G06F17/30

CPC classification number: H04L41/0893 ,  G06F8/61 ,  G06F17/30094 ,  G06F17/30194 ,  H04L41/044 ,  H04L41/046 ,  H04L41/0856 ,  H04L67/06 ,  H04L67/1097

Abstract: The disclosed technology relates to a distributed policy store. A system is configured to locate, in an index, an entry for a network entity, determine, based on the entry, a file identifier for a file containing a record for the network entity and an offset indicating a location of the record in the file. The system is further configured to locate the file in a distributed file system using the file identifier, locate the record in the file using the offset, and retrieve the record.

公开(公告)号：US20160359915A1

公开(公告)日：2016-12-08

申请号：US15133155

申请日：2016-04-19

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L43/04

Abstract: A network can achieve compliance by defining and enforcing a set of network policies to secure protected electronic information. The network can monitor network data, host/endpoint data, process data, and user data for traffic using a sensor network that provides multiple perspectives. The sensor network can include sensors for networking devices, physical servers, hypervisors or shared kernels, virtual partitions, and other network components. The network can analyze the network data, host/endpoint data, process data, and user data to determine policies for traffic. The network can determine expected network actions based on the policies, such as allowing traffic, denying traffic, configuring traffic for quality of service (QoS), or redirecting traffic along a specific route. The network can update policy data based on the expected network actions and actual network actions. The policy data can be utilized for compliance.

Abstract translation: 网络可以通过定义和实施一组网络策略来实现合规性，以保护受保护的电子信息。 该网络可以使用提供多个视角的传感器网络来监控网络数据，主机/端点数据，过程数据和流量的用户数据。 传感器网络可以包括用于网络设备，物理服务器，虚拟机管理程序或共享内核，虚拟分区和其他网络组件的传感器。 网络可以分析网络数据，主机/端点数据，过程数据和用户数据，以确定流量策略。 网络可以基于策略来确定预期的网络动作，例如允许流量，拒绝流量，为服务质量（QoS）配置流量，或者沿特定路由重定向流量。 网络可以根据预期的网络动作和实际的网络动作来更新策略数据。 政策数据可以用于遵守。

公开(公告)号：US20160359701A1

公开(公告)日：2016-12-08

申请号：US15173466

申请日：2016-06-03

Applicant: Cisco Technology, Inc.

Inventor： Jackson Ngoc Ki Pang ,  Michael Standish Watts ,  Ali Parandehgheibi

IPC: H04L12/26

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: Presenting data flows in a parallel coordinate chart. The parallel coordinate chart allows a user to search for data flows. Exploration occurs by providing visualization of a searched data flow(s) to ascertain the typical from the atypical flow. Each data flow represented in a parallel coordinate chart is measured against various attributes represented among parallel lines. A single chart could be used to visualize thousands of flows at once. Overlaying data flows in on top of each other in the parallel coordinate chart can reveal a concentration of flows. The concentration of flows allows a user to visualize, among other things, the relationship between the flows and observe typical and atypical flows. Additionally the user can filter specific dimensions (to observe joint distributions between a pair of dimensions—combined probabilities of what is occurring between two dimensions) or a specific window of time.

Abstract translation: 以平行坐标图表示数据流。 并行坐标图允许用户搜索数据流。 通过提供搜索到的数据流的可视化来确定来自非典型流的典型性来进行勘探。 以平行线表示的各种属性测量以平行坐标图表示的每个数据流。 可以使用单个图表来一次显示数千个流量。 平行坐标图中叠加的数据流可以显示出流量的集中。 流量的集中允许用户除了别的以外可视化流动之间的关系，并观察典型和非典型的流动。 此外，用户可以过滤特定维度（以观察一对维度之间的联合分布 - 两维之间发生的组合概率）或特定时间窗口。

公开(公告)号：US20160359686A1

公开(公告)日：2016-12-08

申请号：US15140395

申请日：2016-04-27

Applicant: Cisco Technology, Inc.

Inventor： Ali Parandehgheibi ,  Abhishek Ranjan Singh ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Ellen Christine Scheib ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/24 ,  G06N99/00 ,  H04L29/06

Abstract: Systems, methods, and computer-readable media are provided for determining whether a node in a network is a server or a client. In some examples, a system can collect, from one or more sensors that monitor at least part of data traffic being transmitted via a pair of nodes in a network, information of the data traffic. The system can analyze attributes of the data traffic such as timing, port magnitude, degree of communication, historical data, etc. Based on analysis results and a predetermined rule associated with the attributes, the system can determine which node of the pair of nodes is a client and which node is a server.

Abstract translation: 系统，方法和计算机可读介质被提供用于确定网络中的节点是服务器还是客户端。 在一些示例中，系统可以从监视经由网络中的一对节点传输的数据流量的至少一部分的一个或多个传感器收集数据流量的信息。 系统可以分析数据流量的属性，如定时，端口大小，通信程度，历史数据等。基于分析结果和与属性相关联的预定规则，系统可以确定该对节点的哪个节点是 客户端和哪个节点是服务器。