公开(公告)号：US11349716B2

公开(公告)日：2022-05-31

申请号：US16878780

申请日：2020-05-20

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Pierre-André Savalle ,  David Tedaldi

IPC: H04L41/0893 ,  H04L41/12 ,  H04L9/40 ,  H04L101/622 ,  H04L43/12

Abstract: In various embodiments, a device classification service makes a determination that an endpoint device in a network is eligible for expedited device classification based on a policy. The device classification service obtains, after making the determination that the endpoint device in the network is eligible for expedited device classification, telemetry data regarding the endpoint device generated by actively probing the endpoint device. The device classification service determines whether the telemetry data regarding the endpoint device matches any existing device classification rules. The device classification service generates, based on the telemetry data, a device classification rule that assigns a device type to the endpoint device, when the telemetry data does not match any existing device classification rules.

公开(公告)号：US20210328986A1

公开(公告)日：2021-10-21

申请号：US16854115

申请日：2020-04-21

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Pierre-André Savalle ,  Grégory Mermoud ,  David Tedaldi

IPC: H04L29/06 ,  G06F16/28 ,  G06N20/00

Abstract: In various embodiments, a device classification service uses an initial device classification rule to label each of a set of endpoint devices in a network as being of a particular device type. The device classification service identifies a particular attribute exhibited by at least a portion of the set of endpoint devices and was not previously used to generate the initial device classification rule. The device classification service generates one or more new device classification rules based in part on the particular attribute. The device classification service switches from using the initial device classification rule to label endpoint devices in the network to using the one or more new device classification rules to label endpoint devices in the network.

公开(公告)号：US20210281491A1

公开(公告)日：2021-09-09

申请号：US16808896

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： Mukund Yelahanka Raghuprasad ,  David Tedaldi ,  Vinay Kumar Kolar ,  Jean-Philippe Vasseur

IPC: H04L12/24 ,  G06N3/08 ,  G06K9/62 ,  H04L12/851

Abstract: In one embodiment, a service receives telemetry data indicative of a plurality of performance metrics captured in a network. The service jointly trains, using the received telemetry data, a compression model and an inference model, the compression model being a first machine learning model trained to convert the telemetry data into a compressed representation of the telemetry data and the inference model being a second machine learning model trained to take the compressed representation of the telemetry data as input and apply a classification label to it. The service deploys the compression model to the network. The service receives compressed telemetry data generated by the compression model deployed to the network. The service uses the inference model to classify the compressed telemetry data generated by the compression model deployed to the network.

公开(公告)号：US11018943B1

公开(公告)日：2021-05-25

申请号：US16878931

申请日：2020-05-20

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  David Tedaldi ,  Grégory Mermoud ,  Pierre-André Savalle

IPC: H04L12/24 ,  H04L12/26 ,  G06N20/00 ,  H04L29/06

Abstract: In various embodiments, a device classification service receives, from a networking device in a network, an indication that deep packet inspection (DPI) trace data is not available for an endpoint device in the network because the endpoint device does not match any DPI policies of the networking device. The service configures a first DPI policy on the networking device that causes it to capture a DPI trace of traffic associated with the endpoint device. The service receives, via a user interface, an indication that a subset of attributes of the endpoint device in the DPI trace is relevant to labeling the endpoint device with a device type. The service replaces the first DPI policy on the networking device with a second DPI policy that causes it to report only the subset of attributes of endpoint devices to the device classification service for endpoint devices that match the second DPI policy.

公开(公告)号：US10944641B1

公开(公告)日：2021-03-09

申请号：US16672186

申请日：2019-11-01

Applicant: Cisco Technology, Inc.

Inventor： David John Zacks ,  Thomas Szigeti ,  Tzahi Peleg ,  David Tedaldi ,  Vikram Vikas Pendhar

IPC: H04L12/24 ,  G06F3/0484 ,  H04L12/26 ,  H04L12/859

Abstract: Application performance can be simulated based on captured application-specific traffic flows through a managed network. Traffic flows may be captured across the managed network and associated with a particular application. The captured flows can be used to generate trend lines and models. The generated trend lines and models may be used to simulate application performance responsive to changes in network characteristics and provided to a user through a graphical user interface as a graph. The user may then adjust simulated network characteristics through the graphical user interface to perform various hypothetical network simulations.

公开(公告)号：US20190238396A1

公开(公告)日：2019-08-01

申请号：US15881909

申请日：2018-01-29

Applicant: Cisco Technology, Inc.

Inventor： David Tedaldi ,  Grégory Mermoud ,  Jean-Philippe Vasseur

IPC: H04L12/24

Abstract: In one embodiment, a network assurance service receives one or more sets of network characteristics of a network, each network characteristic forming a different feature dimension in a multi-dimensional feature space. The network assurance service applies machine learning-based anomaly detection to the one or more sets of network characteristics, to label each set of network characteristics as anomalous or non-anomalous. The network assurance service identifies, based on the labeled one or more sets of network characteristics, an anomaly pattern as a collection of unidimensional cutoffs in the feature space. The network assurance service initiates a change to the network based on the identified anomaly pattern.

公开(公告)号：US11805003B2

公开(公告)日：2023-10-31

申请号：US15983615

申请日：2018-05-18

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  David Tedaldi

IPC: G06F15/173 ,  H04L41/0631 ,  H04L41/142 ,  H04L41/16 ,  H04L43/16 ,  H04L41/22 ,  G06F18/241

CPC classification number: H04L41/0631 ,  G06F18/241 ,  H04L41/065 ,  H04L41/142 ,  H04L41/16 ,  H04L41/22 ,  H04L43/16

Abstract: In one embodiment, a network assurance service that monitors a network detects an anomaly in the network by applying an anomaly detector to telemetry data collected from the network. The service sends first data to a user interface that causes the interface to present the detected anomaly and one or more candidate root cause metrics from the telemetry data associated with the detected anomaly. The service receives feedback regarding the candidate root cause metric(s) and learns a root cause of the anomaly as one or more thresholds of the candidate root cause metric(s), based in part on the received feedback regarding the candidate root cause metric(s). The service sends second data to the user interface that causes the user interface to present at least one of the candidate root cause metric(s) as a candidate root cause of a subsequent detected anomaly, based on the learned threshold(s).

公开(公告)号：US11425048B2

公开(公告)日：2022-08-23

申请号：US17122711

申请日：2020-12-15

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  David Tedaldi ,  Vinay Kumar Kolar

IPC: H04L47/00 ,  H04L47/24 ,  H04L47/25

Abstract: In one embodiment, a device calculates one or more distributions of bitrates associated with an application whose traffic is conveyed via one or more paths in a network. The device detects throughput modes of the application, based on the one or more distributions of bitrates associated with the application. The device associates each throughput mode with a quality of experience label, to form a plurality of pairs of throughput modes and quality of experience labels. The device estimates a quality of experience metric for the application, based on a bitrate of the application and the plurality of pairs of throughput modes and quality of experience labels.

公开(公告)号：US20220231939A1

公开(公告)日：2022-07-21

申请号：US17153561

申请日：2021-01-20

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Vinay Kumar Kolar ,  David Tedaldi

IPC: H04L12/707 ,  H04L12/851

Abstract: In one embodiment, a device obtains traffic telemetry data regarding a first path in a network and an alternate path in the network. The device predicts, based on the traffic telemetry data, an amount of traffic for an application that is expected at a particular time. The device makes, based on the traffic telemetry data and on the amount of traffic for the application that is predicted to be expected at the particular time, a counterfactual prediction as to whether the alternate path would violate a service level agreement associated with the traffic, should the traffic be routed via the alternate path at the particular time. The device causes, based on the counterfactual prediction, the traffic for the application to be rerouted from the first path in the network to the alternate path, prior to the particular time.

公开(公告)号：US20220191143A1

公开(公告)日：2022-06-16

申请号：US17122711

申请日：2020-12-15

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  David Tedaldi ,  Vinay Kumar Kolar

IPC: H04L12/851 ,  H04L12/825

Abstract: In one embodiment, a device calculates one or more distributions of bitrates associated with an application whose traffic is conveyed via one or more paths in a network. The device detects throughput modes of the application, based on the one or more distributions of bitrates associated with the application. The device associates each throughput mode with a quality of experience label, to form a plurality of pairs of throughput modes and quality of experience labels. The device estimates a quality of experience metric for the application, based on a bitrate of the application and the plurality of pairs of throughput modes and quality of experience labels.