Patent application number | Description | Published |
20090296714 | SCALABLE MULTIPROTOCOL LABEL SWITCHING BASED VIRTUAL PRIVATE NETWORKS AND METHODS TO IMPLEMENT THE SAME - Example scalable multi-protocol label switching (MPLS) based virtual private networks (VPNs) and methods to implement the same are disclosed. A disclosed example spoke provider edge (PE) router for an MPLS-based VPN includes a truncated virtual routing and forwarding (VRF) table containing a first value referencing a hub PE router and a second value referencing a first customer edge (CE) router coupled to the VPN via the PE router, and a forwarding module to forward a packet received from the first CE router to the hub PE router when the packet contains an address referencing a second CE router coupled to the VPN via a second spoke PE router. | 12-03-2009 |
20100034098 | Towards Efficient Large-Scale Network Monitoring and Diagnosis Under Operational Constraints - A system and methods are disclosed that provide a continuous monitoring and diagnosis system for ISP IP/VPN backboneExt networks. The system includes two phases: 1) a monitor setup phase which selects candidate routers as monitors and the paths to be measured by the monitors, and 2) a continuous monitoring and diagnosis phase. | 02-11-2010 |
20100124221 | METHODS AND APPARATUS TO INFER THE STATUS OF BORDER GATEWAY PROTOCOL SESSIONS - Methods and apparatus to infer the status of BGP sessions are disclosed. A disclosed example method comprises querying a configuration file of a router of a first AS to identify a BGP session to a second AS, querying the file to determine whether the BGP session is a single hop, when the BGP session is a single hop, setting a status flag to a first value, querying the file to determine whether there is a valid IP configuration for the BGP session, when there is a valid IP configuration, setting the status flag to a second value, querying a router syslog file for the router to identify a syslog message associated with the BGP session, determining whether the session is stale, and when the session is not stale and the status flag is set to the second value, adding the second AS to a list of actual AS neighbors. | 05-20-2010 |
20100132037 | SYSTEM AND METHOD TO LOCATE A PREFIX HIJACKER WITHIN A ONE-HOP NEIGHBORHOOD - Method, system and computer-readable medium to locate a prefix hijacker of a destination prefix within a one-hop neighborhood on a network. The method includes generating one-hop neighborhoods from autonomous system (AS)-level paths of plural monitors to a destination prefix. The method also includes determining a suspect set of AS identifiers resulting from a union of the one-hop neighborhoods. The method further includes calculating a count and a distance associated with each AS identifier of the suspect set. The count indicates how often the AS identifier appeared in the one-hop neighborhoods. The distance indicates a total distance from the AS identifier to AS identifiers associated with the plural monitors. Yet further, the method includes generating a one-hop suspect set of AS identifiers from the suspect set that have highest counts and highest distances. | 05-27-2010 |
20100132039 | SYSTEM AND METHOD TO SELECT MONITORS THAT DETECT PREFIX HIJACKING EVENTS - Method, system and computer-readable medium to select monitors that increase the likelihood of detecting prefix hijacking events of a destination prefix are disclosed. The method includes assigning each of the candidate prefix hijack monitors to a respective cluster of a plurality of clusters. Each of the candidate prefix hijack monitors is associated with an autonomous system (AS) that indicates an AS path of autonomous systems (ASes) from the AS to a destination prefix associated with a destination AS. The method further includes iteratively merging a pair of clusters with a highest similarity score amongst cluster pairs of the plurality of clusters into a single cluster until a processed number of clusters is less than or equal to a predetermined number of clusters. The method also includes ranking each candidate prefix hijack monitor of each of the processed number of clusters according to a route type from an AS associated with the candidate prefix hijack monitor and an AS distance from the AS associated with the candidate prefix hijack monitor to the destination AS. Yet further, the method includes determining a highest ranked candidate prefix hijack monitor of each of the processed number of clusters. | 05-27-2010 |
20100153537 | METHOD AND APPARATUS FOR PROVIDING DETECTION OF INTERNET PROTOCOL ADDRESS HIJACKING - A method and apparatus for detecting an address hijacking in a network are disclosed. For example, the method sends one or more traceroute packets to a target prefix, wherein the target prefix comprises one or more destination Internet Protocol (IP) addresses, and records traceroute data received for the one or more traceroute packets sent to the target prefix. The method then determines one or more hop count distance measurements for the target prefix, and determines if there are one or more changes in the one or more hop count distance measurements for the target prefix. | 06-17-2010 |
20100262683 | Network Aware Forward Caching - An Internet service provider includes a cache server and a network aware server. The network aware server is operable to determine an optimization between a cost of retrieving content from a network and a cost of caching content from the network at the first cache server and then send a content identifier to the cache server. The cache server is operable to receive the content identifier, and determine the source of a content item. If the source is the same as the content identifier, then the cache server caches the content item. | 10-14-2010 |
20110138466 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR PROTECTING AGAINST IP PREFIX HIJACKING - A communication network is operated by identifying at least one potential hijack autonomous system (AS) that can be used to generate a corrupt routing path from a source AS to a destination AS. For each of the at least one potential hijack AS the following operations are performed: identifying at least one regional AS that is configured to adopt the corrupt routing path from the source AS to the destination AS and determining a reflector AS set such that, for each reflector AS in the set, a source AS to reflector AS routing path and a reflector AS to destination AS routing path do not comprise any of the at least one regional AS. A reflector AS is then identified that is common among the at least one reflector AS set responsive to performing the identifying and determining operations for each of the at least one potential hijack AS. | 06-09-2011 |
20110153801 | Prefix Hijacking Detection Device and Methods Thereof - A method of placing prefix hijacking detection modules in a communications network includes selecting a set of candidate locations. For each candidate location, a detection coverage ratio with respect to a target Autonomous System is calculated. Based on the relative size of the coverage ratios, proposed locations for the prefix hijacking detection modules are determined. | 06-23-2011 |
20110231704 | METHODS, APPARATUS AND ARTICLES OF MANUFACTURE TO PERFORM ROOT CAUSE ANALYSIS FOR NETWORK EVENTS - Example methods, apparatus and articles of manufacture to perform root cause analysis for network events are disclosed. An example method includes retrieving a symptom event instance from a normalized set of data sources based on a symptom event definition; generating a set of diagnostic events from the normalized set of data sources which potentially cause the symptom event instance, the diagnostic events being determined based on dependency rules; and analyzing the set of diagnostic events to select a root cause event based on root cause rules. | 09-22-2011 |
20120096140 | Network Aware Forward Caching - A network includes a cache server and a network aware server that operates to determine an optimization between a cost of retrieving content from a communication network and a cost of caching content at the cache server. The optimization is determined as a minimum of a sum of a transit cost, a backbone cost, and a caching cost. The transit cost includes a money cost per data unit. The backbone cost includes a money cost per data unit and time unit. The caching cost includes a money cost per server unit. In response to determining the optimization, the network aware server sends a content identifier to the cache server, and the cache server receives the content identifier, determines a source of a content item, and if the source is the same as the content identifier, then cache the content item. | 04-19-2012 |
20130042009 | Network Aware Forward Caching - A network includes a cache server and a network aware server that operates to determine an optimization between a cost of retrieving content from a communication network and a cost of caching content at the cache server. The optimization is determined as a minimum of a sum of a transit cost, a backbone cost, and a caching cost. The transit cost includes a money cost per data unit. The backbone cost includes a money cost per data unit and time unit. The caching cost includes a money cost per server unit. In response to determining the optimization, the network aware server sends a content identifier to the cache server, and the cache server receives the content identifier, determines a source of a content item, and if the source is the same as the content identifier, then cache the content item. | 02-14-2013 |
20130051248 | HIERARCHICAL ANOMALY LOCALIZATION AND PRIORITIZATION - Methods, apparatus and articles of manufacture for hierarchical anomaly localization and prioritization are disclosed. An example method disclosed herein comprises obtaining reported status for a plurality of nodes of a hierarchical topology, the reported status for a particular node being at least one of normal, abnormal or indeterminate, and determining a subset of root cause abnormal nodes, a root cause abnormal node included in the subset of root cause abnormal nodes having a total number of abnormal direct descendent nodes and indeterminate direct descendent nodes that is greater than a number of normal direct descendent nodes of the root cause abnormal node. | 02-28-2013 |
20130054783 | PASSIVE AND COMPREHENSIVE HIERARCHICAL ANOMALY DETECTION SYSTEM AND METHOD - A technique for monitoring performance in a network uses passively monitored traffic data at the server access routers. The technique aggregates performance metrics into clusters according to a spatial hierarchy in the network, and then aggregates performance metrics within spatial clusters to form time series of temporal bins. Representative values from the temporal bins are then analyzed using an enhanced Holt-Winters exponential smoothing algorithm. | 02-28-2013 |
20130074175 | Methods, Systems, and Computer Program Products for Protecting Against IP Prefix Hijacking - A communication network is operated by identifying at least one potential hijack autonomous system (AS) that can be used to generate a corrupt routing path from a source AS to a destination AS. For each of the at least one potential hijack AS the following operations are performed: identifying at least one regional AS that is configured to adopt the corrupt routing path from the source AS to the destination AS and determining a reflector AS set such that, for each reflector AS in the set, a source AS to reflector AS routing path and a reflector AS to destination AS routing path do not comprise any of the at least one regional AS. A reflector AS is then identified that is common among the at least one reflector AS set responsive to performing the identifying and determining operations for each, of the at least one potential hijack AS. | 03-21-2013 |
20130097703 | SYSTEM AND METHOD TO LOCATE A PREFIX HIJACKER WITHIN A ONE-HOP NEIGHBORHOOD - Method, system and computer-readable device to locate a prefix hijacker of a destination prefix within a one-hop neighborhood. The method includes generating one-hop neighborhoods from autonomous system-level paths associated with a plurality of monitors to a destination prefix. The method also includes determining a suspect set of autonomous system identifiers resulting from a union of the one-hop neighborhoods. The method further includes calculating a count and a distance associated with each autonomous system identifier in the suspect set of autonomous system identifiers. The count represents how often an autonomous system identifier appears in the one-hop neighborhoods. The distance represents a total number of autonomous system identifiers from the autonomous system identifier to autonomous system identifiers associated with the plurality of monitors. Yet further, the method includes generating a one-hop suspect set including autonomous system identifiers in the suspect set that have a greatest sum of the count and the distance. | 04-18-2013 |
20130185591 | METHODS, APPARATUS AND ARTICLES OF MANUFACTURE TO PERFORM ROOT CAUSE ANALYSIS FOR NETWORK EVENTS - Example methods, apparatus and articles of manufacture to perform root cause analysis for network events are disclosed. An example method includes retrieving a symptom event instance from a normalized set of data sources based on a symptom event definition; generating a set of diagnostic events from the normalized set of data sources which potentially cause the symptom event instance, the diagnostic events being determined based on dependency rules; and analyzing the set of diagnostic events to select a root cause event based on root cause rules. | 07-18-2013 |
20130254887 | Prefix Hijacking Detection Device and Methods Thereof - A method of placing prefix hijacking detection modules in a communications network includes selecting a set of candidate locations. For each candidate location, a detection coverage ratio with respect to a target Autonomous System is calculated. Based on the relative size of the coverage ratios, proposed locations for the prefix hijacking detection modules are determined. | 09-26-2013 |
20130282896 | Passive And Comprehensive Hierarchical Anomaly Detection System And Method - A technique for monitoring performance in a network uses passively monitored traffic data at the server access routers. The technique aggregates performance metrics into clusters according to a spatial hierarchy in the network, and then aggregates performance metrics within spatial clusters to form time series of temporal bins. Representative values from the temporal bins are then analyzed using an enhanced Holt-Winters exponential smoothing algorithm. | 10-24-2013 |
20150085675 | HIERARCHICAL ANOMALY LOCALIZATION AND PRIORITIZATION - Example methods disclosed herein to localize anomalies in a communication network include identifying a first set of abnormal nodes in the communication network, and including respective ones of the first set of abnormal nodes having a number of normal direct descendent nodes that is less than a combined number of abnormal direct descendent nodes and indeterminate direct descendent nodes in a set of candidate nodes. Such disclosed example methods also include iteratively selecting ones of the set of candidate nodes to include in a set of root cause abnormal nodes representing sources of the anomalies in the communication network. In such disclosed example methods, the ones of the set of candidate nodes are selected based on sizes of respective subsets of the abnormal nodes from the first set of abnormal nodes covered by the candidate nodes. | 03-26-2015 |