Abstract: A computing device is provided, including a processor that receives a network graph. The processor further receives a specification of a network traffic control heuristic for a network traffic routing problem over the network graph. The processor further constructs a gap maximization problem that has, as a maximization target, a difference between an exact solution to the network traffic routing problem and a heuristic solution generated using the network traffic control heuristic. The processor further generates a Lagrange multiplier formulation of the gap maximization problem. At a convex solver, the processor further computes an estimated maximum gap as an estimated solution to the Lagrange multiplier formulation of the gap maximization problem. The processor further performs a network traffic control action based at least in part on the estimated maximum gap.

Abstract: A computing system identifies mitigation actions in response to failures within a computer network. A service level objective is obtained by the computing system for client-resource data flows traversing the computer network between client-side and resource-side nodes. Indication of a failure event at a network location of the computer network is obtained. For each mitigation action of a set of candidate mitigation actions, an estimated impact to a distribution of the service level objective is determined for the mitigation action by applying simulated client-resource data flows to a network topology model of the computer network in combination with the mitigation action and the failure event. One or more target mitigation actions are identified by the computing system from the set of candidate mitigation actions based on a comparison of the estimated impacts of the set of candidate mitigation actions.

Abstract: Techniques are disclosed for identifying faulty links in a virtualized computing environment. Network path latency information is received for one or more network paths in the networked computing environment. Based on the network path latency information, a probable presence of a faulty component is determined. In response to the determination, physical links for a network path associated with the probable faulty component are identified. Information indicative of likely sources of the probable faulty component is received from multiple hosts of the networked computing environment. Based on the identified physical links and information, a faulty component is determined.

Abstract: A satellite is provided, including an onboard computing device. The onboard computing device may include a processor configured to receive training data while the satellite is in orbit. The processor may be further configured to perform training at a machine learning model based at least in part on the training data. The processor may be further configured to generate model update data that specifies a modification made to the machine learning model during the training. The processor may be further configured to transmit the model update data from the satellite to an additional computing device.

Abstract: Techniques are disclosed for identifying faulty links in a virtualized computing environment. Network path latency information is received for one or more network paths in the networked computing environment. Based on the network path latency information, a probable presence of a faulty component is determined. In response to the determination, physical links for a network path associated with the probable faulty component are identified. Information indicative of likely sources of the probable faulty component is received from multiple hosts of the networked computing environment. Based on the identified physical links and information, a faulty component is determined.

Abstract: A computing system identifies mitigation actions in response to failures within a computer network. A service level objective is obtained by the computing system for client-resource data flows traversing the computer network between client-side and resource-side nodes. Indication of a failure event at a network location of the computer network is obtained. For each mitigation action of a set of candidate mitigation actions, an estimated impact to a distribution of the service level objective is determined for the mitigation action by applying simulated client-resource data flows to a network topology model of the computer network in combination with the mitigation action and the failure event. One or more target mitigation actions are identified by the computing system from the set of candidate mitigation actions based on a comparison of the estimated impacts of the set of candidate mitigation actions.

Abstract: The systems and methods may use a data reduction engine to reduce a volume of input data for machine learning exploration for computer networking related problems. The systems and methods may receive input data related to a network and obtain a network topology. The systems and methods may perform a structured search of a plurality of reduction functions based on a grammar to identify a subset of reduction functions. The systems and methods may generate transformed data by applying the subset of reduction functions to the input data and may determine whether the transformed data meets or exceeds a threshold. The systems and methods may output the transformed data in response to the transformed data meeting or exceeding the threshold.

Abstract: A cloud-based service uses an offline training pipeline to categorize training data for machine learning (ML) models into various clusters. Incoming test data that is received by a data center or in a cloud environment is compared against the categorized training data to identify the appropriate ML model to assign the test data. The comparison of the test data is done in real-time using a similarity metric that takes into account spatial and temporal factors of the test data relative to the categorized training data.

Abstract: A compromise detection system protects data centers (DCs) or other providers in the cloud. The compromise detection system can detect compromised virtual machines (VMs) through changes in network traffic characteristics while avoiding expensive data collection and preserving privacy. The compromise detection system obtains and uses periodically-obtained flow pattern summaries to detect compromised VMs. Agent-based detection on predetermined and compromised VMs can expose (using supervised learning) the network behavior of compromised VMs and then apply the learned model to all VMs in the DC. The compromise detection system can run continuously, protect the privacy of cloud customers, comply with Europe's General Data Protection Regulation (GDPR), and avoid various techniques that both erode privacy and degrade VM performance.

Abstract: Techniques are disclosed for identifying faulty links in a virtualized computing environment. Network path latency information is received for one or more network paths in the networked computing environment. Based on the network path latency information, a probable presence of a faulty component is determined. In response to the determination, physical links for a network path associated with the probable faulty component are identified. Information indicative of likely sources of the probable faulty component is received from multiple hosts of the networked computing environment. Based on the identified physical links and information, a faulty component is determined.

Abstract: Aspects of the present disclosure relate to incident routing in a cloud environment. In an example, cloud provider teams utilize a scout framework to build a team-specific scout based on that team's expertise. In examples, an incident is detected and a description is sent to each team-specific scout. Each team-specific scout uses the incident description and the scout specifications provided by the team to identify, access, and process monitoring data from cloud components relevant to the incident. Each team-specific scout utilizes one or more machine learning models to evaluate the monitoring data and generate an incident-classification prediction about whether the team is responsible for resolving the incident. In examples, a scout master receives predictions from each of the team-specific scouts and compares the predictions to determine to which team an incident should be routed.

Abstract: Techniques are disclosed for identifying faulty links in a virtualized computing environment. Network path latency information is received for one or more network paths in the networked computing environment. Based on the network path latency information, a probable presence of a faulty component is determined. In response to the determination, physical links for a network path associated with the probable faulty component are identified. Information indicative of likely sources of the probable faulty component is received from multiple hosts of the networked computing environment. Based on the identified physical links and information, a faulty component is determined.

Abstract: This document relates to automating the generation of machine learning models for evaluation of computer networks. Generally, the disclosed techniques can obtain network context data reflecting characteristics of a network, identify a type of evaluation to be performed on the network, and select a particular machine learning model for evaluating the network based at least on the type of evaluation. The disclosed techniques can also select one or features to train the particular machine learning model.

Abstract: A compromise detection system protects data centers (DCs) or other providers in the cloud. The compromise detection system can detect compromised virtual machines (VMs) through changes in network traffic characteristics while avoiding expensive data collection and preserving privacy. The compromise detection system obtains and uses periodically-obtained flow pattern summaries to detect compromised VMs. Agent-based detection on predetermined and compromised VMs can expose (using supervised learning) the network behavior of compromised VMs and then apply the learned model to all VMs in the DC. The compromise detection system can run continuously, protect the privacy of cloud customers, comply with Europe's General Data Protection Regulation (GDPR), and avoid various techniques that both erode privacy and degrade VM performance.

Abstract: Techniques are disclosed for identifying faulty links in a virtualized computing environment. Network path latency information is received for one or more network paths in the networked computing environment. Based on the network path latency information, a probable presence of a faulty component is determined. In response to the determination, physical links for a network path associated with the probable faulty component are identified. Information indicative of likely sources of the probable faulty component is received from multiple hosts of the networked computing environment. Based on the identified physical links and information, a faulty component is determined.

Abstract: Methods and systems for finding a packet's routing path in a network includes intercepting control messages sent by a controller to one or more switches in a software defined network (SDN). A state of the SDN at a requested time is emulated and one or more possible routing paths through the emulated SDN is identified by replaying the intercepted control messages to one or more emulated switches in the emulated SDN. The one or more possible routing paths correspond to a requested packet injected into the SDN at the requested time.

Abstract: Methods and systems for finding a packet's routing path in a network includes intercepting control messages sent by a controller to one or more switches in a software defined network (SDN). A state of the SDN at a requested time is emulated and one or more possible routing paths through the emulated SDN is identified by replaying the intercepted control messages to one or more emulated switches in the emulated SDN. The one or more possible routing paths correspond to a requested packet injected into the SDN at the requested time.