Abstract: A strategy is described for identifying anomalies in time-series data. The strategy involves dividing the time-series data into a plurality of collected data segments and then using a modeling technique to fit local models to the collected data segments. Large deviations of the time-series data from the local models are indicative of anomalies. In one approach, the modeling technique can use an absolute value (L1) measure of error value for all of the collected data segments. In another approach, the modeling technique can use the L1 measure for only those portions of the time-series data that are projected to be anomalous. The modeling technique can use a squared-term (L2) measure of error value for normal portions of the time-series data. In another approach, the modeling technique can use an iterative expectation-maximization strategy in applying the L1 and L2 measures.

Abstract: Exemplary methods, systems, and computer program products describe selecting a gateway based on health and performance information of a plurality of gateways. The techniques describe gateways advertising health and performance information, computing devices creating a table of this health and performance information, and selecting a gateway using the table. In response to changes in the health and performance information, the computing device may select a different gateway. The process allows network traffic load to be distributed across a plurality of gateways. This process further provides resilience by allowing a plurality of active gateways to substitute for a non-functioning gateway.

Abstract: Routing network traffic on a computer network is described. In one embodiment, a method is presented which includes transmitting instructions to a client, the instructions executable by the client to request content from two or more content servers, measure two or more network performance characteristics associated with the two or more different content servers, and issue a report to an administrative server. The report may include a first network performance characteristic and a second network performance characteristic. The method may further include selecting a target content server from one of two or more content servers based on comparison of the two or more network performance characteristics; and transmitting routing instructions to an intermediate routing system, the routing instructions executable by the intermediate routing system to direct subsequent content requests transmitted by the client to the target content server.

Abstract: Exemplary methods, computer-readable media, and systems for detecting a fault by a packet trace, includes monitoring at least one packet transmitted to or received from, an computing device of an end user, between one or more computing devices implementing at least one of a service or an application on an enterprise network. The process also includes identifying whether an abnormal condition occurred on the computing device of the end user based on monitoring at least one packet transmitted to or received from, the computing device of the end user; and detecting a fault by using an algorithm based on monitoring at least one packet transmitted or received from, the computing device of the end user; wherein the fault indicates a desired course of action did not occur while the computing device of the end user uses at least one of the service or the application in the enterprise network.

Abstract: A method of networking a plurality of servers together within a data center is disclosed. The method includes the step of addressing a data packet for delivery to a destination server by providing the destination server address as a flat address. The method further includes the steps of obtaining routing information required to route the packet to the destination server. This routing information may be obtained from a directory service servicing the plurality of servers. Once the routing information is obtained, the data packet may be routed to the destination server according to the flat address of the destination server and routing information obtained from the directory service.

Abstract: A system for commoditizing data center networking is disclosed. The system includes an interconnection topology for a data center having a plurality of servers and a plurality of nodes of a network in the data center through which data packets may be routed. The system uses a routing scheme where the routing is oblivious to the traffic pattern between nodes in the network, and wherein the interconnection topology contains a plurality of paths between one or more servers. The multipath routing may be Valiant load balancing. It disaggregates the function of load balancing into a group of regular servers, with the result that load balancing server hardware can be distributed amongst racks in the data center leading to greater agility and less fragmentation. The architecture creates a huge, flexible switching domain, supporting any server/any service, full mesh agility, and unregimented server capacity at low cost.

Abstract: Systems and methods establish groups among numerous indications of failure in order to infer a cause of failure common to each group. In one implementation, a system computes the groups such that each group has the maximum likelihood of resulting from a common failure. Indications of failure are grouped by probability, even when a group's inferred cause of failure is not directly observable in the system. In one implementation, related matrices provide a system for receiving numerous health indications from each of numerous autonomous systems connected with the Internet. A correlational matrix links input (failure symptoms) and output (known or unknown root causes) through probability-based hypothetical groupings of the failure indications. The matrices are iteratively refined according to self-consistency and parsimony metrics to provide most likely groupings of indicators and most likely causes of failure.

Abstract: Candidates that are potentially responsible for user-perceptible network problems may be inferred. In an example embodiment, a system includes an inference engine to produce a list of candidates that are potentially responsible for user-perceptible network problems, with the candidates being network components that may include both services and network elements. A response to a service request may be a non response, an incorrect response, an untimely correct response, or a timely correct response. The user-perceptible network problems may include the untimely correct response as well as the non response and the incorrect response. In another example embodiment, a method includes monitoring a network and producing a list of candidates that are potentially responsible for user-perceptible network problems. The candidates of the list may include both services and network elements of the monitored network.

Abstract: Constructing an inference graph relates to the creation of a graph that reflects dependencies within a network. In an example embodiment, a method includes determining dependencies among components of a network and constructing an inference graph for the network responsive to the dependencies. The components of the network include services and hardware components, and the inference graph reflects cross-layer components including the services and the hardware components. In another example embodiment, a system includes a service dependency analyzer and an inference graph constructor. The service dependency analyzer is to determine dependencies among components of a network, the components including services and hardware components. The inference graph constructor is to construct an inference graph for the network responsive to the dependencies, the inference graph reflecting cross-layer components including the services and the hardware components.

Abstract: A strategy is described for identifying anomalies in time-series data. The strategy involves dividing the time-series data into a plurality of collected data segments and then using a modeling technique to fit local models to the collected data segments, Large deviations of the time-series data from the local models are indicative of anomalies In one approach, the modeling technique can use an absolute value (L1) measure of error value for all of the collected data segments. In another approach, the modeling technique can use the L1 measure for only those portions of the time-series data that are projected to be anomalous. The modeling technique can use a squared-term (L2) measure of error value for normal portions of the time-series data. In another approach, the modeling technique can use an iterative expectation-maximization strategy in applying the L1 and L2 measures.

Abstract: Internet service providers and their clients communicate by transmitting messages across one or more networks and infrastructure components. At various points between the service provider and the clients, inclusively, records may be created of each messages occurrence and status. These records may be read and analyzed to determine the effects of the networks and infrastructure components on the provided quality of service. User-effecting incidents (e.g., failures) occurring at networks may also be identified and described.

Abstract: Exemplary methods, computer-readable media, and systems for detecting a fault by a packet trace, includes monitoring at least one packet transmitted to or received from, an computing device of an end user, between one or more computing devices implementing at least one of a service or an application on an enterprise network. The process also includes identifying whether an abnormal condition occurred on the computing device of the end user based on monitoring at least one packet transmitted to or received from, the computing device of the end user; and detecting a fault by using an algorithm based on monitoring at least one packet transmitted or received from, the computing device of the end user; wherein the fault indicates a desired course of action did not occur while the computing device of the end user uses at least one of the service or the application in the enterprise network.

Abstract: Systems and methods establish groups among numerous indications of failure in order to infer a cause of failure common to each group. In one implementation, a system computes the groups such that each group has the maximum likelihood of resulting from a common failure. Indications of failure are grouped by probability, even when a group's inferred cause of failure is not directly observable in the system. In one implementation, related matrices provide a system for receiving numerous health indications from each of numerous autonomous systems connected with the Internet. A correlational matrix links input (failure symptoms) and output (known or unknown root causes) through probability-based hypothetical groupings of the failure indications. The matrices are iteratively refined according to self-consistency and parsimony metrics to provide most likely groupings of indicators and most likely causes of failure.

Abstract: Accountability among Autonomous Systems (ASs) in a network ensures reliable identification of various customers within the ASs and provides defensibility against malicious customers within the ASs. In one implementation, reliable identification is achieved by implementing ingress filtering on data packets originating within individual ASs and defensibility is provided by filtering data packets on request. To facilitate on-request filtering, individual ASs are equipped with a Filter Request Server (FRS) to filter data packets from certain customers identified in a filter request. Thus, when a requesting customer makes a filter request against an offending customer, the FRS within the AS to which the offending customer belongs conducts on-request filtering and installs an on-request filter on a first-hop network infrastructure device for the offending customer. Consequently, the first-hop network infrastructure device filters any data packet sent from the offending customer to the requesting customer.

Abstract: In a network management system, dependency relationships of network clients and network elements are computed. In an implementation, a dependency graph is generated based on the relationships, and the probabilities of problems associated with the network client and network element are determined based on the dependency graph.

Abstract: Modular therapy apparatus for treatment of at least a portion of an animate body comprises a first modular member and a second modular member. The first modular member comprises a heat transfer device adapted to transfer heat between the device and the at least a portion of an animate body. The second modular member forms a pouch having a perimeter and is adapted to receive the first modular member. The second modular member comprises a front side and a back side. The front side has a hook portion, which forms the hook portion of a hook and loop fastener. The back side has a loop portion, which forms the loop portion of the hook and loop fastener. The second modular member can be wrapped around the at least a portion of an animate body and the hook and loop portions fastened to one another to secure the second modular member with the first modular member positioned therein to the at least a portion of the animate body.

Abstract: A peripheral device station couples two or more peripheral devices with a host computer system. The station includes two or more peripheral device interfaces, a power unit, a communication intermediary, and a host interface. At least one peripheral device interface includes a communication connection and a power connection. The power unit couples with the power connection and provides an electrical charge for charging a power source of a peripheral device. The communication intermediary couples with the communication connection and provides a communication coupling between a peripheral device and the host computer system. The host interface couples with and communicates with the host computer system.

Abstract: The preferred embodiments described herein provide a method and system for configuring a network element in a computer network. In one preferred embodiment, an instruction to configure a network element in a computer network is received. The instruction is converted into a form understood by the network element, and the converted instruction is sent to the network element. Other preferred embodiments are provided herein, and any or all of the preferred embodiments described herein can be used alone or in combination with one another.

Abstract: The preferred embodiments described herein provide a method and system for collection and storage of traffic data. In one preferred embodiment, traffic data is collected from a plurality of network elements in a first point of presence in a computer network. Traffic data is collected from each network element using a protocol appropriate for the network element. The collected traffic data is analyzed, and a result of the analysis is transmitted to a storage device remote from the first point of presence. Other preferred embodiments are provided herein, and any or all of the preferred embodiments described herein can be used alone or in combination with one another.

Abstract: The preferred embodiments described herein provide a system and method for collecting traffic data in a computer network. In one preferred embodiment, a computer network is provided with a plurality of network elements each operating with a different protocol. A protocol with which to communicate with one of the network elements is determined, and traffic data is collected from the network element using the determined protocol. Other preferred embodiments are provided, and any or all of the preferred embodiments described herein can be used alone or in combination with one another.