Abstract: Systems and methods for discovery and mapping of industrial control and SCADA networks are described herein. The disclosed systems and methods help operators ensure the cyber security of their SCADA network through accurate discovery, fingerprinting and mapping the industrial control network map, including PLCs (Programmable Logic Controller) and RTUs (Remote Terminal Unit), using passive techniques.

Abstract: Systems and methods for discovery and mapping of industrial control and SCADA networks are described herein. The disclosed systems and methods help operators ensure the cyber security of their SCADA network through accurate discovery, fingerprinting and mapping the industrial control network map, including PLCs (Programmable Logic Controller) and RTUs (Remote Terminal Unit), using passive techniques.

Abstract: Disclosed is a method 101 to be used on collected network data flow 116 associated with a network 100; the method 101 includes: an anomaly-detection operation 103 including: (A) obtaining the collected network data flow 116; and (B) performing an iterative principal component analysis on the collected network data flow 116 to detect an anomaly associated with the collected network data flow 116. The method may be used in a server and a network, and may also be implemented as a non-transitory computer-readable media. A corresponding system for detecting the anomaly in the network flow data is also provided.

Abstract: Disclosed is a method 101 to be used on collected network data flow 116 associated with a network 100; the method 101 includes: an anomaly-detection operation 103 including: (A) obtaining the collected network data flow 116; and (B) performing an iterative principal component analysis on the collected network data flow 116 to detect an anomaly associated with the collected network data flow 116. The method may be used in a server and a network, and may also be implemented as a non-transitory computer-readable media. A corresponding system for detecting the anomaly in the network flow data is also provided.

Abstract: A real-time network-analysis system comprises a network appliance and a plurality of management devices. The network appliance continuously monitors an object network and synthesizes a current network image comprising contemporaneous indicators of connectivity, occupancy, and performance of the object network. A management-client device may gain access to the network image for timely control and for use in producing long-term network-evolution plans. To enable the creation of a real-time network image, optimized topology synthesis algorithms are devised to minimize the computational effort. The real-time network-analysis system is adapted for use with an object network employing a variety of routing protocols, such as link-state protocols, and network-management protocols, such as the Simple-Network-Management protocol.

Abstract: Methods and apparatus for topology discovery of a network having heterogeneous network devices are disclosed. A network appliance communicates with the network devices to acquire device descriptors and characterize the network devices accordingly. Topology discovery is based on device characteristics, media-access data, and encoded connectivity patterns, where each connectivity pattern is defined by devices of specific device types and respective media-access data. A topology deduction module of the network appliance synthesizes a network image starting with unconnected devices and progressively incorporating detected connectivity patterns.

Abstract: A real-time network-analysis system comprises a network appliance and a plurality of management devices. The network appliance continuously monitors an object network and synthesizes a current network image comprising contemporaneous indicators of connectivity, occupancy, and performance of the object network. A management-client device may gain access to the network image for timely control and for use in producing long-term network-evolution plans. To enable the creation of a real-time network image, optimized topology synthesis algorithms are devised to minimize the computational effort. The real-time network-analysis system is adapted for use with an object network employing a variety of routing protocols, such as link-state protocols, and network-management protocols, such as the Simple-Network-Management protocol.

Abstract: Methods and apparatus for topology discovery of a network having heterogeneous network devices are disclosed. A network appliance communicates with the network devices to acquire device descriptors and characterize the network devices accordingly. Topology discovery is based on device characteristics, media-access data, and encoded connectivity patterns, where each connectivity pattern is defined by devices of specific device types and respective media-access data. A topology deduction module of the network appliance synthesizes a network image starting with unconnected devices and progressively incorporating detected connectivity patterns.

Abstract: A real-time network-analysis system comprises a network appliance and a plurality of management devices. The network appliance continuously monitors an object network and synthesizes a current network image comprising contemporaneous indicators of connectivity, occupancy, and performance of the object network. A management-client device may gain access to the network image for timely control and for use in producing long-term network-evolution plans. To enable the creation of a real-time network image, optimized topology synthesis algorithms are devised to minimize the computational effort. The real-time network-analysis system is adapted for use with an object network employing a variety of routing protocols, such as link-state protocols, and network-management protocols, such as the Simple-Network-Management protocol.

Abstract: An alert system for a communications network has a plurality of client devices and a plurality of alert servers each adapted to provide alerts to a respective subset of the client devices to provide scalability. Users at the client devices subscribe to receive alerts by selecting a scope of distribution of alerts. The selection involves selecting a type of alert to receive, a level of severity of alerts to receive, and a geographic scope. In response to receiving a request to issue an alert, an alert server notifies the other alert servers of the alert. Each alert server determines which client devices of the respective subset of client devices are to receive the alert. Each alert server then sends an alert message to its client devices that are to receive the alert.

Abstract: A method for monitoring lightpaths in an optical network comprising nodes interconnected by wavelength-multiplexed links is disclosed. Each lightpath is identified by a respective optical signature. A node stores identifiers of optical signatures of lightpaths designated to traverse the node and identifiers of adjacent nodes. Each node also maintains a record of all optical signatures it detects. A command-line interface associated with a selected node tracks a selected lightpath, designated to traverse the selected node, by propagating messages in an upstream direction, a downstream direction, or both, requesting other nodes to provide information pertinent to the selected lightpath. The selected node may also send messages to all its neighboring nodes requesting each to indicated detection, or otherwise, of the selected lightpath.

Abstract: An alert system for a communications network has a plurality of client devices and a plurality of alert servers each adapted to provide alerts to a respective subset of the client devices to provide scalability. Users at the client devices subscribe to receive alerts by selecting a scope of distribution of alerts. The selection involves selecting a type of alert to receive, a level of severity of alerts to receive, and a geographic scope. In response to receiving a request to issue an alert, an alert server notifies the other alert servers of the alert. Each alert server determines which client devices of the respective subset of client devices are to receive the alert. Each alert server then sends an alert message to its client devices that are to receive the alert.

Abstract: A system of hitless restart in a network, where at least one node in the network provides routing control distributed among ingress ports (ingress cards) and egress ports (egress cards), is disclosed. With distributed routing control, each ingress card has its own routing-control software and each egress card has its own routing-control software. When the routing-software at an ingress port or an egress port of a node is restarted, current connections traversing a restarting ingress card or a restarting egress card continue to function normally during a restart period without data loss. The disclosed system is tailored to a multi-protocol label switching (MPLS) network employing distributed-resource-reservation-protocol traffic engineering (RSVP-TE). The system relies on messaging between ingress card control planes, ingress card data planes, egress card control planes, and egress card data planes of a restarting node.

Abstract: A real-time network-analysis system comprises a network appliance and a plurality of management devices. The network appliance continuously monitors an object network and synthesizes a current network image comprising contemporaneous indicators of connectivity, occupancy, and performance of the object network. A management-client device may gain access to the network image for timely control and for use in producing long-term network-evolution plans. To enable the creation of a real-time network image, optimized topology synthesis algorithms are devised to minimize the computational effort. The real-time network-analysis system is adapted for use with an object network employing a variety of routing protocols, such as link-state protocols, and network-management protocols, such as the Simple-Network-Management protocol.

Abstract: A multi-protocol label switching (MPLS) packet network, methods and traffic engineering extensions to label distribution protocol are provided, capable of carrying traffic of multiple classes of service over the same label switch path.

Abstract: A method as apparatus for controlling the number of egress points at an ingress node in a multicast tree in a differentiated services network is described. A resource management entity is provided in each edge node in the entity. The resource management entity in the ingress node stores data from a service level specification that specifies the bandwidth, type of service and a limit on the number of egress points that can be grafted to the ingress node. The grafting of egress points to the node is controlled by the limit. If a new egress point cannot be grafted to the ingress node, the downstream node requesting the graft is preferably provided with graft redirect options to permit the downstream node to graft to an existing branch of the multicast tree. The advantage is automated, dynamic control of the multicast tree so that service is delivered in accordance with a service level agreement that governs service delivery for the dynamic multicast tree.

Abstract: A method to trace, detect, discover and monitor the nodes traversed by a light path from its source to its destination in an Optical Communication Network (OCN) is provided. In accordance with the embodiment of the invention, the system examines various provisioned and discovered optical nodes either sequentially or in parallel to determine whether a unique signature (wavekey) associated with the light path is present. Connectivity and mis-fibering problems are detected by sequentially examining provisioned nodes in the light path to determine if the wavekey associated with the light path can be observed. Control Network topology information is utilized to contact all nodes in the network to trouble-shoot mis-fibering problems.

Abstract: The present invention defines a system and methods for distributed RSVP-TE (resource reservation protocol-traffic engineering) hitless graceful restart for a MPLS (multi-protocol label switching) network. The system comprises a plurality of ingress and egress cards, each card having an MPLS control plane forwarding table for reverse and forward traffic outgoing and incoming labels for LSPs (Label Switched Paths) in the MPLS network; the cards having data planes, each card data plane having said forwarding table stored thereon; and a means for providing messaging between the ingress card MPLS control plane, ingress card data plane, egress card MPLS control plane, and egress card data plane. The methods of the embodiments of this invention do not require hitless graceful restart in telecommunications networks with no requirement for GMPLS stack and therefore can be used in both traditional and generalized MPLS networks.

Abstract: A multi-protocol label switching (MPLS) packet network, methods and traffic engineering extensions to label distribution protocol are provided, capable of carrying traffic of multiple classes of service over the same label switch path.

Abstract: In a packet network, on receiving a packet a receiving host determines if the packet has been marked by any of the nodes through which it passed, to indicate congestion at that node, e.g. by checking the CE bit in an IP header. A packet flow control parameter is generated at the receiving side, and sent to the source using an Internet Protocol, as part of the packet acknowledgment, to control the flow of packets from the source, according to the packet flow control parameter. This can reduce control loop delays caused by waiting at the source for a number of acknowledgments to arrive before the congestion level can be calculated. Conditions at the receiver which may be different to those at the source can now be taken into account in the flow control.