Abstract: Mechanism for identifying malicious content, DoS attacks, and illegal IPTV services. By monitoring the characteristics of various control messages being transmitted within a network that services Internet protocol television (IPTV) content to identify suspicious behavior (e.g., such as that associated with malicious content, denial of service (DoS) attacks, IPTV service stealing, etc.). In addition to monitoring control messages within such a network, deep packet inspection (DPI) may be performed for individual packets within an IPTV stream to identify malicious content therein (e.g., worms, viruses, etc. actually within the IPTV stream itself). By monitoring control messages and/or actual IPTV content within a network (e.g., vs. at the perimeter of a network only), protection against both outside and inside attacks can be effectuated. This network level basis of operation effectively guards against promulgation of malicious content to other devices within the network.

Abstract: A virtual router network (VRN) for performing real-time flow measurements (RTFM) is provided. The VRN effectively reduces the number of traffic metering points required thereby simplifying the aggregation and exportation of flow records to a collector. The collector may be service manager in a network management system. The metering points, in a preferred embodiment, are at virtual interfaces (VI) which are edge nodes in VRN. One of the virtual interfaces is selected as a master virtual interface and act as a collector and distributor of flow related information. In one aspect of the invention the VRN is used to provide, non-invasively, per-flow delay monitoring in a communication system.

Abstract: Mechanism for identifying malicious content, DoS attacks, and illegal IPTV services. By monitoring the characteristics of various control messages being transmitted within a network that services Internet protocol television (IPTV) content to identify suspicious behavior (e.g., such as that associated with malicious content, denial of service (DoS) attacks, IPTV service stealing, etc.). In addition to monitoring control messages within such a network, deep packet inspection (DPI) may be performed for individual packets within an IPTV stream to identify malicious content therein (e.g., worms, viruses, etc. actually within the IPTV stream itself). By monitoring control messages and/or actual IPTV content within a network (e.g., vs. at the perimeter of a network only), protection against both outside and inside attacks can be effectuated. This network level basis of operation effectively guards against promulgation of malicious content to other devices within the network.

Abstract: A network monitoring system (10). The system comprises a database (32) and at least one monitoring circuit (36) coupled to a network (20). Network traffic flows along the network in a form of packets. The at least one monitoring circuit is programmed to perform the steps of receiving a packet communicated along the network and determining whether data in the packet satisfies a rule set. Further, the at least one monitoring circuit is responsive to determining that data in the packet satisfies a rule set by copying information relating to the packet to be stored into the database. The system also comprises circuitry for querying the information communicated by the at least one monitoring circuit to the database to identify an irregularity in the network traffic.

Abstract: A network monitoring system (60). The system comprises storage circuitry (32) for storing network packet information, wherein the network packet information includes a predicted identifier. The network monitoring system also comprises at least one monitoring circuit (36) coupled to a network (70) along which network traffic flows in a form of packets. The at least one monitoring circuit programmed to perform the steps (44) of receiving a packet communicated along the network and determining whether the received packet is communicated between a source and destination in a first set of network nodes. Each packet in a sequence of communications between the source and the destination comprises a packet identifier that uniquely identifies the packet from all other communications in a flow between the source and the destination.

Abstract: Apparatus, methods, and related data structures for validating a routing configuration in a communication system are disclosed. Routing information in a communication system is passively collected, illustratively from routing protocol advertisement messages. A routing configuration of the communication system is validated based on the collected routing information. Validation may involve comparing information associated with electronic addresses in an address space of the communication system with the collected routing information, and also or instead comparing an intended routing configuration with an explicit routing configuration, for example. A data structure may include information indicating an electronic address and information indicating a result of validating a routing configuration associated with the electronic address.

Abstract: Apparatus and method are provided for enabling establishment of cross-domain services, including exchange of reachability information between domains, routing of services across domains, and differential labeling. The network element control and management planes are supplemented by additional components that enable the control and management planes of each domain to inter-communicate in a peer-to-peer manner. Adjacencies are established between domains, and service reachability information is exchanged between domains. Network Service Applications within the management planes can then establish services across the domains by inter-communicating.

Abstract: Apparatus and method are provided for distributing labels between domains of different technologies or administrations, thereby facilitating establishment of cross-domain services. Each label includes a Service label having end-to-end consistency, and a Local label used by each domain in accordance with the domain's underlying technology.

Abstract: Apparatus and method are provided for distributing service domain reachability information across domain boundaries, thereby allowing domain management systems to determine routing for cross-domain services even when the domains have different technologies or administrators. A Service Domain Manager within each domain advertises to neighbouring domains which services it supports. A domain which receives such advertisements forwards the advertisement on to other domains. Each SDM builds a routing information table which specifies the service, the domain, the next hop, and optionally user defined metrics. The routing information table does not include end-point addresses, in order to keep the size of the table manageable. In this way, the NMS of each domain obtains an end-to-end view of service routes.

Abstract: A virtual router network (VRN) for performing real-time flow measurements (RTFM) is provided. The VRN effectively reduces the number of traffic metering points required thereby simplifying the aggregation and exportation of flow records to a collector. The collector may be service manager in a network management system. The metering points, in a preferred embodiment, are at virtual interfaces (VI) which are edge nodes in VRN. One of the virtual interfaces is selected as a master virtual interface and act as a collector and distributor of flow related information. In one aspect of the invention the VRN is used to provide, non-invasively, per-flow delay monitoring in a communication system.

Abstract: A methods of implementing event based distributed multicast flow accounting are presented. Multicast-enabled routers request, and aggregate traffic flow measurement information from downstream multicast-enabled routers participating in dependent multicast sub-trees. Records are kept by the multicast-enabled router regarding changes to the underlying multicast tree topology. The aggregate traffic flow measurements and topology information are reported to multicast-enabled routers upstream. Advantages are derived from the ability to accurately compute multicast content transport costs within a communications service provider's network.

Abstract: A network monitoring system (60). The system comprises storage circuitry (32) for storing network packet information, wherein the network packet information includes a predicted identifier. The network monitoring system also comprises at least one monitoring circuit (36) coupled to a network (70) along which network traffic flows in a form of packets. The at least one monitoring circuit programmed to perform the steps (44) of receiving a packet communicated along the network and determining whether the received packet is communicated between a source and destination in a first set of network nodes. Each packet in a sequence of communications between the source and the destination comprises a packet identifier that uniquely identifies the packet from all other communications in a flow between the source and the destination.

Abstract: A network monitoring system (10). The system comprises a database (32) and at least one monitoring circuit (36) coupled to a network (20). Network traffic flows along the network in a form of packets. The at least one monitoring circuit is programmed to perform the steps of receiving a packet communicated along the network and determining whether data in the packet satisfies a rule set. Further, the at least one monitoring circuit is responsive to determining that data in the packet satisfies a rule set by copying information relating to the packet to be stored into the database. The system also comprises circuitry for querying the information communicated by the at least one monitoring circuit to the database to identify an irregularity in the network traffic.