Abstract: In one embodiment, a device uses a classification model to determine whether implementation of a routing change suggested by a predictive routing engine for a network will result in a violation of one or more network policies. The device computes a trust score, based on performance metrics for the classification model. The device causes, based in part on the trust score, implementation of the routing change in the network, when the classification model determines that application of the routing change will not result in a violation of the one or more network policies.
Abstract: In one embodiment, a device in a network loads an anomaly detection model for warm-start. The device filters input data for the model during a warm-start grace period after warm-start of the anomaly detection model. The model is not updated during the warm-start grace period based on the filtering. The device determines an end to the warm-start grace period. The device updates the anomaly detection model using unfiltered input data for the anomaly detection model after the determined end to the warm-start grace period.
Abstract: In one embodiment, a device in a network determines cluster assignments that assign traffic data regarding traffic in the network to activity level clusters based on one or more measures of traffic activity in the traffic data. The device uses the cluster assignments to predict seasonal activity for a particular subset of the traffic in the network. The device determines an activity level for new traffic data regarding the particular subset of traffic in the network. The device detects a network anomaly by comparing the activity level for the new traffic data to the predicted seasonal activity.
Abstract: In one embodiment, a device obtains user experience metrics for a plurality of sessions with an online application. The device detects a plurality of anomalies from among the user experience metrics. The device determines, based on a correlation between the plurality of anomalies, that a particular path entity is a root cause of the plurality of anomalies. The particular path entity comprises an egress service provider or data center of the online application. The device provides an indication of the particular path entity being the root cause of the plurality of anomalies.
Abstract: In one embodiment, a network element in a network receives one or more machine learning models configured to make an inference about the network. The network element requests, according to a predefined peering plan, telemetry attribute data from one or more peer network elements specified by the peering plan. The network element receives the telemetry attribute data from the one or more peer network elements. The network element makes, using the one or more machine learning models, an inference about the network based in part on the received telemetry attribute data.
Abstract: In one embodiment, a device obtains telemetry data for network paths to a plurality of servers for an online application. The telemetry data includes application experience metrics based on feedback provided by users of the online application. The device decomposes the telemetry data for the network paths from different vantage points. The device also identifies, using the decomposed telemetry data, a particular endpoint of the online application as a cause of application experience degradation for the online application. The device provides an alert indicative of the particular endpoint of the online application being the cause of quality of experience degradation for the online application.
Abstract: In one embodiment, a service computes a data fidelity metric for network telemetry data used by a machine learning model to monitor a computer network. The service detects unacceptable performance of the machine learning model. The service determines a correlation between the data fidelity metric and the unacceptable performance of the machine learning model. The service adjusts generation of the network telemetry data for input to the machine learning model, based on the determined correlation between the data fidelity metric and the unacceptable performance of the machine learning model.
Type:
Grant
Filed:
November 22, 2019
Date of Patent:
July 26, 2022
Assignee:
Cisco Technology, Inc.
Inventors:
Jean-Philippe Vasseur, Vinay Kumar Kolar, Andrea Di Pietro, Grégory Mermoud, Pierre-Andre Savalle
Abstract: In one embodiment, a device obtains information regarding temporary routing patches applied to a network. Each temporary routing patch implements a routing change in the network for a specified amount of time to avoid or mitigate against a service level agreement violation. The device evaluates, using the information regarding the temporary routing patches applied to the network, a plurality of replay scenarios for the network. The device determines, based on the plurality of replay scenarios, a long-term configuration change for the network. The device provides an indication of the long-term configuration change for display.
Abstract: In one embodiment, a networking device in a network causes formation of device clusters of devices in the network. The devices in a particular cluster exhibit similar characteristics. The networking device receives feedback from a device identity service regarding the device clusters. The feedback is based in part on the device identity service probing the devices. The networking device adjusts the device clusters based on the feedback from the device identity service. The networking device performs anomaly detection in the network using the adjusted device clusters.
Type:
Grant
Filed:
June 13, 2016
Date of Patent:
February 26, 2019
Assignee:
Cisco Technology, Inc.
Inventors:
Jean-Philippe Vasseur, Grégory Mermoud, Pierre-André Savalle, Andrea Di Pietro, Sukrit Dasgupta
Abstract: In various embodiments, a device classification service obtains device telemetry data indicative of declarative attributes of a device in a network and indicative of behavioral attributes of that device. The device classification service labels the device with a device type, based on the device telemetry data. The device classification service detects device type spoofing exhibited by the device using a model that models a relationship between the declarative attributes and the behavioral attributes. The device classification service initiates, based on the device type spoofing, a mitigation action regarding the device.
Type:
Grant
Filed:
April 17, 2020
Date of Patent:
August 15, 2023
Assignee:
Cisco Technology, Inc.
Inventors:
Jean-Philippe Vasseur, Pierre-André Savalle, Grégory Mermoud, David Tedaldi
Abstract: In one embodiment, a device identifies a new traffic flow in a network. The device determines a service level agreement (SLA) associated with the new traffic flow. The device uses a machine learning model to predict whether a particular tunnel in the network can satisfy the determined SLA of the traffic were the traffic flow routed onto the tunnel. The device performs call admission control to route the new traffic flow onto the particular tunnel, based on a prediction that the tunnel can satisfy the determined SLA of the traffic.
Abstract: In one embodiment, a device obtains behavioral metrics for application traffic in a network for a plurality of applications. The device identifies a first application and a second application from among the plurality of applications as fate sharing applications, based on a correlation between the behavioral metrics for their application traffic. The device generates a configuration change for the network that would prevent the first application and the second application from being fate sharing applications, when application traffic for the first application negatively affects the behavioral metrics for the application traffic of the second application. The device causes the configuration change to be implemented in the network.
Abstract: In one embodiment, a device classification service forms a device cluster by applying clustering to telemetry data associated with a plurality of devices. The service obtains device type labels for the device cluster. The service generates a device type classification rule using the device type labels and the telemetry data. The service determines whether the device type classification rule should be revalidated by applying a revalidation policy to the device type classification rule. The service revalidates the device type classification rule, based on a determination that the device type classification rule should be revalidated.
Type:
Application
Filed:
May 6, 2019
Publication date:
November 12, 2020
Inventors:
Jean-Philippe Vasseur, Pierre-Andre Savalle, Grégory Mermoud, David Tedaldi
Abstract: In one embodiment, a device obtains data regarding routing decisions made by a machine learning-based predictive routing engine for a network. The device determines, based on the data regarding the routing decisions, a behavior of the machine learning-based predictive routing engine. The device compares the behavior of the machine learning-based predictive routing engine to a behavioral policy for the machine learning-based predictive routing engine. The device adjusts operation of the machine learning-based predictive routing engine, when the behavior of the machine learning-based predictive routing engine violates the behavioral policy.
Abstract: In one embodiment, a service tracks performance of a machine learning model over time. The machine learning model is used to monitor one or more computer networks based on data collected from the one or more computer networks. The service also tracks performance metrics associated with training of the machine learning model. The service determines that a degradation of the performance of the machine learning model is anomalous, based on the tracked performance of the machine learning model and performance metrics associated with training of the model. The service initiates a corrective measure for the degradation of the performance, in response to determining that the degradation of the performance is anomalous.
Abstract: In one embodiment, a device in a network loads an anomaly detection model for warm-start. The device filters input data for the model during a warm-start grace period after warm-start of the anomaly detection model. The model is not updated during the warm-start grace period based on the filtering. The device determines an end to the warm-start grace period. The device updates the anomaly detection model using unfiltered input data for the anomaly detection model after the determined end to the warm-start grace period.
Abstract: In one embodiment, a networking device at an edge of a network generates a first set of feature vectors using information regarding one or more characteristics of host devices in the network. The networking device forms the host devices into device clusters dynamically based on the first set of feature vectors. The networking device generates a second set of feature vectors using information regarding traffic associated with the device clusters. The networking device models interactions between the device clusters using a plurality of anomaly detection models that are based on the second set of feature vectors.
Abstract: In one embodiment, a networking device at an edge of a network generates a first set of feature vectors using information regarding one or more characteristics of host devices in the network. The networking device forms the host devices into device clusters dynamically based on the first set of feature vectors. The networking device generates a second set of feature vectors using information regarding traffic associated with the device clusters. The networking device models interactions between the device clusters using a plurality of anomaly detection models that are based on the second set of feature vectors.
Abstract: In one embodiment, a service receives input data from networking entities in a network. The input data comprises synchronous time series data, asynchronous event data, and an entity graph that that indicates relationships between the networking entities in the network. The service clusters the networking entities by type in a plurality of networking entity clusters. The service selects, based on a combination of the received input data, machine learning model data features. The service trains, using the selected machine learning model data features, a machine learning model to forecast a key performance indicator (KPI) for a particular one of the networking entity clusters.
Abstract: In one embodiment, a service uses a set of collected characteristics of a client device in a network as input to a machine learning-based model that predicts a quality score for an online conference in which the client device is a participant. The service determines a resource consumption by the client device or the network that is associated with collecting the characteristics of the client device. The service determines an efficacy of the machine learning-based model as a function of the set of collected characteristics of the client device. The service adjusts the set of collected characteristics of the client device to optimize the efficacy of the model and the resource consumption associated with collecting the characteristics of the client device.
Type:
Application
Filed:
September 14, 2017
Publication date:
December 20, 2018
Inventors:
Jean-Philippe Vasseur, Grégory Mermoud, Pierre-André Savalle, Javier Cruz Mota