Patent Grant
10616072
The present technology pertains to network configuration and troubleshooting, and more specifically to an interface that enables quick network configuration and troubleshooting.
Computer networks are becoming increasingly complex, often involving low level as well as high level configurations at various layers of the network. For example, computer networks generally include numerous access policies, forwarding policies, routing policies, security policies, etc., which together define the overall behavior and operation of the network. Network operators have a wide array of configuration options for tailoring the network to the needs of the users. While the different configuration options available provide network operators a great degree of flexibility and control over the network, they also add to the complexity of the network. In many cases, the configuration process can become highly complex. Not surprisingly, the network configuration process is increasingly error prone. In addition, troubleshooting errors in a highly complex network can be extremely difficult. The process of understanding the network configurations and topology in a large network, and identifying the root cause of undesired behavior can be a daunting task.
Moreover, the amount of data relating to the network can be prohibitively large, increasing exponentially with time. For example, some services and/or systems generate a large amount of time-based data (e.g., a large set of data for each of several time periods) in over to track the configuration and health of a network fabric over time. However, it is difficult for users to get a good overall view of the voluminous data, insight into particular epochs of interest, and/or quickly select sets of data to investigate.
There is therefore a need to address the above problems for services and/or systems that generate large amounts of time-based data.
The above-recited and other advantages and features of the present technology will become apparent by reference to specific implementations illustrated in the appended drawings. A person of ordinary skill in the art will understand that these drawings only show some examples of the present technology and would not limit the scope of the present technology to these examples. Furthermore, the skilled artisan will appreciate the principles of the present technology as described and explained with additional specificity and detail through the use of the accompanying drawings in which:
Various examples of the present technology are discussed in detail below. While specific implementations are discussed, it should be understood that this is done for illustration purposes only. A person skilled in the relevant art will recognize that other components and configurations may be used without parting from the spirit and scope of the present technology.
Overview:
Systems, methods, and devices are disclosed for generating an interface configured to display status information for network elements on a network. In embodiments, one or more logical models of the network are obtained from at least one of a plurality of controllers on a network. Network statistics are determined based on network traffic. Based on the one or more logical models and the network statistics, a topology of the network and respective status information of one or more network elements during an epoch is identified, the epoch defining a time interval. A user interface is generated that displays the respective status information in a timeline comprising one or more of the epochs.
The disclosed technology addresses the need in the art for providing an interface that enables quick network configuration and troubleshooting. It brings formal verification techniques into networking by mathematically verifying and validating an entire network for correctness, giving operators of a network the confidence that their network is always operating consistently with their intent, even as it changes dynamically. For example, data that's been collected from devices on a network can provide valuable details about the status, security, or performance of the network, as well as any network elements. This collected data can be analyzed to monitor and troubleshoot the network. As network environments increase in size and complexity, a large amount of data is collected and generated in monitoring the network environments. Unfortunately, larger amounts of data generated for network environments make it more difficult to analyze the data and subsequently monitor network environments to determine anomalies in the network environments. Moreover, as states of network environments change after an anomaly occurs, often before an administrator can determine a network state of the environment at the time of the anomaly, it can be difficult for administrators to correctly diagnose and fix problems in the network environments
The disclosed embodiments provide an interface that enables users to quickly see problems in the network and, in some embodiments, provides troubleshooting or remediation suggestions. This can be especially useful for networks that are dynamic, distributed systems whose states change over time. The present technology accomplishes this by obtaining, one or more logical models of a network from at least one controller on the network. The logical models include configurations of one or more objects defined for the network. The objects can be hardware and/or logical constructs like endpoint groups (EPGs), contracts, application profiles, etc. Network statistics are measured based on network traffic. Based on the logical models and the measured network statistics, a topology of the network and respective status information of one or more network elements is identified during an epoch, the epoch defining a certain time interval. The network elements can include configured objects as well as components/devices in the network/fabric, and any other network item. A user interface is then generated that displays the respective status information of the network elements in a timeline comprising one or more of the epochs.
For example, a user or interface on a client device may define a set of epochs for viewing. Data during the set of epochs relating to objects on the network and/or the entire network state can be collected and/or received by the system. The system can retrieve the data generated or collected during each epoch in the set of epochs, and the system can then generate a status of the network fabric for each epoch based on the epoch's associated data. The system can transmit the status information for each epoch in the set of epochs to the interface for display in a timeline where each epoch is represented by an icon (which can vary based on the status for the epoch, such as whether the epoch collection was completed, completed with issues, not successful, etc.).
A user may quickly see the order of epochs in the timeline to gain an overall view of the data generated by the system. Furthermore, the different icons for each epoch helps a user quickly identify problem epochs for further investigation by highlighting particular epochs of interest for a user within an overall view of the epoch based data. The user may select epochs of interest in order to view more information associated with the selected epoch, and allows the user to quickly manipulate data by epoch in order to locate more precisely desired epoch based data, such as information about a topology of the network and respective status information of a network element.
The present technology involves system, methods, and computer-readable media for detecting and reporting anomalies in a network environment in providing network assurance. A user interface can be generated that that assists troubleshooting and/or provides remedial suggestions in association with network assurance. Network assurance is the guarantee or determination that the network is behaving as intended by the network operator and has been configured properly (e.g., the network is doing what is intended, from system wide to individual network elements (e.g., switches, routers, applications, resources, etc.)). However, often times, the configurations, policies, etc., defined by a network operator are not accurately reflected in the actual behavior of the network. For example, a network operator can specify a configuration A for one or more types of traffic but later finds out that the network is actually applying configuration B to that traffic or otherwise processing that traffic in a manner that is inconsistent with configuration A. This can be a result of many different causes, such as hardware errors, software bugs, varying priorities, configuration conflicts, misconfiguration of one or more settings, improper rule rendering by devices, unexpected errors or events, software upgrades, configuration changes, failures, etc. As another example, a network operator can implement configuration C, but one or more other configurations result in the network behaving in a manner that is inconsistent with the intent reflected by the implementation of configuration C.
The approaches herein can provide network assurance by modeling various aspects of the network and/or performing consistency checks as well as other network assurance checks. The network assurance approaches herein can be implemented in various types of networks, including a private network, such as a local area network (LAN); an enterprise network; a standalone or traditional network, such as a data center network; a network including a physical or underlay layer and a logical or overlay layer, such as a VXLAN or software-defined network (SDN) (e.g., Application Centric Infrastructure (ACI) or VMware NSX networks); etc.
Logical models of a network can be constructed and implemented for network assurance. A logical model can provide a representation of one or more aspects of a network, including, without limitation the network's policies, configurations, requirements, security, routing, topology, applications, hardware, filters, contracts, access control lists, infrastructure, etc. Different types of models can be generated for a given network.
Such logical models can be implemented to ensure that the behavior of the network will be consistent (or is consistent) with the intended behavior reflected through specific configurations (e.g., policies, settings, definitions, etc.) implemented by the network operator. Unlike traditional network monitoring, which involves sending and analyzing data packets and observing network behavior, network assurance can be performed through logical modeling without necessarily ingesting packet data or monitoring traffic or network behavior. This can result in foresight, insight, and hindsight: problems can be prevented before they occur, identified when they occur, and fixed immediately after they occur.
Thus, network assurance can involve logical modeling of properties of the network to deterministically predict the behavior of the network. The network can be determined to be healthy if the logical model(s) indicate proper behavior (e.g., no inconsistencies, conflicts, errors, etc.). The network can be determined to be functional, but not fully healthy, if the modeling indicates proper behavior but some inconsistencies. The network can be determined to be non-functional and not healthy if the modeling indicates improper behavior and errors. If inconsistencies or errors are detected by the logical modeling, a detailed analysis of the corresponding model(s) can allow one or more underlying or root problems to be identified with great accuracy. This detailed analysis, split up by one or more epochs, can be included in a generated display that allows highlights epochs of interest to a user. Moreover, the generated display can provide remedial suggestions or other troubleshooting advice in response that is tailored to the epochs of interest.
Having described various aspects of network assurance, the disclosure now turns to a discussion of example network environments for network assurance.
Leafs 104 can be responsible for routing and/or bridging tenant or customer packets and applying network policies or rules. Network policies and rules can be driven by one or more Controllers 116, and/or implemented or enforced by one or more devices, such as Leafs 104. Leafs 104 can connect other elements to the Fabric 120. For example, Leafs 104 can connect Servers 106, Hypervisors 108, Virtual Machines (VMs) 110, Applications 112, Network Device 114, etc., with Fabric 120. Such elements can reside in one or more logical or virtual layers or networks, such as an overlay network. In some cases, Leafs 104 can encapsulate and decapsulate packets to and from such elements (e.g., Servers 106) in order to enable communications throughout Network Environment 100 and Fabric 120. Leafs 104 can also provide any other devices, services, tenants, or workloads with access to Fabric 120. In some cases, Servers 106 connected to Leafs 104 can similarly encapsulate and decapsulate packets to and from Leafs 104. For example, Servers 106 can include one or more virtual switches or routers or tunnel endpoints for tunneling packets between an overlay or logical layer hosted by, or connected to, Servers 106 and an underlay layer represented by Fabric 120 and accessed via Leafs 104.
Applications 112 can include software applications, services, containers, appliances, functions, service chains, etc. For example, Applications 112 can include a firewall, a database, a CDN server, an IDS/IPS, a deep packet inspection service, a message router, a virtual switch, etc. An application from Applications 112 can be distributed, chained, or hosted by multiple endpoints (e.g., Servers 106, VMs 110, etc.), or may run or execute entirely from a single endpoint.
VMs 110 can be virtual machines hosted by Hypervisors 108 or virtual machine managers running on Servers 106. VMs 110 can include workloads running on a guest operating system on a respective server. Hypervisors 108 can provide a layer of software, firmware, and/or hardware that creates, manages, and/or runs the VMs 110. Hypervisors 108 can allow VMs 110 to share hardware resources on Servers 106, and the hardware resources on Servers 106 to appear as multiple, separate hardware platforms. Moreover, Hypervisors 108 on Servers 106 can host one or more VMs 110.
In some cases, VMs 110 and/or Hypervisors 108 can be migrated to other Servers 106. Servers 106 can similarly be migrated to other locations in Network Environment 100. For example, a server connected to a specific leaf can be changed to connect to a different or additional leaf. Such configuration or deployment changes can involve modifications to settings, configurations and policies that are applied to the resources being migrated as well as other network components.
In some cases, one or more Servers 106, Hypervisors 108, and/or VMs 110 can represent or reside in a tenant or customer space. Tenant space can include workloads, services, applications, devices, networks, and/or resources that are associated with one or more clients or subscribers. Accordingly, traffic in Network Environment 100 can be routed based on specific tenant policies, spaces, agreements, configurations, etc. Moreover, addressing can vary between one or more tenants. In some configurations, tenant spaces can be divided into logical segments and/or networks and separated from logical segments and/or networks associated with other tenants. Addressing, policy, security and configuration information between tenants can be managed by Controllers 116, Servers 106, Leafs 104, etc.
Configurations in Network Environment 100 can be implemented at a logical level, a hardware level (e.g., physical), and/or both. For example, configurations can be implemented at a logical and/or hardware level based on endpoint or resource attributes, such as endpoint types and/or application groups or profiles, through a software-defined network (SDN) framework (e.g., Application-Centric Infrastructure (ACI) or VMWARE NSX). To illustrate, one or more administrators can define configurations at a logical level (e.g., application or software level) through Controllers 116, which can implement or propagate such configurations through Network Environment 100. In some examples, Controllers 116 can be Application Policy Infrastructure Controllers (APICs) in an ACI framework. In other examples, Controllers 116 can be one or more management components associated with other SDN solutions, such as NSX Managers.
Such configurations can define rules, policies, priorities, protocols, attributes, objects, etc., for routing and/or classifying traffic in Network Environment 100. For example, such configurations can define attributes and objects for classifying and processing traffic based on Endpoint Groups (EPGs), Security Groups (SGs), VM types, bridge domains (BDs), virtual routing and forwarding instances (VRFs), tenants, priorities, firewall rules, etc. Other example network objects and configurations are further described below. Traffic policies and rules can be enforced based on tags, attributes, or other characteristics of the traffic, such as protocols associated with the traffic, EPGs associated with the traffic, SGs associated with the traffic, network address information associated with the traffic, etc. Such policies and rules can be enforced by one or more elements in Network Environment 100, such as Leafs 104, Servers 106, Hypervisors 108, Controllers 116, etc. As previously explained, Network Environment 100 can be configured according to one or more particular software-defined network (SDN) solutions, such as CISCO ACI or VMWARE NSX. These example SDN solutions are briefly described below.
ACI can provide an application-centric or policy-based solution through scalable distributed enforcement. ACI supports integration of physical and virtual environments under a declarative configuration model for networks, servers, services, security, requirements, etc. For example, the ACI framework implements EPGs, which can include a collection of endpoints or applications that share common configuration requirements, such as security, QoS, services, etc. Endpoints can be virtual/logical or physical devices, such as VMs, containers, hosts, or physical servers that are connected to Network Environment 100. Endpoints can have one or more attributes such as a VM name, guest OS name, a security tag, application profile, etc. Application configurations can be applied between EPGs, instead of endpoints directly, in the form of contracts. Leafs 104 can classify incoming traffic into different EPGs. The classification can be based on, for example, a network segment identifier such as a VLAN ID, VXLAN Network Identifier (VNID), NVGRE Virtual Subnet Identifier (VSID), MAC address, IP address, etc.
In some cases, classification in the ACI infrastructure can be implemented by Application Virtual Switches (AVS), which can run on a host, such as a server or switch. For example, an AVS can classify traffic based on specified attributes, and tag packets of different attribute EPGs with different identifiers, such as network segment identifiers (e.g., VLAN ID). Finally, Leafs 104 can tie packets with their attribute EPGs based on their identifiers and enforce policies, which can be implemented and/or managed by one or more Controllers 116. Leaf 104 can classify to which EPG the traffic from a host belongs and enforce policies accordingly.
Another example SDN solution is based on VMWARE NSX. With VMWARE NSX, hosts can run a distributed firewall (DFW) which can classify and process traffic. Consider a case where three types of VMs, namely, application, database and web VMs, are put into a single layer-2 network segment. Traffic protection can be provided within the network segment based on the VM type. For example, HTTP traffic can be allowed among web VMs, and disallowed between a web VM and an application or database VM. To classify traffic and implement policies, VMWARE NSX can implement security groups, which can be used to group the specific VMs (e.g., web VMs, application VMs, database VMs). DFW rules can be configured to implement policies for the specific security groups. To illustrate, in the context of the previous example, DFW rules can be configured to block HTTP traffic between web, application, and database security groups.
Returning now to
Controllers 116 can provide centralized access to fabric information, application configuration, resource configuration, application-level configuration modeling for a software-defined network (SDN) infrastructure, integration with management systems or servers, etc. Controllers 116 can form a control plane that interfaces with an application plane via northbound APIs and a data plane via southbound APIs.
As previously noted, Controllers 116 can define and manage application-level model(s) for configurations in Network Environment 100. In some cases, application or device configurations can also be managed and/or defined by other components in the network. For example, a hypervisor or virtual appliance, such as a VM or container, can run a server or management tool to manage software and services in Network Environment 100, including configurations and settings for virtual appliances.
As illustrated above, Network Environment 100 can include one or more different types of SDN solutions, hosts, etc. For the sake of clarity and explanation purposes, various examples in the disclosure will be described with reference to an ACI framework, and Controllers 116 may be interchangeably referenced as controllers, APICs, or APIC controllers. However, it should be noted that the technologies and concepts herein are not limited to ACI solutions and may be implemented in other architectures and scenarios, including other SDN solutions as well as other types of networks which may not deploy an SDN solution.
Further, as referenced herein, the term “hosts” can refer to Servers 106 (e.g., physical or logical), Hypervisors 108, VMs 110, containers (e.g., Applications 112), etc., and can run or include any type of server or application solution. Non-limiting examples of “hosts” can include virtual switches or routers, such as distributed virtual switches (DVS), application virtual switches (AVS), vector packet processing (VPP) switches; VCENTER and NSX MANAGERS; bare metal physical hosts; HYPER-V hosts; VMs; DOCKER Containers; etc.
Endpoints 122 can be associated with respective Logical Groups 118. Logical Groups 118 can be logical entities containing endpoints (physical and/or logical or virtual) grouped together according to one or more attributes, such as endpoint type (e.g., VM type, workload type, application type, etc.), one or more requirements (e.g., policy requirements, security requirements, QoS requirements, customer requirements, resource requirements, etc.), a resource name (e.g., VM name, application name, etc.), a profile, platform or operating system (OS) characteristics (e.g., OS type or name including guest and/or host OS, etc.), an associated network or tenant, one or more policies, a tag, etc. For example, a logical group can be an object representing a collection of endpoints grouped together. To illustrate, Logical Group 1 can contain client endpoints, Logical Group 2 can contain web server endpoints, Logical Group 3 can contain application server endpoints, Logical Group N can contain database server endpoints, etc. In some examples, Logical Groups 118 are EPGs in an ACI environment and/or other logical groups (e.g., SGs) in another SDN environment.
Traffic to and/or from Endpoints 122 can be classified, processed, managed, etc., based Logical Groups 118. For example, Logical Groups 118 can be used to classify traffic to or from Endpoints 122, apply policies to traffic to or from Endpoints 122, define relationships between Endpoints 122, define roles of Endpoints 122 (e.g., whether an endpoint consumes or provides a service, etc.), apply rules to traffic to or from Endpoints 122, apply filters or access control lists (ACLs) to traffic to or from Endpoints 122, define communication paths for traffic to or from Endpoints 122, enforce requirements associated with Endpoints 122, implement security and other configurations associated with Endpoints 122, etc.
In an ACI environment, Logical Groups 118 can be EPGs used to define contracts in the ACI. Contracts can include rules specifying what and how communications between EPGs take place. For example, a contract can define what provides a service, what consumes a service, and what policy objects are related to that consumption relationship. A contract can include a policy that defines the communication path and all related elements of a communication or relationship between endpoints or EPGs. For example, a Web EPG can provide a service that a Client EPG consumes, and that consumption can be subject to a filter (ACL) and a service graph that includes one or more services, such as firewall inspection services and server load balancing.
System 200 can include data collection service 210 as part of an example network assurance method. Data collection service 210 can collect data associated with Network Environment 100. The data can include fabric data (e.g., topology, switch, interface policies, application policies, EPGs, etc.), network configurations (e.g., BDs, VRFs, L2 Outs, L3 Outs, protocol configurations, etc.), security configurations (e.g., contracts, filters, etc.), service chaining configurations, routing configurations, and so forth. Other information collected or obtained can include, for example, network data (e.g., RIB/FIB, VLAN, MAC, ISIS, DB, BGP, OSPF, ARP, VPC, LLDP, MTU, QoS, etc.), rules and tables (e.g., TCAM rules, ECMP tables, etc.), endpoint dynamics (e.g., EPM, COOP EP DB, etc.), statistics (e.g., TCAM rule hits, interface counters, bandwidth, etc.).
System 200 can include modelling and analysis service 220, which can generate logical models and analyze received data in accordance with the logical models. The logical models can be obtained from at least one controller on the network, and can include configurations, policies, etc., of one or more objects defined for the network, as described below with reference to step 310 of
For example, modelling and analysis service 220 can perform comprehensive network modelling by building mathematically accurate representations of network behavior spanning underlay, overlay, and/or virtualization layers (e.g., logical models). The logical models can provide representations of the network's intended behavior based on the specification and/or configuration of the network (e.g., the network intent reflected by the configurations specified by the network operator via one or more controllers on the network), but may also include representations of the network's actual behavior based on real-time state, traffic, policy, etc. For instance, modelling and analysis service 220 can obtain and/or anaylyze a model of network-wide and/or node-specific (e.g., switch, endpoint, etc.) contracts, the forwarding state at one or more network devices, configurations of one or more network devices (e.g., switches, endpoints, etc.), and so on. Modelling and analysis service 220 can obtain and/or analyze logical models that model multiple aspects of the network, including, but not limited to: endpoint mobility, network security, tenant and/or service policies, resources utilization, forwarding, tenant resources and/or policies, etc. Modelling and analysis service 220 can capture, analyze, and correlate network state, including switch configurations and data-plane state at the hardware level. The analysis can span multiple aspects of the network such as network behavior, controller policy, contracts, forwarding state, virtual machine configurations and mobility, utilization of hardware resources such as TCAM, application profiles and behavior, EPGs, ACLs, filters, etc.
To illustrate, let's look at one example: analyzing tenant security. For example, modelling and analysis service 220 can read all the security contracts and the enforcement policies configured in software for one or more tenants and rendered in hardware (e.g., TCAM). These policies are translated into an optimized representation of these policies and mathematically verified or validated. Using this model, and assuming A and B are objects on the network, modelling and analysis service 220 can analyze the configurations defined for the network and the rules rendered on hardware to answer several questions, such as: (1) who can A talk to?; (2) can A talk to B?; (3) is there isolation between tenants?; (4) are any policies conflicting with each other?; (5) are some policies aliased?; (6) did an upgrade to a new software and/or hardware version change existing security or policy enforcement or network behavior?; (7) are the configured policies compliant?; (8) which specific policy has been violated?; etc. A similar approach can be used for all other aspects of the network, e.g., collect the data, build the model, and run an exhaustive set of checks against it.
The analysis can run continuously: every few minutes the entire policy and network state can be polled, which can update the formal model. Modelling and analysis service 220 can then run the checks against it. When a discrepancy is found, modelling and analysis service can generate a “smart event,” which pinpoints deviations from intended behavior and provides expert-level remediation suggestions.
In some embodiments, modelling and analysis service 220 can generate one or more smart events. Modelling and analysis service 220 can generate smart events using deep object hierarchy for detailed analysis, such as Tenants, switches, VRFs, rules, filters, routes, prefixes, ports, contracts, subjects, etc.
Modelling and analysis service 220 can measure network statistics based on network traffic (step 320), and store the network statistics in status information store 222. The data from data collection service 210, for example, can be analyzed to measure and/or capture network-wide device state and configurations, controller policy, and/or operator intent. For example, the network statistics can be measured based on the logical models, which can involve determining equivalency between the logical models and the objects defined for the network, such as the configurations, policies, etc.
Modelling and analysis service 220 can identify, based on the one or more logical models and the network statistics, a topology of the network and status information of one or more network elements (step 330). The topology of the network and status information can be collected during an epoch, which defines a time interval, and can be customized by user input. In addition to the epoch, the type(s) of data collected and analyzed can also be customized by user input. For example, the user input can define a metric associated with the type of data, where the logical model determines the respective status based on the metric.
System 200 can also include visualization service 230 that can generate a user interface displaying the status information in a timeline comprising one or more of the epochs (step 340). Visualization service 230 can visualize the smart events, analysis, and/or models. Visualization service 230 can display problems and alerts for analysis and debugging, in a user-friendly GUI.
Visualization service 230 can, for example, classify status information into a type of error, and then aggregate all the objects from the network that are associated with the type of error during the epoch. Visualization service 230 can display the aggregation of the type of error, where the display can include an option to view a number of instances of the type of error that occurred during the epoch. Visualization service 230 can also, after classifying the status as a type of error, determine an action to recommend based on the type of error. Visualization service 230 can provide an option that can display the recommended action.
Visualization service 230 can generate a report based on the status information. The report can include both the type of error and the recommended action, where the report can enable a user to modify at least one of a range of epochs included in the report or a number of instances that are aggregated in the report.
In alternative embodiments, system 200 and data collection service 210 does not collect data themselves, but takes in a file from a possible third party data collection service. In this instance, the data can be received from a collection file associated with a timestamp defining the epoch. Modelling and analysis service 220 can analyze the collection file to identify the status information of the one or more objects from the network during the timestamp, and then determine an action to recommend based on the respective status information. Visualization service 230 can provide an option to display the recommended action.
A dashboard, for example, can display timeline 410, which can display an icon representing each epoch. For example, timeline 410 can display a color icon (e.g., red for critical events/issues) at a certain radius (e.g., representing severity, such as larger radii indicate more serious network issues than smaller radii) across different epochs. For example, the circle size of the icon can represent the number of critical errors at any point in time. Timeline 410 can also span over a time period, such as the time period shown represented by epochs beginning at 8:45 AM and ending at 10:05 AM. In some embodiments, the epochs displayed can be modified through a zoom function, such as zoom level 426. Zoom level 426 can zoom in or out, displaying more or less epochs in timeline 410.
Epochs can be defined by a user based on the timeframe that the user thinks is a data collection interval frequent enough to determine the health of the network/data center. While epochs are customizable, the length of data collection can be customizable by the user as well. For example, the user can define how long the data should be collected and analyzed. If the user does not define an epoch, an epoch can be suggested for an interval (e.g., five to thirteen minutes).
Epoch Dashboard 412 can show consolidated views of how many errors happened for each epoch. For example, the icons in timeline 410 at each epoch can represent an instance for which there are completed reports. Thus, a user can select an icon (e.g., red circle representing an epoch) that brings up associated reports, as well as a list of all the events that were raised at the time of collection. The reports, for example, can be viewed in the interface. Seen here, the reports (e.g., 420, 422, 424) are displayed below timeline 410. Epoch Dashboard 412 can also display a summary of issues during the selected epoch, such as the number of critical, major, and minor network object issues. Epoch Dashboard 412 can also display warnings, and information about network objects, as well as the total number of network objects included in the reports. The Trend Dashboard 414 can display information about multiple epochs, which is discussed in more detail in
Users can also drill down into certain types of events, such as all events classified as critical, major, minor, etc. For example,
The user can further drill down into each event, and suggest recommended actions to remediate the event, such as shown in
Reports can apply any number of filters to the reports, such as shown in
Trend Dashboard 414 can also show reports 910 based on event analysisver time, such as shown in
In some embodiments computing system 1000 is a distributed system in which the functions described in this disclosure can be distributed within a datacenter, multiple datacenters, a peer network, etc. In some embodiments, one or more of the described system components represents many such components each performing some or all of the function for which the component is described. In some embodiments, the components can be physical or virtual devices.
Example system 1000 includes at least one processing unit (CPU or processor) 1010 and connection 1005 that couples various system components including system memory 1015, such as read only memory (ROM) and random access memory (RAM) to processor 1010. Computing system 1000 can include a cache of high-speed memory connected directly with, in close proximity to, or integrated as part of processor 1010.
Processor 1010 can include any general purpose processor and a hardware service or software service, such as services 1032, 1034, and 1036 stored in storage device 1030, configured to control processor 1010 as well as a special-purpose processor where software instructions are incorporated into the actual processor design. Processor 1010 may essentially be a completely self-contained computing system, containing multiple cores or processors, a bus, memory controller, cache, etc. A multi-core processor may be symmetric or asymmetric.
To enable user interaction, computing system 1000 includes an input device 1045, which can represent any number of input mechanisms, such as a microphone for speech, a touch-sensitive screen for gesture or graphical input, keyboard, mouse, motion input, speech, etc. Computing system 1000 can also include output device 1035, which can be one or more of a number of output mechanisms known to those of skill in the art. In some instances, multimodal systems can enable a user to provide multiple types of input/output to communicate with computing system 1000. Computing system 1000 can include communications interface 1040, which can generally govern and manage the user input and system output. There is no restriction on operating on any particular hardware arrangement and therefore the basic features here may easily be substituted for improved hardware or firmware arrangements as they are developed.
Storage device 1030 can be a non-volatile memory device and can be a hard disk or other types of computer readable media which can store data that are accessible by a computer, such as magnetic cassettes, flash memory cards, solid state memory devices, digital versatile disks, cartridges, random access memories (RAMs), read only memory (ROM), and/or some combination of these devices.
The storage device 1030 can include software services, servers, services, etc., that when the code that defines such software is executed by the processor 1010, it causes the system to perform a function. In some embodiments, a hardware service that performs a particular function can include the software component stored in a computer-readable medium in connection with the necessary hardware components, such as processor 1010, connection 1005, output device 1035, etc., to carry out the function.
For clarity of explanation, in some instances the present technology may be presented as including individual functional blocks including functional blocks comprising devices, device components, steps or routines in a method embodied in software, or combinations of hardware and software.
Any of the steps, operations, functions, or processes described herein may be performed or implemented by a combination of hardware and software services or services, alone or in combination with other devices. In some embodiments, a service can be software that resides in memory of a client device and/or one or more servers of a content management system and perform one or more functions when a processor executes the software associated with the service. In some embodiments, a service is a program, or a collection of programs that carry out a specific function. In some embodiments, a service can be considered a server. The memory can be a non-transitory computer-readable medium.
In some embodiments the computer-readable storage devices, mediums, and memories can include a cable or wireless signal containing a bit stream and the like. However, when mentioned, non-transitory computer-readable storage media expressly exclude media such as energy, carrier signals, electromagnetic waves, and signals per se.
Methods according to the above-described examples can be implemented using computer-executable instructions that are stored or otherwise available from computer readable media. Such instructions can comprise, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Portions of computer resources used can be accessible over a network. The computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, or source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, solid state memory devices, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on.
Devices implementing methods according to these disclosures can comprise hardware, firmware and/or software, and can take any of a variety of form factors. Typical examples of such form factors include servers, laptops, smart phones, small form factor personal computers, personal digital assistants, and so on. Functionality described herein also can be embodied in peripherals or add-in cards. Such functionality can also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example.
The instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are means for providing the functions described in these disclosures.
Although a variety of examples and other information was used to explain aspects within the scope of the appended claims, no limitation of the claims should be implied based on particular features or arrangements in such examples, as one of ordinary skill would be able to use these examples to derive a wide variety of implementations. Further and although some subject matter may have been described in language specific to examples of structural features and/or method steps, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to these described features or acts. For example, such functionality can be distributed differently or performed in components other than those identified herein. Rather, the described features and steps are disclosed as examples of components of systems and methods within the scope of the appended claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5204829 | Lyu et al. | Apr 1993 | A |
| 6763380 | Mayton et al. | Jul 2004 | B1 |
| 7003562 | Mayer | Feb 2006 | B2 |
| 7089369 | Emberling | Aug 2006 | B2 |
| 7127686 | Dreschler et al. | Oct 2006 | B2 |
| 7360064 | Steiss et al. | Apr 2008 | B1 |
| 7453886 | Allan | Nov 2008 | B1 |
| 7505463 | Schuba et al. | Mar 2009 | B2 |
| 7548967 | Amyot et al. | Jun 2009 | B2 |
| 7552201 | Areddu et al. | Jun 2009 | B2 |
| 7609647 | Turk et al. | Oct 2009 | B2 |
| 7619989 | Guingo et al. | Nov 2009 | B2 |
| 7698561 | Nagendra et al. | Apr 2010 | B2 |
| 7743274 | Langford et al. | Jun 2010 | B2 |
| 7765093 | Li et al. | Jul 2010 | B2 |
| 8010952 | Datla et al. | Aug 2011 | B2 |
| 8073935 | Viswanath | Dec 2011 | B2 |
| 8103480 | Korn et al. | Jan 2012 | B2 |
| 8190719 | Furukawa | May 2012 | B2 |
| 8209738 | Nicol et al. | Jun 2012 | B2 |
| 8261339 | Aldridge et al. | Sep 2012 | B2 |
| 8312261 | Rao et al. | Nov 2012 | B2 |
| 8375117 | Venable, Sr. | Feb 2013 | B2 |
| 8441941 | McDade et al. | May 2013 | B2 |
| 8479267 | Donley et al. | Jul 2013 | B2 |
| 8484693 | Cox et al. | Jul 2013 | B2 |
| 8494977 | Yehuda et al. | Jul 2013 | B1 |
| 8554883 | Sankaran | Oct 2013 | B2 |
| 8589934 | Makljenovic et al. | Nov 2013 | B2 |
| 8621284 | Kato | Dec 2013 | B2 |
| 8627328 | Mousseau et al. | Jan 2014 | B2 |
| 8693344 | Adams et al. | Apr 2014 | B1 |
| 8693374 | Murphy et al. | Apr 2014 | B1 |
| 8761036 | Fulton et al. | Jun 2014 | B2 |
| 8782182 | Chaturvedi et al. | Jul 2014 | B2 |
| 8824482 | Kajekar et al. | Sep 2014 | B2 |
| 8910143 | Cohen et al. | Dec 2014 | B2 |
| 8914843 | Bryan et al. | Dec 2014 | B2 |
| 8924798 | Jerde et al. | Dec 2014 | B2 |
| 9019840 | Salam et al. | Apr 2015 | B2 |
| 9038151 | Chua et al. | May 2015 | B1 |
| 9055000 | Ghosh et al. | Jun 2015 | B1 |
| 9106555 | Agarwal et al. | Aug 2015 | B2 |
| 9137096 | Yehuda et al. | Sep 2015 | B1 |
| 9225601 | Khurshid et al. | Dec 2015 | B2 |
| 9246818 | Deshpande et al. | Jan 2016 | B2 |
| 9264922 | Gillot et al. | Feb 2016 | B2 |
| 9276877 | Chua et al. | Mar 2016 | B1 |
| 9319300 | Huynh Van et al. | Apr 2016 | B2 |
| 9344348 | Ivanov et al. | May 2016 | B2 |
| 9369434 | Kim et al. | Jun 2016 | B2 |
| 9389993 | Okmyanskiy et al. | Jul 2016 | B1 |
| 9405553 | Branson et al. | Aug 2016 | B2 |
| 9444842 | Porras et al. | Sep 2016 | B2 |
| 9497207 | Dhawan et al. | Nov 2016 | B2 |
| 9497215 | Vasseur et al. | Nov 2016 | B2 |
| 9544224 | Chu et al. | Jan 2017 | B2 |
| 9548965 | Wang et al. | Jan 2017 | B2 |
| 9553845 | Talmor et al. | Jan 2017 | B1 |
| 9571502 | Basso et al. | Feb 2017 | B2 |
| 9571523 | Porras et al. | Feb 2017 | B2 |
| 9594640 | Chheda | Mar 2017 | B1 |
| 9596141 | McDowall | Mar 2017 | B2 |
| 9641249 | Kaneriya et al. | May 2017 | B2 |
| 9654300 | Pani | May 2017 | B2 |
| 9654361 | Vasseur et al. | May 2017 | B2 |
| 9654409 | Yadav et al. | May 2017 | B2 |
| 9660886 | Ye et al. | May 2017 | B1 |
| 9660897 | Gredler | May 2017 | B1 |
| 9667645 | Belani et al. | May 2017 | B1 |
| 9680875 | Knjazihhin et al. | Jun 2017 | B2 |
| 9686180 | Chu et al. | Jun 2017 | B2 |
| 9686296 | Murchison et al. | Jun 2017 | B1 |
| 9690644 | Anderson et al. | Jun 2017 | B2 |
| 9781004 | Danait et al. | Oct 2017 | B2 |
| 9787559 | Schroeder | Oct 2017 | B1 |
| 9998247 | Choudhury et al. | Jun 2018 | B1 |
| 10084795 | Akireddy et al. | Sep 2018 | B2 |
| 10084833 | McDonnell et al. | Sep 2018 | B2 |
| 10084895 | Kasat et al. | Sep 2018 | B2 |
| 20020143855 | Traversat et al. | Oct 2002 | A1 |
| 20020178246 | Mayer | Nov 2002 | A1 |
| 20030229693 | Mahlik et al. | Dec 2003 | A1 |
| 20040073647 | Gentile et al. | Apr 2004 | A1 |
| 20040168100 | Thottan et al. | Aug 2004 | A1 |
| 20050091482 | Gray | Apr 2005 | A1 |
| 20050108389 | Kempin et al. | May 2005 | A1 |
| 20070011629 | Shacham et al. | Jan 2007 | A1 |
| 20070124437 | Chervets | May 2007 | A1 |
| 20070214244 | Hitokoto et al. | Sep 2007 | A1 |
| 20080031147 | Fieremans et al. | Feb 2008 | A1 |
| 20080117827 | Matsumoto et al. | May 2008 | A1 |
| 20080133731 | Bradley et al. | Jun 2008 | A1 |
| 20080172716 | Talpade et al. | Jul 2008 | A1 |
| 20090240758 | Pasko et al. | Sep 2009 | A1 |
| 20090249284 | Antosz et al. | Oct 2009 | A1 |
| 20100027432 | Gopalan | Feb 2010 | A1 |
| 20100191612 | Raleigh | Jul 2010 | A1 |
| 20100198909 | Kosbab et al. | Aug 2010 | A1 |
| 20110093612 | Murakami | Apr 2011 | A1 |
| 20110295983 | Medved et al. | Dec 2011 | A1 |
| 20120054163 | Liu et al. | Mar 2012 | A1 |
| 20120198073 | Srikanth et al. | Aug 2012 | A1 |
| 20120297061 | Pedigo et al. | Nov 2012 | A1 |
| 20130097660 | Das et al. | Apr 2013 | A1 |
| 20130191516 | Sears | Jul 2013 | A1 |
| 20140019597 | Nath et al. | Jan 2014 | A1 |
| 20140177638 | Bragg et al. | Jun 2014 | A1 |
| 20140222996 | Vasseur et al. | Aug 2014 | A1 |
| 20140304831 | Hidlreth et al. | Oct 2014 | A1 |
| 20140307556 | Zhang | Oct 2014 | A1 |
| 20140321277 | Lynn, Jr. et al. | Oct 2014 | A1 |
| 20140379915 | Yang et al. | Dec 2014 | A1 |
| 20150019756 | Masuda | Jan 2015 | A1 |
| 20150113143 | Stuart et al. | Apr 2015 | A1 |
| 20150124826 | Edsall et al. | May 2015 | A1 |
| 20150186206 | Bhattacharya et al. | Jul 2015 | A1 |
| 20150234695 | Cuthbert et al. | Aug 2015 | A1 |
| 20150244617 | Nakil et al. | Aug 2015 | A1 |
| 20150271104 | Chikkamath et al. | Sep 2015 | A1 |
| 20150295771 | Cuni et al. | Oct 2015 | A1 |
| 20150365314 | Hiscock et al. | Dec 2015 | A1 |
| 20150381484 | Hira et al. | Dec 2015 | A1 |
| 20160020993 | Wu et al. | Jan 2016 | A1 |
| 20160021141 | Liu et al. | Jan 2016 | A1 |
| 20160026631 | Salam et al. | Jan 2016 | A1 |
| 20160036636 | Erickson | Feb 2016 | A1 |
| 20160048420 | Gourlay et al. | Feb 2016 | A1 |
| 20160078220 | Scharf et al. | Mar 2016 | A1 |
| 20160080350 | Chaturvedi et al. | Mar 2016 | A1 |
| 20160099883 | Voit et al. | Apr 2016 | A1 |
| 20160105317 | Zimmermann et al. | Apr 2016 | A1 |
| 20160112246 | Singh et al. | Apr 2016 | A1 |
| 20160112269 | Singh et al. | Apr 2016 | A1 |
| 20160149751 | Pani et al. | May 2016 | A1 |
| 20160164748 | Kim | Jun 2016 | A1 |
| 20160224277 | Batra et al. | Aug 2016 | A1 |
| 20160241436 | Fourie et al. | Aug 2016 | A1 |
| 20160254964 | Benc | Sep 2016 | A1 |
| 20160267384 | Salam et al. | Sep 2016 | A1 |
| 20160323319 | Gourlay et al. | Nov 2016 | A1 |
| 20160330076 | Tiwari et al. | Nov 2016 | A1 |
| 20160352566 | Mekkattuparamban | Dec 2016 | A1 |
| 20160380892 | Mahadevan et al. | Dec 2016 | A1 |
| 20170026292 | Smith et al. | Jan 2017 | A1 |
| 20170031800 | Shani et al. | Feb 2017 | A1 |
| 20170031970 | Burk | Feb 2017 | A1 |
| 20170048110 | Wu et al. | Feb 2017 | A1 |
| 20170048126 | Handige Shankar et al. | Feb 2017 | A1 |
| 20170054758 | Maino et al. | Feb 2017 | A1 |
| 20170063599 | Wu et al. | Mar 2017 | A1 |
| 20170093630 | Foulkes | Mar 2017 | A1 |
| 20170093664 | Lynam et al. | Mar 2017 | A1 |
| 20170093750 | McBride et al. | Mar 2017 | A1 |
| 20170093918 | Banerjee et al. | Mar 2017 | A1 |
| 20170102933 | Vora | Apr 2017 | A1 |
| 20170111259 | Wen et al. | Apr 2017 | A1 |
| 20170118167 | Subramanya et al. | Apr 2017 | A1 |
| 20170126740 | Bejarano Ardila et al. | May 2017 | A1 |
| 20170126792 | Halpern et al. | May 2017 | A1 |
| 20170134233 | Dong et al. | May 2017 | A1 |
| 20170155557 | Desai | Jun 2017 | A1 |
| 20170163442 | Shen et al. | Jun 2017 | A1 |
| 20170187577 | Nevrekar et al. | Jun 2017 | A1 |
| 20170195187 | Bennett et al. | Jul 2017 | A1 |
| 20170206129 | Yankilevich et al. | Jul 2017 | A1 |
| 20170222873 | Lee et al. | Aug 2017 | A1 |
| 20170353355 | Danait et al. | Dec 2017 | A1 |
| 20180069754 | Dasu et al. | Mar 2018 | A1 |
| 20180077189 | Doppke | Mar 2018 | A1 |
| 20180167294 | Gupta et al. | Jun 2018 | A1 |
| 20190173736 | Ponnuswamy | Jun 2019 | A1 |
| 20190222597 | Crabtree | Jul 2019 | A1 |
| Number | Date | Country |
|---|---|---|
| 105471830 | Apr 2016 | CN |
| 105721193 | Jun 2016 | CN |
| 105721297 | Jun 2016 | CN |
| 106130766 | Nov 2016 | CN |
| 106603264 | Apr 2017 | CN |
| 103701926 | Jun 2017 | CN |
| WO 2015014177 | Feb 2015 | WO |
| WO 2015187337 | Dec 2015 | WO |
| WO 2016011888 | Jan 2016 | WO |
| WO 2016039730 | Mar 2016 | WO |
| WO 2016072996 | May 2016 | WO |
| WO 2016085516 | Jun 2016 | WO |
| WO 2016093861 | Jun 2016 | WO |
| WO 2016119436 | Aug 2016 | WO |
| WO 2016130108 | Aug 2016 | WO |
| WO 2016161127 | Oct 2016 | WO |
| WO 2017031922 | Mar 2017 | WO |
| WO 2017039606 | Mar 2017 | WO |
| WO 2017105452 | Jun 2017 | WO |
| Entry |
|---|
| Cisco Systems, Inc., “The Cisco Application Policy Infrastructure Controller Introduction: What is the Cisco Application Policy Infrastructure Controller?” Jul. 31, 2014, 19 pages. |
| Jain, Praveen, et al., “In-Line Distributed and Stateful Security Policies for Applications in a Network Environment,” Cisco Systems, Inc., Aug. 16, 2016, 13 pages. |
| Maldonado-Lopez, Ferney, et al., “Detection and prevention of firewall—rule conflicts on software-defined networking,” 2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM), IEEE, Oct. 5, 2015, pp. 259-265. |
| Vega, Andres, et al., “Troubleshooting Cisco Application Centric Infrastructure: Analytical problem solving applied to the Policy Driven Data Center,” Feb. 15, 2016, 84 pages. |
| Xia, Wenfeng, et al., “A Survey on Software-Defined Networking,” IEEE Communications Surveys and Tutorials, Mar. 16, 2015, pp. 27-51. |
| Akella, Aditya, et al., “A Highly Available Software Defined Fabric,” HotNets—XIII, Oct. 27-28, 2014, Los Angeles, CA, USA, Copyright 2014, ACM, pp. 1-7. |
| Alsheikh, Mohammad Abu, et al., “Machine Learning in Wireless Sensor Networks: Algorithms, Strategies, and Application,” Mar. 19, 2015, pp. 1-23. |
| Author Unknown, “Aids to Pro-active Management of Distributed Resources through Dynamic Fault-Localization and Availability Prognosis,” FaultLocalization-TR01-CADlab, May 2006, pp. 1-9. |
| Author Unknown, “Requirements for applying formal methods to software-defined networking,” Telecommunication Standardization Sector of ITU, Series Y: Global Information Infrastructure, Internet Protocol Aspects and Next-Generation Networks, Apr. 8, 2015, pp. 1-20. |
| Cisco Systems, Inc., “Cisco Application Centric Infrastructure 9AC1 Endpoint Groups (EPG) Usange and Design,” White Paper, May 2014, pp. 1-14. |
| Cisco, “Verify Contracts and Rules in the ACI Fabric,” Cisco, Updated Aug. 19, 2016, Document ID: 119023, pp. 1-20. |
| De Silva et al., “Network-wide Security Analysis,” Semantic Scholar, Oct. 25, 2011, pp. 1-11. |
| Dhawan, Mohan, et al., “SPHINX: Detecting Security Attacks in Software-Defined Networks,” NDSS 2015, Feb. 8-11, 2015, San Diego, CA, USA, Copyright 2015 Internet Society, pp. 1-15. |
| Fayaz, Seyed K., et al., “Efficient Network Reachability Analysis using a Succinct Control Plane Representation,” 2016, ratul.org, pp. 1-16. |
| Feldmann, Anja, et al., “IP Network Configuration for Intradomain Traffic Engineering,” Semantic Scholar, accessed on Jul. 20, 2017, pp. 1-27. |
| Han, Wonkyu, et al., “LPM: Layered Policy Management for Software-Defined Networks,” Mar. 8, 2016, pp. 1-8. |
| Han, Yoonseon, et al., “An Intent-based Network Virtualization Platform for SDN,” 2016 I FIP, pp. 1-6. |
| Kazemian, Peyman, et al., “Real Time Network Policy Checking using Header Space Analysis,” USENIX Association, 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI '13) pp. 99-111. |
| Khatkar, Pankaj Kumar, “Firewall Rule Set Analysis and Visualization, a Thesis Presented in Partial Fulfillment of the Requirements for the Degree Master of Science,” Arizona State University, Dec. 2014, pp. 1-58. |
| Le, Franck, et al., “Minerals: Using Data Mining to Detect Router Misconfigurations,” CyLab, Carnegie Mellon University, CMU-CyLab-06-008, May 23, 2006, pp. 1-14. |
| Liang, Chieh-Jan Mike, et al., “SIFT: Building an Internet of Safe Things,” Microsoft, IPSN' 15, Apr. 1416, 2015, Seattle, WA, ACM 978, pp. 1-12. |
| Lindem, A., et al., “Network Device YANG Organizational Model draft-rtgyangdt-rtgwg-device-model-01,” Network Working Group, Internet—draft, Sep. 21, 2015, pp. 1-33. |
| Liu, Jason, et al., “A Real-Time Network Simulation Infrastracture Based on Open VPN,” Journal of Systems and Software, Aug. 4, 2008, pp. 1-45. |
| Lopes, Nuno P., et al., “Automatically verifying reachability and well-formedness in P4 Networks,” Microsoft, accessed on Jul. 18, 2017, pp. 1-13. |
| Mai, Haohui, et al., “Debugging the Data Plane with Anteater,” SIGCOMM11, Aug. 15-19, 2011, pp. 1-12. |
| Miller, Nancy, et al., “Collecting Network Status Information for Network-Aware Applications,” INFOCOM 2000, pp. 1-10. |
| Miranda, Joao Sales Henriques, “Fault Isolation in Software Defined Networks,” www.gsd.inescid.pt, pp. 1-10. |
| Moon, Daekyeong, et al., “Bridging the Software/Hardware Forwarding Divide,” Berkeley.edu, Dec. 18, 2010, pp. 1-15. |
| Panda, Aurojit, et al., “SCL: Simplifying Distributed SDN Control Planes,” people.eecs.berkeley.edu, Mar. 2017, pp. 1-17. |
| Shin, Seugwon, et al., “FRESCO: Modular Composable Security Services for Software-Defined Networks,” to appear in the ISOC Network and Distributed System Security Symposium, Feb. 2013, pp. 1-16. |
| Shukla, Apoorv, et al., “Towards meticulous data plane monitoring,” kaust.edu.sa, access on Aug. 1, 2017, pp. 1-2. |
| Tang, Yongning, et al., “Automatic belief network modeling via policy inference for SDN fault localization,” Journal of Internet Services and Applications, 2016, pp. 1-13. |
| Tomar, Kuldeep, et al., “Enhancing Network Security and Performance Using Optimized ACLs,” International Journal in Foundations of Computer Science & Technology (IJFCST), vol. 4, No. 6, Nov. 2014, pp. 25-35. |
| Tongaonkar, Alok, et al., “Inferring Higher Level Policies from Firewall Rules,” Proceedings of the 21st Large Installation System Administration Conference (LISA '07), Nov. 11-16, 2007, pp. 1-14. |
| Yu et al., “A Flexible Framework for Wireless-Based Intelligent Sensor with Reconfigurability, Dynamic adding, and Web interface,” Conference Paper, Jul. 24, 2006, IEEE 2006, pp. 1-7. |
| Zhou, Shijie, et al., “High-Performance Packet Classification on GPU,” 2014 IEEE, pp. 1-6. |
