Techniques for determining network topologies

Description

TECHNICAL FIELD

The present disclosure relates generally to communication systems, and more particularly, to techniques for determining network topologies of communication networks such as a data center network.

BACKGROUND

Increasingly, consumers and businesses alike turn to cloud-based services over local computing environments. Such cloud-based computing services advantageously provide access to customizable and scalable computing resources over a network (e.g., the Internet). Typically, cloud-based service providers house such computing resources in one or more data centers that may include hundreds or even thousands of devices such as servers, switches, processors, memory, and other corresponding hardware and software components. The sheer number of data center devices or nodes as well as the number of possible configurations often results in complex networks within each data center. Moreover, the devices forming such complex networks may dynamically change depending on customer needs. Accordingly, it is often difficult to identify node topologies, data path flow, and/or path characteristics for devices and/or networks within data center networks.

BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments herein may be better understood by referring to the following description in conjunction with the accompanying drawings in which like reference numerals indicate identical or functionally similar elements. Understanding that these drawings depict only exemplary embodiments of the disclosure and are not therefore to be considered to be limiting of its scope, the principles herein are described and explained with additional specificity and detail through the use of the accompanying drawings in which:

FIG. 1 illustrates a schematic diagram of an example communication network;

FIG. 2 illustrates a schematic diagram an example network device/node;

FIG. 3 illustrates schematic diagrams of a pair of nodes exchanging messages or packets;

FIG. 4 illustrates graphs showing latency values or response times for messages exchanged between the pair of nodes shown in FIG. 3;

FIG. 5 illustrates latency charts showing paired latency values or response times for messages exchanged between nodes in a communication network;

FIG. 6 illustrates a network topology, including a network topology for the nodes shown in FIG. 5;

FIG. 7 illustrates latency charts showing paired latency values or response times for messages exchanged between nodes in a communication network;

FIG. 8 illustrates a network topology, including a network topology for the nodes shown in FIG. 7; and

FIG. 9 illustrates an example simplified procedure for mapping a network topology in a communication network.

DESCRIPTION OF EXAMPLE EMBODIMENTS

Overview

According to one or more embodiments of the disclosure, a monitoring device (or module) monitors messages exchanged between nodes in a communication network. The monitoring device further determines, based on time stamp data associated with each message, one or more latency distributions of paired response times between the nodes, and determines a node topology consistent with each of the one or more latency distributions of paired response times between the nodes. In some embodiments, the monitoring device also generates a graph of the node topology showing one or more communication links between the nodes, and annotates each communication link of the one or more communication links with at least one of a mean response time or a median response time based on at least one of the latency distributions.

Description

Various embodiments of the disclosure are discussed in detail below. While specific implementations are discussed, it should be understood that this is done for illustration purposes only. A person skilled in the relevant art will recognize that other components and configurations may be used without parting from the spirit and scope of the disclosure.

A communication network is a geographically distributed collection of nodes interconnected by communication links and segments for transporting data between end nodes, such as computers, workstations, servers, and the like. Many types of networks are available, ranging from local area networks (LANs) to wide area networks (WANs). LANs typically connect the nodes over dedicated private communications links located in the same general physical location, such as a building or campus. WANs, on the other hand, typically connect geographically dispersed nodes over long-distance communications links, such as common carrier telephone lines, optical lightpaths, synchronous optical networks (SONET), synchronous digital hierarchy (SDH) links, or Powerline Communications (PLC) such as IEEE 61334, IEEE P1901.2, and others. In addition, a Mobile Ad-Hoc Network (MANET) is a kind of wireless ad-hoc network, which is generally considered a self-configuring network of mobile routes (and associated hosts) connected by wireless links, the union of which forms an arbitrary topology. Data centers, as mentioned above, can include complex networks of computing resources (e.g., mainframe computers, servers, application software, file and printer servers executing various operating systems, storage subsystems, network infrastructure, and the like) and provide network-based access to such computer resources.

FIG. 1 illustrates a schematic diagram of an example communication network 100 illustratively comprising a data center network 105, one or more Internet Service Provider (ISP) network(s) 110, and a public/private network 115 (e.g., the Intent). Operatively, data center network 105 hosts computing resources (e.g., applications, services, storage, network infrastructure, and the like) and provides access to such computing resources to one or more client device(s) 120 over public/private network 115 and corresponding ISP network(s) 110

As shown, the various networks include nodes/devices that route requests and facilitate access to computing resources from data center network 105. For example, the nodes/devices shown in FIG. 1 may operate to direct data packets or messages from respective source nodes to a destination node. As shown, data center network 105 illustratively includes nodes/devices 200 (e.g., routers, sensors, servers, computers, etc.) interconnected by communication links 106. Communication links 105 may be wired links or shared media (e.g., wireless links, PLC links, etc.) where certain nodes/devices 200 may be in communication with other nodes/devices based on, for example, distance, signal strength, network topology, current operational status, location, etc. Further, certain nodes/devices 200 may be located near an “edge” of a network

Data packets 150 (e.g., traffic and/or messages) may be exchanged among the nodes/devices 200 in communication network 100 using predefined network communication protocols such as certain known wired protocols (e.g., Interior Gateway Protocol (IGP), Exterior Border Gateway Protocol (E-BGP), TCP/IP, etc.), wireless protocols (e.g., IEEE Std. 802.15.4, WiFi, Bluetooth®, etc.), PLC protocols, or other shared-media protocols where appropriate. In this context, a protocol consists of a set of rules defining how the nodes interact with each other.

Those skilled in the art will understand that any number of nodes, devices, communication links, and the like may be used, and that the view shown herein is for simplicity. Also, those skilled in the art will further understand that while communication network 100 (including networks 105, 110, and 115) is shown in a certain orientation, such orientation is merely an example for purposes of illustration, not limitation.

FIG. 2 is a schematic diagram of one example node/device 200 that may be used with one or more embodiments described herein, e.g., as one of the nodes/devices shown in FIG. 1 above. Device 200 may comprise one or more network interfaces 210 (e.g., wired, wireless, PLC, etc.), at least one processor 220, and a memory 240 interconnected by a system bus 250.

Network interface(s) 210 contain the mechanical, electrical, and signaling circuitry for communicating data over communication links 106 coupled to communication network 100. Network interfaces 210 may be configured to transmit and/or receive data using a variety of different communication protocols. Note, further, that one or more nodes/devices may include two different types of network interfaces 210, e.g., wireless and wired/physical connections, and that the view herein is merely for illustration.

Memory 240 comprises a plurality of storage locations that are addressable by the processor 220 and network interfaces 210 for storing software programs and data structures associated with the embodiments described herein. Note that certain devices may have limited memory or no memory (e.g., no memory for storage other than for programs/processes operating on the device and associated caches). Processor 220 may comprise hardware elements or hardware logic adapted to execute the software programs and manipulate the data structures 245. An operating system 242, portions of which may resident in memory 240 and executed by processor 220, functionally organizes the device by, inter alia, invoking operations in support of software processes and/or services executing on the device. These software processes and/or services may comprise monitoring process/services 244, and an illustrative network topology process 248, as described herein. Note that while processes/services 244 and 248 are shown in centralized memory 240, alternative embodiments provide for the process to be operated within network interfaces 210 (e.g., as a component of a MAC layer, etc.).

It will be apparent to those skilled in the art that other processor and memory types, including various computer-readable media, may be used to store and execute program instructions pertaining to the techniques described herein. Also, while the description illustrates various processes, it is expressly contemplated that various processes may be embodied as modules configured to operate in accordance with the techniques herein (e.g., according to the functionality of a similar process). Further, while the processes have been shown separately, those skilled in the art will appreciate that processes may be routines or modules within other processes.

As noted above, data centers present unique challenges for understanding node topologies, data path flow, and/or path characteristics for devices and/or networks therein. Furthermore, providing customers on-demand cloud-based services creates a dynamic and ever changing environment, including possible frequent instantiations and de-instantiations of devices. Conventional approaches for determining network topologies often use round trip response times between nodes/devices to determine relative positions in a network topology. Notably, round trip time generally refers a total amount of time for a message or a packet to travel from a first node to a second node and then back to the first node. However, such round trip time may be inaccurate and affected by various factors such as network fluctuations, packet types, and the like. Accordingly, the techniques disclosed herein improve network mapping and generate network topologies based on, for example, statistical latency distributions (e.g., response times) for messages exchanged between nodes/devices in the network.

Notably, as used herein, the term “latency” or “latency value” generally refers to a response time for messages exchanged between nodes in a communication network; the term “packet” generally refers to messages or data exchanged between the nodes in a communication network; and the terms “paired” or “pair-wise” generally refers to a two-way exchange—e.g., one exchange representing packets sent from a first node and received by a second node, and another exchange representing packets sent from the second node and received by the first node.

According to the network monitoring and/or the network mapping technique disclosed herein, a monitoring device (or module) such as a switch, router, edge device, or other network device, determines communication latency or paired response times between nodes in a communication network from statistical latency distributions for all messages or packets exchanged between the nodes. More specifically, in some embodiments, the monitoring device determines communication latency for paired response times between nodes (e.g., from time stamp data associated with each message or packet exchanged between nodes). In certain embodiments, the monitoring device may be part of a distributed monitoring system, including a number of remote monitoring devices/nodes (e.g., located at edge switches in a network). These remote monitoring devices/nodes may be configured to time stamp messages or packets exchanged between the nodes in the network (e.g., on receipt, on transmission, etc.). Based on the time stamp data for each message, the monitoring device can determine latency distributions between pairs of nodes, and further determine representative latency values—e.g., mean latency, median latency, and the like. In some embodiments, outlier latency values or “bad” packet response times in a latency distribution may be eliminated or removed so as to avoid skewing the representative latency values (e.g., for initial network topology mapping). However, in other embodiments, these outlier latency values may be used to identify and troubleshoot network issues—e.g., according policies of the communication network and/or according to thresholds and/or deviations in a latency distribution. The network monitoring device further determines a node topology for the nodes in the communication network, consistent with the representative latency values, and generates a graph showing the node topology, including communication links annotated with corresponding representative latency values.

Illustratively, these techniques may be performed by hardware, software, and/or firmware, such as in accordance with the “monitoring” process 244 and/or “network topology” process 248, which may contain computer executable instructions executed by the processor 220 (or independent processor of interfaces 210) to perform certain functions.

FIG. 3 illustrates schematic diagrams of a pair of nodes exchanging messages or packets. For example, as shown, FIG. 3 includes a diagram 301 and a diagram 302 which collectively show messages exchanged between a node A and a node B. More specifically, diagram 301 shows a node A sending a packet 305 to a node B, and diagram 302 shows node B sending a packet 306 to node A. The exchange shown in diagram 301 and diagram 302 may be used to determine one or more paired latency values and/or paired latency distributions for communications between nodes—e.g., node A and node B.

As shown in FIG. 3, node A and node B are also configured to include respective monitoring modules 310 and 311. Notably, monitoring modules 310 and 311 may be part of a larger distributed monitoring device/system, and may send information related to packet tracking, time stamps, latency, and the like, to a remote module/device for further processing (or storage). In addition, monitoring modules 310 and 311 may be configured to execute one or more processes, such as monitoring process 244 and/or network topology process 248 (discussed above). It is appreciated that FIG. 3 and discussion herein are provided for purposes of exemplary embodiments, which are not to be limited to a particular protocol (e.g., transport layer protocol TCP, etc.).

Operatively, monitoring modules 310 and 311 in respective node A and node B time stamp “TS” packets on transmission and on reception. For example, in diagram 301, monitoring module 310 time stamps a packet 305 at 0t when node A sends packet 305 to node B. Similarly, monitoring module 311 time stamps packet 305 on reception by node B at 10t. With respect to tracking the time stamps and time stamp data for an exchange between nodes—here, TS=0t and TS=10t—monitoring modules 310 and/or 311 operably associate and/or assign respective time stamps with/to packet 305 based on one or more unique message identifiers. For example, unique message identifiers can include a sequence number (SEQ: 1) (shown in FIG. 3), a packet header, packet type, packet size, payload data, a byte size data, acknowledge (ACK) data or identifier, and the like. In this fashion, monitoring module 310 and/or monitoring module 311 determine a response time or latency value for packet 305 by comparing time stamps associated with packet 305 and determining a time difference there-between—e.g., a time difference between 0t and 10t yields a total latency value of 10t.

In some embodiments, monitoring modules 310 and/or 311 (or a remote monitoring device) employ statistical algorithms to classify each packet according to a particular attribute (e.g., a packet type) and determine attribute specific latency values. In this manner, latency and latency distributions between nodes can be determined with granularity (e.g., specific to packet attributes, etc.)

In diagram 302, monitoring module 311 time stamps packet 306 at 3t, and sends packet 306 to node A. Monitoring module 310 time stamps packet 306 on reception by node A at 12t. As shown in diagram 302, monitoring modules 310 and 311 associate or assign respective time stamps for packet 306 with a sequence number—SEQ: 2. As with diagram 301 (discussed above), a latency value or response time for packet 306 may be determined by a comparing respective time stamps associated with packet 306—e.g., a time difference between 3t and 12t yields a total latency value of 9t.

Packets 305 and 306 are tracked by monitoring modules 310 and 311 and associated with a paired latency value or paired response time for communications between node A and node B. Specifically, time stamps associated with each packet are analyzed to determine paired latency values. Further, these paired latency values may be analyzed according to a latency distribution graph. For example, one or more statistical algorithms may be employed to generate a latency distribution, and representative latency values may be derived from such latency distribution. For example, some representative latency values include an average or median latency or response time between node A and node B. Further, as mentioned, an average or median latency can be determined from all packets exchanged between pairs of nodes, and/or according to certain packet attributes.

Although FIG. 3 illustrates multiple monitoring modules—here, monitoring module 310 and 311—it is appreciated that a single monitoring module or device may be employed (e.g., monitoring traffic on the communication link between node A and node B, and/or any additional number of monitoring modules or devices may be used as appropriate. Further, although FIG. 3 illustrates a direct communication link between node A and node B, it is appreciated that any number of nodes or hops may be present and that the view shown herein in for purposes of illustration, not limitation.

FIG. 4 illustrates two graphs, here 401 and 402, showing latency values (or response times) (ms) for messages exchanged between node A and node B over a time period (e.g., an hour, a day, a week, a month, etc.). More specifically, graph 401 illustrates raw data points corresponding to a paired response time for packets exchanged between node A and node B. Graph 402 illustrates a statistical distribution or a latency distribution of the raw paired response times. Notably, as is appreciated by those skilled in the art, a time period shown in graph 402 may represent the same time period shown in graph 401, or it may only represent only a portion thereof. Further, as shown in graph 402, the raw paired response times over the time period conform to a log-normal distribution. Further, as shown in graph 402, the latency distribution includes a center line (μ) having one or more standards of deviation (μ+/−σ, μ+/−2σ, etc.) spaced apart on both sides. In some embodiments, the center line (μ) may represent latency values corresponding to a mean response time, a median response time, and the like. It is further appreciated that various other distribution curves or other distribution analysis may be used as appropriate (e.g., mean lines, bell-curve distributions, and the like).

In addition, as mentioned above, the latency distribution shown in graph 402 may also indicate one or more outlier latency values, which can be determined according to policies of the communication network and/or according to pre-determined thresholds. For example, certain outlier latency values may result from dropped packets, internal device buffering, or other network conditions not relevant to an initial network topology mapping. Accordingly, in some embodiments, these outlier latency values may be eliminated from an initial latency analysis or calculation since the outlier latency values may improperly skew representative latency value determinations. Notably, however, these outlier latency values may be important for subsequent network analysis and/or network troubleshooting. For example, these outlier latency values may indicate communications issues amongst nodes—e.g., when a measured response time is (statistically) greater than a median response time, a mean response time, and the like. Moreover, the latency distribution shown in graph 402, including the representative latency value (μ), may be used to annotate paired latency values for communication links between nodes, as shown in FIGS. 5-8.

In particular, FIG. 5 illustrates latency charts 501, 502, and 503, showing paired latency values for messages or packets exchanged between nodes 510, 515, and 520. Preferably, these paired latency values are determined from latency distributions, as discussed above (e.g., Nt+/−σ, etc.). As shown, latency chart 501 indicates a paired latency value between node 510 and 515 at 10t, latency chart 502 indicates a paired latency value between nodes 510 and 520 at 20t, and latency chart 503 indicates a paired latency value between nodes 520 and 515 at 10t.

Next to each latency chart, potential network topologies are shown. The potential network topologies represent possible network configurations, with certain communication links marked with an “x” to represent an inconsistency with the paired latency values shown in latency charts 501, 502, and 503 and/or an inconsistency with a threshold tolerance. For example, a network topology conforming to latency chart 501 includes a communication link or connection between node 510 and node 515, having an annotated latency value of 10t. However, multiple network topologies potentially conform to paired latency chart 502 (and remain consistent with latency chart 501). Here, one potential network topology includes a direct communication link or connection between node 510 and node 520 (with an annotated latency value of 20t), and another potential network topology includes node 515 disposed between node 510 and node 520, including corresponding communication links. Notably, the potential network topology including node 515 disposed between node 510 and node 520 includes an unknown latency value (marked as “??”) for the communication link between node 515 and node 520. Further latency information from latency chart 503 resolves the unknown latency value. Alternatively, or in addition, latency distribution information may also resolve ambiguity between multiple potential network topologies. For example, referring to the topology shown next to latency chart 503, assume a latency of 20t for direct communications between node 510 and node 520 represents an outlier latency value and/or a latency value outside a threshold tolerance. In this example, the direct communication link between node 510 and node 520 is marked with an X since the latency value of 20t is an outlier/outside tolerance. Further, the remaining latency value shown in latency chart 503 provides the previously unknown latency value as 10t, which validates the network topology having node 515 disposed between node 510 and node 520. Thus, the network topology consistent with the latency charts 501, 502, and 503, and latency distribution information (e.g., excluding outliers and/or response times outside of thresholds, etc.), includes node 515 disposed between nodes 510 and 520, with communication links there-between.

FIG. 6 illustrates a network topology 600, showing the node topology for nodes 510, 515, and 520, as well as a larger node topology for other nodes in the communication network. In particular, network topology 600 is derived from paired latency charts such as those shown in FIG. 5, as well as an analysis of latency distributions for communications between each of the nodes. Preferably, node topology 600 shows annotated communication links between representing latency values or response times for packets exchanged between the nodes. These latency values, as discussed above, may represent an average or median latency value for all packets exchanged between two corresponding nodes, and/or for packets having particular attributes.

FIG. 7 also illustrates exemplary latency charts similar to those shown in FIG. 5. Here, FIG. 7 includes latency charts 701, 702, and 703, showing paired latency values for packets exchanged between nodes 710, 715, and 720. In particular, latency chart 701 shows a paired latency value between node 710 and 715 at 10t, latency chart 702 shows a paired latency value between nodes 710 and 720 at 18t, and latency chart 703 shows a paired latency value between nodes 720 and 715 at 10t. As discussed above, the paired latency values in paired latency charts 701, 702, and 703 may be determined from latency distributions (e.g., Nt+/−σ, etc.) of response times for messages exchanged between the nodes. Further, similar to FIG. 5, FIG. 7 provides potential network topologies next to respective latency charts.

As shown, a network topology conforming to latency chart 701 includes a communication link between node 710 and node 715, having an annotated latency value of 10t. Multiple network topologies are possible consistent with latency chart 702 (and consistent with latency chart 701). As shown, one potential network topology includes a direct link or direct connection between node 710 and node 720, having an annotated latency value of 18t, and another potential network topology includes node 715 disposed between node 710 and node 720, having an unknown latency value “??” for the communication link connecting node 715 and node 720.

Additional latency distribution information and/or additional latency values (e.g., latency chart 703) may resolve ambiguity between the potential network topologies. Specifically, latency chart 703 indicates a latency value for communications between nodes 715 and 720 at 10t, which invalidates the network topology having node 715 disposed between nodes 710 and 720. Put differently, the node topology having node 715 disposed between nodes 710 and 720 results in a total latency value of 20t from an aggregation of (10t) between 710-715 and (10t) between 715 and 720, while the latency value between nodes 710 and 720 is only 18t. In this fashion, the network topology, showing node 715 disposed between node 710 and 720, is in consistent with the latency values shown in latency chart 703. Thus, the network topology consistent with the latency charts 701, 702, and 703, includes a direct communication link between node 710 and node 720, a direct communication link between node 720 and node 715, and a direct communication link between node 715 and node 710. Notably, in this example, the additional latency distribution information such as indications of outlier response times, thresholds, and the like, was not employed to determine the appropriate network topology.

FIG. 8 illustrates a network topology 800, showing the node topology for nodes 710, 715, and 720, as well as a broader node topology of other nodes in the communication network. Network topology 800 is preferably derived, in part, from paired latency values (e.g., latency charts 701, 702, 703), and/or from an analysis of latency distributions for communications between the nodes. As shown, node topology 800 includes annotated communication links representing latency values or response times between the nodes. The latency values, as discussed above, may represent an average or median response time for all packets exchanged between two corresponding nodes, and/or, in some embodiments, the latency values may represent response times for certain types of packets.

FIGS. 5-8 collectively illustrate example node topologies determined from latency distributions, tolerances, thresholds, and the like. The example node topologies shown in FIGS. 5-8, including the illustrated orientations, latency values, and the like, are provided for purposes of discussion, not limitation. It is appreciated that various types of node topologies, orientations, latency values, and the like, may be used as appropriate.

FIG. 9 illustrates an example simplified procedure 900 for mapping network topologies in a communication network (e.g., a data center network), in accordance with one or more embodiments described herein. As shown, procedure 900 is shown from the view of a monitoring node/device in the data center (e.g., a switch, a hypervisor, a router, a virtual machine, etc.).

Procedure 900 begins at step 905 and continues to step 910, where, as described in greater detail above, the monitoring device (or node) monitors messages or packets exchanged between nodes in a communication network (e.g., a data center network). For purposes of discussion, the monitoring device particularly monitors messages exchanged between, for example, a first node, a second node, and a third node.

Procedure 900 continues to step 915, where the monitoring device determines one or more latency distributions for paired response times corresponding to the messages exchanged between the nodes. For example, the one or more latency distributions can include a first latency distribution corresponding to response times between the first node and the second node, a second latency distribution corresponding to response times between the first node and the third node, and a third latency distribution corresponding to response times between the second node and the third node.

The monitoring device also determines, at step 920, a node topology consistent with the one or more latency distributions—here, the first latency distribution, the second latency distribution, and the third latency distribution—and generates, at step 925, a graph of a node topology showing one or more communication links between the nodes.

With respect to determining the node topology, in some embodiments, the monitoring device may compare, aggregate, or otherwise analyze the latency distributions to determine relative positions for each node in the communication network. Further, as discussed above, the latency distributions may be refined according to tolerances and/or thresholds to eliminate certain response times (e.g., outliers, outside thresholds, etc.), which certain response times may improperly skew initial node topology mapping (e.g., skew median/mean lines in the corresponding latency distributions).

Preferably, the monitoring device annotates, at step 930, each communication link with a representative response time or latency value. For example, the representative response time may include a mean response time, a median response time, or other measures of a response time from the corresponding latency distribution.

It should be noted that while certain steps within procedure 900 may be optional, and further, the steps shown in FIG. 9 are merely examples for illustration—certain other steps may be included or excluded as desired. Further, while a particular order of the steps is shown, this ordering is merely illustrative, and any suitable arrangement of the steps may be utilized without departing from the scope of the embodiments herein.

The techniques described herein, therefore, provide for monitoring and mapping network topologies in a communication network (e.g., a data center network) based on statistical analysis of response times or latency between pairs of nodes. The techniques described herein provide simple solutions to determine latency based on time stamped values, which can be assigned by network devices such as an edge switch, router, and the like.

While there have been shown and described illustrative embodiments to determine latency distributions amongst pairs of network nodes, network topology mapping, and the like, it is to be understood that various other adaptations and modifications may be made within the spirit and scope of the embodiments herein. For example, the embodiments have been shown and described herein using response times in factors of a generic time (t), however it is appreciated that latency or response times may be measured in specific fractions, or portions of seconds (e.g., milliseconds, microseconds, etc.) or other appropriate measures of time.

The foregoing description has been directed to specific embodiments. It will be apparent; however, that other variations and modifications may be made to the described embodiments, with the attainment of some or all of their advantages. For instance, it is expressly contemplated that the components and/or elements described herein can be implemented as software being stored on a tangible (non-transitory) computer-readable medium, devices, and memories (e.g., disks/CDs/RAM/EEPROM/etc.) having program instructions executing on a computer, hardware, firmware, or a combination thereof. Further, methods describing the various functions and techniques described herein can be implemented using computer-executable instructions that are stored or otherwise available from computer readable media. Such instructions can comprise, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Portions of computer resources used can be accessible over a network. The computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, or source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on. In addition, devices implementing methods according to these disclosures can comprise hardware, firmware and/or software, and can take any of a variety of form factors. Typical examples of such form factors include laptops, smart phones, small form factor personal computers, personal digital assistants, and so on. Functionality described herein also can be embodied in peripherals or add-in cards. Such functionality can also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example. Instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are means for providing the functions described in these disclosures. Accordingly this description is to be taken only by way of example and not to otherwise limit the scope of the embodiments herein. Therefore, it is the object of the appended claims to cover all such variations and modifications as come within the true spirit and scope of the embodiments herein.

Claims

1. A method, comprising: monitoring, by a monitoring device in a communication network, messages exchanged between at least a first node, a second node, and a third node;determining, based on time stamp data associated with each message, one or more latency distributions of paired response times between the first node, the second node, and the third node, the one or more latency distributions include at least a first latency distribution corresponding to response times between the first node and the second node, a second latency distribution corresponding to response times between the first node and the third node, and a third latency distribution corresponding to response times between the second node and the third node;determining a node topology consistent with the first latency distribution, the second latency distribution, and the third latency distribution;generating a graph of the node topology showing one or more communication links between one or more of the first node, the second node, or the third node; andannotating each communication link of the one or more communication links with at least one of a mean response time or a median response time based on at least one of the first latency distribution, the second latency distribution, or the third latency distribution.
2. The method of claim 1, wherein determining the node topology further comprises: comparing an aggregated latency distribution of the first latency distribution and the second latency distribution to the third latency distribution to determine a position in the node topology for each of the first node, the second node, and the third node.
3. The method of claim 2, further comprising: determining the second node is disposed between the first node and the second node in the node topology when the aggregated latency distribution substantially matches the third latency distribution.
4. The method of claim 1, wherein the monitoring device includes a plurality of distributed monitoring modules operable by one or more of the first node, the second node, and the third node.
5. The method of claim 4, further comprising: receiving, by the monitoring device, the time stamp data associated with each message from the plurality of monitoring modules.
6. The method of claim 1, further comprising: determine, by the monitoring device, the time stamp data associated with each message based on a unique message identifier, andwherein, determining the one or more latency distributions, further comprises determining, based on the time stamp data associated with each message and the unique identifier associated with each message, the one or more latency distributions of paired response times for the messages exchanged between the first node, the second node, and the third node.
7. The method of claim 6, wherein the unique message identifier includes at least one of a packet header, a sequence number, an acknowledgement number, a type, or a size of the message.
8. The method of claim 1, wherein the first latency distribution represents a first paired response time distribution for the messages exchanged between the first node and the second node, the second latency distribution represents a second paired response time distribution for the messages exchanged between the first node and the third node, and the third latency distribution represents a third paired response time distribution for the messages exchanged between the second node and the third node.
9. The method of claim 1, further comprising: determining at least one of the average response time or the median response time for each latency distribution, including the first latency distribution, the second latency distribution, and the third latency distribution, andwherein, determining the node topology further comprises determining the node topology consistent with the at least one of the average response time or the median response time for each latency distribution.
10. The method of claim 1, wherein determining the node topology, further comprises: identifying one or more outlier response times in each latency distribution, including the first latency distribution, the second latency distribution, and the third latency distribution;removing the one or more outlier response times from each latency distribution; andgenerating the at least one of the median response time or the mean response time for each latency distribution after removing the one or more outlier response times.
11. The method of claim 1, wherein at least one of the first node, the second node, or the third node includes one of a virtual machine, a hypervisor, a switch, or a router.
12. A monitoring device, comprising: one or more network interfaces to communicate within a communication network;a processor coupled to the network interfaces and adapted to execute one or more processes; anda memory configured to store a process executable by the processor, the process when executed operable to: monitor messages exchanged in the communication network between at least a first node, a second node, and a third node;determine, based on time stamp data associated with each message, one or more latency distributions of paired response times between the first node, the second node, and the third node, the one or more latency distributions include at least a first latency distribution corresponding to response times between the first node and the second node, a second latency distribution corresponding to response times between the first node and the third node, and a third latency distribution corresponding to response times between the second node and the third node;determine a node topology consistent with the first latency distribution, the second latency distribution, and the third latency distribution;generate a graph of the node topology showing one or more communication links between one or more of the first node, the second node, or the third node; andannotate each communication link of the one or more communication links with at least one of a mean response time or a median response time based on at least one of the first latency distribution, the second latency distribution, or the third latency distribution.
13. The monitoring device of claim 12, wherein the process, when executed to determine the node topology, is further operable to: compare an aggregated latency distribution of the first latency distribution and the second latency distribution to the third latency distribution to determine a position in the node topology for each of the first node, the second node, and the third node.
14. The monitoring device of claim 13, wherein the process, when executed, is further operable to: determine the second node is disposed between the first node and the second node in the node topology when the aggregated latency distribution substantially matches the third latency distribution.
15. The monitoring device of claim 12, further comprising: a plurality of distributed monitoring modules operable by one or more of the first node, the second node, and the third node, andwherein, the process, when executed, is further operable to receive the time stamp data associated with each message from the plurality of monitoring modules.
16. The monitoring device of claim 12, wherein the process, when executed, is further operable to: determine the time stamp data associated with each message based on a unique message identifier, andwherein, the process to determine the one or more latency distributions, when executed, is further operable to determine, based on the time stamp data associated with each message and the unique identifier associated with each message, the one or more latency distributions of paired response times for the messages exchanged between the first node, the second node, and the third node.
17. The monitoring device of claim 16, wherein the unique message identifier includes at least one of a packet header, a sequence number, an acknowledgement number, a type, or a size of the message.
18. The monitoring device of claim 12, wherein the process, when executed, is further operable to: determine at least one of the average response time or the median response time for each latency distribution, including the first latency distribution, the second latency distribution, and the third latency distribution, andwherein, the process to determine the node topology, when executed, is further operable to determine the node topology consistent with at least one of the average response time or the median response time for each latency distribution.
19. The monitoring device of claim 12, wherein the process to determine the node topology, when executed, is further operable to: identify one or more outlier response times in each latency distribution, including the first latency distribution, the second latency distribution, and the third latency distribution;remove the one or more outlier response times from each latency distribution; andgenerate the at least one of the median response time or the mean response time for each latency distribution after removing the one or more outlier response times.
20. A tangible, non-transitory, computer-readable media having software encoded thereon, the software, when executed by a processor, operable to: monitor messages exchanged in the communication network between at least a first node, a second node, and a third node;determine, based on time stamp data associated with each message, one or more latency distributions of response times between the first node, the second node, and the third node based on time stamp data associated with each message, the one or more latency distributions include at least a first latency distribution corresponding to response times between the first node and the second node, a second latency distribution corresponding to response times between the first node and the third node, and a third latency distribution corresponding to response times between the second node and the third node;determine a node topology consistent with the first latency distribution, the second latency distribution, and the third latency distribution;generate a graph of the node topology showing one or more communication links between one or more of the first node, the second node, or the third node; andannotate each communication link of the one or more communication links with at least one of a mean response time or a median response time based on at least one of the first latency distribution, the second latency distribution, or the third latency distribution.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims priority to U.S. Provisional Patent Application Ser. No. 62/171,899, filed on Jun. 5, 2015, the content of which is herein incorporated by reference.

US Referenced Citations (355)

Number	Name	Date	Kind
5742829	Davis et al.	Apr 1998	A
5903545	Sabourin	May 1999	A
6012096	Link et al.	Jan 2000	A
6144962	Weinberg et al.	Nov 2000	A
6247058	Miller et al.	Jun 2001	B1
6330562	Boden et al.	Dec 2001	B1
6525658	Streetman et al.	Feb 2003	B2
6597663	Rekhter	Jul 2003	B1
6611896	Mason, Jr. et al.	Aug 2003	B1
6728779	Griffin	Apr 2004	B1
6801878	Hintz et al.	Oct 2004	B1
6847993	Novaes et al.	Jan 2005	B1
6925490	Novaes et al.	Aug 2005	B1
6958998	Shorey	Oct 2005	B2
6983323	Cantrell et al.	Jan 2006	B2
6996817	Birum et al.	Feb 2006	B2
7002464	Bruemmer et al.	Feb 2006	B2
7120934	Ishikawa	Oct 2006	B2
7181769	Keanini et al.	Feb 2007	B1
7185103	Jain	Feb 2007	B1
7337206	Wen et al.	Feb 2008	B1
7353511	Ziese	Apr 2008	B1
7370092	Aderton et al.	May 2008	B2
7395195	Suenbuel et al.	Jul 2008	B2
7444404	Wetherall et al.	Oct 2008	B2
7466681	Ashwood-Smith et al.	Dec 2008	B2
7467205	Dempster et al.	Dec 2008	B1
7496040	Seo	Feb 2009	B2
7496575	Buccella et al.	Feb 2009	B2
7530105	Gilbert et al.	May 2009	B2
7610330	Quinn et al.	Oct 2009	B1
7633942	Bearden et al.	Dec 2009	B2
7676570	Levy et al.	Mar 2010	B2
7681131	Quarterman et al.	Mar 2010	B1
7693947	Judge et al.	Apr 2010	B2
7752307	Takara	Jul 2010	B2
7783457	Cunningham	Aug 2010	B2
7844696	Labovitz	Nov 2010	B2
7844744	Abercrombie et al.	Nov 2010	B2
7864707	Dimitropoulos et al.	Jan 2011	B2
7873025	Patel et al.	Jan 2011	B2
7874001	Beck et al.	Jan 2011	B2
7885197	Metzler	Feb 2011	B2
7895649	Brook et al.	Feb 2011	B1
7904420	Ianni	Mar 2011	B2
7930752	Hertzog et al.	Apr 2011	B2
7934248	Yehuda et al.	Apr 2011	B1
7957934	Greifeneder	Jun 2011	B2
7961637	McBeath	Jun 2011	B2
7970946	Djabarov et al.	Jun 2011	B1
7975035	Popescu et al.	Jul 2011	B2
8005935	Pradhan et al.	Aug 2011	B2
8040232	Oh et al.	Oct 2011	B2
8040822	Proulx et al.	Oct 2011	B2
8135657	Kapoor et al.	Mar 2012	B2
8156430	Newman	Apr 2012	B2
8185824	Mitchell et al.	May 2012	B1
8250657	Nachenberg et al.	Aug 2012	B1
8255972	Azagury et al.	Aug 2012	B2
8266697	Coffman	Sep 2012	B2
8281397	Vaidyanathan et al.	Oct 2012	B2
8291495	Burns et al.	Oct 2012	B1
8296847	Mendonca et al.	Oct 2012	B2
8370407	Devarajan et al.	Feb 2013	B1
8381289	Pereira et al.	Feb 2013	B1
8391270	Van Der Stok et al.	Mar 2013	B2
8407164	Malik et al.	Mar 2013	B2
8442073	Skubacz et al.	May 2013	B2
8451731	Lee et al.	May 2013	B1
8462212	Kundu et al.	Jun 2013	B1
8489765	Vasseur et al.	Jul 2013	B2
8516590	Ranadive et al.	Aug 2013	B1
8527977	Cheng et al.	Sep 2013	B1
8570861	Brandwine et al.	Oct 2013	B1
8572600	Chung et al.	Oct 2013	B2
8572734	McConnell et al.	Oct 2013	B2
8572735	Ghosh et al.	Oct 2013	B2
8588081	Salam et al.	Nov 2013	B2
8600726	Varshney et al.	Dec 2013	B1
8630316	Haba	Jan 2014	B2
8640086	Bonev et al.	Jan 2014	B2
8661544	Yen et al.	Feb 2014	B2
8677487	Balupari et al.	Mar 2014	B2
8683389	Bar-Yam et al.	Mar 2014	B1
8706914	Duchesneau	Apr 2014	B2
8719452	Ding et al.	May 2014	B1
8719835	Kanso et al.	May 2014	B2
8752042	Ratica	Jun 2014	B2
8755396	Sindhu et al.	Jun 2014	B2
8762951	Kosche et al.	Jun 2014	B1
8769084	Westerfeld et al.	Jul 2014	B2
8776180	Kumar et al.	Jul 2014	B2
8812725	Kulkarni	Aug 2014	B2
8813236	Saha et al.	Aug 2014	B1
8825848	Dotan et al.	Sep 2014	B1
8832013	Adams et al.	Sep 2014	B1
8832461	Saroiu et al.	Sep 2014	B2
8849926	Marzencki et al.	Sep 2014	B2
8881258	Paul et al.	Nov 2014	B2
8887238	Howard et al.	Nov 2014	B2
8904520	Nachenberg et al.	Dec 2014	B1
8931043	Cooper et al.	Jan 2015	B2
8954610	Berke et al.	Feb 2015	B2
8973147	Pearcy et al.	Mar 2015	B2
8990386	He et al.	Mar 2015	B2
8996695	Anderson et al.	Mar 2015	B2
8997227	Mhatre et al.	Mar 2015	B1
9015716	Fletcher et al.	Apr 2015	B2
9071575	Lemaster et al.	Jun 2015	B2
9088598	Zhang et al.	Jul 2015	B1
9110905	Polley et al.	Aug 2015	B2
9160764	Stiansen et al.	Oct 2015	B2
9178906	Chen et al.	Nov 2015	B1
9197654	Ben-Shalom et al.	Nov 2015	B2
9225793	Dutta et al.	Dec 2015	B2
9237111	Banavalikar et al.	Jan 2016	B2
9246773	Degioanni	Jan 2016	B2
9258217	Duffield et al.	Feb 2016	B2
9281940	Matsuda et al.	Mar 2016	B2
9317574	Brisebois et al.	Apr 2016	B1
9319384	Yan et al.	Apr 2016	B2
9405903	Xie et al.	Aug 2016	B1
9418222	Rivera et al.	Aug 2016	B1
9454324	Madhavapeddi	Sep 2016	B1
9501744	Brisebois et al.	Nov 2016	B1
9634915	Bley	Apr 2017	B2
9645892	Patwardhan	May 2017	B1
9733973	Prasad et al.	Aug 2017	B2
20020053033	Cooper et al.	May 2002	A1
20020103793	Koller et al.	Aug 2002	A1
20020141343	Bays	Oct 2002	A1
20020184393	Leddy	Dec 2002	A1
20030097439	Strayer et al.	May 2003	A1
20030145232	Poletto et al.	Jul 2003	A1
20030154399	Zuk et al.	Aug 2003	A1
20040030776	Cantrell et al.	Feb 2004	A1
20040268149	Aaron	Dec 2004	A1
20050039104	Shah et al.	Feb 2005	A1
20050166066	Ahuja et al.	Jul 2005	A1
20050207376	Ashwood-Smith et al.	Sep 2005	A1
20050257244	Joly et al.	Nov 2005	A1
20050289244	Sahu et al.	Dec 2005	A1
20060048218	Lingafelt et al.	Mar 2006	A1
20060080733	Khosmood et al.	Apr 2006	A1
20060095968	Portolani et al.	May 2006	A1
20060156408	Himberger et al.	Jul 2006	A1
20060195448	Newport	Aug 2006	A1
20060272018	Fouant	Nov 2006	A1
20060274659	Ouderkirk	Dec 2006	A1
20060294219	Ogawa et al.	Dec 2006	A1
20070044147	Choi et al.	Feb 2007	A1
20070097976	Wood et al.	May 2007	A1
20070169179	Narad	Jul 2007	A1
20070195729	Li et al.	Aug 2007	A1
20070195797	Patel et al.	Aug 2007	A1
20070211637	Mitchell	Sep 2007	A1
20070300061	Kim et al.	Dec 2007	A1
20080022385	Crowell et al.	Jan 2008	A1
20080082662	Danliker et al.	Apr 2008	A1
20080101234	Nakil et al.	May 2008	A1
20080126534	Mueller et al.	May 2008	A1
20080250122	Zsigmond et al.	Oct 2008	A1
20080270199	Chess et al.	Oct 2008	A1
20080301765	Nicol et al.	Dec 2008	A1
20090064332	Porras et al.	Mar 2009	A1
20090241170	Kumar et al.	Sep 2009	A1
20090307753	Dupont et al.	Dec 2009	A1
20090313373	Hanna et al.	Dec 2009	A1
20090313698	Wahl	Dec 2009	A1
20090328219	Narayanaswamy	Dec 2009	A1
20100005288	Rao et al.	Jan 2010	A1
20100077445	Schneider et al.	Mar 2010	A1
20100095293	O'Neill et al.	Apr 2010	A1
20100095367	Narayanaswamy	Apr 2010	A1
20100138810	Komatsu et al.	Jun 2010	A1
20100148940	Gelvin et al.	Jun 2010	A1
20100153316	Duffield et al.	Jun 2010	A1
20100153696	Beachem et al.	Jun 2010	A1
20100220584	DeHaan et al.	Sep 2010	A1
20100235514	Beachem	Sep 2010	A1
20100235915	Memon et al.	Sep 2010	A1
20100303240	Beachem	Dec 2010	A1
20100319060	Aiken et al.	Dec 2010	A1
20110010585	Bugenhagen et al.	Jan 2011	A1
20110055381	Narasimhan et al.	Mar 2011	A1
20110055388	Yumerefendi et al.	Mar 2011	A1
20110066719	Miryanov et al.	Mar 2011	A1
20110069685	Tofighbakhsh	Mar 2011	A1
20110083125	Komatsu et al.	Apr 2011	A1
20110126275	Anderson et al.	May 2011	A1
20110145885	Rivers et al.	Jun 2011	A1
20110170860	Smith	Jul 2011	A1
20110173490	Narayanaswamy et al.	Jul 2011	A1
20110185423	Sallam	Jul 2011	A1
20110196957	Ayachitula et al.	Aug 2011	A1
20110202655	Sharma et al.	Aug 2011	A1
20110225207	Subramanian et al.	Sep 2011	A1
20110228696	Agarwal et al.	Sep 2011	A1
20110302652	Westerfeld	Dec 2011	A1
20110314148	Petersen et al.	Dec 2011	A1
20120005542	Petersen et al.	Jan 2012	A1
20120079592	Pandrangi	Mar 2012	A1
20120102361	Sass et al.	Apr 2012	A1
20120102543	Kohli et al.	Apr 2012	A1
20120117226	Tanaka et al.	May 2012	A1
20120136996	Seo et al.	May 2012	A1
20120137278	Draper et al.	May 2012	A1
20120140626	Anand et al.	Jun 2012	A1
20120197856	Banka et al.	Aug 2012	A1
20120198541	Reeves	Aug 2012	A1
20120216271	Cooper et al.	Aug 2012	A1
20120233473	Vasseur et al.	Sep 2012	A1
20120240232	Azuma	Sep 2012	A1
20120246303	Petersen et al.	Sep 2012	A1
20120278021	Lin et al.	Nov 2012	A1
20130003538	Greenburg et al.	Jan 2013	A1
20130006935	Grisby	Jan 2013	A1
20130038358	Cook et al.	Feb 2013	A1
20130086272	Chen et al.	Apr 2013	A1
20130103827	Dunlap et al.	Apr 2013	A1
20130145099	Liu et al.	Jun 2013	A1
20130159999	Chiueh et al.	Jun 2013	A1
20130179487	Lubetzky et al.	Jul 2013	A1
20130179879	Zhang et al.	Jul 2013	A1
20130198839	Wei et al.	Aug 2013	A1
20130246925	Ahuja et al.	Sep 2013	A1
20130247201	Alperovitch et al.	Sep 2013	A1
20130254879	Chesla et al.	Sep 2013	A1
20130268994	Cooper et al.	Oct 2013	A1
20130275579	Hernandez et al.	Oct 2013	A1
20130283374	Zisapel et al.	Oct 2013	A1
20130290521	Labovitz	Oct 2013	A1
20130297771	Osterloh et al.	Nov 2013	A1
20130304900	Trabelsi et al.	Nov 2013	A1
20130305369	Karta et al.	Nov 2013	A1
20130318357	Abraham et al.	Nov 2013	A1
20130326623	Kruglick	Dec 2013	A1
20130333029	Chesla et al.	Dec 2013	A1
20130347103	Veteikis et al.	Dec 2013	A1
20140006610	Formby et al.	Jan 2014	A1
20140006871	Lakshmanan et al.	Jan 2014	A1
20140012814	Bercovici et al.	Jan 2014	A1
20140033193	Palaniappan	Jan 2014	A1
20140047185	Peterson et al.	Feb 2014	A1
20140047372	Gnezdov et al.	Feb 2014	A1
20140059200	Nguyen et al.	Feb 2014	A1
20140089494	Dasari et al.	Mar 2014	A1
20140096058	Molesky et al.	Apr 2014	A1
20140115219	Ajanovic et al.	Apr 2014	A1
20140143825	Behrendt et al.	May 2014	A1
20140149490	Luxenberg et al.	May 2014	A1
20140156814	Barabash et al.	Jun 2014	A1
20140164607	Bai et al.	Jun 2014	A1
20140173623	Chang et al.	Jun 2014	A1
20140192639	Smirnov	Jul 2014	A1
20140201717	Mascaro et al.	Jul 2014	A1
20140215573	Cepuran	Jul 2014	A1
20140215621	Xaypanya et al.	Jul 2014	A1
20140281030	Cui et al.	Sep 2014	A1
20140289854	Mahvi	Sep 2014	A1
20140298461	Hohndel et al.	Oct 2014	A1
20140317737	Shin et al.	Oct 2014	A1
20140331276	Frascadore et al.	Nov 2014	A1
20140331280	Porras et al.	Nov 2014	A1
20140331304	Wong	Nov 2014	A1
20140351203	Kunnatur et al.	Nov 2014	A1
20140351415	Harrigan et al.	Nov 2014	A1
20140359695	Chari et al.	Dec 2014	A1
20150009840	Pruthi et al.	Jan 2015	A1
20150033305	Shear et al.	Jan 2015	A1
20150036533	Sodhi et al.	Feb 2015	A1
20150039751	Harrigan et al.	Feb 2015	A1
20150046882	Menyhart et al.	Feb 2015	A1
20150058976	Carney et al.	Feb 2015	A1
20150067143	Babakhan et al.	Mar 2015	A1
20150082151	Liang et al.	Mar 2015	A1
20150085665	Kompella et al.	Mar 2015	A1
20150095332	Beisiegel et al.	Apr 2015	A1
20150112933	Satapathy	Apr 2015	A1
20150113133	Srinivas et al.	Apr 2015	A1
20150124608	Agarwal et al.	May 2015	A1
20150138993	Forster et al.	May 2015	A1
20150142962	Srinivas et al.	May 2015	A1
20150195291	Zuk et al.	Jul 2015	A1
20150249622	Phillips et al.	Sep 2015	A1
20150256555	Choi et al.	Sep 2015	A1
20150261842	Huang et al.	Sep 2015	A1
20150261886	Wu et al.	Sep 2015	A1
20150271255	Mackay et al.	Sep 2015	A1
20150295945	Canzanese, Jr. et al.	Oct 2015	A1
20150347554	Vasantham et al.	Dec 2015	A1
20150358352	Chasin et al.	Dec 2015	A1
20160006753	McDaid et al.	Jan 2016	A1
20160021131	Heilig	Jan 2016	A1
20160026552	Holden	Jan 2016	A1
20160036837	Jain et al.	Feb 2016	A1
20160050132	Zhang et al.	Feb 2016	A1
20160072815	Rieke et al.	Mar 2016	A1
20160103692	Guntaka et al.	Apr 2016	A1
20160105350	Greifeneder et al.	Apr 2016	A1
20160119234	Valencia Lopez et al.	Apr 2016	A1
20160127395	Underwood et al.	May 2016	A1
20160147585	Konig et al.	May 2016	A1
20160162308	Chen et al.	Jun 2016	A1
20160162312	Doherty et al.	Jun 2016	A1
20160205002	Rieke et al.	Jul 2016	A1
20160216994	Sefidcon et al.	Jul 2016	A1
20160294691	Joshi	Oct 2016	A1
20160308908	Kirby et al.	Oct 2016	A1
20160357424	Pang et al.	Dec 2016	A1
20160357546	Chang et al.	Dec 2016	A1
20160357587	Yadav et al.	Dec 2016	A1
20160357957	Deen et al.	Dec 2016	A1
20160359592	Kulshreshtha et al.	Dec 2016	A1
20160359628	Singh et al.	Dec 2016	A1
20160359658	Yadav et al.	Dec 2016	A1
20160359673	Gupta et al.	Dec 2016	A1
20160359678	Madani et al.	Dec 2016	A1
20160359679	Parasdehgheibi et al.	Dec 2016	A1
20160359680	Parandehgheibi et al.	Dec 2016	A1
20160359686	Parandehgheibi et al.	Dec 2016	A1
20160359696	Yadav et al.	Dec 2016	A1
20160359697	Scheib et al.	Dec 2016	A1
20160359698	Deen et al.	Dec 2016	A1
20160359699	Gandham et al.	Dec 2016	A1
20160359700	Pang et al.	Dec 2016	A1
20160359701	Pang et al.	Dec 2016	A1
20160359703	Gandham et al.	Dec 2016	A1
20160359704	Gandham et al.	Dec 2016	A1
20160359705	Parasdehgheibi et al.	Dec 2016	A1
20160359708	Gandham et al.	Dec 2016	A1
20160359709	Deen et al.	Dec 2016	A1
20160359711	Deen et al.	Dec 2016	A1
20160359712	Alizadeh Attar et al.	Dec 2016	A1
20160359740	Parandehgheibi et al.	Dec 2016	A1
20160359759	Singh et al.	Dec 2016	A1
20160359872	Yadav et al.	Dec 2016	A1
20160359877	Kulshreshtha et al.	Dec 2016	A1
20160359878	Prasad et al.	Dec 2016	A1
20160359879	Deen et al.	Dec 2016	A1
20160359880	Pang et al.	Dec 2016	A1
20160359881	Yadav et al.	Dec 2016	A1
20160359888	Gupta et al.	Dec 2016	A1
20160359889	Yadav et al.	Dec 2016	A1
20160359890	Deen et al.	Dec 2016	A1
20160359891	Pang et al.	Dec 2016	A1
20160359897	Yadav et al.	Dec 2016	A1
20160359912	Gupta et al.	Dec 2016	A1
20160359913	Gupta et al.	Dec 2016	A1
20160359914	Deen et al.	Dec 2016	A1
20160359915	Gupta et al.	Dec 2016	A1
20160359917	Rao et al.	Dec 2016	A1
20160373481	Sultan et al.	Dec 2016	A1
20170034018	Parasdehgheibi et al.	Feb 2017	A1
20180006911	Dickey	Jan 2018	A1

Foreign Referenced Citations (20)

Number	Date	Country
101093452	Dec 2007	CN
101770551	Jul 2010	CN
102521537	Jun 2012	CN
103023970	Apr 2013	CN
103716137	Apr 2014	CN
104065518	Sep 2014	CN
0811942	Dec 1997	EP
1383261	Jan 2004	EP
1450511	Aug 2004	EP
2045974	Apr 2008	EP
2887595	Jun 2015	EP
2009-016906	Jan 2009	JP
1394338	May 2014	KR
WO 2007014314	Feb 2007	WO
WO 2007070711	Jun 2007	WO
WO 2008069439	Jun 2008	WO
WO 2013030830	Mar 2013	WO
WO 2015042171	Mar 2015	WO
WO 2016004075	Jan 2016	WO
WO 2016019523	Feb 2016	WO

Non-Patent Literature Citations (69)

Entry
InternetPerils, Inc., “Control Your Internet Business Risk,” 2003-2015, https://www.internetperils.com/.
Bosch, Greg, “Virtualization,” 2010, 33 pages.
Breen, Christopher, “MAC 911, How to dismiss Mac App Store Notifications,” Macworld.com, Mar. 24, 2014, 3 pages.
Chou, C.W., et al., “Optical Clocks and Relativity,” Science vol. 329, Sep. 24, 2010, pp. 1630-1633.
Huang, Hing-Jie, et al., “Clock Skew Based Node Identification in Wireless Sensor Networks,” IEEE, 2008, 5 pages.
Ives, Herbert, E., et al., “An Experimental Study of the Rate of a Moving Atomic Clock,” Journal of the Optical Society of America, vol. 28, No. 7, Jul. 1938, pp. 215-226.
Witze, Alexandra, “Special relativity aces time trial, ‘Time dilation’ predicted by Einstein confirmed by lithium ion experiment,” Nature, Sep. 19, 2014, 3 pages.
Zatrochova, Zuzana, “Analysis and Testing of Distributed NoSQL Datastore Riak,” Spring, 2015, 76 pages.
Australian Government Department of Defence, Intelligence and Security, “Top 4 Strategies to Mitigate Targeted Cyber Intrusions,” Cyber Security Operations Centre Jul. 2013, http://www.asd.gov.au/infosec/top-mitigations/top-4-strategies-explained.htm.
Author Unknown, “Blacklists & Dynamic Reputation: Understanding Why the Evolving Threat Eludes Blacklists,” www.dambaia.com, 9 pages, Dambala, Atlanta, GA, USA.
Aydin, Galip, et al., “Architecture and Implementation of a Scalable Sensor Data Storage and Analysis Using Cloud Computing and Big Data Technologies,” Journal of Sensors, vol. 2015, Article ID 834217, Feb. 2015, 11 pages.
Backes, Michael, et al., “Data Lineage in Malicious Environments,” IEEE 2015, pp. 1-13.
Bayati, Mohsen, et al., “Message-Passing Algorithms for Sparse Network Alignment,” Mar. 2013, 31 pages.
Berezinski, Przemyslaw, et al., “An Entropy-Based Network Anomaly Detection Method,” Entropy, 2015, vol. 17, www.mdpi.com/journal/entropy, pp. 2367-2408.
Berthier, Robin, et al. “Nfsight: Netflow-based Network Awareness Tool,” 2010, 16 pages.
Bhuyan, Dhiraj, “Fighting Bots and Botnets,” 2006, pp. 23-28.
Blair, Dana, et al., U.S. Appl. No. 62/106,006, tiled Jan. 21, 2015, entitled “Monitoring Network Policy Compliance.”
Chandran, Midhun, et al., “Monitoring in a Virtualized Environment,” GSTF International Journal on Computing, vol. 1, No. 1, Aug. 2010.
Chari, Suresh, et al., “Ensuring continuous compliance through reconciling policy with usage,” Proceedings of the 18th ACM symposium on Access control models and technologies (SACMAT '13). ACM, New York, NY, USA, 49-60.
Chen, Xu, et al., “Automating network application dependency discovery: experiences, limitations, and new solutions,” 8th USENIX conference on Operating systems design and implementation (OSDI'08), USENIX Association, Berkeley, CA, USA, 117-130.
Cisco Systems, “Cisco Network Analysis Modules (NAM) Tutorial,” Cisco Systems, Inc., Version 3.5.
Cisco Systems, Inc., “Addressing Compliance from One Infrastructure: Cisco Unified Compliance Solution Framework,” 2014.
Cisco Systems, Inc., “Cisco Application Dependency Mapping Service,” 2009.
Cisco Systems, Inc., “White Paper—New Cisco Technologies Help Customers Achieve Regulatory Compliance,” 1992-2008.
Cisco Systems, Inc., “A Cisco Guide to Defending Against Distributed Denial of Service Attacks,” May 3, 2016, 34 pages.
Cisco Technology, Inc., “Cisco Lock-and-Key:Dynamic Access Lists,” http://www/cisco.com/c/en/us/support/docs/security-vpn/lock-key/7604-13.html; Updated Jul. 12, 2006, 16 pages.
Di Lorenzo, Guisy, et al., “EXSED: An Intelligent Tool for Exploration of Social Events Dynamics from Augmented Trajectories,” Mobile Data Management (MDM), pp. 323-330, Jun. 3-6, 2013.
Feinstein, Laura, et al., “Statistical Approaches to DDoS Attack Detection and Response,” Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX '03), Apr. 2003, 12 pages.
George, Ashley, et al., “NetPal: A Dynamic Network Administration Knowledge Base,” 2008, pp. 1-14.
Goldsteen, Abigail, et al., “A Tool for Monitoring and Maintaining System Trustworthiness at Run Time,” REFSQ (2015), pp. 142-147.
Hamadi, S., et al., “Fast Path Acceleration for Open vSwitch in Overlay Networks,” Global Information Infrastructure and Networking Symposium (GIIS), Montreal, QC, pp. 1-5, Sep. 15-19, 2014.
Hewlett-Packard, “Effective use of reputation intelligence in a security operations center,” Jul. 2013, 6 pages.
Hideshima, Yusuke, et al., “STARMINE: A Visualization System for Cyber Attacks,” http://www.researchgate.net/publication/221536306, Feb. 2006, 9 pages.
Janoff, Christian, et al., “Cisco Compliance Solution for HIPAA Security Rule Design and Implementation Guide,” Cisco Systems, Inc., Updated Nov. 14, 2015, part 1 of 2, 350 pages.
Janoff, Christian, et al., “Cisco Compliance Solution for HIPAA Security Rule Design and Implementation Guide,” Cisco Systems, Inc., Updated Nov. 14, 2015, part 2 of 2, 588 pages.
Kerrison, Adam, et al., “Four Steps to Faster, Better Application Dependency Mapping—Laying the Foundation for Effective Business Service Models,” BMCSoftware, 2011.
Kraemer, Brian, “Get to know your data center with CMDB,” TechTarget, Apr. 5, 2006, http://searchdatacenter.techtarget.com/news/118820/Get-to-know-your-data-center-with-CMDB.
Lab SKU, “VMware Hands-on Labs—HOL-SDC-1301” Version: 20140321-160709, 2013; http://docs.hol.vmware.com/HOL-2013/holsdc-1301_html_en/ (part 1 of 2).
Lab SKU, “VMware Hands-on Labs—HOL-SDC-1301” Version: 20140321-160709, 2013; http://docs.hol.vmware.com/HOL-2013/holsdc-1301_html_en/ (part 2 of 2).
Lachance, Michael, “Dirty Little Secrets of Application Dependency Mapping,” Dec. 26, 2007.
Landman, Yoav, et al., “Dependency Analyzer,” Feb. 14, 2008, http://frog.com/confluence/display/DA/Home.
Lee, Sihyung, “Reducing Complexity of Large-Scale Network Configuration Management,” Ph.D. Dissertation, Carniege Mellon University, 2010.
Li, Ang, et al., “Fast Anomaly Detection for Large Data Centers,” Global Telecommunications Conference (GLOBECOM 2010, Dec. 2010, 6 pages.
Li, Bingbong, et al, “A Supervised Machine Learning Approach to Classify Host Roles on Line Using sFlow,” in Proceedings of the first edition workshop on High performance and programmable networking, 2013, ACM, New York, NY, USA, 53-60.
Liu, Ting, et al., “Impala: A Middleware System for Managing Autonomic, Parallel Sensor Systems,” In Proceedings of the Ninth ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming(PPoPP '03), ACM, New York, NY, USA, Jun. 11-13, 2003, pp. 107-118.
Lu, Zhonghai, et al., “Cluster-based Simulated Annealing for Mapping Cores onto 2D Mesh Networks on Chip,” Design and Diagnostics of Electronic Circuits and Systems, pp. 1, 6, 16-18, Apr. 2008.
Matteson, Ryan, “Depmap: Dependency Mapping of Applications Using Operating System Events: a Thesis,” Master's Thesis, California Polytechnic State University, Dec. 2010.
Natarajan, Arun, et al., “NSDMiner: Automated Discovery of Network Service Dependencies,” Institute of Electrical and Electronics Engineers INFOCOM, Feb. 2012, 9 pages.
Navaz, A.S. Syed, et al., “Entropy based Anomaly Detection System to Prevent DDoS Attacks in Cloud,” International Journal of computer Applications (0975-8887), vol. 62, No. 15, Jan. 2013, pp. 42-47.
Neverfail, “Neverfail IT Continuity Architect,” 2015, https://web.archive.org/web/20150908090456/http://www.neverfallgroup.com/products/it-continuity-architect.
Nilsson, Dennis K., et al., “Key Management and Secure Software Updates in Wireless Process Control Environments,” In Proceedings of the First ACM Conference on Wireless Network Security (WiSec '08), ACM, New York, NY, USA, Mar. 31-Apr. 2, 2008, pp. 100-108.
Nunnally, Troy, et al., “P3D: A Parallel 3D Coordinate Visualization for Advanced Network Scans,” IEEE 2013, Jun. 9-13, 2013, 6 pages.
O'Donnell, Glenn, et al., “The CMDB Imperative: How to Realize the Dream and Avoid the Nightmares,” Prentice Hall, Feb. 19, 2009.
Ohta, Kohei, et al., “Detection, Defense, and Tracking of Internet-Wide Illegal Access in a Distributed Manner,” 2000, pp. 1-16.
Pathway Systems International Inc., “How Blueprints does Integration,” Apr. 15, 2014, 9 pages, http://pathwaysystems.com/company.blog/.
Pathway Systems International Inc., “What is Blueprints?” 2010-2016, http://pathwaysystems.com/blueprints-about/.
Popa, Lucian, et al., “Macroscope: End-Point Approach to Networked Application Dependency Discovery,” CoNEXT'09, Dec. 1-4, 2009, Rome, Italy, 12 pages.
Prasad, K. Munivara, et al., “An Efficient Detection of Flooding Attacks to Internet Threat Monitors (ITM) using Entropy Variations under Low Traffic,” Computing Communication & Networking Technologies (ICCCNT '12), Jul. 26-28, 2012, 11 pages.
Sachan, Mrinmaya, et al., “Solving Electrical Networks to incorporate Supervision in Random Walks,” May 13-17, 2013, pp. 109-110.
Sammarco, Matteo, et al., “Trace Selection for Improved WLAN Monitoring,” Aug. 16, 2013, pp. 9-14.
Shneiderman, Ben, et al., “Network Visualization by Semantic Substrates,” Visualization and Computer Graphics, vol. 12, No. 5, pp. 733,740, Sep.-Oct. 2006.
Wang, Ru, et al., “Learning directed acyclic graphs via bootstarp aggregating,” 2014, 47 pages, http://arxiv.org/abs/1406.2098.
Wang, Yongjun, et al., “A Network Gene-Based Framework for Detecting Advanced Persistent Threats,” Nov. 2014, 7 pages.
Woodberg, Brad, “Snippet from Juniper SRX Series” Jun. 17, 2013, 1 page, O'Reilly Media, Inc.
Zhang, Yue, et al., “CANTINA: A Content-Based Approach to Detecting Phishing Web Sites,” May 8-12, 2007, pp. 639-648.
Bauch, Petr, “Reader's Report of Master's Thesis, Analysis and Testing of Distributed NoSQL Datastore Riak,” May 28, 2015, Brno. 2 pages.
Heckman, Sarah, et al., “On Establishing a Benchmark for Evaluating Static Analysis Alert Prioritization and Classification Techniques,” IEEE, 2008; 10 pages.
Kim, Myung-Sup, et al. “A Flow-based Method for Abnormal Network Traffic Detection, ” IEEE, 2004, pp. 599-612.
Thomas, R., “Bogon Dotted Decimal List,” Version 7.0, Team Cymru NOC, Apr. 27, 2012, 5 pages.

Related Publications (1)

	Number	Date	Country
	20160359677 A1	Dec 2016	US

Provisional Applications (1)

	Number	Date	Country
	62171899	Jun 2015	US

Techniques for determining network topologies

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

CPC

International Classifications

Term Extension

Abstract

Description

Claims

CROSS-REFERENCE TO RELATED APPLICATIONS

US Referenced Citations (355)

Foreign Referenced Citations (20)

Non-Patent Literature Citations (69)

Related Publications (1)

Provisional Applications (1)