The disclosed technology includes ranking entities in real-time to show the relative importance of those entities. The ranking is based on attributes of the entities that vary in real-time. An example of an entity is a process (e.g., an executing computer program) and the associated attributes can include the process' current CPU memory consumption. While the process runs, its CPU and memory consumption vary in real-time.

A method implemented through a server of a cloud computing network including subscribers of application acceleration as a service provided therethrough includes detecting a set of point anomalies in real-time data associated with each network entity for each feature thereof, and, in accordance with reading anomaly scores associated with an event as an input feedback, the each feature of the each network entity as a dimension of the input feedback and a category of the event as a label thereof, predictively classifying a future event into a predicted category in accordance with subjecting the anomaly scores associated with the event to a binning process and interpreting a severity indicator of the event. The method also includes refining the predictive classification of the future event based on a subsequent input to the server from a client device modifying a classification model for predictively classifying the future event into the predicted category.

In various embodiments, the techniques and supporting systems implement a recursive routing mechanism in hierarchical topological addressed environments to analyze and determine the presence of packet-forwarding errors within an IP network comprising a plurality of network-connected devices. This includes receiving, at a software defined network device, an indication of a potential packet-forwarding error between a first and second device of the plurality of network-connected devices and injecting, by the software defined network device, a test packet at an ingress to the first device. The test packet includes an initial ingress interface location identifying the first device, an alternate ingress interface location identifying the software defined network device and an egress interface location identifying the second device. A determination may then be made as to whether the test packet is received at the second device, thus indicating the existence or lack of routing errors.

A data packet extraction method and apparatus is disclosed. Two hash values calculated based on quintuple information of different data packets of a same session are the same, that is, two calculated remainders are also the same at a same sampling ratio. When one remainder of the two calculated remainders is a preset sampling remainder, all the data packets in a network that belong to the session are extracted, so as to implement data packet extraction based on a session. When the quintuple information of the different data packets of the same session matches a first mapping table, either all the data packets of the same session can match the first mapping table, or none of the data packets of the same session can match the first mapping table, so as to implement data packet extraction based on a session.

A method for analyzing traffic in a communications network includes sampling data packets at a plurality of network interconnection points, wherein sampling the data packets includes generating a plurality of sampled packet data in one or more standardized formats, converting the sampled packet data from the one or more standardized formats into a neutral format, and aggregating the sampled packet data in the neutral format from the plurality of network interconnection points. A system includes a communications node operable to sample data packets flowing through and generate sample packet data in a specified format, a collector node operable to convert the sampled packet data into a neutral format, the collector node further operable to map IP addresses of the sampled packet data to corresponding prefixes in a routing table; and an aggregator node operable to aggregate neutrally formatted sampled packet data from a plurality of collector nodes.

A communication technique which includes determining, at least in part by comparing data associated with a packet that has been pulled from a received packet queue with a highest sequence number among packets that have been placed in the received packet queue, that the received packet queue has space available to receive a further packet. A receiver with which the received packet queue is associated is sent, based at least in part on the determination, a next packet.

In one embodiment, a supervisory service for one or more networks receives telemetry data samples from a plurality of networking devices in the one or more networks. The service trains a failure prediction model to predict failures in the one or more networks, using a training dataset comprising the received telemetry data samples. The service assesses performance of the failure prediction model. The service trains, based on the assessed performance of the failure prediction model, a machine learning-based classification model to determine whether a networking device should send a particular telemetry data sample to the service. The service sends the machine learning-based classifier to one or more of the plurality of networking devices, to control which telemetry data samples the one or more networking devices send to the supervisory service.

A method of optimizing network traffic visibility resources comprises receiving, by a controller associated with a network traffic visibility system, information indicative of operation of the network traffic visibility system. The method further comprises facilitating, by the controller, control of resources in the network traffic visibility system, according to a configured resource control policy. The facilitating can include providing, by the controller, control signaling to cause maximization of network traffic monitoring fidelity for a plurality of Quality of Service (QoS) classes of network traffic, based on a specified fixed amount of one or more network resources associated with the network traffic visibility system. Alternatively or additionally, the facilitating can include providing, by the controller, control signaling to cause minimization of use of the one or more network resources, based on a specified fixed level of traffic monitoring fidelity associated with the plurality of QoS classes.

Data traffic, such as wireless data traffic egressing to the Internet, is aggregated at one or more regional aggregation hubs, and a portion(s) of data traffic associated with a subscriber(s) of interest is captured at the regional aggregation hub(s). Data traffic associated with subscribers can be aggregated at an access concentrator(s) and respective public Internet Protocol (IP) addresses can be given to respective subscribers. The data traffic can be aggregated at the regional aggregation hub(s) and data traffic associated with a subscriber(s) of interest can be identified based at least in part on the public IP address(es) of the respective subscriber(s) of interest. The data traffic associated with a subscriber(s) of interest can be captured and provided to a consumer (e.g., law enforcement, service provider) who desires such data.

A system and method for monitoring network communications are provided. The method comprises capturing one or more packets of data in a networking stack of a computing device. Then, a unique identifier is associated with the computing device that uniquely identifies the computing device. The unique identifier and a sample of the contents of each of the one or more captured packets of data are then stored. The method may further comprise generating hybrid flow data by processing the stored unique identifier and the sample of the contents of each of the one or more captured packets of data. The hybrid data flow comprises the unique identifier, the sample of the contents of each of the one or more captured packets of data, derived network flow data, and derived statistical packet data.