This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

The disclosed scoring uses a “dynamic packet loss threshold” that is based on benchmarks of “good” packet loss behavior of network paths associated with circuits of different bandwidths and recent behavior of the path being scored. The observations for good packet loss behavior are bucketized by corresponding circuit load. For the path being scored, observations are also bucketized and aggregated into a moving average per load bucket. The moving averages represent recent behavior of the path by load bucket. The scoring system scores a path as a function of the current time interval packet loss of the network path being scored and the dynamic packet loss threshold of the current time interval. The dynamic packet loss threshold of the current time interval is a function of a good packet loss benchmark and the packet loss moving average for the load of the current time interval.

A network path scoring system is disclosed herein that scores “health” of network paths based on latency data. The system scores health of a network path based on additional latency of the network path for a current time interval, additional latency expected for the network path, and current load. The scoring uses a non-stationary range that is based on expected additional latency (e.g., engineered/injected latency) and coefficient(s) that vary with load.

A traffic-aware switch-shared cache scheduling method includes: S1, setting a cache threshold of each outgoing port of a switch according to a traffic state of each outgoing port of the switch; S2, monitoring each outgoing port of the switch to determine whether an event of packet entry queue, packet exit queue, packet loss, buffer overflow or port queue state change occurs; S3, determining a traffic state of the outgoing port according to the event that occurs at the outgoing port and corresponding port queue state information; S4, setting a port control state according to the traffic state of the outgoing port; and S5, adjusting the cache threshold corresponding to the outgoing port according to the port control state, and performing S2 to continue monitoring until the switch stops working.

The disclosure describes techniques for detecting network measurement inaccuracies through the detection of sender delays or packet drops. For example, a sender device of a test packet may determine whether the sender device is experiencing any issues in sending the test packet to a receiver device and notify a controller of the issues such that the controller may generate an indication that one or more Key Performance Indicator (KPI) measurements based on the test packets from the sender device are inaccurate and/or untrustworthy, remove the inaccurate KPI measurements, and/or adjust the inaccurate KPI measurements.

One embodiment of the present invention sets forth a technique for evaluating connections between nodes in a mesh network. The technique includes computing a second accumulated uplink message success rate based on a first accumulated uplink message success rate and a second accumulated downlink message success rate based on a first accumulated downlink message success rate. The first accumulated uplink message success rate indicates a probability of successfully transmitting messages from a second node to a target destination and the second accumulated uplink message success rate indicates a probability of successfully transmitting messages from the first node to the target destination via a direct connection from the first node to the second node. The first accumulated downlink message success rate indicates a probability of successfully receiving messages transmitted by the target destination at the second node and the second accumulated downlink message success rate indicates a probability of successfully receiving messages transmitted by the target destination at the first node via the direct connection.

A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

A packet transmission method and an electronic device. In the packet transmission method, a response packet request field is set in a service packet, and a sending device can set a value of a response packet request field in a sent service packet. When the sending device needs a receiving device to send a response packet, the sending device changes a value of a response packet request field in a subsequently sent service packet, to trigger the receiving device to send the response packet to the sending device.

Systems and methods for scoring audio/video (A/V) sessions may include a first client which identifies an A/V signal for a session of an A/V application between the first client and a second client, and metrics of a network path between the first client and the second client. The first client may determine a first score for the A/V signal by applying one or more features corresponding to the A/V signal to a model trained to generate the first score. The client may generate a session score for the session based on the first score and the metrics of the network path.