Network device measurements employing white boxes

What is claimed: 1. A system comprising: one or more processors; and a memory coupled with the one or more processors, the memory storing executable instructions that when executed by the one or more processors cause the one or more processors to effectuate operations comprising: receiving ingress information or egress information associated with packets for a network device, the packets comprising ingress packets and egress packets; based on the ingress information or the egress information, determining during a period, a threshold change in delay between the respective egress packets that match the respective ingress packets: based on the threshold change in delay, determining that a microburst network anomaly occurred; determining that the microburst network anomaly originated from a range of Internet protocol (IP) addresses; and based on the determining that the microburst network anomaly originated from the range of IP addresses, sending an indication to take an action, wherein the action comprises rate limiting traffic from the range of IP addresses. 2. The system of claim 1 , wherein the egress information or ingress information comprises packet size. 3. The system of claim 1 , wherein the egress information or ingress information comprises interface utilization. 4. The system of claim 1 , further operations comprising based on the egress information, adjusting a first threshold associated with identifying the microburst network anomaly to a second threshold associated with identifying the microburst network anomaly. 5. The system of claim 1 , wherein the determining the microburst network anomaly has occurred is further based on telemetry information of ingress packets. 6. The system of claim 1 , based on the egress information, further operations comprising adjusting a first threshold associated with identifying the microburst network anomaly to a second threshold associated with identifying the microburst network anomaly. 7. The system of claim 1 , wherein the egress information or ingress information comprises payload information. 8. A system comprising: one or more processors; and a memory coupled with the one or more processors, the memory storing executable instructions that when executed by the one or more processors cause the one or more processors to effectuate operations comprising: receiving ingress information or egress information associated with packets for a network device, the packets comprising ingress packets and egress packets; based on the ingress information or the egress information, determining during a period a threshold change in delay between the respective egress packets that match the respective ingress packets; based on the threshold change in delay, determining that a microburst network anomaly occurred; determining that the microburst network anomaly originated from a range of internet protocol (IP) addresses; and based on the determining that the microburst network anomaly originated from the range of IP addresses, sending an indication to take an action to prevent subsequent microburst network anomalies from occurring. 9. The system of claim 8 , wherein the egress information or ingress information comprises packet size. 10. The system of claim 8 , wherein the action comprises deploying a deep buffer when a threshold frequency of the microburst network anomaly has occurred. 11. The system of claim 8 , further operations comprising based on the egress information, adjusting a first threshold associated with identifying the microburst network anomaly to a second threshold associated with identifying the microburst network anomaly. 12. The system of claim 8 , wherein the determining the microburst network anomaly has occurred is further based on telemetry information of ingress packets. 13. The system of claim 8 , based on the egress information, further operations comprising adjusting a first threshold associated with identifying the microburst network anomaly to a second threshold associated with identifying the microburst network anomaly. 14. The system of claim 8 , Wherein the egress information or ingress information comprises payload information. 15. An apparatus comprising: a processor; and a memory coupled with the processor, the memory storing executable instructions that when executed by the processor cause the processor to effectuate operations comprising: receiving ingress information or egress information associated with packets for a network device, the packets comprising ingress packets and egress packets; based on the ingress information or the egress information, determining during a period, a threshold change in delay between the respective egress packets that match the respective ingress packets; based on the threshold change in delay, determining that a microburst network anomaly occurred; determining that the microburst network anomaly originated from a range of internet protocol (IP) addresses; and based on the determining that the microburst network anomaly originated from the range of IP addresses, sending an indication to take an action to prevent subsequent microburst network anomalies from occurring. 16. The apparatus of claim 15 , wherein the apparatus is a white box device. 17. The apparatus of claim 15 wherein the action comprises deploying a deep buffer when a threshold frequency of the microburst network anomaly has occurred. 18. The apparatus of claim 15 , further operations comprising based on the egress information, adjusting a first threshold associated with identifying the microburst network anomaly to a second threshold associated with identifying the microburst network anomaly. 19. The apparatus of claim 15 , wherein the determining the microburst network anomaly, has occurred is further based on telemetry information of ingress packets. 20. The apparatus of claim 15 , based on the egress information, further operations comprising adjusting a first threshold associated with identifying the microburst network anomaly to a second threshold associated with identifying the microburst network anomaly.