It may be difficult to accurately identify endpoints when a service is provided by one or more geographically separated IP-based network servers. In this case, the routes of the packets to each of these servers will vary, resulting in varying packet round trip times. In most cases, each of these geographically separated servers will be identified by different effective IP addresses, and the methods described herein will operate normally. In some cases, such as opaque IP-network hosting or packet routing arrangements, the servers will be located behind a common effective IP address, and the packet traffic will be routed differently within the opaque portion of the network, resulting in significant differences in packet round trip times. This will be reflected in large jitter times, and be compensated for by specifying larger than normal operational limits in the database.

It also may be difficult to accurately identify endpoints when a content provider provides some of their content using a content distribution network (CDN) or a local IP-based network cache. CDNs improve overall IP-based network performance by caching some content close to the edge, and thus not requiring the session packets to traverse all the way to the content provider's server in order to obtain the desired content. According to embodiments disclosed herein, this may be determined based upon the presence of a relatively larger jitter time and may be compensated for by specifying larger than normal operational limits in the database.

Once accurate round-trip time metrics are determined for a session, it may become possible to determine if the current packet round-trip time is within one or more control limits. Generally, if the packet round trip time is within the control limits, no further action is required as the packet can be presumed to not have been surreptitiously redirected.