This paper addresses the challenging problem of diagnosing network-wide traffic anomalies, which are significant changes in network traffic levels that can affect both network operators and end users. The authors propose a general method based on Principal Component Analysis (PCA) to separate high-dimensional network traffic measurements into disjoint subspaces corresponding to normal and anomalous conditions. This method is designed to accurately detect, identify, and quantify volume anomalies, which are changes in the traffic of specific origin-destination (OD) flows. The paper is structured into several sections. The introduction highlights the importance of understanding traffic anomalies and the difficulties in diagnosing them due to the high-dimensional and noisy nature of network traffic. The second section introduces volume anomalies and explains why they are important. The third section describes the data used for validation, including traffic collected from two backbone networks: Sprint-Europe and Abilene. The fourth section outlines the general approach to anomaly diagnosis, which involves three steps: detection, identification, and quantification. The fifth section details the detection step, which uses PCA to separate normal and anomalous traffic patterns. The sixth section focuses on the identification step, which selects the best-fitting anomaly from a set of potential anomalies. The seventh section discusses the quantification step, which estimates the amount of traffic involved in the identified anomaly. The validation section evaluates the method's performance using real and synthetic data. The results show that the method consistently diagnoses large volume anomalies with high detection rates and low false alarm rates. The paper concludes by discussing the limitations and potential extensions of the approach.This paper addresses the challenging problem of diagnosing network-wide traffic anomalies, which are significant changes in network traffic levels that can affect both network operators and end users. The authors propose a general method based on Principal Component Analysis (PCA) to separate high-dimensional network traffic measurements into disjoint subspaces corresponding to normal and anomalous conditions. This method is designed to accurately detect, identify, and quantify volume anomalies, which are changes in the traffic of specific origin-destination (OD) flows. The paper is structured into several sections. The introduction highlights the importance of understanding traffic anomalies and the difficulties in diagnosing them due to the high-dimensional and noisy nature of network traffic. The second section introduces volume anomalies and explains why they are important. The third section describes the data used for validation, including traffic collected from two backbone networks: Sprint-Europe and Abilene. The fourth section outlines the general approach to anomaly diagnosis, which involves three steps: detection, identification, and quantification. The fifth section details the detection step, which uses PCA to separate normal and anomalous traffic patterns. The sixth section focuses on the identification step, which selects the best-fitting anomaly from a set of potential anomalies. The seventh section discusses the quantification step, which estimates the amount of traffic involved in the identified anomaly. The validation section evaluates the method's performance using real and synthetic data. The results show that the method consistently diagnoses large volume anomalies with high detection rates and low false alarm rates. The paper concludes by discussing the limitations and potential extensions of the approach.