Abstract: A method is provided for low light exposure control during night vision. The method may include actively illuminating a region by using a plurality of IR LEDs. The IR LEDs are arranged so that an IR LED of the plurality of IR LEDs covers one of a plurality of zones, which combine to cover the region. The method may also include capturing an image frame by an imaging system including an image sensor. The image frame may be made up of pixels and captured using the light originating from the plurality of IR LEDs and reflected from the region onto the image sensor. The method may also include calculating auto-exposure control (AEC) parameters for the image frame to establish an average setting, recalculating AEC parameters for a first zone the plurality of zones and adjusting the power of a first IR LED of the plurality of IR LEDs.

Abstract: The present technology addresses deficiencies associated with common practices for handling out of order data in a streaming data database. An aspect of the present technology is avoid storing out of order data in a snapshot but just store the out of order data as additional data linked to the temporal graph. The present technology receives out of order data and records a modification time for the data and a next modification time for the data that equals a timestamp of data previously stored in the database. If there is also data in the database for a time earlier than the timestamp of the out of order data, the earlier data is adjusted so that its next modification time matches the timestamp of the out of order data.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for configuration payload separation policies. According to at least one example, a method is provided for device function. The method includes: during a boot sequence of a network device, generating a unique key for encrypting and decrypting data; identifying a secure location in the network device for storing the unique key; storing the unique key in the secure location; encrypting a configuration payload with the unique key; storing the encrypted configuration payload in an external non-volatile memory; and, in response to a request to access data within the configuration payload, decrypting the encrypted configuration payload using the unique key.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for providing interoperable heterogenous networks. A method comprises configuring a logical network with a first network and a second network; receiving a request message from a source device by the first border device in the first network, wherein the request message includes a related to a media access control (MAC) address associated with a destination device in the second network; sending a proxy message to the second border device based on the request message, the proxy message having a source address that identifies an external IP address associated with the first border device; receiving a response message including the MAC address of the destination device, wherein the response message is addressed to the external address of the first border device; and sending a border gateway protocol (BGP) update including the MAC address of the destination device.

Abstract: Techniques are provided for optimizing performance of a multi-link device (MLD). In one embodiment, a controller receives information about a filter response for a first multi-link device (MLD, determines, based on the information about the filter response, a filtering transitional region of the first MLD indicating a range of frequencies where there is energy leakage due to the first MLD device operating in a simultaneous transmission and reception (STR) mode, determines cost metrics for a plurality of channels by identifying a STR and non-STR (NSTR) ratio for each of the plurality of channels, and assigns, based on the filtering transitional region and the cost metrics, a first radio of an access point (AP) to one of the plurality of channels to enable the first MLD to operate in the STR mode when communicating with the first radio.

Abstract: In one embodiment, a device provides, to a user interface, a timeseries for display of a probability over time of a network path violating a service level agreement (SLA) associated with an online application. The device receives, from the user interface, a plurality of thresholds for the timeseries that define periods of time during which application experience of the online application is believed to be degraded. The device trains, based on the plurality of thresholds, a machine learning model to predict when the application experience of the online application will be degraded. The device causes a predictive routing engine to reroute traffic of the online application based on a prediction by the machine learning model that the application experience of the online application will be degraded.

Abstract: The present technology pertains to receiving a tag associating at least one routing domain in an on-premises site with at least one virtual network in a cloud environment associated with a cloud service provider. The present technology also pertains to the automation of populating route and propagation tables with the cloud service provider.

Abstract: Systems, methods, and computer-readable media are provided for an efficient roaming management method using a single association identifier token for associating with different access points. In one aspect of the present disclosure, a network controller includes memory having computer-readable instructions stored therein and one or more processors. The one or more processors are configured to execute the computer-readable instructions to receive a request from an endpoint to connect to a first access point; generate association identification token (e.g., PMK and PMKID) for the endpoint to connect to the first access point; and distribute the association identification token to a second access point prior to the endpoint attempting to connect to the second access point, the association identification token being used by the second access point to validate a subsequent request by the endpoint to connect to the second access point.

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

Abstract: Techniques for access point (AP) based location computation are disclosed. A target wireless AP, communicatively coupled to a wireless station (STA), is identified. One or more location buddy APs, relating to the target AP, are identified based on the physical locations of the location buddy APs and the target AP. It is determined that a first location buddy AP, of the one or more location buddy APs, is communicatively coupled to the STA, and in response a location of the STA is determined using the target AP.

Abstract: In one embodiment, a device receives, via a user interface, an indication of what is considered noise within a time series of a path performance metric. The device selects, based on the indication, a particular denoising filter to be applied to telemetry data obtained from one or more network paths regarding the path performance metric. The device forms model training data by applying the particular denoising filter to telemetry data obtained from one or more network paths regarding the path performance metric. The device trains, using the model training data, a prediction model to predict when a given network path will experience a failure condition.

Abstract: Techniques are provided for signal translation in a hybrid network environment. In one example, a first provider edge node obtains a connection status indication from a first one of a second provider edge node via a packet switched network or a third provider edge node via a time-division multiplexing transport network. The first provider edge node translates the connection status indication between a packet switched network format and a time-division multiplexing transport network format. The first provider edge node provides the connection status indication to a second one of the second provider edge node via the packet switched network or the third provider edge node via the time-division multiplexing transport network.

Abstract: Systems and techniques are provided for implementing multiprotocol label switching (MPLS) header extensions. In some examples, a method can include, receiving, by a router of a MPLS network, a data packet. In some aspects, the method can include adding, by the router of the MPLS network, at least one entry to an MPLS stack of the data packet, wherein the at least one entry includes an MPLS extension indicator (MEI) that is associated with at least one of an in-stack extension header presence indicator (IPI) and a bottom-of-stack extension header presence indicator (BPI). In some examples, the method can include adding, based on the IPI and the BPI, at least one of an in-stack extension header and a bottom-of-stack extension header to the MPLS stack of the data packet.

Abstract: This disclosure describes using a dynamic proxy for securing communications between a source within a cloud environment and an application container. The techniques include intercepting traffic directed to an application container, analyzing the traffic and traffic patterns, and allowing or preventing the traffic from being delivered to the application container based on the analysis. A traffic analysis engine may determine whether the traffic is considered safe and is to be allowed to be delivered to the application container, or whether the traffic is considered unsafe and is to be prevented from being delivered to the application container, According to some configurations, the address(es) to the network interfaces (e.g., WIFI or Eth0) are abstracted to help ensure security of the application containers.

Abstract: Aspects described herein include a method of fabricating an optical component, the optical component, and a method of operating the optical component. A method includes electrically coupling a first laser channel and a second laser channel of a laser die to different electrical leads and testing (i) a first optical coupling of the first laser channel and a second optical coupling of the second laser channel or (ii) a first spectral performance of the first laser channel and a second spectral performance of the second laser channel. The method also includes optically aligning an optical fiber with the first laser channel and designating the second laser channel as a heater element for the first laser channel based at least in part on (i) the first optical coupling being greater than the second optical coupling or (ii) the first spectral performance relative to the second spectral performance.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: Techniques for a context-aware secure access service edge (SASE) engine for generating security profile(s) associated with endpoint device(s) accessing the network and using the security profile(s) to evaluate a traffic flow from the endpoint device(s). The SASE engine may execute on an edge device of a computing resource network and may be configured to maintain a security profile database including an endpoint security profile mapping. Endpoint device(s) accessing the network may share endpoint, application, and/or user specific information with the SASE engine so that the SASE engine may generate a security profile specific to the endpoint, application, and/or user. Additionally, an enterprise network, associated with endpoint device(s) accessing the network, may provide default SASE security profile templates to the SASE engine.

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.

Abstract: According to certain embodiments, a method performed by a device comprises obtaining, from a plurality of hardware modules of the device, a plurality of serial numbers associated with the plurality of hardware modules. Each hardware module is associated with a respective serial number. The method further comprises obtaining, from a provisioning system, one or more ownership vouchers corresponding to the plurality of serial numbers. The method further comprises verifying, for each hardware module of the plurality of hardware modules, whether to trust said hardware module based at least in part on the one or more ownership vouchers.

Abstract: In one embodiment, a method includes receiving, by a route reflector, a subscription request from a first provider edge node in a network and generating a subscription policy for the first provider edge node. The method also includes receiving a first Ethernet Virtual Private Network (EVPN) Type 2 Route from a second provider edge node, assigning a sequence number to the first EVPN Type 2 Route, and communicating the first EVPN Type 2 Route with the sequence number to the first provider edge node. The method further includes receiving a second EVPN Type 2 Route from a third provider edge node, generating an updated sequence number in response to receiving the second EVPN Type 2 Route from the third provider edge node, and communicating the second EVPN Type 2 Route with the updated sequence number to the first provider edge node and the second provider node.