Abstract: A method of creating a root-of-trust (RoT) within a network fabric may include powering on a network interface card (NIC) baseboard management controller (BMC) (NIC BMC), booting up a NIC via the NIC BMC, obtaining an address for the NIC, verifying an identity of the NIC at a fabric trust identity server using a key obtained from a secure vault communicatively coupled to the NIC BMC, verifying with the fabric trust identity server a number of images of a host device residing in the NIC based at least in part on the identity of the NIC being verified, and instructing a platform BMC to boot up the host device based at least in part on the number of images of the host device being verified.

Abstract: Stateless network address privacy may be provided. A data packing may be received with an obfuscated destination address and an un-obfuscated source address. An un-obfuscated destination address may be determined based on the obfuscated destination address. An obfuscated source address may be determined based on the un-obfuscated source address. The obfuscated destination address may be replaced with the un-obfuscated destination address and the un-obfuscated source address may be replaced with the obfuscated source address. The packet may be forwarded.

Abstract: Presented herein are techniques for a non-intruding auto quoting feature on-the-fly for chat applications based on previous conversations and effectively forking/quoting such conversations to ease the burden of the user going through all the chat history. The techniques may involve monitoring an ongoing first text communication session between a first user and at least one second user; detecting one or more salient words or phrases in the first text communication session based on the monitoring; based on the one or more salient words or phrases, identifying a second text communication session that is topically related to the first text communication session; and displaying in a user interface presented to the first user a prompt to quote relevant content from the second text communication session into the first text communication session or to fork the first user to be a participant in the second text communication session.

Abstract: In various embodiments, a device obtains a set of device classification rules. Each device classification rule specifies one or more attributes from a set of attributes and being configured to assign a device type to an endpoint in a network when the endpoint exhibits the one or more attributes specified by that rule. The device forms a graphical representation of the set of attributes. The device performs an analysis of the graphical representation of the set of attributes. The device provides a result of the analysis to a user interface.

Abstract: The present disclosure provides for process and temperature compensation in a transimpedance amplifier (TIA) using a dual replica via monitoring an output of a first TIA (transimpedance amplifier) and a second TIA; configuring a first gain level of the first TIA based on a feedback resistance and a reference current applied at an input to the first TIA; configuring a second gain level of the second TIA and a third TIA based on a control voltage; and amplifying a received electrical current to generate an output voltage using the third TIA according to the second gain level. In some embodiments, one or both of the second TIA and the third TIA include a configurable feedback impedance used in compensating for changes in the second gain level due to a temperature of the respective second or third TIA via the configurable feedback impedance of the respective second or third TIA.

Abstract: A method includes configuring serving cells for UE, the serving cells including at least six serving cells configurable for the UE; receiving PUCCH format configuration information for transmitting uplink control information associated with the configured serving cells, the PUCCH format configuration information including configuration information of PUCCH format 4; determining a total number of HARQ-ACK bits, SR bits, and periodic CSI bits to be transmitted in a subframe; selecting, at least based on the determined total number, a PUCCH format to transmit at least one of HARQ-ACK, SR, and periodic CSI, the selected PUCCH format being one of PUCCH formats including the PUCCH format 4 and PUCCH format 3; and transmitting the uplink control information associated with the configured serving cells in the subframe using the selected PUCCH format, the uplink control information associated with the configured serving cells including the at least one of HARQ-ACK, SR, and periodic CSI.

Abstract: Techniques are provided for an “on demand” or event-triggered end user monitoring/remote user monitoring (EUM/RUM) solution that is activated when the user has requested it, or an event (conditions of which are set by a user) occurs that triggers activation of the EUM/RUM solution. This EUM/RUM may be completely integrated into an enterprise IT Help Desk system, whereby support “tickets” are automatically generated when the monitoring solution is instantiated.

Abstract: Presented herein are methodologies in which packets or events are selected statistically to update a counter of a network device. The updated value that is stored in the counter also reflects a number of packets (or corresponding bytes) that were not selected to update the counter. The methodology includes receiving, at a network device, a first packet followed by a second packet, probabilistically selecting the second packet to update a value of a counter of the network device while probabilistically not selecting the first packet to update the value of the counter, and updating the value of the counter to account for both the first packet and the second packet.

Abstract: This disclosure describes techniques for controlling group access to a collaboration technology. The techniques include generating a shared encryption key among authorized producers of content associated with a collaboration technology. The techniques include receiving, by the authorized producers and from authenticated consumers, requests to access the content. The requests may be received in a partitioned manner, such that individual producers are serving a particular subset of the authenticated consumers. In response to receiving the requests, the techniques include sending the shared encryption key from the individual producers to the corresponding subset of authenticated consumers. The techniques include using the shared encryption key to encrypt content by the authorized producers, which may then be decrypted by the authenticated consumers using the shared encryption key, achieving end-to-end encryption of event content.

Abstract: In one embodiment, an illustrative method herein may comprise: listening, by an agent process, to a discovery-based execution of an application; determining, by the agent process, a plurality of transition locations during the discovery-based execution of the application; recording, by the agent process, the plurality of transition locations into a recorded file; and providing, by the agent process, the recorded file to cause injection of instrumentation into the plurality of transition locations during runtime of the application based on the recorded file.

Abstract: Techniques for maintaining geographic-based data privacy rules in networked environments. An example method includes receiving a request from a user device; generating, based on the request, a query for data associated with fulfilling the request; transmitting, to a data controller, the query; transmitting, to the data controller, an indication of a geographic region in which at least one device implementing the entity is located; and receiving, from the data controller, a portion of the data associated with fulfilling the request.

Abstract: Dynamic Open Radio Access Network Radio Unit (O-RU) sharing between multiple tenant Open RAN Distributed Units (O-DU) may be provided. A Near Real Time RAN Intelligent Controller (nRT-RIC) may receive tenant policies for a first tenant and a second tenant. The nRT-RIC may then determine initial sharing templates for the first tenant and the second tenant based on the tenant policies. The nRT-RIC may send the initial sharing templates to a first tenant Distributed Unit (DU) and a second tenant DU. The nRT-RIC may receive operating metrics from the first tenant DU and the second tenant DU. The nRT-RIC may then determine operational factors based on the operating metrics. The nRT-RIC may alter an allocation of resources between the first tenant and the second tenant based on the operational factors. Finally, the nRT-RIC may send the altered allocation of resources to the first tenant DU and the second tenant DU.

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: An example method according to some embodiments includes receiving flow data for a packet traversing a network. The method continues by determining a source endpoint group and a destination endpoint group for the packet. The method continues by determining that a policy was utilized, the policy being applicable to the endpoint group. Finally, the method includes updating utilization data for the policy based on the flow data.

Abstract: Techniques for tunneling Layer 2 ethernet frames over a connection tunnel using the MASQUE protocol are described herein. The MASQUE protocol may be extended to include a new entity, configured to proxy ethernet frames using a MASQUE proxy connection, and an associated CONNECT method, CONNECT-ETH. Using the extended MASQUE protocol, an Ethernet over MASQUE (EoMASQUE) tunnel may then be established between various networks that are remote from one another and connected to the internet. An EoMASQUE tunnel, established between separate remote client premises, and/or between a remote client premise and an enterprise premise, may tunnel ethernet packets between the endpoints. Additionally, a first EoMASQUE tunnel, established between a first client router provisioned in a first remote client premise and an EoMASQUE proxy node, and a second EoMASQUE tunnel, established between a second client premise and the EoMASQUE proxy node, may tunnel ethernet packets between the first and second client premise.

Abstract: In one embodiment, a first path computation element (PCE) receives a request from a gateway for service chain functions (SFs) to be applied to a traffic flow, wherein a first subset of the SFs is located in a first zone. The first PCE identifies a boundary node located at a border between the first zone and a second zone where a second subset of the SFs are located. The first PCE sends a response to the gateway indicating a path within the first zone between the gateway and the boundary node to apply the first subset of SFs to the flow. The first PCE provides information regarding the flow and the boundary node to a second PCE that uses the information to configure the boundary node to route the flow in the second zone to apply the second subset of SFs to the flow.

Abstract: System, methods, and computer-readable media for a Neutral Host (NH) operation of a 5G radio, whereby a NH operator receives feedback from hosts and determines to partition Physical Resource Block (PRB) resources. Thus, a NH system is provided that enables a third-party to independently operate other channels, whereby individual physical random access channels (PRACH) are operated by independent hosts. The NH system is able to indicate partitioned resources to individual hosts, including PRACH definition and mutually exclusive set of PRBs partitioned between tenants. The hosts operating in the NH system may be operable to implement their own independent schedulers, incorporating host specific logic, that can be configured with the partitioned resources but which may further operate independently of each other.

Abstract: Differentiated service in a federation-based access network is provided by receiving, with a request for access to a wireless network offering at least a two different service levels based on user identities, a set of user credentials from a User Equipment (UE); forwarding, for authentication, the set of user credentials to an identity provider in an identity federation with the wireless network, wherein the identity provider is independent from the wireless network; in response to determining that the set of user credentials indicate a realm known to be associated with a given service level, providing network access to the UE according to the given service level; and in response to determining that the given service level is not a highest service level in the wireless network, transmitting a list of preferred realms to the UE that are associated with higher service levels than the given service level.

Abstract: Techniques are provided for controlling access entitlement for networking device data. In one example, a geographic location of a networking device is determined. A request to access data associated with the networking device is obtained from a user device. A user parameter of a user associated with the user device is determined. An access policy that controls access to the data based on the geographic location of the networking device and the user parameter is identified. The request to access the data is permitted or denied based on the geographic location of the networking device, the user parameter, and the access policy.

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.