Abstract: A network infrastructure component determines a risk measurement associated with a wireless client device's use of a device address, and provides an advisory with respect to an address rotation strategy of the wireless client device based on the risk measurement. In some embodiments, the risk measurement is based on one or more of an exposure, by the wireless client device, of information on the wireless network that identifies the wireless client device and/or a characterization of a security of the wireless network environment in which the wireless client device operates.

Abstract: A network controller provides proactive notification of a wireless client device's address rotation to layer 2 (L2) and/or layer 3 (L3) devices. Traditional methods of device address discovery rely on broadcasting of address queries across a plurality of links until a path to a device having the queried address responds. As device address changes become more frequent in an effort to improve user privacy, traditional methods of address discovery impose a large burden on networks, reducing their performance and efficiency. By proactively propagating address changes to upstream devices, the need for broadcast oriented address discovery techniques is reduced, resulting in improved network performance.

Abstract: A method includes detecting, by a mobile device, a light sequence emitted from a plurality of light emitting diodes on an access point and determining, by the mobile device, an identifier for the access point based on the light sequence. The method also includes reporting, by the mobile device, a geospatial location of the mobile device and the identifier for the access point to an automated frequency coordination (AFC) server to perform AFC for the access point.

Abstract: A network controller provides proactive notification of a wireless client device's address rotation to layer 2 (L2) and/or layer 3 (L3) devices. Traditional methods of device address discovery rely on broadcasting of address queries across a plurality of links until a path to a device having the queried address responds. As device address changes become more frequent in an effort to improve user privacy, traditional methods of address discovery impose a large burden on networks, reducing their performance and efficiency. By proactively propagating address changes to upstream devices, the need for broadcast oriented address discovery techniques is reduced, resulting in improved network performance.

Abstract: Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.

Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.

Abstract: A method comprises, at a wireless network controller of wireless access points through which wireless client devices that are wireless communicate with the controller: upon receiving, from a wireless client device, a dynamic host configuration protocol (DHCP) request having a media access control (MAC) address, determining whether the wireless client device rotated its MAC address from a previous MAC address to the MAC address; when the wireless client device rotated its MAC address, forwarding, to a DHCP service, the DHCP request with a notification of a MAC address rotation to cause the DHCP service to reassign a previously assigned Internet Protocol (IP) address to the wireless client device; and upon receiving, from the DHCP service, a DHCP offer asserting the previously assigned IP address, forwarding the DHCP offer to the wireless client device.

Abstract: Spurious beamforming in high density environments can be reduced via transmitting a first signal from a first Access Point (AP) to a first endpoint associated with the first AP via a first beamforming arrangement; in response to identifying that the first beamforming arrangement is pollutive to a second endpoint associated with a second AP: deprecating the first beamforming arrangement; and transmitting a second signal from the first AP to the first endpoint via a second beamforming arrangement, different from the first beamforming arrangement.

Abstract: In one embodiment, a networking device at an edge of a network enrolls with a controller that supervises operation of the networking device. The networking device sends a publication request to a cloud-based messaging service. The networking device provides, to the cloud-based messaging service, identification information that indicates the controller that supervises operation of the networking device. The networking device receives, from the cloud-based messaging service, authorization to publish messages to the cloud-based messaging service. The cloud-based messaging service uses the identification information to confirm an identity of the networking device with the controller that supervises operation of the networking device. The networking device sends, after receiving authorization to publish messages to the cloud-based messaging service, a message for publication to the cloud-based messaging service. The message comprises data sourced from an endpoint in the network.

Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.

Abstract: Techniques are provided for verifying Access Points (APs) using crowd sourcing. In one example, a STA establishes a first non-verified connection, based on security material, with a source AP in a wireless infrastructure. A target AP in a wireless infrastructure obtains an indication that the STA is attempting to establish a second non-verified connection with the target AP. In response, the target AP establishes the second non-verified connection based on the security material.

Abstract: Automating and extending path tracing through wireless links is provided by receiving request to perform a network trace over a wireless link provided by an Access Point (AP) configured as a transparent forwarder between a trace source and a trace target; monitoring a trace packet from a first time of arrival at the AP, a first time of departure from the AP, a second time of arrival at the AP, and a second time of departure from the AP; monitoring a buffer status of the AP at the first time of arrival and the second time of arrival; and in response to identifying a network anomaly based on the trace packet and the buffer status, adjusting a network setting at the AP.

Abstract: Channel availability check optimization may be provided. A plurality of Pulse Repetition Intervals (PRIs) may be determined for a respective plurality of bursts on a respective plurality of frequencies. A list of at least a portion of the plurality of frequencies may be generated. The list may include a plurality of bias factors respectively indicating a probability that each of the respective plurality of bursts was a radar burst based on the respective plurality of PRIs. An Access Point (AP) may perform a plurality of preemptive Channel Availability Checks (CACs) on each of the respective plurality of frequencies on the list in order of highest probability to lowest probability based on the plurality of bias factors.

Abstract: A method includes linking, at an access node, a first media control access (MAC) address of a device to an identifier of the device to establish a communication session between the access node and the device and during the communication session, receiving, at the access node, an indication of a change of the first MAC address to a second MAC address. The method also includes linking, at the access node, the second MAC address to the first MAC address and the identifier and receiving, at the access node, a communication from the device using the second MAC address while maintaining the communication session.

Abstract: According to one or more embodiments, a first router receives a latency measurement indicative of latency associated with traffic sent from the first router to a second router. The first router calculates an asymmetrical latency as a difference between the latency measurement and a latency associated with traffic sent from the second router to the first router. The first router determines, based on the asymmetrical latency, a symmetrical latency target. The first router sends, to the second router, an indication of the symmetrical latency target. The first router and the second router adjust their respective de-jitter buffers to achieve the symmetrical latency target between the first router and the second router.

Abstract: Techniques and apparatus for managing a message relaying system are described. One technique includes an access point (AP) detecting a first signal and a second signal from a computing device. A validation of the first signal is performed based on parameters of the first signal and the second signal. After the validation, information associated with the first signal is transmitted to a computing system. In another technique, the computing system may designate one of multiple APs reporting information regarding first signals as a primary reporting AP and designate the remaining APs as secondary reporting APs. The computing system may instruct the secondary reporting APs to refrain from reporting information regarding first signals to the computing system.

Abstract: According to one or more embodiments, a first router receives a latency measurement indicative of latency associated with traffic sent from the first router to a second router. The first router calculates an asymmetrical latency as a difference between the latency measurement and a latency associated with traffic sent from the second router to the first router. The first router determines, based on the asymmetrical latency, a symmetrical latency target. The first router sends, to the second router, an indication of the symmetrical latency target. The first router and the second router adjust their respective de-jitter buffers to achieve the symmetrical latency target between the first router and the second router.

Abstract: Techniques for improved wireless ranging are provided. A first communication from a first client device is received at a first network device. A predefined minimum distance is determined for the first access point, where the predefined minimum distance corresponds to a distance at which the vertical location of the first network device causes time of flight ranging techniques to result in inaccurate location estimations. A first distance of the first client device from the first network device is estimated. Upon determining that the first distance of the first client device is below the predefined minimum distance, ToF ranging requests from the first client device are declined.

Abstract: Improved mesh performance using Overlapping Basic Service Set (OBSS) coloring and transmission scheduling may be provided. A controller may determine that a plurality of Access Points (APs) in a mesh network each have a Received Signal Strength Indicator (RSSI) that is in a predetermined range. Next, the controller may assign, in response to determining that the plurality of APs each have the RSSI that is in the predetermined range, OBSS colors to links between the plurality of APs to limit packet collision in the mesh network between the plurality of APs. The controller may then create a transmission schedule for transmissions between the plurality of APs in the mesh network based on the assigned OBSS colors.

Abstract: A wireless infrastructure that communicates with a DHCP server and a wireless client that rotates its MAC address performs a method including: upon receiving, from the wireless client, a first request with a first MAC address, creating a session context including the first MAC address and a stable identifier, and relaying the first request to the DHCP server; relaying, from the DHCP server to the wireless client, a first DHCP reply that includes an Internet Protocol (IP) address bound to the stable identifier; upon receiving, from the wireless client, a second request with the IP address and a second MAC address, merging the second MAC address and the IP address into the session context, and relaying, to the DHCP server, the second request including the stable identifier; and relaying, from the DHCP server to the wireless client, a second DHCP reply including the IP address bound to the stable identifier.