Abstract: In one embodiment, a method comprises: determining, by a constrained network device in a low power and lossy network (LLN), a self-estimated density value of neighboring LLN devices based on wirelessly receiving an identified number of beacon message transmissions within an identified time interval from neighboring transmitting LLN devices in the LLN; setting, by the constrained network device, a first wireless transmit power value based on the self-estimated density value; and transmitting a beacon message at the first wireless transmit power value, the beacon message specifying the self-estimated density value, a corresponding trust metric for the self-estimated density value, and the first wireless transmit power value used by the constrained network device for transmitting the beacon message.

Abstract: Methods are provided to determine validity of a MAC address. The methods involve obtaining a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure and determining whether a MAC address is valid based on the MAC address validity message. Other methods involve obtaining a query regarding a validity of a media access control (MAC) address, determining whether the MAC address is a value included in a data set of expected values of a probabilistic data structure. The data set represents a list of MAC addresses. The other methods involve determining whether the MAC address is valid in the wireless network based on determining whether the MAC address is the value included in the data set and providing a response indicating whether the MAC address is valid.

Abstract: Techniques and systems described herein relate to network system queue management and dynamic real-time re-allocation of resources to prevent oversubscription and packet loss due to oversubscription. The techniques and systems enable monitoring of traffic and initial identification of queues at risk for oversubscription based on a rate of change of traffic load on the queue in advance of oversubscription occurring. After identifying a queue at risk for oversubscription, an Extended Berkeley Packet Filter or other similar component performs a likelihood determination using predictive algorithm techniques to identify a likelihood of oversubscription in the near future and re-allocates to parallel queues for efficient and loss-free use of the queues.

Abstract: This disclosure describes dynamically placing workloads using cloud service energy efficiency. The techniques include obtaining energy efficiency metrics (EEMs) that indicate the carbon footprint for different data centers of cloud service providers. In some configurations, an Energy Efficiency Quotient (EEQ) may be generated by an Energy Telemetry Engine (ETE) that indicates the energy efficiency for each data center/Point of Presence (POP) where a workload may be migrated/hosted. The ETE can be used to rank the different host locations (e.g., different data according to their EEQ. In some examples, one or more other metrics (e.g., latency, bandwidth, . . . ) may be used to identify any POPs that do not meet specified conditions (e.g., latency constraints, bandwidth constraints, . . . ). When a suitable host location is determined (e.g. a POP meets both the performance and EEQ specifications), the workload may be placed onto one or more resources of the selected data center.

Abstract: Systems, methods, and computer-readable media for enforcing data sovereignty policies in a cloud environment are provided. An example method can include sending, by a cloud provider, to a government entity associated with a geographic area, a request for device certificates for nodes located within the geographic area; receiving device certificates for the nodes; creating a data sovereignty policy specifying that data associated with the government entity must be stored on nodes located within the geographic area; based on the device certificates, verifying those of the nodes that comply with the data sovereignty policy; and storing the data associated with the government entity on those of the nodes verified to comply with the data sovereignty policy.

Abstract: The disclosed technology relates to a process for metered training of fog nodes within the fog layer. The metered training allows the fog nodes to be continually trained within the fog layer without the need for the cloud. Furthermore, the metered training allows the fog node to operate normally as the training is performed only when spare resources are available at the fog node. The disclosed technology also relates to a process of sharing better trained machine learning models of a fog node with other similar fog nodes thereby speeding up the training process for other fog nodes within the fog layer.

Abstract: Systems, methods, and computer-readable media for context-based transfer and access of data include a producer which receives a request from a consumer to access a data block. The producer verifies whether a context associated with the consumer will allow access the data block, by providing a challenge to the consumer and obtaining a response, the response including a certification that the context associated with the consumer will allow the consumer to access the data block. Upon verifying that the context allows the consumer to access the data block, the producer transfers a data capsule, the data capsule including an encrypted version of the data block and a micro agent for monitoring access to the data block. The micro agent can interact with an operating system at the consumer to allow decryption and local access of the data block upon the data capsule being transferred.

Abstract: Aggregated health information for a managed network may be retrieved and processed in response to changes to the managed network topology, configuration, or software. In response to receiving notification that a change to a component of the managed network has occurred, a change audit analysis engine can retrieve performance indicator information from components along a traceroute including the component which underwent the change. The retrieved performance indicator information can be processed by a memory based neural network to predict an impact of the change on the aggregated health of the managed network. The predicted impact can be compared to network health information retrieved through an ongoing basis and issues can be determined based on a comparison of the predict impact and the retrieved health information.

Abstract: Systems, methods, and computer-readable media for the secure creation of application containers for 5G slices. A MEC application in a MEC layer of a 5G network can be associated with a specific network slice of the 5G network. A backhaul routing policy for the MEC application can be defined based on the association of the MEC application with the specific network slice of the 5G network. Further, a SID for the MEC application that associates the MEC application with a segment routing tunnel through a backhaul of the 5G network can be generated. A MEC layer access policy for the MEC application can be defined based on the SID for the MEC application. As follows, access to the MEC application through the 5G network can be controlled based on both the backhaul routing policy for the MEC application and the MEC layer access policy for the application.

Abstract: Techniques and systems described herein relate to network system queue management and dynamic real-time re-allocation of resources to prevent oversubscription and packet loss due to oversubscription. The techniques and systems enable monitoring of traffic and initial identification of queues at risk for oversubscription based on a rate of change of traffic load on the queue in advance of oversubscription occurring. After identifying a queue at risk for oversubscription, an Extended Berkeley Packet Filter or other similar component performs a likelihood determination using predictive algorithm techniques to identify a likelihood of oversubscription in the near future and re-allocates to parallel queues for efficient and loss-free use of the queues.

Abstract: A location server collects from access points at known locations in a venue, which is represented by grid locations defined by parameters accessible to the location server, (i) ultra wideband (UWB) location measurements for a UWB location technology based on UWB transmissions from mobile devices in the venue, and (ii) non-UWB location measurements for non-UWB location technologies based on non-UWB transmissions from the mobile devices. The location server associates the non-UWB location measurements for the non-UWB location technologies with the grid locations, using the UWB location measurements as reference measurements. The location server populates location calibration records for the grid locations of the venue with the non-UWB location measurements associated with the grid locations. The location server calibrates the non-UWB location technologies at the grid locations based on the non-UWB location measurements in the location calibration records associated with the grid locations.

Abstract: Presented herein are techniques for scheduling Ultra-Wideband (UWB) anchors and mobile devices for client ranging. A control device can determine respective ranging priorities for a plurality of mobile devices, which are each assigned to at least one UWB anchor. The control device can obtain at least one collision mapping identifying, for a respective pair of the mobile devices, a collision probability that a UWB signal associated with a ranging procedure involving a first mobile device of the respective pair will collide with a UWB signal associated with a ranging procedure involving a second mobile device of the respective pair. The control device can establish a ranging schedule for the mobile devices and UWB anchors based on the respective UWB ranging priorities and the collision mapping(s). The control device can send at least one command to cause UWB ranging procedures to be performed according to the ranging schedule.

Abstract: Presented herein are methodologies for managing radio resources in a venue that implements a high density wireless infrastructure. The methodology includes detecting, using wireless access points, neighbor awareness networking (NAN) communications broadcast by a mobile device, determining a wireless channel on which the mobile device is sending the NAN communications, predicting a destination of the mobile device based on a path, through a predetermined venue, being taken by the mobile device, the path being detected using the wireless access points; and implementing a radio resource management remediation technique to reduce radio interference that is expected to be caused by the NAN communications broadcast by the mobile device at the destination based on the wireless channel and the destination.

Abstract: Automatic onboarding of a device onto a cellular network may be provided through a Wireless Local Area Network (WLAN). Subsequent to a device connecting to a first network (e.g., the WLAN), information associated with the device and the first network may be received. One or more tags may be generated and an intent profile may be defined for the device based on the received information, where the intent profile may indicate at least a second network (e.g., the cellular network) that the device is enabled to connect with and one or more policies associated with the connection. The tags and intent profile may be transmitted to a service provider platform, and an onboarding profile template identified using the tags and the intent profile may be received from the service provider platform. The onboarding profile template may be provided to the device to enable connection to the second network.

Abstract: A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.

Abstract: Techniques for a network controller associated with a firewall service to determine a network policy based on operational tolerances associated with a device, and cause the network policy to be provisioned at the firewall service where control commands, such as, for example, supervisory control and data acquisition (SCADA) commands, may be allowed or denied transmission to the device based on the operational tolerance(s) associated with the device. In some examples, the network controller may be configured as a manufacturer usage description (MUD) controller configured to transmit a MUD uniform resource identifier (URI), emitted by the device, to a MUD file server associated with the manufacturer of the device. The MUD file may be enhanced to include the operational tolerances associated with the device and transmitted back to the MUD controller where it may be parsed to determine a corresponding network policy.

Abstract: In one embodiment, a method includes receiving energy efficiency data from a plurality of nodes within a network. The method also includes determining an energy efficiency node quotient for each of the plurality of nodes within the network to generate a plurality of energy efficiency node quotients and determining an energy efficiency path quotient for each of a plurality of paths within the network to generate a plurality of energy efficiency path quotients. The method further includes determining one or more policies associated with the plurality of paths and selecting a path from the plurality of paths based at least on the plurality of energy efficient path quotients and the one or more policies.

Abstract: Systems, methods, and computer-readable media are provided for dynamic allocation of network security resources and measures to network traffic between end terminals on a network and a network destination, based in part on an independently sourced reputation score of the network destination. In one aspect, a method includes receiving, at a cloud network controller, a request from an end terminal for information on a network destination; determining, at the cloud network controller, a reputation score for the network destination; determining, at the cloud network controller, one or more security measures to be applied when accessing the network destination, based on the reputation score; and communicating, by the cloud network controller, the one or more security measures to the end terminal, wherein the end terminal communicates the one or more security measures to a third-party security service provider for applying to communications between the end terminal and the network destination.

Abstract: Techniques for utilizing a cloud service to compute an end-to-end SLA-aware path using dynamic software-defined cloud interconnect (SDCI) tunnels between a user device and an access point-of-presence (POP) node and inter-POP tunnels of the SDCI. The cloud service may include a performance aware path instantiation (PAPI) component including a POP database for storing performance metrics associated with the POPs of the SDCI, an enterprise policy database for storing user specific policies, and/or a path computation component. The path computation component may compute the path, based on the user specific policies, performance metrics associated with the POP nodes, and/or real-time contextual data associated with the user device and/or destination device. The path may include a first tunnel between the user device and the most optimal access POP node of the SDCI and a second tunnel between the access POP node, through the internal POP nodes, and to the destination device.

Abstract: Presented herein are techniques for scheduling Ultra-Wideband (UWB) anchors and mobile devices for client ranging. A control device can determine respective ranging priorities for a plurality of mobile devices, which are each assigned to at least one UWB anchor. The control device can obtain at least one collision mapping identifying, for a respective pair of the mobile devices, a collision probability that a UWB signal associated with a ranging procedure involving a first mobile device of the respective pair will collide with a UWB signal associated with a ranging procedure involving a second mobile device of the respective pair. The control device can establish a ranging schedule for the mobile devices and UWB anchors based on the respective UWB ranging priorities and the collision mapping(s). The control device can send at least one command to cause UWB ranging procedures to be performed according to the ranging schedule.