Abstract: Implementations set forth herein relate to an automated assistant that uses circumstantial condition data, generated based on circumstantial conditions of an input, to determine whether the input should affect an action been initialized by a particular user. The automated assistant can allow each user to manipulate their respective ongoing action without necessitating interruptions for soliciting explicit user authentication. For example, when an individual in a group of persons interacts with the automated assistant to initialize or affect a particular ongoing action, the automated assistant can generate data that correlates that individual to the particular ongoing action. The data can be generated using a variety of different input modalities, which can be dynamically selected based on changing circumstances of the individual. Therefore, different sets of input modalities can be processed each time a user provides an input for modifying an ongoing action and/or initializing another action.

Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

Abstract: Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

Abstract: Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

Abstract: Infrastructure attacks based on graph edge context are identified by receiving an execution graph constructed by a central service based on behaviors monitored by a plurality of agents deployed on respective systems including a first system. The execution graph comprises a plurality of execution trails. One or more tags are applied to each edge of an execution trail of the execution graph based on at least one of temporal context or spatial context associated with the edge. One or more behaviors associated with the edge of the execution trail happen across an enterprise infrastructure involving the first system. The execution trail enriched with the one or more tags is analyzed. An action that is performed to mitigate security risks in the execution graph is determined based on the analysis.

Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

Abstract: The present disclosure is directed to management of migration of SD-WAN solutions in a multi-cloud structure upon detection of a failover event. In one aspect, a method includes monitoring, using virtual bonds of a network orchestration component, clusters of virtual management components of multiple cloud networks, corresponding virtual management components of one of the multiple cloud networks implementing one or more services of a Software-Defined Wide Access Network (SD-WAN) solution; detecting, using the virtual bonds, a failover event at the one of the multiple cloud networks; and identifying, by the virtual bonds, a new destination cloud network to migrate the one or more services of the SD-WAN solution to, from a source cloud network at which the failover event is detected.

Abstract: A method may include identifying an update file for a plurality of nodes; selecting a first set of nodes of the plurality of nodes based on a set of node selection criteria; sending the update file to the first set of nodes via a software-defined network (SDN); receiving a first message from a first node of the first set of nodes indicating that the first node is ready to host the update file; identifying a second node that is connected to the first node responsive to receiving the first message from the first node; sending a first instruction to the second node for the second node to obtain the update file from the first node; receiving a second message from the second node indicating that the second node is ready to host the update file; and adding the second node to the first set of nodes.

Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

Abstract: Systems, methods, and computer-readable media for designing network performance and configuration include determining one or more use cases for a network to be provisioned, based on at least one or more business verticals related to a customer of the network. A data plane scale is determined from the use cases and an initial data plane scale generated using a linear regression on one or more data plane parameters. The data plane parameters include a platform type, feature set, packet size, or software version of the network. A control plane scale is determined from the use cases and an initial control plane scale generated using a linear regression on one or more control plane parameters of the network. The control plane parameters include a platform type, feature set, or software version of the network. The network is provisioned for the data plane scale and the control plane scale.

Abstract: Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.

Abstract: Systems, methods, and computer-readable media for predicting policy changes in a network environment through a data serialization language. Running configurations of one or more network devices in a network environment can be collected. Further, a master device template of a new policy for the network environment can be generated through a data serialization language based on the running configurations of the one or more network devices. The master device template can include a directory-based tree structure of a simulated implementation of the new policy in the network environment. Policy changes in the network environment for the new policy can be predicted before implementing the new policy in the network environment based on simulated packet traversal through the directory-based tree structure of the simulated implementation of the policy in the network environment.

Abstract: Systems, methods, and computer-readable media for predicting policy changes in a network environment through a data serialization language. Running configurations of one or more network devices in a network environment can be collected. Further, a master device template of a new policy for the network environment can be generated through a data serialization language based on the running configurations of the one or more network devices. The master device template can include a directory-based tree structure of a simulated implementation of the new policy in the network environment. Policy changes in the network environment for the new policy can be predicted before implementing the new policy in the network environment based on simulated packet traversal through the directory-based tree structure of the simulated implementation of the policy in the network environment.

Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

Abstract: The present technology is directed to an automated end to end network migration process from on-premise to cloud-based management platforms and visa-versa. The disclosed technology describes an enhanced plug and play (PnP) software agent operationally coupled to a device and capable of interacting with a PnP service hosted on a target management platform to thereby initiate the migration process. The PnP service on the target management platform upon receiving a migration request from the device PnP agent, maps the requesting device onto a client profile existing on the target management platform and identifies therefrom the associated default controller for the device. Subsequently, the device is directed to acquire and boot up on a new software image compatible with the target management platform and following a conversion of its existing configuration into a version compatible with the new software image, the device is migrated to the associated default controller.

Abstract: The present disclosure is directed to a peer node discovery process whereby a network management node can discover peers of inaccessible nodes that have lost connectivity to the network management node over the control plane and receive health report of the inaccessible nodes via the discovered peers. In one example, a method includes detecting a loss of connectivity to a network node; based on a type of the network node, performing one of a first process or a second process to obtain a health report of the network node, the first process and the second process including identification of at least one corresponding peer node from which the health report of the network node is to be received; and analyzing the health report to determine root cause of the loss of connectivity.

Abstract: The present disclosure is directed to management of migration of SD-WAN solutions in a multi-cloud structure upon detection of a failover event. In one aspect, a method includes monitoring, using virtual bonds of a network orchestration component, clusters of virtual management components of multiple cloud networks, corresponding virtual management components of one of the multiple cloud networks implementing one or more services of a Software-Defined Wide Access Network (SD-WAN) solution; detecting, using the virtual bonds, a failover event at the one of the multiple cloud networks; and identifying, by the virtual bonds, a new destination cloud network to migrate the one or more services of the SD-WAN solution to, from a source cloud network at which the failover event is detected.

Abstract: A method may include identifying an update file for a plurality of nodes; selecting a first set of nodes of the plurality of nodes based on a set of node selection criteria; sending the update file to the first set of nodes via a software-defined network (SDN); receiving a first message from a first node of the first set of nodes indicating that the first node is ready to host the update file; identifying a second node that is connected to the first node responsive to receiving the first message from the first node; sending a first instruction to the second node for the second node to obtain the update file from the first node; receiving a second message from the second node indicating that the second node is ready to host the update file; and adding the second node to the first set of nodes.