Abstract: A pluggable device and method are presented. The pluggable device includes a substrate, a first pin positioned on the substrate, an optical source positioned on the substrate, and an integrated circuit positioned on the substrate. The optical source produces a source optical signal and transmits the source optical signal through the first pin. The integrated circuit transmits a received optical data signal and transmits a data signal based on a portion of the optical data signal.

Abstract: In one embodiment, Ethernet Virtual Private Network (EVPN) is implemented using Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) underlay network and SRv6-enhanced Border Gateway Protocol (BGP) signaling. A particular route associated with a particular Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) Segment Identifier (SID) is advertised in a particular route advertisement message of a routing protocol (e.g., BGP). The SID includes encoding representing a particular Ethernet Virtual Private Network (EVPN) Layer 2 (L2) flooding Segment Routing end function of the particular router and a particular Ethernet Segment Identifier (ESI), with the particular SID including a routable prefix to the particular router. The particular router receives a particular packet including the particular SID; and in response, the particular router performs the particular EVPN end function on the particular packet.

Abstract: An example method of implementing a layered feature set management model by a service monitoring system includes: monitoring a feature set configuration associated with a specified application instance; setting, based on the feature set configuration, a feature set level transition marker associated with the specified application instance; identifying, based on a current feature set level associated with the specified application instance and the feature set level transition marker, a new feature set level associated with the specified application instance; identifying a new feature set corresponding to the new feature set level and one or more roles associated with a specified user; and configuring a graphical user interface (GUI) enabling the new feature set for the specified user of the specified application instance.

Abstract: This technology allows time synchronization in wireless networks with mobile stations. A wireless network controller transmits instructions to access points (“APs”) within the wireless network to monitor transmissions for time synchronization. One or more second APs observe fine time measurement (“FTM”) exchanges between a first AP and a mobile station. A particular second AP determines whether to perform a time synchronization with the first AP based on the detection of the FTM exchange or a determination that the station is moving toward the second AP. For time synchronization, the second AP determines the time that the first AP transmitted the FTM exchange and the time of transmission from the first AP to the second AP. The second AP synchronizes a second AP clock to the summation of the time of the transmission of the FTM exchange and the time of transmission from the first AP to the second AP.

Abstract: The present technology pertains to receiving a tag associating at least one routing domain in an on-premises site with at least one virtual network in a cloud environment associated with a cloud service provider. The present technology also pertains to the automation of populating route and propagation tables with the cloud service provider.

Abstract: Techniques for leveraging efficient metadata communications to improve domain name system (DNS) security are described. The DNS service uses a hash value to uniquely identify a client, and detect any change in metadata in order to keep policies up-to-date for the client. In an example method a first DNS query for a client device is intercepted. A cryptographic hash function is applied to metadata associated with the client device to generate a hash value. The hash value is added to an additional records section of the first DNS query to generate a second DNS query. The second DNS query is transmitted to a DNS service. The metadata associated with the client device is transmitted to the DNS service on an out-of-band encrypted channel. A DNS response, including the hash value, is received from the DNS service and transmitted to the client device.

Abstract: The disclosure provides a method for providing an enterprise gNB for connection to a 5G packet core network. The method includes provisioning the enterprise gNB. The enterprise gNB hosts a local user plane function (L-UPF). The method also includes configuring the 5G packet core network comprising a session management function (SMF) to select the local user plane function to service user equipment (UE) connected to the enterprise gNB.

Abstract: A multi-link procedure to identify link disablement in Basic Service Set (BSS) transition management frames may be provided. First, a Basic Service Set (BSS) Transition Management (BTM) request may be created. The BTM request may indicate a link disablement that will happen in the future. Then the BTM request may be sent.

Abstract: Low Latency, Low Loss, Scalable Throughput (L4S) support and queuing and, specifically, L4S proxy support for non-L4S-compatible devices and L4S queuing for Access Points (APs) may be provided. Providing L4S support can include determining a flow for a L4S capable Station (STA) is L4S enabled. In response to determining the flow is L4S enabled, a shallow queuing mechanism is implemented for queuing traffic by replacing one or more alternate queues with one or more L4S queues, the shallow queuing mechanism comprising one or more classic queues and the one or more L4S queues. L4S traffic of the flow is queued in at least one of the one or more L4S queues.

Abstract: In one embodiment, a method comprises: obtaining, by a process, path trace data collected by a plurality of performance monitoring agents across a computer network; obtaining, by the process, one or more catalogs having application-based correlation information for the path trace data; generating, by the process, network mapping directed graphs by correlating the path trace data using the one or more catalogs, the network mapping directed graphs logically comprising nodes categorized at a plurality of levels of aggregation and edges connecting the nodes; associating, by the process, test-based performance data with the edges of the network mapping directed graphs; and providing, by the process, at least one Sankey diagram based on the network mapping directed graphs and test-based performance data associated with their edges for selectable display by a user interface.

Abstract: The present technology is generally directed to optimizing a non-3GPP untrusted Wi-Fi to 5G system handover followed by Evolved Packet System (EPS) fallback, more specifically, to delaying removal of the Wi-Fi session resources and creating a voice flow as part of the EPS fallback.

Abstract: In one embodiment, a device identifies a set of attributes from telemetry data generated by one or more agents regarding an online application accessible via a network. The device provides an interactive display to a user interface that includes options for a user to specify a selection of one or more attributes from the set of attributes and to specify an aggregation function. The device updates the interactive display to show a visualization of the aggregation function applied to the selection of one or more attributes and configures the one or more agents to collect only a subset of the telemetry data based on the selection of the one or more attributes and the aggregation function.

Abstract: This disclosure describes techniques for device to device authentication. For instance, a first device may detect a second device, such as when a user physically attaches the second device to the first device or when the second device wireless communicates with the first device. A component of the first device and/or an authentication entity may then determine to authenticate the second device. In some instances, the component determines to authenticate the second device using information associated with an environment of the second device. To authenticate the second device, the authentication entity may send a request to a user, receive a response from the user, and then verify the response. After the authentication, the first device may determine that the second device includes a trusted device and establish a connection with the second device.

Abstract: Backscatter Device (BKD) scheduling and, specifically, narrowband BKD excitation for multiple BKD scheduling may be provided. An AP may determine to transmit an excitation transmission to a plurality of BKDs. The AP may determine a trigger frequency for each of the plurality of BKDs, and the AP may transmit an excitation transmission comprising a plurality of excitation signals. Each excitation signal may have a frequency corresponding to one of the trigger frequencies for the plurality of BKDs. The plurality of excitation signals may be ordered for the plurality of BKDs to perform backscattering (i) concurrently; (ii) staggered in a single Transmit Opportunity; or (iii) a combination of (i) and (ii).

Abstract: A method includes receiving, at a chaos level engine, initial input parameters. The method may further include, with the chaos level engine, determining scaled input parameters based on the initial input parameters. The scaled input parameters define how the initial input parameters effect a computing environment to be tested. The method may further include, with the chaos level engine determining a chaos level for performing a chaos experiment on the computing environment based on the scaled input parameters and sending the chaos level to the computing environment for the chaos experiment. The method may further include, with the chaos level engine, receiving, from the computing environment, feedback defining an impact caused by the chaos experiment created at the computing environment and an intended level of chaos.

Abstract: An access point in a wireless network communicates wirelessly with one or more client devices over a channel that includes a plurality of subchannels. Radar is detected on a first subchannel of the plurality of subchannels. It is determined to puncture the first subchannel, based on the detecting the radar on the first subchannel and based on one or more puncturing factors. The first subchannel is punctured, the puncturing comprising muting one or more subcarriers on the first subchannel.

Abstract: This disclosure describes techniques for identifying the criticality of an asset in a network. In an example method, a first security metric of a first asset in a network, as well as network data that identifies data flows associated with a second asset in the network are identified. The second asset is a nearest neighbor of the first asset in the network. The method includes determining, based on the network data, a number of hosts in the network that exchanged data traffic with the second asset during a time period and generating a second security metric of the second asset based on the first security metric and the number of hosts. A security policy of the second asset is adjusted based on the security metric.

Abstract: Techniques for an email-security system to screen emails, extract information from the emails, analyze the information, assign probability scores to the emails, and classify the emails as likely fraudulent or not. The system may analyze emails for users and identify fraudulent emails by analyzing the contents of the emails. The system may evaluate the contents of the emails to determine probability score(s) which may further determine an overall probability score. The system may then classify the email as fraudulent, or not, and may perform actions including blocking the email, allowing the email, flagging the email, etc. In some instances, the screened emails may include legitimate brand domain addresses, names, images, URL(s), and the like. However, the screened emails may contain a reply-to domain address that matches a free email service provider domain. In such instances, the email-security system may assign a probability score indicative that the screened email is fraudulent.

Abstract: A system and associated methods provide solutions for reducing a volume of traffic through a multicast network attributed to repeated maintenance messages, which are required in order to maintain a multicast connection. The system configures provider edge devices to generate and send maintenance messages on behalf of members of a multicast group to establish and maintain the multicast connection and provides options for determining unknown locations of sources and/or subscribers, thereby reducing the overall volume of traffic transmitted over the multicast network.

Abstract: Disclosed herein are methods of forwarding data over an IP network. The methods may include receiving a packet from a source host connected to the IP network, identifying the IP address of a destination host designated in the packet, determining the location on the IP network where the destination host designated by the packet is connected, without reference to the MAC address specified in the packet, by using location-identification information stored on the IP network, and forwarding the packet to the location on the IP network where the destination host is connected without reference to the MAC address specified in the packet. Also disclosed herein are related network devices implementing such techniques and operations, as well as IP networks which include such network devices.