Abstract: According to one or more implementations of the disclosure, a device initiates probing of a path in a network during which one or more probe packets are sent along the path. A hop along the path modifies the one or more probe packets to include energy source information regarding one or more energy sources available to that hop. The device receives results of the probing of the path that include the energy source information. The device generates, based on the results of the probing, a visual representation of the path and those one or energy sources available to different hops along the path. The device provides the visual representation of the path to a user interface for display.

Abstract: Techniques for expressing, communicating, de-conflicting, and enforcing consistent access policies between an IBN architecture and a Cloud-Native architecture. Generally, network administrators and/or users of a Cloud-Native architecture and an IBN architecture express access policies independently for the two different domains or architectures. According to the techniques described herein, a Network Service Endpoint (NSE) of the Cloud-Native architecture may exchange access policies with a network device of the IBN architecture. After exchanging access policies, conflicts between the sets of access policies may be identified, such as differences between allowing or denying communications between microservices and/or applications. The conflicts may be de-conflicted using various types of heuristics or rules, such as always selecting an access policy of the IBN architecture when conflicts arise.

Abstract: In one embodiment, a control tower device obtains, first state information from sensing or reporting systems or devices at a particular location via a first communication channel. The control tower device makes, based on the first state information, an evaluation regarding the particular location using one or more digital twins representing one or more entities of the particular location. The control tower device obtains second state information from one or more trusted verifiers for the particular location via a second communication channel. The control tower device verifies, based on the second state information, the evaluation regarding the particular location.

Abstract: A method and system for implementing security policies for a user device based on one or more user device parameters. When a user device joins a domain, the security policy agent determines one or more security policies for the user device based on one or more parameters of the user device. The user parameters may include the type of user device, a user group, an application to be used, etc. The security polies are sent to the user device. The user device generates a data packet having metadata indicating the one or more device parameters. The data packet is sent to a remote security service where security policies are implemented based on the metadata.

Abstract: In one embodiment, a device instruments an application to generate OpenTelemetry trace data during execution of the application. The device identifies, based on where the application was instrumented, a particular method of the application. The device determines that a circuit breaker is to be inserted for the particular method of the application. The device inserts a circuit breaker for the particular method.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for utilizes a collaboration application to provide data beneficial to the authentication of the user. The present application discloses receiving at least one item of personal identifying information for a user from a primary multi-factor authentication device. The present application further discloses receiving at least one item of personal identifying information for a user from a conferencing service in which the user is engaged in a conference. The present application also discloses determining whether to authenticate the user based on the items of personal identifying information from the primary multi-factor authentication device and from the conferencing service.

Abstract: Systems, methods, and computer-readable media are provided for inter-network messaging among private and public 5G networks. For instance, a first server on a public 5G mobile network can receive a first message directed to a first wireless device associated with a first network identity. The first server can determine, based on the first network identity, that the first wireless device is associated with a second network identity, wherein the second network identity is used to identify the first wireless device on a private 5G mobile network. The first server can send a copy of the first message to a second server on the private 5G mobile network for transmission to the first wireless device through the private 5G mobile network based on the second network identity.

Abstract: In one embodiment, a device determines one or more key-value pairs associated with observability data for an online application, and searches the observability data for events corresponding to the one or more key-value pairs. The device also builds a responsive event list with the events corresponding to the one or more key-value pairs within the observability data and sorts the responsive event list by associated timestamps to provide the responsive event list as a sequence of transactional milestones reached by one or more users of the online application.

Abstract: Techniques for using an end-to-end policy controller to utilize an inventory of enforcement points to generate a chain of enforcement points having capabilities to enforcement individual operations of an intent-based security policy associated with an entity accessing a resource. A network controller may intelligently split an intent-based security policy and send portions thereof to enforcement points along a path configured for an entity to access a resource. For example, a portion of a security policy corresponding to an operation may be mapped to and implemented by an enforcement point having a capability to perform the operation. Once each operation of a security policy has been mapped to an enforcement point, a chain of enforcement points may be generated.

Abstract: Techniques and architecture are described for initializing, reviewing/approving, and deploying changes within a network. Each change is associated with a particular change ticket. When a change needs to be rolled back, the original change ticket may be analyzed to determine what actions need to be performed to roll back the change. A plan of the needed actions may then be presented to a reviewer in a rollback ticket. The original change ticket may be cancelled and a new ticket, e.g., the rollback ticket, may be prepared that includes the plan for the rollback, e.g., the one or more actions needed to roll back the initial change. In configurations, a change ticket may include multiple changes and thus, for rollback, either all the changes associated with the change ticket may be rolled back or only the last change or action that was initially made may be rolled back.

Abstract: According to one or more embodiments of the disclosure, a networking device receives a policy for an endpoint in a network. The policy specifies one or more component tags and one or more activity tags that were assigned to the endpoint based on deep packet inspection of traffic associated with the endpoint. The networking device identifies a set of tags for a particular traffic flow in the network associated with the endpoint. The set of tags comprises one or more component tags or activity tags associated with the particular traffic flow. The networking device makes a determination that the particular traffic flow violates the policy based on the set of tags comprising a tag that is not in the policy. The networking device initiates, based on the determination that the particular traffic flow violates the policy, a corrective measure with respect to the particular traffic flow.

Abstract: In accordance with one embodiment, a source leaf device receives a packet. The source leaf device identifies a flowlet associated with the packet and a destination leaf device to which the packet is to be transmitted. The source leaf device may determine whether the flowlet is a new flowlet. The source leaf device may select an uplink of the source leaf device via which to transmit the flowlet to the destination leaf device according to whether the flowlet is a new flowlet. The source leaf device may then transmit the packet to the destination leaf device via the uplink.

Abstract: This disclosure describes techniques for adaptive disaster recovery of applications running on network devices. The techniques include generating an application template and an application template clone that include application attributes usable to deploy an application stack at an application site. The techniques also include sending the application template clone to a disaster recovery site group to await deployment instructions. In some examples, an observer may determine that a health metric of the application site indicates that a disaster recovery process be triggered. A disaster recovery site of the disaster recovery site group may be selected based at least in part on a performance metric. The application stack may be deployed at the disaster recovery site utilizing the application template clone.

Abstract: Systems and methods are provided for providing transference of a user equipment to a 5G network when a voice call is terminated. The systems and method can include receiving, at a mobility management entity, a voice call termination message from a serving gateway, determining, by the mobility management entity, whether the user equipment includes a 5G subscription and 5G capability based on the voice call termination message, and providing, by the mobility management entity, a handover message to the user equipment to initiate a handover to the 5G network based on the determining of whether the user equipment includes the 5G subscription and 5G capability.

Abstract: Disclosed herein are systems, methods, and computer-readable media for reporting QoE of a UE, as measured and determined from the perspective of the UE to one or more core components of the cellular network to which the UE is attached. The QoE may then be used by the one or more core components for managing and adjusting, if necessary, the cellular services provided to the UE. In one aspect, a method includes determining, at a user device, a quality of experience (QoE) of user device connected to a cellular network and transmitting, via a non-access stratum (NAS) signaling, a value of the QoE from the user device to a core network element of the cellular network, wherein the core network element utilizes the QoE value to manage network access and a quality of service (QoS) of the user device.

Abstract: The present disclosure is directed to systems and techniques for improved signaling of subscriber information and updates thereto for one or more location-based user plane services. In one examples, the systems and techniques can include determining the existence of a converged User Plane Function (UPF) comprising a Serving Gateway User Plane (SGW-U) session and a Packet Data Network (PDN) Gateway User Plane (PGW-U) session. In response to determining the existence of the converged UPF, User Equipment (UE) information can be transmitted from a Serving Gateway Control Plane (SGW-C) session to the SGW-U session of the converged UPF. The UE information received at the SGW-U session can be shared to the PGW-U session of the converged UPF, wherein the PGW-U session receives the UE information without communicating with a PDN Gateway Control Plane (PGW-C) session.

Abstract: The present disclosure is directed to a comprehensive Route Selection Policy (URSP) based on Wi-Fi multi-link operation. In one aspect, a method includes identifying a user device connected to an enterprise network that provides network connectivity to user devices over multiple radio access technologies; receiving network capability information indicating that the user device is capable of a multi-link operation over a Wi-Fi network, the Wi-Fi network being one of the multiple radio access technologies; determining a URSP for the user device, wherein the URSP is a singular route selection policy for the user device to send and receive data over the multiple radio access technologies and defines, in part, a per-application traffic routing rule for routing a portion of traffic for an application used on the user device, over one of multiple links available on the Wi-Fi network; and transmitting the URSP to the user device.

Abstract: Disclosed is a method for continuous in-line monitoring of data-centric traffic to guarantee application performance. The method includes, in each switch of a plurality of switches in a network fabric, grouping all packets entering each respective switch of the plurality of switches based on either 5-tuple applications or EPG based applications, collecting performance statistics at every hop in the network fabric across all flows in-line in a flow table maintained in each respective switch and periodically exporting the performance statistics to analysis module.

Abstract: Systems, methods, and computer-readable media are provided for securely advertising autoconfigured prefixes in a cloud environment. In some examples, a method can include, receiving, by a first router, an indication of an available network address prefix. In some aspects, the method can also include selecting, by the first router, a first network address prefix that is within the available network address prefix, wherein the first network address prefix provides at least one route to one or more network elements associated with the first router. In some cases, the method may further include sending, to a second router, a message including a stub registration option that indicates the first network address prefix.