Abstract: An Internet Key Exchange protocol message indicating a first Internet Protocol Security traffic flow is to be established via a first device is obtained at the first device. The Internet Key Exchange protocol message is forwarded from the first device to a second device. An encryption key used to transmit traffic via the first Internet Protocol Security Traffic flow is received at the first device from a key value store. The key value store is populated with the encryption key in response to the second device obtaining the Internet Key Exchange protocol message. A first data packet to be transmitted via the first Internet Protocol Security traffic flow is obtained at the first device. The first device provides the first data packet encrypted with the encryption key of the first Internet Protocol Security traffic flow.

Abstract: A reverse time synchronization may be performed between a sending device and a receiving device. Then a Time Error (TE) between the sending device and the receiving device may be determined based on the reverse time synchronization. A gate time on the receiving device may be scheduled based on the determined TE.

Abstract: An optical modulator may include a lower waveguide, an upper waveguide, and a dielectric layer disposed therebetween. When a voltage potential is created between the lower and upper waveguides, these layers form a silicon-insulator-silicon capacitor (also referred to as SISCAP) guide that provides efficient, high-speed optical modulation of an optical signal passing through the modulator. In one embodiment, at least one of the waveguides includes a respective ridge portion aligned at a charge modulation region which may aid in confining the optical mode laterally (e.g., in the width direction) in the optical modulator. In another embodiment, ridge portions may be formed on both the lower and the upper waveguides. These ridge portions may be aligned in a vertical direction (e.g., a thickness direction) so that ridges overlap which may further improve optical efficiency by centering an optical mode in the charge modulation region.

Abstract: At an authentication server, a request for at least a first dynamic host configuration protocol (DHCP) option is received from a client device, and it is determined if the authentication server implements DHCP. Based at least in part on a determination that the authentication server does not implement a DHCP, the operations further include transmitting an application program interface (API) call to a DHCP server associated with the authentication server acting as a DHCP gateway, receiving a response from the DHCP server, and transmitting the response to the client device.

Abstract: In accordance with one embodiment, a source leaf device receives a packet. The source leaf device identifies a flowlet associated with the packet and a destination leaf device to which the packet is to be transmitted. The source leaf device may determine whether the flowlet is a new flowlet. The source leaf device may select an uplink of the source leaf device via which to transmit the flowlet to the destination leaf device according to whether the flowlet is a new flowlet. The source leaf device may then transmit the packet to the destination leaf device via the uplink.

Abstract: A method is provided for use in a network that includes a plurality of user plane functions that perform processing of user plane traffic sessions from one or more mobile wireless user devices. The method includes periodically monitoring resource utilization of the plurality of user plane functions to estimate a resource utilization level of respective user plane functions. Based on the periodically monitoring, the method further includes storing for the respective user plane functions a resource utilization level indicator for each of the respective user plane functions according a resource utilization level of the respective user plane functions. User plane traffic sessions for a given tracking area are re-assigned (moved) among the plurality of user plane functions based on the resource utilization level indicators for the respective user plane functions to achieve a desired quality of experience for the user plane traffic sessions.

Abstract: Techniques are described for generating an end-to-end distributed network trace involving cloud edge networks. In one example, a cloud or datacenter environment obtains, from an edge node in a cloud edge network, one or more network communications that include a correlation identifier associated with the one or more network communications and an identifier of the edge node. Based on the identifier of the edge node, the cloud or datacenter environment provides a network probe to the edge node. The cloud or datacenter environment obtains, from the edge node, telemetry data that is generated responsive to the network probe. The cloud or datacenter environment provides the telemetry data and the correlation identifier to an aggregation server that is configured to, based on the correlation identifier, aggregate the telemetry data with further telemetry data to generate an end-to-end distributed network trace associated with the one or more network communications.

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

Abstract: Systems and methods provide for managing faulting network devices. A first network device can receive an error. The first network device can generate one or more frames including data indicative of the error. The first network device can broadcast the one or more frames to one or more neighboring network devices. It may be determined that the first network device is inaccessible. The first data can be retrieved and presented from a second network device among the one or more neighboring network devices. In some embodiments, a network management system can utilize the first data to generate a machine learning model that classifies whether network devices are instances of network devices designated for a Return Merchandise Authorization (RMA) process. In some embodiments, the network management system can apply the first data to a machine learning classifier to determine whether to initiate the RMA process for the first network device.

Abstract: A method of congestion mitigation may include determining whether a host is sending a read command or a write command to an NVMe controller, and in response to a determination that the host is sending the read command, transmitting the read command via a first transmission control protocol (TCP) connection between the host and the NVMe controller. The method may further include in response to a determination that the host is sending the write command, transmitting the write command via a second TCP connection between the host and the NVMe controller.

Abstract: A multi-mode radio unit, and more specifically providing a multi-mode radio unit having a 7.2 split mode and a full gNodeB (gNB) mode may be provided. A 7.2 split mode may be executed at a Multi-Mode Radio Unit (MMRU). Next a metric associated with a front-haul link between the MMRU and a Distributed Unit (DU) may be monitored. The metric may be compared to a first threshold, and when the metric is above the first threshold, the MMRU may be caused to switch from the 7.2 split mode to a full gNodeB (gNB) mode.

Abstract: Providing 5G-AKA User Equipment (UE) authentication and, more specifically, providing 5G-AKA UE authentication at an edge of a network may be provided. An Authentication Server Function (AUSF) at an edge of a network, and the AUSF may request an Authentication Vector (AV) from a Unified Data Management (UDM). The AUSF may receive AV from the UDM and cache the AV at an AV cache. An authentication request may be received from an Access and Mobility Management Function (AMF) and the AV from the AV cache may be provided to the AMF.

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical proximity of the device to one or more other authenticated devices. An example method includes performing a first authentication of a first device or a first user and connecting the first device to a protected resource. Based on determining that the first device is within a threshold distance of a second, authenticated, device, a reauthentication interval is selected. Based on determining that the reauthentication interval has expired, a second authentication is initiated by transmitting, to the first device or a third device associated with the first user, a request for an authentication factor.

Abstract: A trigger to enable data traffic replication in a wireless network may be provided. A data packet comprising a Differentiated Service Code Point (DSCP) field in a header may be received. A determination may be made that the data packet comprises a candidate traffic for bi-casting. In response to determining that the data packet comprises the candidate traffic for bi-casting, a flag may be set in the DSCP field in the header of the data packet. The flag triggers bi-casting of the data packet. The data packet may be sent to a destination device.

Abstract: In part, the disclosure relates to a method for power saving in optical transceivers during idle activity. The method may include receiving, by a first receiver a request to initiate idle mode; identifying, based on the request to initiate the idle mode, a frequency of ping times during the idle mode; initiating the idle mode and deactivating one or more functions of the digital signal processor; receiving, by the first receiver, from the first transmitter, a plurality of ping signals on a plurality of respective ping times; and terminating, responsive to a ping signal comprising a request to end idle mode, the idle mode by activating the one or more functions of the digital signal processor.

Abstract: A method includes receiving, at a chaos level engine, initial input parameters. The method may further include, with the chaos level engine, determining scaled input parameters based on the initial input parameters. The scaled input parameters define how the initial input parameters effect a computing environment to be tested. The method may further include, with the chaos level engine determining a chaos level for performing a chaos experiment on the computing environment based on the scaled input parameters and sending the chaos level to the computing environment for the chaos experiment. The method may further include, with the chaos level engine, receiving, from the computing environment, feedback defining an impact caused by the chaos experiment created at the computing environment and an intended level of chaos.

Abstract: A recommendation system can be configured to provide tailored software update relevance information for deployed software. The recommendation engine can obtain running state information for a current version of software running on a device, as well as build data for each of the current version of the software and a new version of the software. The recommendation engine can obtain software version difference information based on the build data and determine, based on at least the software version difference information and the running state information, a number of functions in the current version of software that are directly impacted by the new version. The recommendation engine can cause relevance information derived from this determination to be displayed on a computing device, and/or the recommendation engine can automatically cause an update to the new version of the software to be applied or rejected based on the determination.

Abstract: In one embodiment, a method includes receiving, by a network orchestrator, trace parameters from a user device. The method also includes determining, by the network orchestrator, to initiate a network path trace for the application, generating, by the network orchestrator, a filter policy for the network path trace using the trace parameters, and allocating, by the network orchestrator, a trace identification to the network path trace. The method also includes initiating, by the network orchestrator, the network path trace within a network by communicating the filter policy and the trace identification to a first node of the network and receiving, by the network orchestrator, network path trace data from a plurality of nodes of the network. The method further includes generating, by the network orchestrator, a trace report for the application using the network path trace data.

Abstract: Presented herein are techniques to facilitate dual-connectivity support for a user equipment (UE) in a hybrid cell virtualized Radio Access Network (vRAN) architecture. In one example, a method may include obtaining, by a node of a mobile network via a first cell of a RAN, a request for a UE to connect to the mobile network via the first cell in which the RAN includes at least one shared cell and at least one unique cell; determining that the UE is allowed for dual-connectivity operation; and providing a policy to the UE, wherein the policy identifies, for each of one or more applications, one of a shared cell operating mode or a unique cell operating mode that the UE is to utilize for each of the one or more applications.

Abstract: Techniques are described for generating an end-to-end distributed trace in connection with a cloud or datacenter environment. In one example, a server obtains target application telemetry data and external telemetry data associated with one or more correlation identifiers included in one or more network communications provided to a target application in the cloud or datacenter environment. The server aggregates the target application telemetry data and the external telemetry data based on the one or more correlation identifiers to generate an end-to-end distributed trace associated with the one or more network communications.