Abstract: Techniques for tracking compute capacity of a scalable application service platform to perform dynamic bandwidth allocation for data flows associated with applications hosted by the service platform are disclosed. Some of the techniques may include allocating a first amount of bandwidth of a physical underlay of a network for data flows associated with an application. The techniques may also include receiving, from a scalable application service hosting the application, an indication of an amount of computing resources of the scalable application service that are allocated to host the application. Based at least in part on the indications, a second amount of bandwidth of the physical underlay to allocate for the data flows may be determined. The techniques may also include allocating the second amount of bandwidth of the physical underlay of the network for the data flows associated with the application.

Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.

Abstract: The present technology is generally directed to dynamically adding network resources based on an application function (AF) notification. The present technology can determine, by an AF of a service provider, a network congestion on a network, the network congestion indicating that network resources for servicing a user device using services of the service provider do not meet corresponding Quality of Service (QoS) requirements. Further, the present technology can transmit a notification by the AF to a core network of a network provider to request additional network resources to be allocated for servicing the user device, the network provider providing network connectivity for the user device to receive the services provided by the service provider.

Abstract: Symbol multiplexing Physical Medium Attachment (PMA) may be provided. A plurality of first lanes may be received and then Alignment Markers (AMs) from the plurality of first lanes may be used to determine symbol boundaries and identify the plurality of first lanes. Next, groups of the plurality of first lanes may be de-skewed and checkerboard patterns in the plurality of first lanes may be undone. Then the plurality of first lanes may be symbol-wise multiplexed to a plurality of second lanes. The plurality of second lanes may then be sent.

Abstract: Roaming validation for Access Network Providers (ANPs), and particularly to protecting communications between Stations (STAs) and ANPs while providing roaming validation for ANPs may be provided. An ANP may first register a roaming federation system. The ANP may determine a roaming message based on subscription features of the network, and the ANP may request signing of the roaming message by the roaming federation system. The ANP may receive the signed roaming message from the roaming federation system and send the signed roaming message to a STA. The ANP may then receive a request to connect to the network from the STA and initiate a connection for the STA.

Abstract: Radio discovery for a mesh Access Point (AP) may be provided. Topology information associated with a first network may be received wherein the first network may comprise a mesh network. A Topology Descriptor Message (TDM) may then be created based on the topology information. The TDM may then be transmitted by a first Access Point (AP).

Abstract: Optimal coding scheme parameters may be provided. Information associated with a plurality of client devices may be received by a computing device. A map of locations of the plurality of client devices relative to an Access Point (AP) may be created based on the information. A connected dominating set of client devices within the plurality of client devices may be identified based on the map. A first client device in the connected dominating set may then be caused to relay data between the AP and a second client device comprising a client device in the plurality of client devices that is dominated by the first client device in the connected dominating set.

Abstract: A managed network supporting backscattering communication devices may be provided. A computing device may determine a plurality of locations respectively associated with a plurality of devices in a preterminal space. At least one of the plurality of devices may be power with energy transmitted from at least one Access Point (AP) to the least one of the plurality of devices at its location. Data may be received from the at least one of the plurality of devices in response to powering the at least one of the plurality of devices.

Abstract: In part, the disclosure relates to a photonic device that may include a curved waveguide that includes a plurality of layers; a curved elongate structure defining an upper surface, an inner elongate surface, and an outer elongate surface, the curved elongate structure comprising a first end, and a second end; and a ridge extending from the upper surface, the ridge having a first side and a second side; and a trench defined by one or more of the plurality of layers and the first side; the curved elongate structure defines a first elongate section and a second elongate section, wherein a first cross-section of the ridge has a first shape that substantially extends along the first elongate section of the structure, the first shape is defined by the first side and a step extending from the first side and above the bottom of the trench.

Abstract: According to one or more embodiments of the disclosure, an example process herein may comprise: receiving configuration of an extension to manage one or more particular endpoints and data collectors for a particular tenant of an extensibility platform; determining a specification of a container containing one or more particular functions configured to perform required data transformations for the extension; providing one or more shared egress assistant functions configured to receive data from the one or more particular functions; and sending the data from the one or more shared egress assistant functions onto a common ingest for further processing, wherein the one or more particular functions and the one or more shared egress assistant functions are executed as functions-as-a-service at runtime.

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.

Abstract: Techniques for temperature control for multiple dies in an element. A temperature of a first die is measured, in an element comprising the first die and a second die. The second die includes at least a portion of a controller. The temperature of the first die is changed by adjusting activity, from the second die to the first die, based on a target temperature for the first die and the measured temperature for the first die.

Abstract: In one embodiment, a device in a network detects an encrypted traffic flow associated with a client in the network. The device captures contextual traffic data regarding the encrypted traffic flow from one or more unencrypted packets associated with the client. The device performs a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier. The device generates an alert based on the classification of the encrypted traffic flow.

Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.

Abstract: Techniques for a TCP proxy to communicate over a LEO satellite network on behalf of a client device by selecting a TCP congestion-control algorithm that is optimal for the LEO satellite network based on the time of day and/or location of the TCP proxy. Based on the locations of satellites during the day as they traverse predefined and patterned orbital paths, different TCP congestion-control algorithms may be more optimized to communicate data through the LEO satellite network. However, client devices generally use a single TCP congestion-control algorithm to communicate over WAN networks. Accordingly, a TCP proxy may be inserted on, for example, a router to communicate with the client device using a TCP congestion-control algorithm that the client device is configured to use, but then communicate over the LEO satellite network using a different TCP congestion-control algorithm that is optimal based on the time of day and/or other factors.

Abstract: Multi-User Multiple Input, Multiple Output (MU-MIMO) data transmissions are provided with a forward-predictive precoding matrix to mitigate the effects of a change in a state of a communication channel. First and second soundings are performed, at first and second times, to a receive antenna over a channel and, responsive to each of the soundings, first and second Channel State Information (CSI) are received. Based on the first and second CSI, a change in a state of the channel over a time period between the first and second time is determined. Based on the change in the state of the channel, a forward-predictive channel state matrix and/or a forward-predictive precoding matrix are determined that reflect a state of the channel at a future time and that are consistent with the determined change in the state over the time period. The forward-predictive precoding matrix is applied to a data transmission.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: Techniques and mechanisms for using passively collected network data to automatically generate a fingerprint prevalence database without the need for endpoint ground truth. The process first clusters all observations with the same fingerprint string and similar source and destination context. The process then annotates each cluster with descriptive information and uses a rule-based system to derive an informative name from that descriptive information, e.g., “winnt amp client” or “cross-platform browser”. Optionally, the learned database may be augmented by a user to clarify custom process labels. Additionally, the generated database may be used to report the inferred processes in the same way as databases generated with endpoint ground truth.

Abstract: One technique includes receiving, in a first network, a multi-destination packet from a second network, and determining, based on the multi-destination packet, a first multi-destination tree in the first network for forwarding the multi-destination packet. In response to determining that the first multi-destination tree is not rooted on the network device, a second multi-destination tree in the first network is determined, and the multi-destination packet is transmitted using the second multi-destination tree. Another technique includes, upon detecting a first network device joining a network, sending a first indication to a second network device that the first network device is in a state for an amount of time. After the amount of time has elapsed, a second indication that the first network device has exited the state is sent to the second network device. A topology of the network is updated after the first network device has exited the state.

Abstract: A method of provisioning a network may include, with a network controller, identifying a first network intent of a computing network based at least in part on an execution of a user interface (UI) or API layer at a client device, and identifying a modification of at least one object within the first network intent within the UI or API layer at the client device as the first network intent is being modified. The modification defines a delta between the first network intent and a second network intent. The method may further include, with a provisioning service executed by the network controller, receiving the delta as a payload from the client device, and provisioning at least one computing device within the computing network based at least in part on the delta. The method further includes automatically modifying the at least one object based on the received delta, including a further modification of the second network intent.