Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

Abstract: The present technology allows coordination of channels of private wireless networks utilizing shared licensed and unlicensed spectrum. Wireless network operators in an enterprise location register to participate in a consortium and register licensed, shared, and unlicensed spectrum resources to be shared with other members of the consortium. The wireless network operators request an allocation of spectrum resources from the consortium. The consortium generates a radio resource management (“RRM”) plan for shared use of the licensed, shared, and unlicensed spectrum resources. The consortium combines the allocated licensed, shared, and unlicensed spectrum from each of the wireless network operators to meet the target RRM plan. The consortium monitors spectrum utilization to dynamically update the RRM. The consortium monitors spectrum utilization in real time to determine how closely the RRM plan matches the resources allocated to each wireless network operator.

Abstract: An epoch scheme for Station (STA) privacy and, specifically, a structured Media Access Control (MAC) address rotation schedule for STAs may be provided. Providing an epoch scheme for STA privacy can include determining epoch parameters for a STA, the epoch parameters comprising a minimum epoch period duration and a maximum epoch period duration. The epoch parameters are sent to the STA, wherein the STA is operable to rotate a MAC address each epoch period at a time between the minimum epoch period duration and the maximum epoch period duration. A mapping of the STA and the MAC address can be updated each epoch period.

Abstract: Interoperable Transmit Power Envelop (TPE) signaling with Automated Frequency Coordination (AFC) frequency response may be provided. First, AFC information may be received. Next a mask may be determined for a punctured channel indicated in the AFC information. Then a first amount may be determined that the mask needs to be altered to reach an AFC response for the punctured channel indicated in the AFC information. A Transmit Power Envelop (TPE) value may then be reported for the punctured channel comprising the first amount plus a second amount.

Abstract: Techniques for determining a preferred HTTP protocol for communication between a client device and a server over a network are described. A first type of HTTP probe is transmitted over a network from a client device to a server. A second type of HTTP probe is transmitted over a network from the client device to the server. If either the first type of HTTP probe response or the second type of HTTP probe response, the type of the HTTP probe response received is the preferred communication protocol. If the first type of HTTP probe response and the second type of HTTP probe response is received, a type of HTTP probe response received first is the preferred communication protocol. The client device communicates with the server over the network using the preferred communication protocol.

Abstract: In one embodiment, a device receives, via a user interface, definition of a first sequence of transactional milestones performed by users of an online application and identified using a first type of identifier. The device also receives, via the user interface, definition of a second sequence of transactional milestones performed by users of the online application and identified using a second type of identifier. The device further receives, via the user interface, definition of a key transition associated with at least one transactional milestone in the first sequence of transactional milestones or second sequence of transactional milestones that links the first type of identifier with the second type of identifier. The device represents, using the key transition, performance of the first sequence of transactional milestones and the second sequence of transactional milestones by a particular user of the online application as a unified sequence.

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

Abstract: A method of provisioning a network may include, with a network controller, identifying a first network intent of a computing network based at least in part on an execution of a user interface (UI) or API layer at a client device, and identifying a modification of at least one object within the first network intent within the UI or API layer at the client device as the first network intent is being modified. The modification defines a delta between the first network intent and a second network intent. The method may further include, with a provisioning service executed by the network controller, receiving the delta as a payload from the client device, and provisioning at least one computing device within the computing network based at least in part on the delta. The method further includes automatically modifying the at least one object based on the received delta, including a further modification of the second network intent.

Abstract: In one embodiment, a device causes, in accordance with a probing strategy, performance of a probing test by one or more agents in a network and with respect to an online application. The device obtains quality of experience measurements for the online application. The device adjusts, using reinforcement learning, the probing strategy based on how well a predictive model was able to predict the quality of experience measurements given results of the probing test. The device repeats the causing, obtaining, and adjusting steps using the probing strategy adjusted by the device, to find a minimally disruptive probing strategy that provides acceptable performance by the predictive model.

Abstract: Techniques for enabling service insertion using dynamic service path selection are described herein. In some aspects, the techniques described herein relate to avoiding a service route that passes through a service router when the second-leg path from the service router to a destination router is unreachable. In some cases, the techniques described herein relate to avoiding a route that includes a service router that does not have a path to a viable target in a core service region.

Abstract: A computing device receives an ingest preview request to preview events to be stored by at least one indexer. Responsive to the ingest preview request, the computing device sends a subscription request to the forwarders. The forwarders receive the subscription request and intercept the events that are being sent to at least one of the indexers. The forwarders then clone matching events to the subscription request and responds to the computing device with the matching events. When the computing device receives the matching events, the computing device adds the matching events to a dispatch directory. The user interface is then populated with events in the dispatch directory.

Abstract: A computer-implemented method includes a processing node sending a request that includes an identified alert record from a shared alert data store that is shared amongst a cluster of processing nodes including the processing node. The processing node receives, responsive to the request, a delete alert record uniquely identifying the identified alert record and including an annotation identifying a new delete alert record as being a delete alert record type. The processing node matches, responsive to the annotation, the delete alert record to a local copy of the identified alert record based on the delete alert record uniquely identifying the identified alert record. The processing node deletes, based on the annotation, the local copy of the identified alert record according to the delete alert record.

Abstract: The disclosed technology relates to a process for optimizing data flow within a computer network. The technology utilizes shared memory and machine learning logic to improve the efficiency of how computing resources are used during a transmission of data packets in the computer network. The shared memory is implemented during the transmission of data packets between the data plane and the service plane so that the copying of data packets after the data packets have been received and processed by an application is not necessary. The machine learning logic is implemented during the processing of the data packets in order to adjust a frequency or extent that the data packets (and corresponding source of the data packets) need to be evaluated to ensure that malicious content is not being transmitted across the computer network.

Abstract: Techniques for sharing the probing of software-as-a-service clouds among a cluster of routers are described herein. The techniques may include establishing a first path between a cluster of routers and an application infrastructure. Establishing a second path between the cluster of routers and the application infrastructure. Designating a first router in the cluster of routers to send probes over the first path to the application infrastructure. Designating a second router in the cluster of routers to send probes over the second path to the application infrastructure. Distributing, by the first router and to the cluster of routers, first routing performance data indicating a performance of the first path when communicating with the application infrastructure over the first path, distributing, by the second router and to the cluster of routers, second routing performance data indicating a performance of the second path when communicating with the application infrastructure over the second path.

Abstract: A multicast state is generated within a Layer 2 (L2) fabric through a set of L2 tunnel router devices within the L2 fabric. The multicast state is generated without forwarding multicast traffic through Layer 3 (L3) gateways. When a data packet is received for distribution to other devices in the L2 fabric, an underlay multicast tree is defined at an L2 tunnel router device that is to serve as the multicast source for the data packet in the L2 fabric. The data packet is streamed to the other devices through the L2 tunnel router device along the underlay multicast tree without forwarding the data packet through the L3 gateways.

Abstract: In one embodiment, a device obtains data indicative of quality of experience for an online application. The device predicts, based on the data, path performances of network paths between an endpoint and the online application for different traffic loads. The device selects traffic loads for the network paths between the endpoint and the online application, based on the path performances predicted by the device. The device causes application traffic to be load balanced across the network paths between the endpoint and the online application, in accordance with those traffic loads selected by the device.

Abstract: Techniques for migrating on-premises and/or cloud-based workloads to follow a network session as it potentially migrates, due to multipathing techniques, across multiple edge and/or cloud datacenters. The techniques may include determining, by a controller of a network, that a traffic flow between an endpoint device and a workload has migrated to a different path of a multipath flow such that the traffic flow terminates at a different termination point than the workload. Based at least in part on determining that the traffic flow has migrated, the controller may cause a migration of a state of the workload to a location associated with the different termination point. That is, the controller may cause the workload to be migrated in its current state, which may be specific to the endpoint device, to follow the traffic flow.

Abstract: Systems, methods, and computer-readable media for intelligent webhook are described herein. The intelligent webhook can insert code into one or containers associated with an application being deployed by an orchestration service. The code enables the intelligent webhook to monitor operations, including startup, of a container mutated to include the code. The intelligent webhook has knowledge of whether a mutated container failed to startup in a prior instance, and if it fails, the intelligent webhook can insert a modified version of the code and/or adjust resource limit constraints to facilitate mutation of a container scheduled to be deployed with an application.

Abstract: A system is provided for supporting roaming between LTE EPC network and 5G network of a first mobile network operator by 5GC network of a second network operator. The system may include the EPC network including a serving gateway in communication with a 4G base station being in the EPC network. The system may also include the 5G network of the first mobile network operator including a vSMF in communication with a 5G base station being in the 5G network of the first network operator. The system may also include the 5GC network of the second network operator including a hSMF. The vSMF is configured to receive a communication from the serving gateway to anchor mobility between the LTE EPC network and the 5G network of the first mobile network operator, and to communicate with the hSMF in the 5GC network of the second network operator using 5G roaming interfaces.

Abstract: A pluggable device and method are presented. The pluggable device includes a substrate, a first pin positioned on the substrate, an optical source positioned on the substrate, and an integrated circuit positioned on the substrate. The optical source produces a source optical signal and transmits the source optical signal through the first pin. The integrated circuit transmits a received optical data signal and transmits a data signal based on a portion of the optical data signal.