Abstract: Presented herein are techniques for obtaining pertinent information from a network upon detection of an anomaly by receiving, at a first network node, configuration information sufficient to establish a data collection policy for the network node, capturing data, on the first network node, in accordance with the data collection policy to obtain captured data, detecting an anomaly occurring with respect to a second network node, and in response to detecting the anomaly, in transferring from the first network node, to an analysis server, collected data derived from the captured data based on both the data collection policy and a proximity metric indicating a logical distance between the first network node and the second network node.

Abstract: In one embodiment, a method is performed. An interworking module of a wireless local access network (LAN) controller may receive a non-access stratum (NAS) message from an access point (AP) device using a control and provisioning of wireless access protocols (CAPWAP) tunnel. The NAS message may be translated to a WiFi service layer message. The WiFi service layer message may be sent to a wireless control plane module of the wireless LAN controller.

Abstract: Techniques for direct mode video coding/decoding techniques. According to one embodiment, various blocks in B frames may use motion vectors from different reference frames (P frames or B frames), according to what is referred to herein as a patchwork motion field. Different blocks of a given frame may use motion vectors inherited from different frames for purposes of computing a predicted block for the given frame.

Abstract: In one embodiment, a router receives a packet from a network device in a software defined architecture (SDA) network, and obtains iOAM data from an outer header of the packet, the iOAM data inserted into the outer header by one or more network devices that previously processed the packet. The router then copies the iOAM data into a locally pertinent header, and after determining local iOAM data of the router, appends the local iOAM data to the iOAM data copied into the locally pertinent header. The router may then process the packet accordingly. In another embodiment, an SDA router may insert an indication of one or more applied policies into an iOAM header of the packet, such that an edge router can determine any unapplied policies and subsequently apply them.

Abstract: A router between a content consuming device and a content storage device obtains an interest corresponding to a content object. The interest includes a name identifying the content storage device, signaling information, an authentication token, and an inner interest identifying an actual content object stored at the content storage device. The inner interest is encrypted with an encryption key shared between the content storage device and the content consuming device, but not shared with the router. The router authenticates the interest by verifying the authentication token using an authentication key shared with the content consuming device. The router then provides the interest to the content storage device. The router obtains the content object, which includes at least a portion of the actual content object encrypted with the encryption key, from the content storage device. The router provides the content object to the content consuming device.

Abstract: An example method is provided in one example embodiment and includes receiving an assignment request from a core node in a network to establish a tunnel for user plane traffic; forwarding first parameters to a controller of an enterprise network, wherein the first parameters include a tunnel identifier and a network address associated with the core node; receiving an assignment response; and forwarding second parameters to the core node, wherein the second parameters include a tunnel identifier and a network address associated with the controller. In some instances, the assignment request can be a request to establish a tunnel for user plane data traffic. In some instances, the assignment request can be a request to establish a tunnel for user plane voice traffic.

Abstract: An example method can include choosing a pattern or patterns of network traffic. This pattern can be representative of a certain type of traffic such as an attack. The pattern can be associated with various components of a network and can describe expected behavior of these various components. A system performing this method can then choose a nodes or nodes to generate traffic according to the pattern and send an instruction accordingly. After this synthetic traffic is generated, the system can compare the behavior of the components with the expected behavior. An alert can then be created to notify an administrator or otherwise remedy any problems.

Abstract: In one embodiment, a cloud-based service instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the service. The service receives multicast or broadcast traffic sent by the particular node in the LAN and redirected to the service via the virtual network overlay. The service identifies a group of nodes in the network that are to receive the traffic sent by the particular node, based in part by profiling the traffic associated with the particular node. The service sends the traffic sent by the particular node to at least one networking device in the LAN with an indication of the identified group of nodes in the network that are to receive the traffic sent by the particular node. The at least one networking device forwards the traffic sent by the particular node to the nodes in the identified group.

Abstract: Methods and network devices are disclosed for failure protection in traffic-engineered bit indexed explicit replication networks. In one embodiment, a method includes determining a protected link or node in a network, where the protected link or node is included in a designated path to be taken by a message through the network to a destination node, the designated path is encoded in a message bit array carried by the message, and assigned bit positions in the message bit array represent respective network links along the designated path. The method further includes determining a backup path to the destination node from a feeder node adapted to forward a message carrying the message bit array into the protected link or node, and populating an entry in a path update table stored at the feeder node. In one embodiment a network device includes a network interface and a processor configured to carry out the methods.

Abstract: Systems, methods, and computer-readable media for generating switch-level logical models of a network. In some examples, a system can obtain a logical model of a network, such as software-defined network (SDN). The logical model can represent a configuration of objects and object properties defined based on a schema associated with the network. Based on the logical model, the system can generate a rendered logical model of the network and, based on the rendered logical model, generate, for one or more network devices in the network, a respective device-specific representation of the logical model. The respective device-specific representation can project the logical model to a respective network device, such as a switch in the fabric of the network.

Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.

Abstract: In one embodiment, an apparatus includes an optical module comprising a first end for insertion into a network device and a second end extending from the network device when the optical module is inserted into the network device, and a thermal protective layer extending over a portion of the second end of the optical module, the thermal protective layer preventing direct contact with an external surface of the optical module during removal of the optical module from the network device. The thermal protective layer exposes a portion of the external surface of the second end of the optical module to allow heat to be released from the external surface of the optical module.

Abstract: In one embodiment, a computing device groups a plurality of devices into update clusters based at least on their connectivity layout, and divides update data into a plurality of update portions, distributing the plurality of update portions to a plurality of selected redistribution devices in the particular cluster (each receiving one or more of the portions). The computing device notifies devices in the particular cluster (that can use the update data) of the plurality of selected redistribution devices along with which particular update portions are available from each of the plurality of selected redistribution devices. This therefore causes (or allows) the devices needing an update to i) download needed update portions of the plurality of update portions from the redistribution devices, ii) combine all of the plurality of update portions into the update data, and iii) perform an update using the combined update data.

Abstract: In one embodiment, a device in a network gathers characteristics of a container application on the device. The device provides the gathered characteristics of the container application for security assessment. The device receives an indication of the security assessment based on the provided characteristics of the container application. The device controls execution of the container application based on the received indication of the security assessment.

Abstract: This disclosure relates to a system and method for routing data packets adaptively in a communication system. As the proliferation of data rich content and increasingly more capable mobile devices has continued, the amount of data communicated over mobile operator's networks can continue to exponentially increase. One way to accommodate increased data traffic and provide high quality data communication services to end users is by utilizing network resources efficiently. This disclosure provides systems and methods for efficiently utilizing network resources by providing adaptive intelligence to data packet routing systems.

Abstract: A method for establishing a partitioned fabric network is described. The method includes establishing a fabric network including a plurality of border nodes to couple the fabric network to one or more external data networks and a plurality of edge nodes to couple to the fabric network to one or more hosts. The method further includes defining a plurality of partitions of the fabric network. The method further includes registering each of the plurality of partitions with a corresponding one of the plurality of border nodes and with each of the plurality of edge nodes.

Abstract: In one embodiment, a technique for performing component self-tests for an in-vehicle network of a vehicle is provided that illustratively comprises: retrieving, by a device in communication with an in-vehicle network (IVN) of a vehicle, a memory sector address of a memory of a component connected to the IVN when a first startup of the vehicle begins, the memory sector address stored in non-volatile memory; performing, by the device, a memory test on a first part of the memory starting at the memory sector address for a predetermined increment during the first startup of the vehicle; and replacing, by the device, the memory sector address with an incremented memory sector address in the non-volatile memory, the incremented memory sector address indicative of the memory sector address incremented by the predetermined increment.

Abstract: In one embodiment, a network assurance service receives data regarding a monitored network. The service analyzes the received data using a machine learning-based model, to perform a network assurance function for the monitored network. The service detects a lowered performance of the machine learning-based model when a performance metric of the machine learning-based model is below a threshold for the performance metric. When it is determined that the lowered performance of the machine-learning based model is correlated with the sample rate of the received data, the service adjusts the sample rate of the data.

Abstract: Systems, methods, and computer-readable media are provided for consistent data to be used for streaming and batch processing. The system includes one or more devices; a processor coupled to the one or more devices; and a non-volatile memory coupled to the processor and the one or more devices, wherein the non-volatile memory stores instructions that are configured to cause the processor to perform operations including receiving data from the one or more devices; validating the data to yield validated data; storing the validated data in a database on the non-volatile memory, the validated data being used for streaming processing and batch processing; and sending the validated data to a remote disk for batch processing.

Abstract: The present disclosure provides for distortion cancelled by receiving a collided signal comprising first and second signals carrying respective first and second packets; digitizing the collided signal into a first digital signal and decoding the first packet therefrom; calculating a digital linear interference component of the first packet on the second from an estimated signal re-encoding the decoded first packet; synthesizing an analog linear interference component from the digital linear interference component; determining a digital nonlinear interference component of the first packet on the second from the first digital signal; amplifying the collided signal to produce a second amplified signal; removing the analog linear interference component from the second amplified signal to produce a partially de-interfered signal; removing the digital nonlinear interference component from the partially de-interfered signal to produce a de-interfered signal; and decoding the second packet from the de-interfered sign