Abstract: A method may include bridging in, via a fabric, a multicast data packet from a source device to a first edge device of a plurality of edge devices and flooding the multicast data packet to the plurality of edge devices within a mutual subnetwork of the fabric. The method further includes bridging out the multicast data packet from a second edge device of the plurality of edge devices to a receiving device. The source device and the receiving device are located within the mutual subnetwork.

Abstract: Correlating devices and clients across addresses may be provided. A first address associated with a client device may be received. When the client device is not connected to a network, first location data associated with the first address may be obtained using a passive technique. A second address and second location data associated with the second address may then be obtained using an active technique. It may then be determined that the first location data and the second location data correlate. In response to determining that the first location data and the second location data correlate, it may be determined that the client device has changed from the first address to the second address.

Abstract: Dynamic configuration of Overlapping Basic Set Service Preamble Detect (OBSS/PD) parameters for an Access Point (AP) may be provided. First, a plurality of stations within a Spatial Reuse (SR) range of the AP may be determined. Next, Signal to Interference plus Noise Ratio (SINR) calculations associated with the plurality of stations may be performed to determine an SINR impact on the plurality of stations if the AP performs an SR transmission given OBSS/PD parameters currently configured for the AP. Then, based on the SINR calculations, the OBSS/PD parameters for the AP may be dynamically adjusted.

Abstract: This disclosure describes using a dynamic proxy for securing communications between a source within a cloud environment and an application container. The techniques include intercepting traffic directed to an application container, analyzing the traffic and traffic patterns, and allowing or preventing the traffic from being delivered to the application container based on the analysis. A traffic analysis engine may determine whether the traffic is considered safe and is to be allowed to be delivered to the application container, or whether the traffic is considered unsafe and is to be prevented from being delivered to the application container, According to some configurations, the address(es) to the network interfaces (e.g., WIFI or Eth0) are abstracted to help ensure security of the application containers.

Abstract: In one embodiment, a deep fusion reasoning engine receives network telemetry data collected from a network. The deep fusion reasoning engine learns resource utilizations for different heuristic packages that can be used in the network to evaluate operation of the network. The deep fusion reasoning engine selects one of the heuristic packages based on the resource utilizations learned for the different heuristic packages. The selected heuristic package comprises a subservice and a set of rules to be evaluated. The deep fusion reasoning engine deploys the selected heuristic package for execution by a device in the network to evaluate operation of the network using the set of rules.

Abstract: Electrical test of optical components via metal-insulator-semiconductor capacitor structures is provided via a plurality of optical devices including a first material embedded in a second material, wherein each optical device is associated with a different thickness range of a plurality of thickness ranges for the first material; a first capacitance measurement point including the first material embedded in the second material; and a second capacitance measurement point including a region from which the first material has been replaced with the second material.

Abstract: A network management system is configured to detect one or more malicious activities at one or more devices connected to a network. The network management system is configured to determine a malware root of the one or more malicious activities and generate a network-wide indicating a hierarchical relationship between the malicious activities spawned by the malware root and the malware root. The malicious activities spawned by the malware root represented in the network-wide malware include the one or more malicious activities and include a plurality of malicious activities spawned across a plurality of devices connected to the network.

Abstract: Techniques for using computer networking protocol extensions to route control-plane traffic and data-plane traffic associated with a common application are described herein. For instance, a traffic flow associated with an application may be established such that control-plane traffic is sent to a control-plane node associated with the application and data-plane traffic is sent to a data-plane node associated with the application. When a client device sends an authentication request to connect to the application, the control-plane node may send an indication of a hostname to be used by the client device to send data-plane traffic to the data-node. As such, when a packet including the hostname corresponding with the data-plane node is received, the packet may be forwarded to the data-plane node.

Abstract: An access point for a private network onboards a wireless device obtaining a connection request from the wireless device and detecting a standardized identifier that indicates the wireless device is unprovisioned for access to the private network. The access point disables an authentication protocol for granting access to the wireless device on the private network and limits access of the private network by the wireless device to accessing a provisioning server. The access point provides a connection response to the wireless device that indicates limited access to the private network.

Abstract: A system and method are provided to derive Virtual Network Function (VNF) infrastructure and networking requirements from the virtual network function descriptor and network services descriptor definitions (extended). This results in a fully automated system for VIM creation and VNF onboarding in order to prepare the infrastructure for VNF instantiation.

Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations. The operations comprise selecting a primary node to replicate multicast traffic and forward the multicast traffic to a plurality of receivers, selecting one or more secondary nodes to provide node-level redundancy for the primary node, and providing the one or more secondary nodes with synchronization information that enables the one or more secondary nodes to replicate the multicast traffic and forward the multicast traffic to the plurality of receivers in response to the primary node becoming unavailable. Selecting the primary node is based in software.

Abstract: An apparatus and method is disclosed for segment routing (SR) over label distribution protocol (LDP). In one embodiment, the method includes a node receiving a packet with an attached segment ID. In response, the node may attach a label to the packet. Thereafter, the node may forward the packet with the attached label and segment ID to another node via a label switched path (LSP).

Abstract: Managing noise during an online conference session includes obtaining audio data from an endpoint participating in an online conference session. The audio data is derived from audio captured at the endpoint that includes musical sounds. The audio data is processed to identify a portion of the audio data in which a decibel level of the musical sounds is stable for a period of time. Non-musical noise present, if any, in the audio data with the musical sounds is identified and the non-musical noise is attenuated from the audio data to generate noise-reduced musical audio data. The noise-reduced musical audio data is transmitted for play out at one or more other endpoints participating in the online conference session.

Abstract: The techniques described herein relate to methods that include: obtaining criteria for a mobile network deployment; selecting a server configuration template for a server configuration based upon the criteria; generating the server configuration for the mobile network deployment based upon the server configuration template; validating the server configuration to ensure the criteria are met by the mobile network deployment of the server configuration; deploying the server configuration as the mobile network deployment; obtaining key performance indicators from the mobile network deployment; updating the mobile network deployment in response to obtaining the key performance indicators; and updating the server configuration template in response to obtaining the key performance indicators.

Abstract: Techniques for virtual private network (VPN) services over optical networks. Client data is received from a source device connected to a first node in an optical communication network. The client data is for transmission over the optical communication network to a destination device connected to a second node in the optical communication network. The client data is transmitted from the source device to the destination device using a layer 2 (L2) virtual network connection between the source device and the destination device. This includes transmitting the client data from the first node to the second node over an optical transport network (OTN) path through the optical communication network using a frame. The second node is configured to receive the frame and transmit the client data to the destination device based on an identifier in the frame.

Abstract: A method includes receiving, at an access node, a connection request from a device and in response to the connection request, establishing a connection with an identity provider. The device, the access node, the local network, and the identity provider are members of an identity federation. The method also includes, after the device is authenticated with the identity provider, sending or receiving, to or from the identity provider and by the access node, data linking the device to an item and an owner of the device.

Abstract: Techniques for multi-tenant overlays with per-tenant distributed routing are described herein. The techniques may include provisioning an overlay network such that tenants hosted by a forwarding plane of the overlay network are each configured to forward routing protocol packets to a routing control plane of the overlay network and the routing control plane of the overlay network is configured to determine routing paths between each tenant and respective destinations. A routing protocol packet may be sent to the routing control plane by a first tenant. The routing protocol packet may include an indication of a destination that is served by the first tenant. Based on receiving the routing protocol packet, the routing control plane may determine one or more routing paths between the tenants and the destination. Additionally, an indication of the routing path may be sent to the tenants.

Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.

Abstract: Embodiments herein describe techniques for prioritizing applications based on application usage data. The space in the TCAM in many network devices is limited. That is, there may be more applications (and corresponding QoS settings) than there is space in the TCAM. In the embodiments herein, a netflow collector monitors the traffic flows in the network devices. A application usage tracker can identify which applications generate traffic in which network devices. That is, the application usage tracker can identify, based on the information provided by the netflow collector, the application usage of each network device. The central management tool can prune the applications that are not used by the network device and generate QoS settings only for applications that are used by the network device.

Abstract: In one embodiment, a device obtains audio data from one or more past conferences. A prediction model that predicts when participants of a conference will speak is generated based on the audio data from the one or more past conferences. The device uses the prediction model to predict a speech distribution for participants of a particular conference. Then, the device proactively optimizes audio parameters of the particular conference based on its predicted speech distribution.