Abstract: In part, the disclosure relates to a photonic device that may include a curved waveguide that includes a plurality of layers; a curved elongate structure defining an upper surface, an inner elongate surface, and an outer elongate surface, the curved elongate structure comprising a first end, and a second end; and a ridge extending from the upper surface, the ridge having a first side and a second side; and a trench defined by one or more of the plurality of layers and the first side; the curved elongate structure defines a first elongate section and a second elongate section, wherein a first cross-section of the ridge has a first shape that substantially extends along the first elongate section of the structure, the first shape is defined by the first side and a step extending from the first side and above the bottom of the trench.

Abstract: Techniques and mechanisms for using passively collected network data to automatically generate a fingerprint prevalence database without the need for endpoint ground truth. The process first clusters all observations with the same fingerprint string and similar source and destination context. The process then annotates each cluster with descriptive information and uses a rule-based system to derive an informative name from that descriptive information, e.g., “winnt amp client” or “cross-platform browser”. Optionally, the learned database may be augmented by a user to clarify custom process labels. Additionally, the generated database may be used to report the inferred processes in the same way as databases generated with endpoint ground truth.

Abstract: Multi-User Multiple Input, Multiple Output (MU-MIMO) data transmissions are provided with a forward-predictive precoding matrix to mitigate the effects of a change in a state of a communication channel. First and second soundings are performed, at first and second times, to a receive antenna over a channel and, responsive to each of the soundings, first and second Channel State Information (CSI) are received. Based on the first and second CSI, a change in a state of the channel over a time period between the first and second time is determined. Based on the change in the state of the channel, a forward-predictive channel state matrix and/or a forward-predictive precoding matrix are determined that reflect a state of the channel at a future time and that are consistent with the determined change in the state over the time period. The forward-predictive precoding matrix is applied to a data transmission.

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.

Abstract: According to one or more embodiments of the disclosure, an example process herein may comprise: receiving configuration of an extension to manage one or more particular endpoints and data collectors for a particular tenant of an extensibility platform; determining a specification of a container containing one or more particular functions configured to perform required data transformations for the extension; providing one or more shared egress assistant functions configured to receive data from the one or more particular functions; and sending the data from the one or more shared egress assistant functions onto a common ingest for further processing, wherein the one or more particular functions and the one or more shared egress assistant functions are executed as functions-as-a-service at runtime.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.

Abstract: Techniques for a TCP proxy to communicate over a LEO satellite network on behalf of a client device by selecting a TCP congestion-control algorithm that is optimal for the LEO satellite network based on the time of day and/or location of the TCP proxy. Based on the locations of satellites during the day as they traverse predefined and patterned orbital paths, different TCP congestion-control algorithms may be more optimized to communicate data through the LEO satellite network. However, client devices generally use a single TCP congestion-control algorithm to communicate over WAN networks. Accordingly, a TCP proxy may be inserted on, for example, a router to communicate with the client device using a TCP congestion-control algorithm that the client device is configured to use, but then communicate over the LEO satellite network using a different TCP congestion-control algorithm that is optimal based on the time of day and/or other factors.

Abstract: In one embodiment, a device in a network detects an encrypted traffic flow associated with a client in the network. The device captures contextual traffic data regarding the encrypted traffic flow from one or more unencrypted packets associated with the client. The device performs a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier. The device generates an alert based on the classification of the encrypted traffic flow.

Abstract: Techniques for temperature control for multiple dies in an element. A temperature of a first die is measured, in an element comprising the first die and a second die. The second die includes at least a portion of a controller. The temperature of the first die is changed by adjusting activity, from the second die to the first die, based on a target temperature for the first die and the measured temperature for the first die.

Abstract: In one embodiment, a first device identifies a region of interest in video in which a light source of a second device is present by: using a current frame of the video and a prior frame of the video to compute a difference frame, performing thresholding on the current frame to form a threshold frame, and performing pixel-wise conjunction operations between the difference frame and the threshold frame, to identify a centroid of the light source of the second device. The first device detects a message within the region of interest transmitted by the second device via its light source. The device provides the message for review by a user.

Abstract: A method of provisioning a network may include, with a network controller, identifying a first network intent of a computing network based at least in part on an execution of a user interface (UI) or API layer at a client device, and identifying a modification of at least one object within the first network intent within the UI or API layer at the client device as the first network intent is being modified. The modification defines a delta between the first network intent and a second network intent. The method may further include, with a provisioning service executed by the network controller, receiving the delta as a payload from the client device, and provisioning at least one computing device within the computing network based at least in part on the delta. The method further includes automatically modifying the at least one object based on the received delta, including a further modification of the second network intent.

Abstract: In one embodiment, a method includes identifying, by a network component, a first segment identifier (SID) within a SID list. The first SID includes a first SID block and a first micro SID (uSID). The method also includes initializing, by the network component, a packing list of a uSID carrier with the first uSID of the first SID and initializing, by the network component, a packing block of the uSID carrier with the first SID block of the first SID. The method further includes initializing, by the network component, a remaining packing capacity of the packing list with a carrier capacity of the first SID and initializing, by the network component, an empty compressed SID list.

Abstract: One technique includes receiving, in a first network, a multi-destination packet from a second network, and determining, based on the multi-destination packet, a first multi-destination tree in the first network for forwarding the multi-destination packet. In response to determining that the first multi-destination tree is not rooted on the network device, a second multi-destination tree in the first network is determined, and the multi-destination packet is transmitted using the second multi-destination tree. Another technique includes, upon detecting a first network device joining a network, sending a first indication to a second network device that the first network device is in a state for an amount of time. After the amount of time has elapsed, a second indication that the first network device has exited the state is sent to the second network device. A topology of the network is updated after the first network device has exited the state.

Abstract: Multi-link selection based on Transmit Power Control (TPC) may be provided. A computing device may receive Multi-Link Device (MLD) association information associated with a client device. The MLD association information may describe MLD links the client device may require. A set of MLD links available on a network may be determined based on the MLD association information. The determined set of MLD links may then be sent to the client device.

Abstract: Time Sensitive Network (TSN) Quality of Service (QoS) management may be provided. A number of Transmit Opportunities (TxOPs) to use for transmitting data between an Access Point (AP) and a client device over a wireless link may be received. An initial gate configuration to the AP for transmitting data between the AP and the client device over the wireless link for a transmit period of each cycle of a number of cycles may be provided based on the number of TxOPs. A change in a network condition of the wireless link may be detected. The initial gate configuration for the transmit period in a current cycle of the number of cycles may be adjusted in response detecting the change in the network condition of the wireless link.

Abstract: Preemption in wireless may be provided. Access Category (AC) parameters may be received for a preemption AC within a plurality of ACs. The preemption AC parameters may comprise a Contention Window maximum (CWmax) comprising a first predetermined value and a preemption Arbitrary Interframe Space Number (AIFSN) of less than or equal to a second predetermined value. AC parameters for others of the plurality of ACs may be received wherein a non-preemption AIFSN associated with any of the others of the plurality of ACs is greater than a sum of the first predetermined value the second predetermined value. Preemption for traffic in the preemption AC may be allowed.

Abstract: In one embodiment, a method includes identifying a problematic event between a first interest point and a second interest point of a network and activating, in response to identifying the problematic event between the first interest point and the second interest point, a first endpoint associated with the first interest point and a second endpoint associated with the second interest point. The method also includes receiving, from the first endpoint and the second endpoint, telemetry data associated with a problematic path between the first interest point and the second interest point. The method further includes determining the problematic path between the first interest point and the second interest point using the telemetry data received from the first endpoint and the second endpoint.

Abstract: Techniques for ensuring symmetric forwarding between disparate networks. The techniques may include receiving a gateway preference order associated with a route advertised by an edge node, the edge node associated with a first network. The techniques may also include determining, based at least in part on the gateway preference order, that a gateway node is a more preferred gateway for the route than another gateway node, the gateway node configured to facilitate communications between the first network and a second network. In some examples, the techniques may also include converting the gateway preference order into a metric associated with an IP routing protocol that is in use in the second network. In some examples, the route including the metric may be distributed within the second network such that the gateway node is the more preferred gateway for return traffic of the route.

Abstract: A method includes receiving a DNS request, notifying a serverless orchestrator system of data associated with the DNS request, provisioning a function on a serverless function node based on the DNS request, notifying a load balancer regarding the serverless function node, providing a response to the DNS request and routing an API request associated with the DNS request to the serverless function node.