Abstract: In one embodiment, a method includes tracking at a network device in communication with a plurality of virtual machines, virtual machine movement based on a device identifier in a packet received from one of the virtual machines and storing location information for the virtual machine in a virtual machine move list at the network device. The location information from the virtual machine move list is inserted into a forwarding information base for use in optimized forwarding of packets destined for the virtual machine. An apparatus and logic are also disclosed herein.

Abstract: A method, system and an apparatus to transport bidir PIM over a multiprotocol label switched network are provided. The method may comprise receiving a multicast packet at a network element, the multicast packet including an upstream label. The method may further comprise identifying, from the upstream label, a Multicast Distribution Tree (MDT) rooted at a rendezvous point. The packet may be forwarded along the MDT towards the RP based on the upstream label. The MDT may be identified from a downstream label and the packet may be forwarded along the MDT away from the RP based on the downstream label.

Abstract: In one embodiment, a distributed intelligence agent (DIA), hosted on a border router that provides access for a computer network to a global computer network, determines a routing topology of the computer network, and also computes a traffic matrix for the computer network based on source and destination addresses of traffic traversing the DIA, the traffic matrix providing an estimate for an amount of traffic on each link of the routing topology. Accordingly, the DIA may determine one or more portions of the routing topology for which traffic engineering (TE) should be applied based on a threshold for traffic loads on the links, and may notify one or more nodes in the computer network to change its respective current next-hop in the routing topology to an alternate next-hop based on a TE solution computed by the DIA.

Abstract: A Web-based management server includes an ACP manager to manage access control rules (ACRs) and access control policies (ACPs). The ACRs and ACPs are configured by an administrator via a Web interface of the management server. The ACP manager is to transmit over the Internet the ACPs and the ACRs to network access devices (NADs) to allow the NADs to apply the ACPs to their respective network client devices (NCDs) based on the ACRs, where the NADs are managed by the management server over the Internet. Each of the NADs operates as one of a router, a network switch, and an access point. The ACP manager is to periodically update the ACRs and ACPs stored in the NADs, including receiving an update from one NAD and broadcasting the update to a remainder of the NADs.

Abstract: An electronic device (22, 48, 50) includes an array (26) of memory cells, which are configured to store data values. One or more sense amplifiers (40) have respective inputs for receiving signals from the memory cells and are configured to output the data values corresponding to the received signals. Switching circuitry (36, 52) is coupled between the array of the memory cells and the sense amplifiers and is configured to receive an indication of a temporal pattern and to route the signals from the memory cells among the inputs of the sense amplifiers in accordance with the temporal pattern.

Abstract: A method is provided in one example and includes receiving first address information from a protected node over a first label switched path having a first label. The first address information is associated with a first network element. A second label switched path has been previously established with the first network element. The method further includes establishing a targeted session with the first network element, assigning a second label to the second label switched path, and sending the second label to the first network element over the targeted session.

Abstract: Techniques are presented for automatic tuning of operating parameters, e.g., amplifier gain, in an optical network. A section of an optical network comprises a plurality of spans between optical nodes, and each optical node has an amplifier to amplify optical signals for transmission between optical nodes. Physical network layer data is obtained from the optical nodes for use as input to an analytical model. A set of powers defining an optimum working point of the amplifiers is computed based on variations in amplifier noise figure which depend on amplifier gain. A figure of merit representative of network section performance is computed based on linear and non-linear noise at current power levels of the amplifiers. The figure of merit is evaluated. The set of powers is applied to the amplifiers in the network section when evaluation of the figure of merit indicates that network performance improvement can be achieved.

Abstract: A system and method for providing network and port address translation is provided. A global IP address and a block (chunk) of ports are allocated for each mobile subscriber (MS) on first data connection. Subsequent data connections from the same MS are assigned the same IP address and a new port from this block. The mapping information is communicated, processed, and stored once for the complete block, instead of for every new data connection. This process reduces processing, communication, and storage requirements.

Abstract: A method in an example embodiment includes modules for identifying an applet for a local network and providing instructions in a parent container file to enable operations that comprise rendering an inline web frame within a main web page, loading a source file in the inline web frame, adding a callback object to the inline web frame, and loading an interface file of the applet in the inline web frame. In particular, the loaded interface file can be configured to communicate with an entity associated with the local network by invoking the callback object. In specific embodiments, the inline web frame is hidden in the main web page. In more specific embodiments, the callback object contains one or more application programming interfaces (APIs). In further embodiments, the parent container file can include a hypertext markup language (HTML) document.

Abstract: Particular embodiments may enable setup and signaling of co-routed and non co-routed label switched paths (LSPs) of a bidirectional packet traffic engineering (TE) tunnel in an unambiguous manner with respect to provisioning of the LSPs/tunnel. A head-end node may set up the bidirectional packet TE tunnel by computing a forward (and possibly a reverse) direction LSP, and then signal the bidirectional TE tunnel utilizing, e.g., extensions to an associated Resource Reservation Protocol (RSVP) signaling method. The extensions to the associated RSVP signaling method include a plurality of additional Association Types of an Extended Association object carried in a RSVP Path message transmitted by the head-end node to the tail-end node over the forward direction LSP, wherein the additional Association Types explicitly identify the provisioning of the forward and reverse direction LSPs as co-routed or non co-routed.

Abstract: A method in one embodiment includes maintaining a list of authorized devices; creating an association between a wireless device being operated by an end user and an onboard unit (OBU) element, which is provisioned in a vehicle; establishing a session over a designated port for an application to be executed on the OBU element; and accessing resources associated with the vehicle through the OBU element. In other examples, authentication of the wireless device can occur via a wired equivalent privacy (WEP) WiFi access point provided by the OBU element. Authentication of the wireless device can also occur via a radio-frequency identification (RFID) tag. The resources can include any number of items such as speakers, a display, a microphone, a global positioning system (GPS) receiver, or any other suitable element that may be provisioned in the vehicle.

Abstract: In an embodiment, in response to receiving from a client computer a client request to connect to a server: processing the client request in a network protection device including applying one or more translations and one or more security checks, generating a server acknowledgment to the client computer as if the server acknowledged receiving the client request from the client computer, processing the server acknowledgement in the network protection device including applying one or more translations and one or more security checks and sending the server acknowledgment to the client computer; in response to receiving a client acknowledgment of receiving the server acknowledgment, determining that a first path between the client computer and the network protection device is operational; generating a server request to the server; processing the server request in the network protection device, determining that a second path between the network protection device and the server is operational.

Abstract: In one embodiment, a technique may enable control of routing convergence in a computer network during reboot of a node of a routing topology represented by a directed acyclic graph (DAG). The rebooting node, e.g., a DAG root node, may transmit a reboot notification message to nodes of the routing topology indicating that the rebooting node is unavailable during a subsequent reboot process. In response to receiving and processing the reboot notification message, the nodes of the routing topology may enter a DAG freeze state that inhibits (prevents) routing convergence in the routing topology during the reboot process so as prevent adverse consequences on network stability, such as collapse of the DAG. Thereafter upon completion of the reboot process, the rebooting node may transmit a clear message to the nodes of the routing topology that instructs the nodes to exit the DAG freeze state.

Abstract: In one embodiment, information relating to network metrics in a computer network is collected. A packet delay for a packet to be transmitted along a particular communication path is predicted based on the network metrics. Then, an optimal packet size for optimizing a transmission experience of the packet to be transmitted along the particular communication path is calculated based on the predicted packet delay. Also, a size of the packet to be transmitted along the particular communication path is dynamically adjusted based on the calculated optimal packet size.

Abstract: In one embodiment, local model parameters are generated by training a machine learning model at a device in a computer network using a local data set. One or more other devices in the network are identified that have trained machine learning models using remote data sets that are similar to the local data set. The local model parameters are provided to the one or more other devices to cause the one or more other devices to generate performance metrics using the provided model parameters. Performance metrics for model parameters are received from the one or more other devices and a global set of model parameters is selected for the device and the one or more other devices using the received performance metrics.

Abstract: In one embodiment, network metrics are collected and analyzed in a network having nodes interconnected by communication links. Then, it is predicted whether a network element failure is relatively likely to occur based on the collected and analyzed network metrics. In response to predicting that a network element failure is relatively likely to occur, traffic in the network is rerouted in order to avoid the network element failure before it is likely to occur.

Abstract: In one embodiment, a first data set is received by a network device that is indicative of the statuses of a plurality of network devices when a type of network attack is not present. A second data set is also received that is indicative of the statuses of the plurality of network devices when the type of network attack is present. At least one of the plurality simulates the type of network attack by operating as an attacking node. A machine learning model is trained using the first and second data set to identify the type of network attack. A real network attack is then identified using the trained machine learning model.

Abstract: In one embodiment, a routing topology of a network including nodes interconnected by communication links is determined. Important nodes in the network which are of relative importance are determined based on their location in the determined routing topology. Also, one or more request messages are sent causing the important nodes to gather local network metrics. Then, in response to the one or more request messages, one or more response messages including the network metrics gathered by each important node are received.

Abstract: An example method for mitigating JIT spraying attacks in a network environment is provided and includes protecting an output of a just-in-time (JIT) compiler against attacks during application execution at least by intervening from outside the application into a JIT page generated by the JIT compiler in a memory element of a host. In a specific embodiment, the intervening can include rewriting the JIT page. In specific embodiments, the method can further include generating a shadow page corresponding to the JIT page in the memory element. The method can further include randomly choosing at least one block of instructions in the JIT page, moving the at least one block of instructions to the shadow page, and replacing the at least one block of instructions in the JIT page with at least one of invalid opcodes and halt instructions.

Abstract: In one embodiment, a routing topology of a network including nodes interconnected by communication links is determined, and activity in the network is monitored to determine a normal behavior of the communication links. Weak communication links in the network that deviate from the determined normal behavior are detected, and it is then determined whether the weak communication links are spatially correlated based on the determined topology of the network. In response to the weak communication links being spatially correlated, a region of the network affected by the weak communication links is identified as a dark zone that is to be avoided when routing data packets in the network.