Abstract: In one embodiment, a pluggable module for insertion into a socket of a network cabinet is disclosed, the pluggable module comprising a body having first and second portions arranged along an axis, wherein the module is arranged for insertion of the first portion into said socket in a direction of insertion along the axis, whereupon the second portion protrudes from said socket along the axis and away from the direction of insertion, and wherein the second portion comprises a first heat sink on a surface of the second portion, wherein the first heat sink comprises a plurality of parallel fins aligned with the axis of insertion.

Abstract: In one embodiment, a device disassembles an executable file into assembly instructions. The device maps each of the assembly instructions to a fixed length instruction vector using one-hot encoding and an instruction vocabulary and forms vector representations of blocks of a control flow graph for corresponding functions of the executable file by embedding and aggregating bags of the instruction vectors. The device generates, based on the vector representations of the blocks of the control flow graph, a call graph model of the functions in the executable file. The device forms a vector representation of the executable file based in part on the call graph model. The device determines, based on the vector representation of the executable file, whether the executable file is malware.

Abstract: Dynamic policy mapping is provided via mapping, by an Access Point (AP), a plurality of applications to a set of privilege groups for Quality of Service (QoS) levels in a network; transmitting the mapping of the privilege groups to a client device; receiving packets from the client device including QoS markers; and in response to determining that the QoS markers received from the client device do not match the privilege groups for the packets, performing a corrective action on the client device, wherein the corrective action includes one or more of: disassociating the client device from the network; and retransmitting the set of privilege groups to the client device. In some embodiments, the privilege groups are transmitted before the client device is associated with the AP, enabling the client device to select what AP to associate with based on the privilege groups.

Abstract: A method is provided in one example embodiment and includes detecting by a first network element at a first data center site a local connection of an endpoint identifier (“EID”), in which the EID was previously locally connected to a second network element at a second data center site and notifying a mapping server of the local connection of the EID to the first network element. The method further includes receiving from the mapping server identifying information for the second network element and communicating with the second network element using the identifying information to obtain service information for traffic associated with the EID. The method may also include applying a service identified by the service information to outgoing traffic from the EID as well as applying a service identified by the service information to incoming traffic for the EID.

Abstract: In one embodiment, a method comprises communicating with a plurality of network elements via a first communication protocol to obtain state information of the plurality of network elements; receiving a request via a second communication protocol for a communication session to be established for a client computing device; selecting one or more network elements, wherein the selection is based on at least a portion of the state information of the network elements; and communicating identification information of the one or more network elements selected for use in the communication session.

Abstract: In one embodiment, a processor of a vehicle predicts a state of the vehicle using a behavioral model. The model is configured to predict the state based in part on one or more state variables that are available from one or more sub-systems of the vehicle and indicative of one or more physical characteristics of the vehicle. The processor computes a representation of a difference between the predicted state of the vehicle and a measured state of the vehicle indicated by one or more state variables available from the one or more sub-systems of the vehicle. The processor detects a malicious intrusion of the vehicle based on the computed representation of the difference between the predicted and measured states of the vehicle exceeding a defined threshold. The processor initiates performance of a mitigation action for the detected intrusion, in response to detecting the malicious intrusion of the vehicle.

Abstract: Aspects of the disclosed technology address the problems of manually identifying and optimizing service chain (SC) performance bottlenecks by providing solutions for automatically identifying and tuning various SC parameters. In some aspects, a SC optimization process of the disclosed technology includes the replication or cloning of a SC for which traffic flow is to be optimized. Traffic flows for the production chain can then be simulated over one or more SC clones to identify and tune individual system parameters, for example, to determine if the simulated changes produce a positive, negative, or neutral change in flow performance. Systems and machine-readable media are also provided.

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

Abstract: In one embodiment, a device generates a model of oscillations between a particular path in a network satisfying a service level agreement template of traffic conveyed via the particular path and the particular path in the network not satisfying the service level agreement template. The device causes the traffic to be rerouted onto the particular path, based on a prediction by the model that the particular path will not oscillate for a period of time. The device determines, using the model, an adjustment to the service level agreement template that would reduce the oscillations. The device provides, to a user interface, an indication of the adjustment to the service level agreement template.

Abstract: A method and a router device for managing memory for network overlay routes with fallback route support prioritization may be provided. A network overlay route as a candidate network overlay route may be obtained at a router for storage in a memory. The memory may store a plurality of network overlay routes for forwarding user plane traffic in a network. An assessment for storage of the candidate network overlay route based on a priority level indicator of the candidate network overlay route may be performed. The priority level indicator may be indicative of a fallback route support level of the candidate network overlay route in the router. Based on the assessment, at least one of the following may be performed: adding the candidate network overlay route to the memory and refraining from adding the candidate network overlay route to the memory.

Abstract: Methods and systems for tracking transactions in a network fabric, include: receiving a message generated by a node in the network fabric; assigning a uniform fabric identifier (“UFID”) to the node; assigning a uniform transaction identifier (“UTID”) to the message”; appending the UFID and the UTID to the message; and storing the message in a database.

Abstract: In one embodiment, a mobile robot energizes its state-variable anchor into a released state while contacting a payload, and then de-energizes it to put it into an anchored state, attaching it to the payload. The mobile robot may then move the payload to a mounting location while the state-variable anchor is de-energized and attached to the payload. As such, the mobile robot may then energize a state-variable anchor of the payload to put it into a released state while at and contacting the mounting location, and then de-energizes it to put it into an anchored state to attach the payload to the mounting location. To then detach the state-variable anchor of the mobile robot and the mobile robot from the payload after the payload is attached to the mounting location, the mobile robot may then energize the state-variable anchor of the mobile robot to put it into a released state.

Abstract: In one embodiment, a device in a network intercepts traffic sent from a first endpoint destined for a second endpoint. The device sends a padding request to the second endpoint indicative of a number of padding bytes. The device receives a padding response from the second endpoint, after sending the padding request to the second endpoint. The device adjusts the intercepted traffic based on the received padding response. The device sends the adjusted traffic to the second endpoint.

Abstract: In one embodiment, a controller in a network trains a deep reinforcement learning-based agent to predict traffic flows in the network. The controller determines one or more resource requirements for the predicted traffic flows. The controller assigns, using the deep reinforcement learning-based agent, paths in the network to the flows based on the determined one or more resource requirements, to avoid fragmentation of a flow during transmission of the flow through the network. The controller sends, to nodes in the network, assignment instructions that cause the flows to traverse the network via their assigned paths.

Abstract: In one embodiment, a method includes determining a first configuration information for configuring a user plane device of the first network slice associated with the control plane device, generating a first configuration identifier based on the first configuration information, sending, to the user plane device of the first network slice, the first configuration identifier and the first configuration information, receiving, from the user plane device of the first network slice, a second configuration identifier, wherein the second configuration identifier is generated by the user plane device of the first network slice based on the first configuration information received from the control plane device, and verifying, by comparing the first configuration identifier and the second configuration identifier, that the user plane device of the first network slice is configured using the first configuration information.

Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.

Abstract: This disclosure describes various methods, systems, and devices related to identifying path changes of data flows in a network. An example method includes receiving, at a node, a packet including a first path signature. The method further includes generating a second path signature by inputting the first path signature and one or more node details into a hash function. The method includes replacing the first path signature with the second path signature in the packet. The packet including the second path signature is forwarded by the node.

Abstract: Networking device serviceability may be provided. A networking device may be disposed in a rack between uprights. The networking device may comprise a first plurality of switch bars each comprising a first switch type arranged parallel to one another, a second plurality of switch bars each comprising a second switch type arranged parallel to one another, and a third plurality of switch bars each comprising a third switch type arranged parallel to one another. The first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars may be arranged orthogonally. A hinge device associated with the networking device may be configured to allow the networking device to rotate at least a predetermined angle value from a first position between the uprights to a second position where both the first plurality of switch bars and the second plurality of switch bars are clear from the uprights.

Abstract: The present disclosure provides signal management with unequal eye spacing by: determining a dispersion slope of a channel between a transmitter and a receiver based on a temperature of the transmitter and a wavelength used by the transmitter to transmit signals over the channel; determining maximum and minimum powers for transmission over the channel; assigning a plurality of rails to a corresponding plurality of power levels, wherein amplitude differences between adjacent rails of the plurality of rails are based on the dispersion slope and produce a first eye pattern with a first Ratio of Level Mismatch (RLM) less than one; encoding, by the transmitter, data onto a conditioned signal according to the plurality of rails; and transmitting the conditioned signal over the channel, so that the conditioned signal demonstrates a second eye pattern with a second RLM greater than the first RLM when received at the receiver.

Abstract: The fault detection system described provides an efficient method to test and monitor component to component connectivity in an electronic package using on chip test circuits and on chip components, which reduces the need for external testing equipment and analysis. The on chip nature allows for both real time testing in the assembly process of the electronic packages and during use of the electronic package by determining an on chip reference measurement and using the reference measurement to determine an operational status of the package.