Abstract: In one embodiment, a master on-boarding agent establishes a virtual private network (VPN) connection with a local on-boarding agent executed by a gateway of a vehicle. The master on-boarding agent receives, via the VPN connection, vehicle data obtained by the local on-boarding agent from a co-pilot system of the vehicle. The master on-boarding agent configures, based on the received vehicle data, the gateway of the vehicle with a network configuration, wherein the network configuration includes an Internet Protocol (IP) address for the gateway. The master on-boarding agent coordinates, based on the network configuration, application of a security policy to the gateway.

Abstract: In one embodiment, a service receives input data from networking entities in a network. The input data comprises synchronous time series data, asynchronous event data, and an entity graph that that indicates relationships between the networking entities in the network. The service clusters the networking entities by type in a plurality of networking entity clusters. The service selects, based on a combination of the received input data, machine learning model data features. The service trains, using the selected machine learning model data features, a machine learning model to forecast a key performance indicator (KPI) for a particular one of the networking entity clusters.

Abstract: In one embodiment, a device in a network receives data regarding a plurality of predefined health status rules that evaluate one or more observed conditions of the network. The device, using the data regarding the plurality of health status rules for the network, trains a machine learning-based classifier to generate predictions regarding outputs of the health status rules. The device adjusts the machine learning-based classifier based on feedback associated with the generated predictions. The device provides an indication of one or more of the predictions regarding the outputs of the health status rules to a user interface.

Abstract: In one embodiment, a device predicts a failure of a first tunnel in a software-defined wide area network (SD-WAN). The device makes a prediction as to whether a second tunnel in the SD-WAN will satisfy a service level agreement (SLA) associated with traffic on the first tunnel. The device proactively reroutes the traffic from the first tunnel onto the second tunnel, based on the prediction as to whether that the second tunnel will satisfy the SLA of the traffic. The device monitors one or more quality of service (QoS) metrics for the rerouted traffic, to ensure that the second tunnel satisfies the SLA of the traffic.

Abstract: In one embodiment, an authoritative edge device (AED)-server in a computer network maintains assignment of an active AED for a particular virtual local area network (VLAN), and in response to a triggered re-assignment, sends an AED change request identifying an old active AED for the particular VLAN and a new active AED for the particular VLAN (e.g., and/or corresponding backups). In response to receiving the change request, the old active AED ceases forwarding of traffic for the particular VLAN and transmits a relinquishment confirmation into the network. Also, in response to receiving the change request and the relinquishment confirmation from the old active AED, the new active AED assumes responsibility for traffic forwarding for the particular VLAN and transmits an activation confirmation into the network. The change request is then deemed completed by the AED-sever upon receipt of both the relinquishment confirmation and the activation confirmation.

Abstract: Techniques for optimizing network traffic distribution functions at network elements are described. As described, a network element provides information about network traffic distribution at the network element to a network controller. The network controller determines optimized network control parameters using machine learning that when implemented at the network element, redistributes network traffic over various network resources.

Abstract: In one embodiment, a network node automatically cycles among packet traffic flows and subjects the currently selected packet flows to varying drop probabilities in a packet network, such as, but not limited to in response to congestion in a device or network. Packets of a currently selected packet traffic flow are subjected to a drop or forward decision with a higher drop probability than packets of a currently non-selected flow. By cycling through all of these packet traffic flows, all of these packet flows are subjected to the drop or forward decision in the long term approximately uniformly, thus providing fairness to all packet traffic flows. In the short term, packets of a currently selected flow are targeted for possible dropping with a higher drop probability providing unfairness to the currently selected flows over the non-selected flows.

Abstract: Low latency wireless communications may be provided. A client device may be authorized for a first association in response to the client device making a first concurrent association request that may include a first Media Access Control (MAC) address. In response to authorizing the client device for the first association, an Endpoint Identifier (EID) associated with the client device may be registered with a first Routing Locator (RLOC) in a map server, the first RLOC being associated with the first MAC address. The client device may then be authorized for a second association in response to the client device making a second concurrent association request that includes a second MAC address. In response to authorizing the client device for the second association, the EID associated with the client device may be registered with a second RLOC in the map server, the second RLOC being associated with the second MAC address.

Abstract: Spectrum management for coexistence of heterogeneous wireless technologies may be provided. A first Radio Frequency (RF) event metric may be received from a first service end point. The first RF event metric may comprise a time a first event occurred. A second RF event metric may be received from a second service end point. The second RF event metric may comprise a time a second event occurred. Then it may be determined that the time the first event occurred and the time the second event occurred are substantially congruent. Next, in response to determining that the time the first event occurred and the time the second event occurred are substantially congruent, the first service end point and the second service end point may be grouped in a first RF group thereby allowing frequency re-use across similar RF groups. Then different channels may be assigned to the first service end point and the second service end point.

Abstract: In one embodiment, a device configures a plurality of subinterfaces for each of a plurality of physical ports of a software defined network (SDN). The device allocates a fixed amount of bandwidth to each of the subinterfaces. The device forms a plurality of midlays for the SDN by assigning subsets of the plurality of subinterfaces to each of the midlays. The device assigns a network slice to one or more of the midlays, based on a bandwidth requirement of the network slice.

Abstract: Methods and architecture for load-correcting requests for serverless functions to reduce latency of serverless computing are provided. An example technique exploits knowledge that a given server node does not have a serverless function ready to run or is overloaded. Without further processing overhead or communication, the server node shifts the request to a predetermined alternate node without assessing a current state of the alternate node, an efficient decision based on probability that a higher chance of fulfillment exists at the alternate node than at the current server, even with no knowledge of the alternate node. In an implementation, the server node refers the request but also warms up the requested serverless function, due to likelihood of repeated requests or in case the request is directed back. An example device has a front-end redirecting server and a backend serverless system in a single component.

Abstract: Techniques for identifying network congestion and adapting network performance to relieve the network congestion are described. As described, a network element such as a switch reports network congestion indicators such as link level control frames to a network controller. The network controller uses the network congestion indicators reported from the network elements to identify congestion points, data traffic, and data flows experiencing congestion at a network level. The network controller then determines optimized control parameters for the network in order to reduce or alleviate the congestion at the congestion points.

Abstract: Techniques for network routing border convergence are described. Backup paths for external connections for a network are established and provide for a temporary path for network traffic during network routing convergence, preventing traffic loss at network border nodes.

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

Abstract: In one embodiment, a supervisory service for a wireless network computes a compressive sensing schedule for a plurality of sensors in the wireless network. The service sends target wake time (TWT) messages to a subset of the plurality of sensors according to the computed compressive sensing schedule. The service receives, in response to the TWT messages, sensor readings from the subset of the plurality of sensors. The service performs compressive sensing on the received sensor readings.

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

Abstract: In one embodiment, a network assurance system that monitors a network labels time periods with positive labels, based on the network assurance system detecting problems in the network during the time periods. The network assurance system assigns tags to discrete portions of a feature space of measurements from the monitored network, based on whether a particular range of values in the feature space has a threshold probability of occurring during a positively-labeled time period. The network assurance system determines a set of the assigned tags that frequently co-occur with the positively-labeled time periods in which problems are detected in the network. The network assurance system causes performance of a mitigation action in the network based on the set of assigned tags that frequently co-occur with the positively-labeled time periods.

Abstract: In dense Wireless Local Area Network (WLAN) deployments, Access Points (APs) in other Extended Service Sets (ESSs) can be hidden (a first AP does not receive signals from a third AP). However, these APs in other ESSs can still interfere with communications between the third AP and the devices communicating with the first AP. To improve service to that device in that situation, the first AP needs information about the third AP in the first AP's decision making processes. In these situations, a second AP, in contact with the third AP, can share information about the third AP with the first AP so that the first AP can avoid colliding with the third AP.

Abstract: Many modern devices and machines (e.g., Internet of Things (IoT) devices and connected vehicles (CV)) include wireless interfaces that permit external devices to communicate with the devices and machines. These wireless interfaces can be attacked by malicious actors who can affect the operation of the devices or machines. Embodiments herein describe a user controlled actuator (e.g., a knob, set of buttons, switches, etc.) for responding to a wireless attack. Using the actuator, the user can set a response level depending on the threat. Each threat level can elicit a predefined action or set of actions from a control system in the device or machine.

Abstract: Techniques and mechanisms for secure management of network device configuration and audit are provided. A configuration blockchain is received by a first network device of a plurality of network devices. Additionally, the first network device analyzes the configuration blockchain to identify a plurality of configuration records associated with a second network device of the plurality of network devices. For at least one respective configuration record of the plurality of configuration records, the first network device determines a respective configuration change reflected in the at least one respective configuration record, and implements the respective configuration change on the first network device.