Abstract: In one embodiment, a service receives data regarding administration traffic in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the received data to determine whether the administration traffic is authorized. The service flags the received data as authorized, based on the analysis of the received data. The service uses the data flagged as authorized to distinguish between benign traffic and malicious traffic in the network.

Abstract: Techniques for a configuration change service to transition a network controller into a frozen state, causing network users submitting configuration changes associated with the network to refrain from deploying the configuration changes for a period of time are disclosed. A first user configured as a stager role may submit data representing a proposed change to the configuration change service, where the proposed change may be stored in association with a list of proposed changes. A second user configured as an approver role may submit data representing an approval or disapproval of the proposed changes to the configuration change service, where a modified list of proposed changes may be generated. A third user configured as an administrator role may submit data configured to transition the controller to an unfrozen state and/or deploy the changes included in the list of proposed changes to the network controller, subsequent to the period of time.

Abstract: In one embodiment, a monitoring process identifies a plurality of media elements added inside a viewport of a webpage, and calculates a render time of each of the plurality of media elements. After determining a load completion time of the webpage, the monitoring process may then determine a particular media element of the plurality of media elements that rendered last in the viewport before the load completion time based on the calculated render times. Accordingly, the monitoring process may then establish that a visually complete time (VCT) of the webpage is a corresponding render time of the particular media element that rendered last in the viewport.

Abstract: In one embodiment, a service obtains spatial information regarding a physical area. The service estimates locations of a device within the physical area over time, based on wireless signals sent by the device. The service generates a set of images based on the spatial information regarding the physical area and on the estimated locations of the device within the physical area over time. The service updates an estimated location of the device by inputting the generated set of images to a machine learning model trained to minimize a location estimation error.

Abstract: Aspects described herein include an optical waveguide emitter that includes a first optical waveguide and a second optical waveguide that are evanescently coupled and collectively configured to selectively propagate only a first mode of a plurality of optical modes. Each of the first optical waveguide and the second optical waveguide extend through an input waveguide section, a turning waveguide section, and an output waveguide section. One or more of the input waveguide section, the turning waveguide section, and the output waveguide section includes an optically active region. The optical waveguide emitter further includes a refractive index-increasing feature in the turning waveguide section.

Abstract: This disclosure describes techniques for providing manufacturer usage description (MUD) solution to automatically update network access policy for client application software. The method may include embedding metadata in the application binary. The metadata may include MUD uniform resource identifiers (URIs) that may point to MUD files describing the application's network access requirements. The MUD files may be hosted by application vendor's MUD servers. The system may include a network policy server that is able discover the MUD URIs. The MUD URIs may be discovered based on extracting the MUD URIs from the metadata and/or being provision with the set of MUD URIs for trusted applications. The method may include enterprise wide policy and individual host policy for implementation of the MUD files.

Abstract: This disclosure describes techniques for providing a network diagnostic system with on-premise node processing and cloud node processing to optimize bandwidth usage and decrease memory footprint. The on-premise node may receive streaming telemetry from connected network devices and encode to the telemetry data into filtered data objects. The on-premise node may determine whether the state of a network device has changed to determine to push the filtered data object to a cloud node for further diagnostic analysis. The cloud node may include a gateway and a pool of proxy servers, wherein each proxy server is designated to perform diagnostic analysis on a single product type.

Abstract: Embodiments described herein include an apparatus comprising a semiconductor-based photodiode disposed on a semiconductor layer, and an optical waveguide spaced apart from the semiconductor layer and evanescently coupled with a depletion region of the photodiode. The photodiode may be arranged as a vertical photodiode or a lateral photodiode.

Abstract: An apparatus, computer program product, and method relating to radio sensor coverage estimation for wireless network assurance. A network controller estimates a network sensor coverage level for candidate access points (APs), based on potential use of the candidate APs as network sensors to measure at least one key performance indicator (KPI). The controller determines a subset of the candidate APs, based on evaluating candidate APs for suitability as network sensors. The controller estimates a second network sensor coverage level for the subset of candidate APs, based on potential use of the subset of candidate APs as network sensors. The controller determines that the second network sensor coverage level is within a pre-defined threshold of the first network sensor coverage level, and provisions a radio in each AP in the subset of candidate APs as a network sensor to measure at least one KPI.

Abstract: Techniques for efficient data correlation are provided. A first data partition is received, and a first hash table of a plurality of hash tables is selected based on a timestamp associated with the first data partition. Additionally, a first hash bucket in the first hash table is identified based on the first data partition. It is determined that the first hash bucket includes a second data partition. Upon determining that the first hash bucket satisfies a predefined criterion, the second data partition is removed from the first hash bucket, and the first and second data partitions are associated.

Abstract: Embodiments disclosed herein generally relate to optical coupling between a highly-confined waveguide region and a low confined waveguide region in an optical device. The low confined waveguide region includes a trench in a substrate of the optical device in order to provide additional dielectric layer thickness for insulation between the substrate of the optical device and waveguides for light signals having a low optical mode. The low confined waveguide region is coupled to the highly-confined waveguide region via a waveguide overlap and in some embodiments via an intermediary coupling waveguide.

Abstract: Embodiments herein describe optical interposers that utilize waveguides to detect light. For example, in one embodiment, an apparatus is provided that includes an optical detector having a first layer. The first layer includes at least one of polysilicon or amorphous silicon. The first layer forms a diode that includes a p-doped region and an n-doped region. The apparatus further includes a waveguide optically coupled to the diode and disposed on a different layer than the first layer.

Abstract: In one embodiment, a service monitors collection of telemetry data by a telemetry exporter in a network. The telemetry exporter collects the telemetry data from a plurality of interfaces via which a plurality of encrypted traffic flows flow. The telemetry exporter also sends the collected telemetry data to a traffic analysis service for analysis. The service determines that a cost associated with the collection of the telemetry data by the telemetry exporter exceeds a cost threshold. The service selects a subset of the interfaces from which telemetry data is to be captured by the telemetry exporter, based in part on a determination that the cost associated with the collection of the telemetry data exceeds the cost threshold. The service controls the telemetry exporter to collect telemetry data from a subset of the plurality of encrypted traffic flows that use the selected subset of interfaces.

Abstract: In one embodiment, a network assurance service maintains a data lake of network telemetry data obtained by the service from any number of computer networks. The service generates a machine learning model for on-premise execution in a particular computer network to detect network issues in the particular network. To do so, the service repeatedly selects a candidate set of model settings based in part on the data lake of network telemetry data, trains a machine learning model using network telemetry data from the data lake that matches the candidate set of model settings, and tests performance of the trained model using an emulator that emulates network issues in the particular network. The service further deploys the generated machine learning model to the particular computer network for on-premise execution.

Abstract: Techniques for dropping packets at congested network elements for no drop traffic are described. A network element in communication with a congested network element initiates a copy packet queue and stores a copy of each transmitted no-drop packet sent to the congested element. When the network element receives an indication that the congested element has dropped a no-drop packet, the network element begins retransmission of the dropped packets to the congested element from the copy packet queue, thus providing a lossless network while allowing for dropped packets.

Abstract: In one embodiment, a maximum transmission unit (MTU) mismatch assessment service receives a notification of a mismatch between a packet size of a packet sent by a source to a destination in a network and an MTU of an intermediate router between the source and destination in the network. The service determines, using a machine learning-based model, that the mismatch represents a persistent MTU mismatch condition at the intermediate router. The service identifies a target router in the network to receive a configuration adjustment instruction, based on the persistent MTU mismatch condition. The service sends the configuration adjustment instruction to the target router, to alleviate the persistent MTU mismatch condition at the intermediate router.

Abstract: According to some embodiments, a method performed by a software defined wide area network (SD-WAN) controller in a SD-WAN network comprising a plurality of aggregation edge routers and a plurality of branch edge routers comprises the following steps.

Abstract: The fault detection system described provides an efficient method to test and monitor component to component connectivity in an electronic package using on chip test circuits and on chip components, which reduces the need for external testing equipment and analysis. The on chip nature allows for both real time testing in the assembly process of the electronic packages and during use of the electronic package by determining an on chip reference measurement and using the reference measurement to determine an operational status of the package.

Abstract: In one embodiment, a device predicts a failure of a first tunnel in a software-defined wide area network (SD-WAN). The device makes a prediction as to whether a second tunnel in the SD-WAN will satisfy a service level agreement (SLA) associated with traffic on the first tunnel. The device proactively reroutes the traffic from the first tunnel onto the second tunnel, based on the prediction as to whether that the second tunnel will satisfy the SLA of the traffic. The device monitors one or more quality of service (QoS) metrics for the rerouted traffic, to ensure that the second tunnel satisfies the SLA of the traffic.

Abstract: In one embodiment, a service receives input data from networking entities in a network. The input data comprises synchronous time series data, asynchronous event data, and an entity graph that that indicates relationships between the networking entities in the network. The service clusters the networking entities by type in a plurality of networking entity clusters. The service selects, based on a combination of the received input data, machine learning model data features. The service trains, using the selected machine learning model data features, a machine learning model to forecast a key performance indicator (KPI) for a particular one of the networking entity clusters.