Abstract: According to one or more embodiments of the disclosure, techniques herein provide for auto discovery of network proxies. In particular, in one embodiment, a controller in a computer network receives, from both source devices and destination devices, corresponding Transmission Control Protocol/Internet Protocol (TCP/IP) information and associated transaction identifiers (IDs) for packets sent by the source devices and for packets received at the destination devices. The controller may then correlate particular source TCP/IP information to particular destination TCP/IP information based on associated transaction IDs being the same, and can compare the correlated source TCP/IP information and destination TCP/IP information in order to determine whether a proxy device exists (e.g., and which particular type of proxy device exists) between the source device and the destination device.

Abstract: A computing device dynamically excludes/includes traffic from/in a secure tunnel based on the domain name of the destination of the traffic. The computing device establishes a secure tunnel from the computing device, and receives a request to access a remote resource at a domain name. The computing device resolves the domain name at a domain name server and receives a resolved network address associated with the domain name. The computing device determines whether to send the request inside the secure tunnel or outside the secure tunnel by comparing the domain name to a split tunneling policy. Based on the comparison with the split tunneling policy, the computing device sends the request to the resolved network address either outside the secure tunnel or inside the secure tunnel.

Abstract: A method includes modifying a product with a first configuration such that the product is configured in accordance with a second configuration, generating data representative of the second configuration, obtaining a signed version of the data representative of the second configuration, and storing the signed version of the data representative of the second configuration in a wireless read/write accessory that is affixed to the product, wherein the wireless read/write accessory includes a prior signed version of data representative of the first configuration.

Abstract: A user equipment (UE) may be in coverage of a local private non-Third Generation Partnership Project (non-3GPP) wireless network (e.g. a Wi-Fi network) of an enterprise. This non-3GPP wireless network may be part of a private communication system of the enterprise which further includes a local private 3GPP network (e.g. a Long-Term Evolution or “LTE” based network). When the non-3GPP wireless network advertises “single-authentication” support, the UE may complete authentication for non-3GPP access, obtain a Master Session Key (MSK) from the authentication, and generate an Access Security Management Entity (ASME) key (KASME) based on the MSK. In further implementations, the UE may obtain a Globally Unique Temporary Identifier (GUTI) from the non-3GPP wireless network. Subsequently, the UE may perform an attach procedure with the local private 3GPP network without performing an authentication procedure, presenting the GUTI that it obtained from the non-3GPP wireless network for 3GPP access.

Abstract: In one embodiment, a device in a network receives information regarding a network anomaly detected by an anomaly detector deployed in the network. The device identifies the detected network anomaly as a false positive based on the information regarding the network anomaly. The device generates an output filter for the anomaly detector, in response to identifying the detected network anomaly as a false positive. The output filter is configured to filter an output of the anomaly detector associated with the false positive. The device causes the generated output filter to be installed at the anomaly detector.

Abstract: A network monitor may receive network log events and identify: a first set of network devices that have reported a target network log event, a second set of network devices that have not reported the target network log event, a first set of network log events reported by the first set of network devices, and a second set of network log events reported by the second set of network devices. The network monitor may determine which network log events are legitimate, and filter the legitimate network log events from the first set of network log events or the second set of network log events to produce a group of suspicious network log events that may be correlated with the target network log event. The network monitor may predict future suspicious network log events that may be correlated with the target network log event in order to predict equipment failures.

Abstract: A network of routers configure resource nodes connected to the network in accordance with a configuration model including configuration objects that imply resources. A router device among the network of router devices receives, from forwarding paths in the network relative to the router device, originated at the resource nodes and that indicate resources supported by the resource nodes. The router device creates mappings of the resources as advertised to the forwarding paths. The router device receives from the network an Intent request to create a configuration object among the configuration objects, and determines whether the configuration object matches a resource in the mappings. If the configuration object matches a resource in the mappings, the router device generates a new Intent request that identifies the resource, specifically, and forwards the new Intent request along the forwarding path mapped to the resource.

Abstract: A method includes transmitting a message to a first end point that includes an instruction to initiate a communication type in which the communication type includes sharing a randomization token between the first and a second end point. The method further includes obtaining a first communication report from the first end point and a second communication report from the second end point in response to initialization of a communication based on the communication type in which the first and second communication reports respectively include a first and second hash that corresponds to a function of the randomization token and identity information. The method further includes determining whether the first hash matches the second hash and generating a value that correlates the first and second end points with the communication across the network in response to determining that the first hash matches the second hash.

Abstract: In one embodiment, a method includes receiving a flow including a plurality of bytes, each byte having one of a plurality of byte values, determining a byte value distribution metric based on a number of instances of each of the plurality of byte values in the flow, and transmitting telemetry data regarding the flow, the telemetry data including the byte value distribution metric.

Abstract: Client analytics-driven dynamic channel assignment may be provided. At a client, Radio Frequency (RF) channels may be scanned to detect access points of a network. A subset of the access points belonging to a same Extended Set Service (ESS) of the network may be determined based on data collected from the access points during the scan. For each access point in the subset, a Channel Quality Index (CQI) may be measured for an RF channel assigned to the access point, and a non-preferred channel report may be generated based on the CQI. The non-preferred channel report may be transmitted from the client to a network management system for use in dynamic channel assignment.

Abstract: In one embodiment, a device classification service classifies a device in a network as being of a first device type. The service applies a first network policy that has an associated expiration timer to the device, based on its classification as being of the first device type. The service determines whether the device was reclassified as being of a different device type than that of the first device type before expiration of the expiration timer associated with the first network policy. The service applies a second network policy to the device, when the service determines that the device has not been reclassified as being of a different device type before expiration of the expiration timer associated with the first network policy.

Abstract: Aspects of the subject technology relate to ways to determine the optimal storage of data structures in a hierarchy of memory types. In some aspects, a process of the technology can include steps for determining a latency cost for each of a plurality of fields in an object, identifying at least one field having a latency cost that exceeds a predetermined threshold, and determining whether to store the at least one field to a first memory device or a second memory device based on the latency cost. Systems and machine-readable media are also provided.

Abstract: In one embodiment, a first Protocol Independent Multicast (PIM) router includes port interfaces to receive multicast traffic from a first network and forward the traffic to at least one receiver, which is in a sub-network including other PIM routers, and a routing processor configured, in response to a decision for the first PIM router to relinquish being a designated router, to generate a PIM Hello message with a first option descriptor and a first priority, the first option descriptor indicating a staggered handoff process, and send the PIM Hello message, receipt of the PIM Hello message by the other PIM routers being operative to result in a designated router election electing a new designated router, the new designated router being operative to initiate the staggered handoff process causing the first PIM router to continue forwarding traffic until the new designated router has built a multicast routing tree.

Abstract: In one embodiment, an IoT server includes: processing circuitry, an I/O module operative to communicate with at least an IoT device and a vendor network server, and an onboarding application and operative to at least: receive an onboarding request from the IoT device via the I/O module, send a confirmation request to the vendor network server via the I/O module, where the confirmation request indicates a request to confirm an identity of the IoT device according to a connection to a network device authenticated by the vendor network server, receive a confirmation response from the vendor network server via the I/O module, where the confirmation response indicates whether the IoT device is connected to the network device, and if the confirmation response is a positive confirmation response that indicates that the IoT device is connected to the network device, onboard the IoT device for participation in an IoT-based system.

Abstract: Embodiments provide for an optical modulator that includes a first silicon region, a polycrystalline silicon region; a gate oxide region joining the first silicon region to a first side of the polycrystalline region; and a second silicon region formed on a second side of the polycrystalline silicon region opposite to the first side, thereby defining an active region of an optical modulator between the first silicon region, the polycrystalline region, the gate oxide region, and the second silicon region. The polycrystalline silicon region may be between 0 and 60 nanometers thick, and may be formed or patterned to the desired thickness. The second silicon region may be epitaxially grown from the polycrystalline silicon region and patterned into a desired cross sectional shape separately from or in combination with the polycrystalline silicon region.

Abstract: Techniques for use in generating a dynamically-changing IoT device identity with robust blockchain validation are provided. When entering a communication network, an IoT device performs a procedure for registration. The procedure includes communicating, in a transaction, data associated with the IoT device to a network device (e.g. a fog router). The data includes, amongst other data items, an identity for addressing communications to and from the IoT device. A transaction number associated with the transaction is received based on a blockchain registration of the transaction. An updated identity of the IoT device is then derived based on the transaction number. In one example, the updated identity of the IoT device may be derived by combining a static address of the IoT device and the transaction number. The steps may be repeated by the device for each one of a plurality of network registrations.

Abstract: In one embodiment, a device in a network receives an interest request for one or more pieces of content data available in the network. The interest request specifies the one or more pieces of content data via one or more bits sets in a content request bitmap of the interest request, each bit of the content request bitmap being associated with a different piece of content data. The device compares the content request bitmap to a content availability bitmap in a forwarding information base (FIB) of the device that is associated with a particular interface of the device and each bit of the content availability bitmap indicates whether a particular piece of content data is available via the particular interface. The device forwards the interest request via the particular interface, based on the comparison between the content request bitmap and the content availability bitmap in the FIB of the device.

Abstract: In one embodiment, segment routing network processing of packets is performed on segment routing packets to use engineered segment routing reverse reply paths which provide efficiencies in communicating packets in a network. In one embodiment, a source node selects a segment identifier of a destination node, with the segment identifier specifying a function value of a dynamic return path segment routing function in order to invoke this function on the destination node. The source node then sends a segment routing packet to the destination address of this segment identifier. Reacting to receipt of this packet and the function value of the dynamic return path segment routing function in the destination address or current segment identifier of the packet, a receiving node generates a responding segment routing packet including the segment identifiers from the received packet in reverse traversal order.

Abstract: Various implementations disclosed herein enable programming user plane gateway controllers over enhanced N9 interfaces. In various implementations, a method of gateway controlling is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations the method includes determining, by a first packet gateway controller connected to a first session manager device, that a user equipment moved to a geographical area that is served by a second session manager device. In some implementations, the method includes receiving, by the first packet gateway device, a set of information for a second packet gateway device. In some implementations, the method includes transmitting, by the first packet gateway device, a session establishment request via a first network interface to the second packet gateway controller using segment routing via a second network interface.

Abstract: In one embodiment, a device in a wireless network receives a target wake time (TWT) request from a wireless client. The device computes TWT parameters based on the received request. The device predicts, using the computed TWT parameters as input to a machine learning model, whether the computed TWT parameters will be accepted by the wireless client. The device provides the computed TWT parameters to the wireless client, based on a prediction by the machine learning model that the client will accept the computed TWT parameters.