Abstract: This disclosure describes techniques for employing a reusable acknowledgment in communications among network devices. The techniques include generating a reusable negative acknowledgment (NACK) in response to a request for data that are unavailable. The reusable NACK may be sent as a response for at least some additional requests for unavailable data, rather than generating a new NACK for each request. As such, the reusable NACK may help decrease the computational load for a network device. In some cases, the use of a reusable NACK may help lessen the impacts of denial-of-service type attacks across a network.

Abstract: Presented herein are methodologies for increasing effective throughput on a network. A method includes receiving a command request via a communication bus, the command request including a command ID, determining, based on the command ID, whether data in the command request is to be joined with data from other command requests having the same command ID, when it is determined, based on the command ID, that the data in the command request is to be joined with other data from other command requests having the same command ID, writing the data to a selected buffer in which the other data is already stored, and causing the data and the other data in the buffer to be sent as a payload of a single packet across a communications fabric.

Abstract: According to one or more embodiments of the disclosure, a first tunnel router may receive a reservation request to establish a deterministic path between a first node and a second node. The first tunnel router may determine, based on the reservation request, a destination address of the second node. The first tunnel router may identify, based on the destination address of the second node, a second tunnel router associated with the second node. The first tunnel router may encapsulate a deterministic packet sent by the first towards the second node into a tunnel packet, wherein a multicast address in a header of the tunnel packet is set to the destination address of the second node. The first tunnel router can forward the tunnel packet along the deterministic path. The multicast address in the header of the tunnel packet causes nodes to send the tunnel packet according to the deterministic path.

Abstract: Presented herein is a Client Network Information Service (CNIS). The CNIS is configured to determine client network information for a communication from a client to at least one application running in a cloud infrastructure environment. The client network information is delivered to instances of the application and to a router associated with the application in order to enable the application to adjust service for the client.

Abstract: Exemplified system and method optimizes dynamic Quality of Service (QoS) operation across a network infrastructure to alleviate time constraints when applying dynamic QoS policy on newly initiated traffic flow, particularly for various data streams. Initially, and by default, the exemplified system and method temporarily applies a high QoS policy to a newly initiated traffic flow and then verifies the QoS legitimacy of the flow to which the high QoS policy for the newly initiated traffic flow is maintained or is reduced to a lower-priority QoS policy. This trust-but-verify QoS operation allows new traffic, e.g., with voice and video components, to receive a high QoS PHB treatment as transmission of the traffic is initiated without having a nominal delay at the beginning of the call before QoS is applied while allowing the QoS legitimacy to be validated and maintained.

Abstract: A method includes obtaining configuration parameters of wireless client devices served by an access point in a wireless local area network basic service set; calculating a conservativeness scaling factor for a first wireless client device in the basic service set based on the configuration parameters; determining a new guard interval of an orthogonal frequency division multiplexed symbol for the first wireless client device based on the conservativeness scaling factor; and replacing an old guard interval for the first wireless client device with the new guard interval.

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

Abstract: In one embodiment, a monitoring process detects a page load start time of a single page application (SPA) page having added direct resources and dynamic resources, tracks the direct resources and dynamic resources, and notes a load end time for each of the tracked direct resources and dynamic resources. The monitoring process stops the tracking of the direct resources and dynamic resources in response to a determination of a threshold duration of network inactivity, and determines a maximum load end time of the tracked direct resources and dynamic resources. Accordingly, the monitoring process may then set a page load time of the SPA page as a difference between the maximum load end time and the page load start time.

Abstract: Techniques for implementing distributed quality of service controls for data transmissions between clusters in a clustered distributed storage system are described. In one embodiment, a method of distributed quality of service control includes establishing a control channel between a first plurality of nodes associated with a first cluster. The method also includes setting a quality of service (QoS) policy for the first plurality of nodes that establishes a QoS parameter for data transmitted over a shared network from the first cluster to a second cluster. The method further includes communicating messages between the first plurality of nodes over the control channel to signal an allocated portion of the QoS parameter for each node. The method also includes transmitting data by the first plurality of nodes of the first cluster to a second plurality of nodes of the second cluster over the shared network according to the allocated portion.

Abstract: In one embodiment, a tracking device detects a first device connecting to a computer network, and forces an install of fake routing information on the first device that is unique to the first device. Upon detecting a second device connecting to the computer network, the second device having at least one identifying property in common with the first device and at least one identifying property differing from the first device, the tracking device may then query the second device to determine if the second device knows the fake routing information unique to the first device. As such, the tracking device may then determine that the second device is the first device in response to the second device knowing the fake routing information unique to the first device.

Abstract: Presented herein are embodiments for collecting and sharing telemetry data. A plurality of requests are received, from one or more applications, for telemetry data that is stored in a hierarchical tree representation comprising a plurality of nodes, wherein the telemetry data indicates an operational status and performance of a device, and wherein each request includes a cadence indicating a timespan at which the request repeats, and a path in the hierarchical tree where a requested portion of the telemetry data is stored. Processing the requests produces an optimized set of requests by merging any two or more requests whose paths indicate portions of data that share a common parent node in the hierarchical tree, wherein a merged request is assigned a cadence corresponding to a shortest cadence among the two or more requests. The hierarchical tree is polled using the optimized set of requests to satisfy the received requests.

Abstract: A cloud orchestration platform obtains from a policy controller, application flow requirements for an application to be deployed in a container network that includes a plurality of microservices. The cloud orchestration platform determines a path through at least a subset of the plurality of microservices based on the application flow requirements, and computes information describing compute resources for workloads associated with the path through the plurality of microservices needed to support the application flow requirements. The cloud orchestration platform creates and/or reserves the workloads among the plurality of microservices. The cloud orchestration platform communicates scheduling requirements to a scheduling driver function associated with the plurality of microservices, the scheduling deriver function using the scheduling requirements to coordinate scheduling of workloads based on the path.

Abstract: This disclosure describes techniques for verifying compatibility of NOS image versions during startup of one or more hardware modules of a distributed router system. A client-server transaction protocol is executed between a communication server and a communication client configured according to the protocol to run on hardware modules of a distributed router system. A communication client discovers a communication server through a handshake transaction and sends a software image signature of an NOS image version. The communication server forwards the software image signature to an NOS verification server to determine whether the software image signature is compatible.

Abstract: A recursive DNS nameserver system and related domain name resolution techniques are disclosed. The DNS nameservers utilize a local cache having previously retrieved domain name resolution to avoid recursive resolution processes and the attendant DNS requests. If a matching record is found with a valid (not expired) TTL field, the nameserver returns the cached domain name information to the client. If the TTL for the record in the cache has expired and the nameserver is unable to resolve the domain name information using DNS requests to authoritative servers, the recursive DNS nameserver returns to the cache and accesses the resource record having an expired TTL. The nameserver generates a DNS response to the client device that includes the domain name information from the cached resource record. In various embodiments, subscriber information is utilized to resolve the requested domain name information in accordance with user-defined preferences.

Abstract: In one embodiment, an Internet of Things (IoT) device in a network establishes connections with a plurality of peers. The device identifies an event involving the IoT device. The device generates a GOAWAY message that includes metadata regarding the event within a metadata field of the message. The GOAWAY message indicates that the IoT device is not accepting new connections. The device sends the GOAWAY message to one or more of the peers.

Abstract: Techniques for utilizing in-band telemetry (INT) in network fabrics are provided. A packet is received at a leaf node in a first logical group of nodes. Upon determining that the first packet was received from a node outside of the first logical group of nodes, the packet is encapsulated with a first header indicating an internal virtual extensible local area network (iVXLAN) identifier associated with the packet, and a second header indicating a policy group is added to the packet. Further, upon determining that a destination of the packet is associated with a second logical group of nodes, a third header is added to the first packet, where the third header stores in-band network telemetry (INT) for the packet, and telemetry data is added to the third header. The packet is transmitted to a spine node in the first logical group of devices.

Abstract: A controller of a macro wireless network provisions a user device for access to local private networks based on the cell that the user device uses to attach to the macro wireless network. The controller obtains information on private networks operating within a coverage area of the macro wireless network. The controller associates a particular cell of the macro wireless network with one or more private networks operating within the particular cell. The controller detects a user device in the particular cell and provisions the user device with access to the one or more private networks.

Abstract: Various implementations disclosed herein enable controlling access to networks. In various implementations, a method of controlling access to a network is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes obtaining an indication that a mobile device having access to a first network utilizing a first radio access technology (RAT) has requested access to a second network utilizing a second RAT. In some implementations, the method includes determining whether the access to the first network satisfies an authentication criterion associated with the second network. In some implementations, the method includes granting the mobile device access to the second network in response to determining that the access to the first network satisfies the authentication criterion associated with the second network.

Abstract: In one embodiment, a device analyzes network traffic data using a clustering process, to identify a cluster of addresses associated with the network traffic data for which the associated network traffic has similar behavioral characteristics. The device calculates a set of rankings for the cluster by comparing the cluster to different sets of malicious addresses. The device aggregates the set of rankings into a final ranking by setting the rankings in the set as current rankings and iteratively calculating an average of any subset of the current rankings that comprises correlated rankings. The calculated average replaces the rankings in the subset as a current ranking. When none of the current rankings are correlated, the device performs an aggregation across all of the current rankings to form the final ranking. The device provides data indicative of the cluster for review by a supervisor, based on the final ranking.

Abstract: In one embodiment, a device forms a neural network envelope cell that comprises a plurality of convolution-based filters in series or parallel. The device constructs a convolutional neural network by stacking copies of the envelope cell in series. The device trains, using a training dataset of images, the convolutional neural network to perform image classification by iteratively collecting variance metrics for each filter in each envelope cell, pruning filters with low variance metrics from the convolutional neural network, and appending a new copy of the envelope cell into the convolutional neural network.