Abstract: In one embodiment, a monitoring process monitors timing of navigations and resources of a web page load, and attributes timing of the navigations and resources into corresponding timing components. In particular, the monitoring process may attribute timing of static first-party resources and timing of hypertext transfer protocol (HTTP) redirects to a core frontend timing component, and may attribute timing of dynamic first-party resources to a core backend timing component. The monitoring process may also attribute timing of content delivery network (CDN) resources to a CDN timing component, and may attribute timing of non-CDN third-party resources to a third-party timing component. Lastly, the monitoring process may further attribute timing of network infrastructure connections to a core connections timing component. Accordingly, the monitoring process may then perform one or more actions based on the attributing steps.

Abstract: In one embodiment, a device in a network identifies an set of services of a domain accessed by a plurality of users in the network. The device generates a service usage model for the domain based on the set of services accessed by the plurality of users. The service usage model models usage of the services of the domain by the plurality of users. The device trains a machine learning-based classifier to analyze traffic in the network using a set of training feature vectors. A particular training feature vector includes data indicative of service usage by one of the users for the domain and the modeled usage of the services of the domain by the plurality of users. The device causes classification of traffic in the network associated with a particular user by the trained machine learning-based classifier.

Abstract: A method and system for managing connections with a distributed control plane is provided. The method includes generating, by a router, a controller identifier (ID) list comprising a plurality of controller group IDs of a plurality of controller groups, wherein one controller group ID uniquely identifies one controller group. The method also includes identifying a first controller group, by the router from the list, with which a connection is to be established. Further, the method includes establishing, by the router, the connection with a controller of the first controller group if at least one of following conditions is met I) the router has not exhausted maximum number of connections, 2) the router has previously had a connection with the controller of the first controller group, and 3) the router has an existing connection with a controller of a second controller group not present in the list.

Abstract: In one embodiment, a plurality of PODs is formed in a software defined networking (SDN) fabric, each POD comprising a plurality of leaf nodes and connected to a plurality of spine nodes in a spine layer of the SDN fabric. One of the plurality of PODs is designated as a super POD and link state information is provided for the entire fabric to the super POD by sending northbound advertisements in the fabric to the super POD. A disconnection is identified between a leaf node in the SDN fabric and a particular one of the spine nodes in the spine layer, based on the link state information provided to the super POD. The disconnection is repaired between the leaf node and the particular spine node in the spine layer.

Abstract: Multiple authenticated identities for a single wireless association may be provided. First, an Access Point (AP) may provide an association with a client device. The AP may then establish, on the association, a first authenticated session for the client device based on a first media access control (MAC) address and a first identity. Next, the AP may establish, on same the association, a second authenticated session for the client device based on a second MAC address and a second identity.

Abstract: Various implementations disclosed herein provide a method for anonymizing data in a distributed hierarchical network. In various implementations, the method includes determining a first set of attribute hierarchy counts that indicate a number of occurrences of corresponding attributes that are stored at the first network node and have not been transmitted upstream towards the hub. In various implementations, the method includes receiving, from a second network node, a second set of attribute hierarchy counts that indicate a number of occurrences of corresponding attributes at the second network node. In various implementations, the method includes determining whether a sum based on the first and second set of attribute hierarchy counts satisfies an anonymization criterion. In some implementations, the sum indicates a total number of occurrences for a corresponding attribute that are stored at the first and second network nodes and have not been transmitted upstream towards the hub.

Abstract: A method is disclosed for presenting, in a computer-generated graphical user interface, a network topology map of a plurality of nodes and data links. The plurality of nodes includes at least one aggregated node that represents multiple devices of a data communication network. Each of the data links represents a physical connection between devices represented by nodes. Detecting a selection of a first aggregated node and in response to detecting the selection, causing presentation of an expanded view comprising a list of the multiple devices of the first aggregated node. Detecting a selection of a first device of the multiple devices and presenting an updated network topology map comprising the plurality of nodes including the first aggregated node, the plurality of data links, and a first device node that represents the first device. The first aggregated node representing remaining devices of the two or more devices other than the first device.

Abstract: In an embodiment, a data processing system comprises: one or more processors; one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform: in a local data service, receiving a request for processing data; identifying one or more local policies applicable to the request; based, at least in part, on the one or more local policies, determining whether the request may be processed locally; in response to determining that the request may not be processed locally, transmitting the request to one or more remote brokers to cause the one or more remote brokers to determine a remote data service configured to process the request.

Abstract: Presented herein are segment-routing methods and systems that facilitate data plane signaling of a packet as a candidate for capture at various network nodes within a segment routing (SR) network. The signaling occurs in-band, via the data plane—that is, a capture or interrogation signal is embedded within the respective packet that carries a user traffic. The signaling is inserted, preferably when the packet is classified, e.g., at the ingress node of the network, to which subsequent network nodes with the SR network are signaled to capture or further inspect the packet for capture.

Abstract: In one embodiment, a network assurance service that monitors a plurality of networks subdivides telemetry data regarding devices located in the networks into subsets, wherein each subset is associated with a device type, time period, metric type, and network. The service summarizes each subset by computing distribution percentiles of metric values in the subset. The service identifies an outlier subset by comparing distribution percentiles that summarize the subsets. The service reports insight data regarding the outlier subset to a user interface. The service adjusts the subsets based in part on feedback regarding the insight data from the user interface.

Abstract: Application performance data and machine health are collected by a system. The system correlates the two data types to provide context as to how machine health affects the performance of an application. Performance data for an application, for example an application executing as part of a distributed business transaction, and health data for a machine which hosts the application are collected. The performance data and machine health data may be correlated for a particular period of time. The correlation may then be reported to a user. By viewing the correlation, a user may see when machine health was good and bad, and may identify the effects of the machine health on the performance of an application.

Abstract: In one embodiment, new Segment Routing capabilities are used in the steering of packets through Segment Routing nodes in a network. A Segment List includes a set of one or more Segment List (SL) Groups, each of which identifies one or more Segments contiguously or non-contiguously stored in the Segment List (or stored across multiple Segment Lists) of a Segment Routing packet. Each SL Group typically includes one Segment that is encoded as a Segment Identifier, and may include Segments that are Extended Values. The steering order of SL Groups is not required to be the same order as they are listed in the Segment List, as the value of Segments Left may be increased, remain the same, or decreased (possibly to skip a next SL Group) and possibly based on the result of an evaluation of a conditional expression.

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

Abstract: In accordance with various implementations, a method is performed at a source node of a fabric network coupled to a plurality of hosts respectively associated with a plurality of group identifiers. The method includes generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers. The method includes sending, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key. The method includes receiving, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier. The method further includes generating a shared secret based on the destination public key and the source private key.

Abstract: Systems, methods, and computer program products relating to anchoring a wireless device to a wireless controller. A type of a network device is identified based on data included in a network message received at a first wireless local area network (LAN) controller (WLC). It is determined, based on the identified type, that the network device should be anchored to a pre-determined anchor WLC. An anchor request message is transmitted from the first WLC to the pre-determined anchor WLC. A network traffic tunnel is established between the network device and the pre-determined anchor WLC such that network traffic from the network device can be controlled by the pre-determined anchor WLC.

Abstract: In one aspect, a regular expression is automatically generated based on user input for fields that are desired to be extracted from log lines. The input may be received by user through an interface provided by a machine such as a controller. The input may identify one or more fields within a log line that should be extracted. Multiple instances of potential regular expression portions may be generated based on the user input, and different portions are combined together to determine if they achieve the desired extraction. Once a complete regular expression is generated based on user input, a user may provide additional input to identify examples or counterexamples of log line fields that satisfy or don't satisfy the user's intended extraction.

Abstract: In one embodiment, a telecommunication apparatus includes a processor to generate a telephone call set-up message including a user-to-user information (UUI) field, and include a security token in the UUI field of the telephone call set-up message, and a network interface to send the telephone call set-up message to a telephone network. Related apparatus and methods are also described.

Abstract: In one embodiment, a device receives traffic telemetry data captured by a plurality of networks and used by device classification services in the networks to classify endpoints in the networks with device types. The device compares the telemetry data from a particular one of the networks to the telemetry data from the other networks to identify one or more traffic characteristics that are missing from the telemetry data for one or more endpoints of the particular network. The device identifies a networking entity in the particular network that is common to the one or more endpoints for which the one or more characteristics are missing. The device determines a configuration change for the networking entity by comparing a current configuration of the entity to those of one or more entities in the other networks. The device initiates implementation of the determined configuration change for the entity in the particular network.

Abstract: Proactive Echo Cancellation (EC) training may be provided. First, a plurality of Echo Cancelation Training Opportunities (ECTOs) may be identified in an upstream bandwidth allocation. Identifying the ECTOs may comprise identifying a corresponding plurality of mini-slots in a two dimensional time frequency space designated as not to be used for Upstream (US) traffic. Then Echo Cancelation Training (ECT) may be conducted for each of the plurality of ECTOs.

Abstract: A method may include identifying an address within a packet of a traffic flow associated with a network device. The method may also include comparing the address within the packet with a stored address, the stored address associated with a route for an alternative traffic path, where the alternative traffic path may be different from a default route of traffic passing through the network device. The method may additionally include, based on the address within the packet matching the stored address, routing the packet along the alternative traffic path instead of the default route of traffic.