Abstract: Automated techniques for converting network devices from a Layer 2 (L2) network into a Layer 3 (L3) network in a hierarchical manner are described herein. The network devices may be configured to boot such that their ports are in an initialization mode in which the ports are unable to transmit locally generated DHCP packets. When a network device detects that a neighbor (or “peer”) device has acquired an IP address or has been configured by a network controller, then the port on which the neighbor device is detected can then be transitioned from the initialization mode into a forwarding mode. In the forwarding mode, the port can be used to transmit packets to obtain an IP address. Thus, the network devices are converted from an L2 device to an L3 device in a hierarchical order such that upstream devices are discovered and converted into L3 devices before downstream devices.

Abstract: This disclosure describes methods and systems to externally manage network-to-network interconnect configuration data in conjunction with a centralized database subsystem. An example of the methods includes receiving and storing, in the centralized database subsystem, data indicative of user intent to interconnect at least a first network and a second network. The example method further includes, based at least in part on the data indicative of user intent, determining and storing, in the centralized database subsystem, a network intent that corresponds to the user intent. The example method further includes providing data indicative of the network intent from the centralized database subsystem to a first data plane adaptor, associated with the first network, and a second data plane adaptor, associated with the second network.

Abstract: According to some embodiments, an Ethernet Virtual Private Network (EVPN) includes a first router configured as an Internet Group Management Protocol (IGMP) version 3 querier and a second router configured as an IGMP version 2 querier. The second router is configured to receive a Selective Multicast Ethernet (SMET) route message generated by the first router. The SMET route message includes an IGMP version 3 join request from a receiver, and the IGMP version 3 join request includes an address of a multicast source device. The second router is further configured to convert the IGMP version 3 join request of the SMET route message to an IGMP version 2 join request. The second router is further configured to send multicast traffic from the multicast source device to the receiver via the first router.

Abstract: Techniques and architecture are described for inducing precise delays in a network device (network node) that has the capability to act on packets/traffic flows based on policy configurations of the network device and delays experienced by traffic in the network device. This capability may be used for testing and verification of the network device to verify that the network device meets the configured policies. Additionally, this capability may be utilized in an operational network to selectively induce delays and measure its impact for purposes such as, for example, planning, stress testing, resiliency, etc.

Abstract: Improved Radio Frequency (RF) performance by optimizing temperature may be provided. A plurality of heatmaps may be created associating a plurality of component heat characteristics, of a plurality of components of a device, with a plurality of pre-defined performance trade-off states. Next, a shortest path through the plurality of pre-defined performance trade-off states may be determined. The device may then be placed in successive ones of the plurality of pre-defined performance trade-off states according to the determined shortest path until a Transmit (TX) performance target is met.

Abstract: A method includes receiving, at a first edge node, an Internet Protocol (IP) multicast address of a first silent host node. The method further includes receiving, at a second edge node, an IP multicast address of a second silent host node. The IP multicast address of the first silent host node is equal to the IP multicast address of the second silent host node. The method further includes storing the IP multicast address of the first and second silent host node in a shared entry of a routing table. The method further includes receiving, at a third edge node, a packet from a third host node and determining that a destination address of the packet corresponds to the IP multicast address stored in the shared entry of the routing table. The method further includes sending the packet to both the first host node and the second host node.

Abstract: A dynamic air baffle comprises: spaced-apart first and second plates configured to be positioned adjacent to at least one heat source to be cooled by an airflow; a heat insulator sandwiched between the first and second plates; and an air flap coupled to the first and second plates and extending into the airflow; wherein the first and second plates are configured such that a differential temperature between the first and second plates causes a differential expansion in lengths of the first and second plates, which rotates the air flap from a rest position, corresponding to when the differential temperature is zero, to a rotated position that is closer to a cooler plate and farther from a hotter plate of the first and second plates, such that the air flap directs more of the airflow to the hotter plate and less of the airflow to the cooler plate.

Abstract: Presented herein are techniques for verifying data. A method can include obtaining, from an oracle, a first data set associated with a distributed ledger. The method further includes obtaining a plurality of data sets from a plurality of sources. The method further includes generating a confidence level regarding the first data set for validating the first data set, based on comparing the first data set to the plurality of data sets. The method further includes storing the first data set in the distributed ledger based on the confidence level indicating that the plurality of data sets concurs with the first data set. The method further includes taking a remedial action without storing the first data set in the distributed ledger based on the confidence level indicating a discrepancy between the plurality of data sets and the first data set.

Abstract: This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

Abstract: Presented herein are techniques to perform call failure diagnostics. A method includes receiving, at a network device, an indication of calls-of-interest, detecting, at the network device, a failure of one of the calls-of-interest, triggering, in response to the detecting, at the network device, diagnostics data analysis of data associated with the failure of one of the calls-of-interest, determining, based on the diagnostics data analysis, a cause of the failure of the one of the calls-of-interest, and notifying, by the network device, a management system of the cause of the failure of the one of the calls-of-interest and of recent configuration changes on the network device that are related to the cause of the failure of the one of the calls-of-interest.

Abstract: Techniques are described for generating an end-to-end distributed trace in connection with a cloud or datacenter environment. In one example, a server obtains target application telemetry data and external telemetry data associated with one or more correlation identifiers included in one or more network communications provided to a target application in the cloud or datacenter environment. The server aggregates the target application telemetry data and the external telemetry data based on the one or more correlation identifiers to generate an end-to-end distributed trace associated with the one or more network communications.

Abstract: Subscriber identity concealment from an access network provider may be provided. A computing device may receive first identity data associated with a client device. Then the first identity data associated with the client device may be encrypted using second identity data to create an encrypted version of the first identity data associated with the client device. The encrypted version of the first identity data associated with the client device may be provided to an access network.

Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.

Abstract: A method includes, at a media bridge configured to distribute a plurality of media streams among a plurality of client devices connected to the media bridge over a network, receiving the plurality of media streams from the plurality of client devices via the media bridge. The media bridge connects the plurality of client devices. The method further includes assigning a pair of names for each of the plurality of media streams. The pair of names include a contribution name and a distribution name. The method further includes presenting a first list to the plurality of client devices. The first list including a plurality of the distribution names for the plurality of media streams received from the plurality of client devices. The method further includes providing an indication of a current active speaker within the plurality of media streams via a signaling process.

Abstract: Presented herein are embodiments that provide mobile edge computing (MEC) with low latency traffic segregation within a packet data network (PDN) using dedicated bearers. Techniques are provided that are performed at an edge user plane entity and a control plane entity to coordinate the directing of low latency traffic over a dedicated bearer broken out at the edge, and to communicate normal latency traffic over a default bearer that is centrally broken out.

Abstract: A method of managing security rules may include extracting metadata from a data packet received at a first network device. The metadata including network metadata and network system metadata. The method may further include distributing the metadata to at least one service endpoint registered with the first network device, receiving from the at least one service endpoint, an indication as to how traffic associated with the data packet is to be handled, and enabling the traffic based at least in part on feedback received from the at least one service endpoint and creating a first service flow hash entry of a hash table associated with the data packet at the first network device. The first service flow hash entry identified each of a number of services using a unique number. The method may further include distributing the hash table including the first service flow hash entry across a fabric to at least a second network device.

Abstract: Embodiments of the present invention set forth a technique for predicting fraud based on multiple inputs including user behavior biometric data along with one or more other parameters associated with the user. The technique includes receiving cursor movement data generated via a client device. The technique further includes generating a image based on the cursor movement data. The technique further includes receiving client parameters generated via the client device. The technique further includes analyzing the image and the client parameters based on a model to generate a prediction result, where the model is generated based on second cursor movement data and a second set of client parameters associated with a first group of one or more users. The technique further includes determining, based on the prediction result, that a user of the client device is not a member of the first group.

Abstract: A method, computer system, and computer program product are provided for applying a dynamic security policy to shared content in collaborative applications. A selection of one or more content items is received for sharing in a communication session. A security policy is queried using a key that is associated with each of the one or more content items to determine a security policy for each of the one or more content items. A plurality of users participating in the communication session are identified. Each content item of the one or more content items is selectively presented to a subset of the plurality of users based on an identity of a respective user and the security policy of each content item.

Abstract: In one illustrative example, a unified data management (UDM) of a mobile network is established in a UDM set with a plurality of private network UDMs instances of a plurality of private mobile networks. The UDM of the mobile network provides access to a plurality of subscription profiles associated with a plurality of subscribers of the mobile network, and each private network UDM instance provides access to a subset of the subscription profiles associated with a subset of the subscribers in the private mobile network. The UDM of the mobile network operates to communicate, in an authentication procedure, authentication data for authentication of a user equipment (UE) in the mobile network. After the authentication of the UE in the mobile network, the UDM operates to push authentication status information of the UE to the private network UDM instance of the private mobile network.

Abstract: This disclosure describes techniques for detecting and monitoring paths in a network. The techniques include causing a source node to generate probe packets to traverse a multi-protocol label switching (MPLS) network, for instance. In some examples, the probe packets include entropy values that correspond to individual equal-cost multi-path (ECMP) paths of the network. The probe packets may be received at an SDN controller from a sink node after traversing the network. Analysis of the probe packets allow path discovery and mapping of the entropy values to ECMP paths. The mapping of discovered paths may be used for optimization of network monitoring activities, including second subsequent probe packets over particular ECMP paths based on the mapped entropy values.