Abstract: Dynamic application QoS profile provisioning may be provided. First, an access point may send a profile to a client device. The profile may comprise a plurality of application identifiers and a plurality policies corresponding to the plurality of application identifiers. Each of the plurality of application identifiers may respectively correspond to a plurality of applications. Next, the client device may receive the profile. Then the client device may select, from the received profile, a first policy from the plurality policies in the profile. The first policy may correspond to a first application identifier in the plurality of application identifiers. The first application identifier may correspond to a first application within the plurality of applications. The first application may be on the client device. The first application on the client device may then create a network flow from the client device to the access point based on the selected first policy.

Abstract: In one embodiment, a device in a network maintains a plurality of anomaly detection models for different sets of aggregated traffic data regarding traffic in the network. The device determines a measure of confidence in a particular one of the anomaly detection models that evaluates a particular set of aggregated traffic data. The device dynamically replaces the particular anomaly detection model with a second anomaly detection model configured to evaluate the particular set of aggregated traffic data and has a different model capacity than that of the particular anomaly detection model. The device provides an anomaly event notification to a supervisory controller based on a combined output of the second anomaly detection model and of one or more of the anomaly detection models in the plurality of anomaly detection models.

Abstract: In one embodiment, a method includes receiving flight path data regarding the presence of an unmanned aerial vehicle (UAV) at a location at a future time, detecting the presence of the UAV at the location at the future time, determining radio identity data of the UAV using a radio mode of identification, determining optical identity data of the UAV using an optical mode of identification, and certifying the UAV based on a comparison of the radio identity data and the optical identity data to the flight path data.

Abstract: Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

Abstract: In one embodiment, a labeling service receives traffic feature data for a cluster of endpoint devices in a network. A device classification service forms the cluster of endpoint devices by applying machine learning-based clustering to the feature data. The labeling service selects a subset of the endpoint devices in the cluster, in an effort to maximize diversity of the traffic feature data of the selected endpoint devices. The labeling service sends a control command into the network, to trigger a traffic behavior by the selected subset. The labeling service receives updated traffic feature data for the selected subset associated with the triggered traffic behavior. The labeling service controls whether a label request is sent to a user interface for labeling of the cluster of endpoint devices with a device type, based on the updated traffic feature data for the subset of endpoint devices in the cluster.

Abstract: A method is provided in one example embodiment and may include determining a predicted average throughput for each of one or more cellular interfaces and adjusting bandwidth for each of the one or more of the cellular interfaces based, at least in part, on the predicted average throughput determined for each of the one or more cellular interfaces. Another method can be provided, which may include determining a variance in path metrics for multiple cellular interfaces and updating a routing table for the cellular interfaces using the determined variance if there is a difference between the determined variance and a previous variance determined for the cellular interfaces. Another method can be provided, which may include monitoring watermark thresholds for a MAC buffer; generating an interrupt when a particular watermark threshold for the MAC buffer is reached; and adjusting enqueueing of uplink packets into the MAC buffer based on the interrupt.

Abstract: In one embodiment, a method implemented on a computing device includes: selecting a wireless access point (AP) to process from among a deployment of wireless access points (APs), defining a neighborhood based on the AP and neighboring APs, where the neighboring APs are within a one-hop radius of the AP, calculating a client distribution optimal received signal strength indicator (RSSI), where the client distribution optimal RSSI (CD optimal) is a minimum receiver start of packet detection threshold (RX-SOP) setting for maintaining existing client device coverage by the AP, calculating a neighbor relations optimal RSSI threshold (NR optimal), where the NR optimal is a function of at least a transmit power control threshold (TPC) for maintaining visibility between the AP and the neighboring APs, calculating an RX-SOP setting for the AP as a function of CD optimal and NR optimal, and applying the RX-SOP setting to the AP.

Abstract: In one embodiment, a technique for performing component self-tests for an in-vehicle network of a vehicle is provided that illustratively comprises: retrieving, by a device in communication with an in-vehicle network (IVN) of a vehicle, a memory sector address of a memory of a component connected to the IVN when a first startup of the vehicle begins, the memory sector address stored in non-volatile memory; performing, by the device, a memory test on a first part of the memory starting at the memory sector address for a predetermined increment during the first startup of the vehicle; and replacing, by the device, the memory sector address with an incremented memory sector address in the non-volatile memory, the incremented memory sector address indicative of the memory sector address incremented by the predetermined increment.

Abstract: Presented herein are techniques for obtaining pertinent information from a network upon detection of an anomaly by receiving, at a first network node, configuration information sufficient to establish a data collection policy for the network node, capturing data, on the first network node, in accordance with the data collection policy to obtain captured data, detecting an anomaly occurring with respect to a second network node, and in response to detecting the anomaly, in transferring from the first network node, to an analysis server, collected data derived from the captured data based on both the data collection policy and a proximity metric indicating a logical distance between the first network node and the second network node.

Abstract: The present disclosure provides for distortion cancelled by receiving a collided signal comprising first and second signals carrying respective first and second packets; digitizing the collided signal into a first digital signal and decoding the first packet therefrom; calculating a digital linear interference component of the first packet on the second from an estimated signal re-encoding the decoded first packet; synthesizing an analog linear interference component from the digital linear interference component; determining a digital nonlinear interference component of the first packet on the second from the first digital signal; amplifying the collided signal to produce a second amplified signal; removing the analog linear interference component from the second amplified signal to produce a partially de-interfered signal; removing the digital nonlinear interference component from the partially de-interfered signal to produce a de-interfered signal; and decoding the second packet from the de-interfered sign

Abstract: In one embodiment, a computing device groups a plurality of devices into update clusters based at least on their connectivity layout, and divides update data into a plurality of update portions, distributing the plurality of update portions to a plurality of selected redistribution devices in the particular cluster (each receiving one or more of the portions). The computing device notifies devices in the particular cluster (that can use the update data) of the plurality of selected redistribution devices along with which particular update portions are available from each of the plurality of selected redistribution devices. This therefore causes (or allows) the devices needing an update to i) download needed update portions of the plurality of update portions from the redistribution devices, ii) combine all of the plurality of update portions into the update data, and iii) perform an update using the combined update data.

Abstract: Techniques for direct mode video coding/decoding techniques. According to one embodiment, various blocks in B frames may use motion vectors from different reference frames (P frames or B frames), according to what is referred to herein as a patchwork motion field. Different blocks of a given frame may use motion vectors inherited from different frames for purposes of computing a predicted block for the given frame.

Abstract: In one embodiment, a method is performed. An interworking module of a wireless local access network (LAN) controller may receive a non-access stratum (NAS) message from an access point (AP) device using a control and provisioning of wireless access protocols (CAPWAP) tunnel. The NAS message may be translated to a WiFi service layer message. The WiFi service layer message may be sent to a wireless control plane module of the wireless LAN controller.

Abstract: A method for establishing a partitioned fabric network is described. The method includes establishing a fabric network including a plurality of border nodes to couple the fabric network to one or more external data networks and a plurality of edge nodes to couple to the fabric network to one or more hosts. The method further includes defining a plurality of partitions of the fabric network. The method further includes registering each of the plurality of partitions with a corresponding one of the plurality of border nodes and with each of the plurality of edge nodes.

Abstract: A router between a content consuming device and a content storage device obtains an interest corresponding to a content object. The interest includes a name identifying the content storage device, signaling information, an authentication token, and an inner interest identifying an actual content object stored at the content storage device. The inner interest is encrypted with an encryption key shared between the content storage device and the content consuming device, but not shared with the router. The router authenticates the interest by verifying the authentication token using an authentication key shared with the content consuming device. The router then provides the interest to the content storage device. The router obtains the content object, which includes at least a portion of the actual content object encrypted with the encryption key, from the content storage device. The router provides the content object to the content consuming device.

Abstract: In one embodiment, a network assurance service receives data regarding a monitored network. The service analyzes the received data using a machine learning-based model, to perform a network assurance function for the monitored network. The service detects a lowered performance of the machine learning-based model when a performance metric of the machine learning-based model is below a threshold for the performance metric. When it is determined that the lowered performance of the machine-learning based model is correlated with the sample rate of the received data, the service adjusts the sample rate of the data.

Abstract: In one embodiment, a device in a network gathers characteristics of a container application on the device. The device provides the gathered characteristics of the container application for security assessment. The device receives an indication of the security assessment based on the provided characteristics of the container application. The device controls execution of the container application based on the received indication of the security assessment.

Abstract: An example method is provided in one example embodiment and includes receiving an assignment request from a core node in a network to establish a tunnel for user plane traffic; forwarding first parameters to a controller of an enterprise network, wherein the first parameters include a tunnel identifier and a network address associated with the core node; receiving an assignment response; and forwarding second parameters to the core node, wherein the second parameters include a tunnel identifier and a network address associated with the controller. In some instances, the assignment request can be a request to establish a tunnel for user plane data traffic. In some instances, the assignment request can be a request to establish a tunnel for user plane voice traffic.

Abstract: In one embodiment, a cloud-based service instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the service. The service receives multicast or broadcast traffic sent by the particular node in the LAN and redirected to the service via the virtual network overlay. The service identifies a group of nodes in the network that are to receive the traffic sent by the particular node, based in part by profiling the traffic associated with the particular node. The service sends the traffic sent by the particular node to at least one networking device in the LAN with an indication of the identified group of nodes in the network that are to receive the traffic sent by the particular node. The at least one networking device forwards the traffic sent by the particular node to the nodes in the identified group.

Abstract: Methods and network devices are disclosed for failure protection in traffic-engineered bit indexed explicit replication networks. In one embodiment, a method includes determining a protected link or node in a network, where the protected link or node is included in a designated path to be taken by a message through the network to a destination node, the designated path is encoded in a message bit array carried by the message, and assigned bit positions in the message bit array represent respective network links along the designated path. The method further includes determining a backup path to the destination node from a feeder node adapted to forward a message carrying the message bit array into the protected link or node, and populating an entry in a path update table stored at the feeder node. In one embodiment a network device includes a network interface and a processor configured to carry out the methods.