Abstract: Embodiments herein describe pruning a neighbor list sent to a client device using a predefined assignment corresponding to an AP or the client device which can reduce the time required for the client device to roam between APs in a WLAN deployment. The pruned neighbor list serves as a Wi-Fi client steering mechanism to affect which AP the client device chooses when roaming. In one embodiment, a controller uses information regarding fabric nodes in the backend infrastructure to prune the neighbor list to include only the APs that are assigned to the same fabric node as the current AP. In another embodiment, the controller considers a service provider corresponding to the client device when pruning the neighbor lists. The list may include only the neighboring APs assigned to provide Wi-Fi access for the same service provider.

Abstract: A method of controlling the distribution of content in a network is described. The content traverses the network in packets comprising a packet header including an address associated with the content, and a packet payload including the content. The method includes obtaining the address associated with the content from the packet traversing the network and analysing the address to extract information associated with the content carried in the packet payload.

Abstract: In one embodiment, a centralized controller maintains a plurality of hierarchical behavioral modules of a behavioral model, and distributes initial behavioral modules to data plane entities to cause them to apply the initial behavioral modules to data plane traffic. The centralized controller may then receive data from a particular data plane entity based on its having applied the initial behavioral modules to its data plane traffic. The centralized controller then distributes subsequent behavioral modules to the particular data plane entity to cause it to apply the subsequent behavioral modules to the data plane traffic, the subsequent behavioral modules selected based on the previously received data from the particular data plane entity. The centralized controller may then iteratively receive data from the particular data plane entity and distribute subsequently selected behavioral modules until an attack determination is made on the data plane traffic of the particular data plane entity.

Abstract: In one embodiment, an agent process produces synthetic packet traffic and iteratively performs a sub-process that determines isolated network segments of the communication channel between intermediate nodes and computes a set of network metrics for the isolated network segments based at least in part on incrementing TTL expiry error data points. The sub-process also encapsulates, for inclusion within the next packet to be sent, a list of intermediate node IDs along the communication channel up to a latest received node ID and computed sets of network metrics for respective network segments. The agent process may then generate, upon termination of the sub-process, a report, the report including the list of intermediate node IDs along the communication channel up to a latest received node ID and computed sets of network metrics for respective network segments.

Abstract: An approach enables networking functionality to be configured at network switches for containers hosted by computing devices. A container supervisor on the network switch is configured to obtain, via a container network manager, container attribute data for containers hosted by the computing devices. The container network manager is configured to interact with and manage container orchestration engines on behalf of the containers. This allows the network switch to be container orchestration agnostic. The network switch enables networking functionality for the containers by updating container configuration data on the networking switch based upon the container attribute data obtained from the container network manager. This may include, for example, updating hardware tables on the network switch with the container attribute data to allow the network switch, and applications executing on the network switch, to perform networking functionality with respect to the containers.

Abstract: In one embodiment, a server determines a particular computer network outside of a lab environment to recreate, and also determines, for the particular computer network, hardware components and their interconnectivity, as well as installed software components and their configuration. The server then controls interconnection of lab hardware components within the lab environment according to the interconnectivity of the hardware components of the particular computer network. The server also installs and configures lab software components on the lab hardware components according to the configuration of the particular computer network. Accordingly, the server operates the installed lab software components on the interconnected lab hardware components within the lab environment to recreate operation of the particular computer network within the lab environment, and provides information about the recreated operation of the particular computer network.

Abstract: Various systems and methods for performing bit indexed explicit replication (BIER) using multiprotocol label switching (MPLS). For example, one method involves receiving a packet that includes a MPLS label. The packet also includes a multicast forwarding entry. The method also involves determining, based on the value of the MPLS label, whether to use the multicast forwarding entry to forward the packet. The method further includes forwarding the packet.

Abstract: In one embodiment, a computing device receives an image that has been signed with a first key, wherein the image includes a first computational value associated with it. A second computational value associated with the image is determined and the image is signed with a second key to produce a signed image that includes both the first and second computational values. Prior to loading the dual-signed image, the computing device attempts to authenticate the dual-signed image using both the first and second computational values, and, if successful, loads and installs the dual-signed image.

Abstract: In one embodiment, a device in a network determines cluster assignments that assign traffic data regarding traffic in the network to activity level clusters based on one or more measures of traffic activity in the traffic data. The device uses the cluster assignments to predict seasonal activity for a particular subset of the traffic in the network. The device determines an activity level for new traffic data regarding the particular subset of traffic in the network. The device detects a network anomaly by comparing the activity level for the new traffic data to the predicted seasonal activity.

Abstract: In one embodiment, in-band operations data included in packets being processed is used to signal among entities of a virtualized packet processing apparatus. Using in-band operations data provides insight on actual entities used in processing of the packet within the virtualized packet processing apparatus. The operations data in the packet is modified to signal a detected overload condition of an entity that participates in communicating the packet within the virtualized packet processing apparatus and/or applying a network service to the packet. An In-Situ Operations, Administration, and Maintenance (IOAM) header is used in one embodiment, with the IOAM header typically including a new Overload Flag to signal the detection of the overload condition. In response to the signaled overload condition, a load balancer is adjusted such that future packets are not distributed to the virtualized entity associated with the detected overload condition.

Abstract: In one embodiment, an apparatus includes a fan for cooling electronics within a chassis, the fan comprising a rotor with a plurality of fan blades connected thereto for generating an axial airflow during operation of the fan, a sensor for detecting failure of the fan, and an airflow blocking device positioned at an exhaust side of the fan and configured to prevent airflow through the fan upon detection of the fan failure, wherein the airflow blocking device is stowed in a position removed from a path of the axial airflow generated by the fan during operation of the fan. A method for preventing airflow recirculation at a failed fan is also disclosed herein.

Abstract: In one embodiment, a system, apparatus, and method are described for requesting access authorization from an access network access point (AP) via an access network interface, generating at a processor a public-private key pair to be used to generate a cryptographically generated address (CGA) upon receiving the access authorization, sending a secure neighbor discovery (SeND)—neighbor solicitation (NS) to the AP via the access network interface after the public-private key pair has been generated, receiving a signed user location information (ULI) from the AP in response to the SeND-NS, and sending the signed ULI to one of a 3GPP mobility controller or an emergency service via a 3GPP network interface. Related systems, apparatuses, and methods are also described.

Abstract: An optical phase shifting arrangement and associated optical switching device and method are disclosed. The optical phase shifting arrangement comprises a first optical phase shifter configured to provide a first phase shift to an optical signal, and a second optical phase shifter configured to provide a second phase shift to the optical signal in addition to the first phase shift. During a predefined period, the first optical phase shifter and the second optical phase shifter are driven such that the second phase shift is substantially complementary to the first phase shift.

Abstract: In one embodiment, a system is described, having a processor to receive a request for download of a high priority adaptive bitrate (ABR) content item which is available for download at a higher bit rate and a lower bit rate, and a request for a download of a low priority ABR content item, which is also available for download at a higher bit rate and a lower bit rate. A byte acquisition scheduler determines a required bandwidth to download the high priority ABR content item without adapting to the lower bit rate, and determines a remaining bandwidth to download the low priority ABR content item. A download interface interfaces with an ABR server, downloads the high priority ABR content item and the low priority ABR content item, and allocates at least the required bandwidth and up to the remaining bandwidth. Related systems, apparatuses and methods are also described.

Abstract: Embodiments are generally directed to a multithreaded processor for executing a plurality of threads, as well as an associated method and system. The multithreaded processor comprises a first control register configured to store a stack limit value, and instruction decode logic configured to, upon receiving a procedure entry instruction for a stack associated with a first thread, determine whether to throw a stack limit exception based on the stack limit value and a first predefined stack region size associated with the stack.

Abstract: Previously available network monitoring and management systems fail to provide adequate transmit power control in WiFi networks having multiple neighboring wireless access points. By contrast, various implementations disclosed herein include systems, methods and apparatuses that generate an interference map based at least on co-channel interference reported in a number of neighbor lists, wherein each of the neighbor lists is associated with a respective one of a plurality of compliant wireless access points included in one of a local area network (LAN) and a portion of a virtual LAN (VLAN); and determine a respective transmit power adjustment for each of the plurality of compliant wireless access points included in the interference map based on at least one interference criterion characterizing the interference on each of the plurality of compliant wireless access points included in the interference map and respective neighboring wireless access points.

Abstract: In one embodiment, techniques herein determine a plurality of resources loaded during rendering of a web page on a client device, and determine a duration of time taken for each of the plurality of resources to fully load. Accordingly, the techniques herein may then cluster the plurality of resources into clusters, comprising a first cluster consisting of resources having the shortest durations of the plurality of resources and a second cluster consisting of resources having the longest durations of the plurality of resources. Those resources of the first cluster may then be classified as cached resources, while those resources of the second cluster may be classified as non-cached resources.

Abstract: In one embodiment, a method is performed at a first node. The method may include receiving, at a first node, a request from a source host associated with a network to communicate with a destination host. The first node may determine whether the destination host is associated with the network. If the destination host is not associated with the network, the first node may determine an instance identifier (IID) and a proxy egress tunnel router (PETR) locator address used to communicate with the destination host. The first node may send an indicator to an ingress tunnel router (ITR) to encapsulate a packet with the IID and the PETR locator address before sending the packet from the source host to the destination host.

Abstract: In one embodiment, a system includes: a download server instantiated on a computing device, and a multiplicity of wireless access points (APs), where the download server is operative to: receive a download request from a mobile device, determine a current location for the mobile device, predict a route for the mobile device based at least on the current location, allocate at least one target AP along the route from among the multiplicity of wireless APs, and in response to the download request, forward at least one download file to the at least one target AP, where the at least one target AP is operative to: receive the at least one download file, identify the mobile device, and download at least part of the download file to the mobile device in an mmWave transmission.

Abstract: In one embodiment, a multicast listener device floods a path lookup request to search for a multicast tree, and may then receive path lookup responses from candidate nodes on the multicast tree, where each of the path lookup responses indicates a unicast routing cost from a respective candidate node to the multicast listener device, and where each of the candidate nodes is configured to suppress a path lookup response if a total path latency from a source of the multicast tree to the multicast listener device via that respective candidate node is greater than a maximum allowable path latency. The multicast listener device may then select a particular candidate node as a join point for the multicast tree based on the particular node having a lowest associated unicast routing cost to the multicast listener device from among the candidate nodes, and joins the multicast tree at the selected join point.