Abstract: Constant quality video encoding with encoding parameter fine-tuning may be provided. First, an aggregation window comprising a plurality of video frames from a transport stream may be determined. Next, a plurality of video quality values may be determined where the plurality of video quality values indicate a video quality for corresponding respective ones of the plurality of video frames in the aggregation window. Then a determined conformance rate value for the aggregation window may be determined. The determined conformance rate value may indicate a number of the plurality of video quality values that have one of the following characteristics: equal to the target video quality value and greater than the target video quality value. The determined conformance rate value may then be used to adjust at least one of the encoding parameters used in the constant quality encoding of the source.

Abstract: Redundant Layer 2 Domain Interconnection may be provided. First, a first device in a first domain may be designated as an active device in response to the first device in the first domain negotiating with a second device in the first domain. The first device in the first domain may be connected to a first device in a second domain. The first domain may use a first protocol and the second domain may use a second protocol. Next, the first device in the first domain in response to being designated as the active device, may allow data traffic to pass between the first device in the first domain and the first device in the second domain. Then the second device in the first domain may be designated as a standby device in response to the first device in the first domain negotiating with the second device in the first domain. The second device in the first domain may be connected to a second device in the second domain.

Abstract: A network-based collaborative problem solving space is provided for managing alerts. The virtual collaboration space provide a virtual space for viewing streaming time series data, generating alerts for time series data, and viewing triggered alerts based on a threshold associated with the generated alert. Alert generation and triggering is automatically tracked within an event log, with particular event log entries associated with the alert generation and the triggering of an alert. When an alert is triggered, a link to the event log entry associated with generating the alert is provided. By reviewing the alert generation and surrounding event log entries, users of the virtual collaboration space may gain context as to the motivations for generating the original alert and thereby better understand whether the triggering of the alert is a serious issue.

Abstract: In one embodiment, a device determines locations of a plurality of transmitters relative to a particular wireless access point in a wireless network. One of the transmitters comprises a target client to which the particular wireless access point is to communicate. The device compares a plurality of beamforming patterns associated with the particular wireless access point to the determined locations. The device selects, based on the comparison, one of the beamforming patterns for use by the particular wireless access point to communicate with the target client. The device controls the particular wireless access point to use the selected beamforming pattern to communicate with the target client.

Abstract: A packet is received at a device configured to provide a service function within a network service chain. A network overlay and/or segmentation identifier is extracted from a header of the packet. The service function is applied to the packet according to policies specific to a network overlay and/or segmentation identified in the network overlay and/or segmentation identifier.

Abstract: In one embodiment, a device in a network determines whether a destination address of a packet received by the device is within a neighbor discovery (ND) cache of the device. The device determines whether the destination address is not in a set of addresses used to generate an address lookup array or possibly in the set of addresses used to generate the address lookup array, in response to determining that the destination address of the packet is not within the ND cache. The device performs address resolution for the destination address of the packet, in response to determining that the destination address of the packet is possibly in the set of addresses used to generate the address lookup array.

Abstract: A system and method are disclosed for using segment routing (SR) in native IP networks. The method involves receiving a packet. The packet is an IP packet and includes an IP header. The method also involves updating the packet. Updating the packet involves writing information, including a segment routing segment identifier, to the destination address of the packet.

Abstract: In one embodiment, a device in a network constructs a graph based on Domain Name System (DNS) traffic in which vertices of the graph correspond to client addresses from the DNS traffic and domains from DNS traffic. The device uses stacked autoencoders to determine priors for the domains and client addresses. The device assigns the determined priors to the corresponding vertices of the graph. The device uses belief propagation on the graph to determine a malware inference from the graph. The device causes performance of a mitigation action when the malware inference from the graph indicates the presence of malware.

Abstract: A client device bootstraps against a trusted server by obtaining an activation code that includes an identifier and a one time password. The client device sends a message to a public server requesting an address of a trusted server associated with the identifier. The client device receives the address of the trusted server from the public server and initiates a communication session with the trusted server at the address provided by the public server. The one time password is used as a shared secret to secure the communication session. The client device downloads cryptographic information from the trusted server.

Abstract: Controlling aggregation of shared content from multiple presenters during an online conference session includes, at a server having network connectivity, at a server having network connectivity, identifying a master presenter at an endpoint among a plurality of endpoints participating in an online conference session in which at least one of the plurality of endpoints is sharing content with other participants among the plurality of participants at their respective endpoints. One or more assistant presenters are determined among the plurality of participants at their respective endpoints. A master user interface is generated to serve as the user interface on the endpoint of the master presenter and a command is received, via the master user interface, to designate a layout. The layout aggregates shared content from the endpoints of one or more of the assistant presenters to make the layout viewable at the plurality of endpoints.

Abstract: Presented herein are techniques for remediating a distributed denial of service attack. A methodology includes, at a network device, such as a constrained resource Internet of Things (IoT) device, receiving from an authorization server cryptographic material sufficient to validate and decrypt tokens carried in packets, detecting a denial of service attack that employs packets containing invalid tokens, and in response to detecting the denial of service attack, signaling a remediation server for assistance to remediate the denial of service attack, and sending to the remediation server the cryptographic material over a secure communication channel such that the remediation server enables validation and decryption of tokens carried in packets, subsequent to detection of the denial of service attack, that are destined for the network device.

Abstract: In one aspect, a system for automatic detection of webpage loading at a web browser of a client device in a monitored environment is disclosed. The system includes: a processor; a memory; and one or more modules stored in the memory and executable by a processor to perform operations. The operations include: detect start of loading of a webpage at the web browser of the client device in the monitored environment; set a dynamic watchdog repeating timer at a value; start the timer; recursively check for completion of the loading of the webpage; when determined that the loading of the webpage has completed, determine whether a Java script engine of the web browser loading the webpage is idle; and when determined that the Java script engine of the web browser loading the webpage is idle, stop the timer and generate a report of the webpage.

Abstract: A network device resolves a destination address of an endpoint in an endpoint isolation environment. The network device receives a request for a destination address associated with a destination endpoint. The request originates from an isolated source endpoint. The network device determines whether the destination address is stored on the network device in association with the destination endpoint. Responsive to a determination that the destination address is not stored in association with the destination endpoint, the network device generates a proxy request for the destination address, and sends the proxy request to at least one endpoint attached to the network device. The network device receives a proxy response from the destination endpoint that includes the destination address. The network device stores the destination address in association with the destination endpoint.

Abstract: For each one of a plurality of subsequent access points, a respective quantity of client devices that roam from a current access point to each of the respective plurality of subsequent access points may be determined. Then, for each one of the plurality of subsequent access points based on the determined quantity of client devices that roam from the current access point to each of the plurality of subsequent access points, a corresponding respective weight indicating a likelihood of its respective corresponding one of the plurality of subsequent access points being roamed to may be determined. Next, a table may be created indicating the desirability of at least a portion of the plurality of subsequent access points to be roamed to based upon the corresponding respective weight of the plurality of subsequent access points indicated in the table. The current access point may be provided with the table.

Abstract: In one embodiment, a method comprises communicating with a plurality of network elements via a first communication protocol to obtain state information of the plurality of network elements; receiving a request via a second communication protocol for a communication session to be established for a client computing device; selecting one or more network elements, wherein the selection is based on at least a portion of the state information of the network elements; and communicating identification information of the one or more network elements selected for use in the communication session.

Abstract: In accordance with various implementations, a method is performed at a data plane node with one or more processors, non-transitory memory, and a control interface between a network function module associated with the data plane node and a switch associated with the data plane node. The method includes determining whether an offload capability is available for a data flow received at an ingress network interface of the data plane node. The method also includes determining whether the data flow satisfies offload criteria in response to determining that the offload capability is available. The method includes bypassing the network function module associated with the data plane node and providing the data flow to at least one of the switch associated with the data plane node or an egress network interface associated with the data plane node in response to determining the offload capability is available and the offload criteria is satisfied.

Abstract: In one embodiment, a method includes obtaining a set of samples, each of the set of samples including sample values for each of a plurality of variables in a variable space. The method includes receiving, for each of an initial subset of the set of samples, a label for the sample as being either malicious or legitimate; identifying one or more boundaries in the variable space based on the labels and sample values for each of the initial subset; selecting an incremental subset of the unlabeled samples of the set of samples, wherein the incremental subset includes at least one unlabeled sample including sample values further from any of the one or more boundaries than an unlabeled sample that is not included in the incremental subset; and receiving, for each of the incremental subset, a label for the sample as being either malicious or legitimate.

Abstract: In one embodiment, a device in a network receives domain information from a plurality of traffic flows in the network. The device identifies a particular address from the plurality of traffic flows as part of an onion routing system based on the received domain information. The device distinguishes the particular address during analysis of the traffic flows by a traffic flow analyzer that includes a domain generation algorithm (DGA)-based traffic classifier. The device detects a malicious traffic flow from among the plurality of traffic flows using the traffic flow analyzer. The device causes performance of a mitigation action based on the detected malicious traffic flow.

Abstract: Controlling resource management in a workspace includes, at a controller having connectivity to a network, monitoring one or more physical resources in a physical workspace having a plurality of work stations. An identity of one or more users present in or scheduled to be present in the physical workspace is determined. Status information is determined for each of the one or more physical resources in the physical workspace. Deployment of a particular resource of the one or more physical resources to a particular work station among the plurality of workstations is controlled based on the status information and the identity of the particular user.

Abstract: In one embodiment, a browser operating on a host device receives, from a user, a request to access a web server that includes a Uniform Resource Locator (URL) associated with the web server. In response, the browser sends, to a Domain Name System (DNS) server, a request for an Internet Protocol (IP) address correlated with the domain hosting the URL, and receives, from the DNS server, a response that comprises a block policy IP address and an appropriate error code. Based on this IP address and the error code indicated in the response, the browser renders an access denied page indicating that access to the web server associated with the URL is not permitted, wherein at least a portion of the access denied page is stored in memory accessible to the browser prior to sending the request for the IP address correlated with the domain that is hosting the URL.