Abstract: Presented herein are hybrid approaches to multi-destination traffic forwarding in overlay networks that can be used to facilitate interoperability between head-end-replication-support network devices (i.e., those that only use head-end-replication) and multicast-support network devices (i.e., those that only use native multicast). By generally using existing tunnel end-points (TEPs) supported functionality for sending multi-destination traffic and enhancing the TEPs to receive multi-destination traffic with the encapsulation scheme they do not natively support, the presented methods and systems minimize the required enhancements to achieve interoperability and circumvents any hard limitations that the end-point hardware may have. The present methods and systems may be used with legacy hardware that are commissioned or deployed as well as new hardware that are configured with legacy protocols.

Abstract: Techniques are presented herein for a proxy device to verify that the server name listed in a connection request message is the name of the server at the IP address listed in the connection request message. The proxy device obtains a domain name server query sent by a client to a domain name server and then obtains a domain name server result that is sent by the domain name server. The proxy device may cache the data of the domain name server result. The proxy device may obtain a connection request message sent by the client seeking a connection with a server, and then compare the connection request message to the cached domain name server result. Finally, the proxy device may apply one or more policies to the connection request message based on the comparison between the connection request message and the domain name server result.

Abstract: In one embodiment, a device in a network determines a first set of domain generation algorithm (DGA) predictions for a particular domain name by analyzing one or more extracted lexical features of the particular domain name using a first ensemble of decision trees. The device determines a second set of DGA predictions for the particular domain name by analyzing one or more extracted cluster features of a cluster of related domain names to which the particular domain name belongs using a second ensemble of decision trees. The device predicts a DGA associated with the particular domain name based on the first and second sets of DGA predictions. The device causes performance of a security action based on the predicted DGA associated with the particular domain.

Abstract: Embodiments herein describe calibrating a plurality of radio heads having a plurality of wireless antennas. In one embodiment, the plurality of radio heads communicate a calibration signal in a round robin fashion such that each of the radio heads communicates a respective calibration signal to the remaining radio heads. The received calibration signals are then used to calibrate the radio heads. In one embodiment, a controller coupled with the plurality of radio heads calibrates the radio heads. The calibrated radio heads then communicate to one or more client devices.

Abstract: An example method is provided in one example embodiment and may include gathering current wireless local area network (WLAN) data for a WLAN, wherein the WLAN data comprises network data, Radio Frequency (RF) data, and transmission data for a plurality of user equipment (UE) operating within the WLAN; generating a plurality of color maps; merging the plurality of color maps to generate a combined color map; and calculating a predicted application score for at least one UE operating within the WLAN based, at least in part, on application of the combined color map to a trained statistical model that represents linking relationships between the WLAN data gathered for the WLAN and a plurality of possible application scores for the plurality of UE. The plurality of color maps can include an RF color map, a transmission color map, and a Quality of Service color map.

Abstract: The embodiments herein describe a single-frequency laser source (e.g., a distributed feedback (DFB) laser or distributed Bragg reflector (DBR) laser) that includes a feedback grating or mirror that extends along a waveguide. The grating may be disposed over a portion of the waveguide in an optical gain region in the laser source. Instead of the waveguide or cavity being linear, the laser includes a U-turn region so that two ends of the waveguide terminate at the same facet. That facet is coated with an anti-reflective (AR) coating.

Abstract: In one embodiment, a device in a network identifies a plurality of applications from observed traffic in the network. The device forms two or more application clusters from the plurality of applications. Each of the application clusters includes one or more of the applications, and wherein a particular application in the plurality of applications is included in each of the application clusters. The device generates anomaly detection models for each of the application clusters. The device tests the anomaly detection models, to determine a measure of efficacy for each of the models with respect to traffic associated with the particular application. The device selects a particular anomaly detection model to analyze the traffic associated with the particular application based on the measures of efficacy for each of the models.

Abstract: A method is disclosed for use by a network element coupled with an optical transport network. The method comprises calculating an optical path from a first packet-terminated optical interface of the network element to a second packet-terminated optical interface of a destination network element coupled with the optical transport network, and signaling the optical transport network to create the optical path. The method further comprises creating an Ethernet interface corresponding to the first packet-terminated optical interface, and adding the Ethernet interface to an Ethernet bundle interface. The method further comprises communicating across the optical path using addressing of the Ethernet bundle interface.

Abstract: In one embodiment, a device in a network receives a notification from a neighbor of the device indicative of a child node of the device requesting a parent change from the device to the neighbor. The device updates an existing routing path from the device to the child node to be routed through the neighbor, in response to receiving the notification from the neighbor. The device receives an instruction to remove the updated routing path from the device to the child node through the neighbor. The device removes the updated routing path from the device to the child node, in response to receiving the instruction to remove the updated routing path.

Abstract: In one example, an apparatus is provided that includes a processor configured to receive, in a first wireless network, an identifier of a base station in a second wireless network, and to determine an identity of a first device in the second wireless network. The apparatus is configured to transmit the identifier of the base station to the second wireless network.

Abstract: A device in a network receives fingerprints of two or more network anomalies detected in the network by different anomaly detectors. Each fingerprint comprises a hash of tags that describe a detected anomaly. The device associates the fingerprints with network records captured within a timeframe in which the two or more network anomalies were detected. The device compares the fingerprints associated with the network records to determine that the two or more detected anomalies are part of a singular anomaly event. The device generates a notification regarding the singular anomaly event. The notification includes those of the fingerprints that are associated with the singular anomaly event.

Abstract: A server is configured to provide a service that manages access to communication sessions supported by at least one communication service and to which user devices connect. The service assigns to users registered with the service respective communication identifiers that the users, and unregistered users of the service, use to access the communication sessions via user devices. The service maps each communication identifier to a list of communication sessions, if any, in which the respective user is currently participating and/or is scheduled to participate. The service receives from a user device a join request from a requester. The join request indicates a particular communication identifier of a particular user registered with the service and a requester identifier. The service connects the user device to a communication session, if any, based on the particular communication identifier and the requester identifier.

Abstract: In one embodiment, a content-addressable memory has multiple blocks of content-addressable memory entries, including different first and second sets of content-addressable memory blocks. One embodiment determines the first set of content-addressable memory blocks based on a content-addressable memory profile identifier and a search key and then performs a first content-addressable memory lookup operation in each of the first set of content-addressable memory blocks, but not in the second set of content-addressable memory blocks, based on the search key. If at least one entry is match, a corresponding result is identified. Otherwise, in one embodiment, the second set of content-addressable memory blocks is determined based on the content-addressable memory profile identifier but not based on the search key, and a search is made therein to identify a matching result or that no match was determined. In one embodiment, a matching result determines how a packet is processed.

Abstract: One embodiment includes a packet switching device load balancing eligible packets in response to a policing drop decision. The packet switching device sends packets of a particular packet flow out of the packet switching device over a first path in the network towards a destination node; and in response to a policer discipline determining to drop a particular packet of the particular packet flow, switching from said sending packets over the first path to sending packets of the particular packet flow out of the packet switching device over a second path in the network towards the destination node (possibly by switching output queues associated with the two different paths), with the second path being different than the first path, and with the particular packet not being dropped but being sent out of the packet switching device towards the destination node.

Abstract: User equipments can download a video file by instantiating multiple video requests, each request specifying different parts of the video file. If each video request initiates a separate transmission control protocol (TCP) session, which is the case with an hypertext transfer protocol (HTTP) partial get request, then a network device in a communications network would be oblivious of contextual information, which indicates that the TCP sessions download different portions of the same video file. This disclosure provides systems and methods for correlating multiple TCP sessions so that a network device in a communications network can be aware of the contextual information.

Abstract: In one embodiment, a prediction agent process collects travel information of a vehicle, and determines a profile of the vehicle, the profile indicative of one or more real-time resource requirements of the vehicle. The prediction agent process also predicts a path of the vehicle based on the travel information, and determines a next resource node along the predicted path having one or more real-time resources corresponding to the one or more real-time resource requirements of the vehicle. After further predicting a time of arrival of the vehicle being within range of the next resource node based on the travel information, the prediction agent process informs the next resource node of the profile of the vehicle and the predicted time of arrival, the informing causing the next resource node to operate the one or more real-time resources for the vehicle for the predicted time of arrival.

Abstract: A gateway router can receive an Interest that includes a location-independent name for a data collection. If the Interest does not include an Anchor Identifier, the gateway router can perform a lookup operation in a name-prefix forwarding-information base (NP-FIB) to select an Anchor Identifier for a target anchor node, and to select an interface for forwarding the Interest toward the anchor. The router can update the Interest to include the Anchor Identifier prior to forwarding the Interest via the interface. An edge or core router that receives the Interest can perform a lookup in a routing table using the Interest's Anonymous Identifier (AID) to obtain an interface toward the anchor node and a second AID that is to be used by the next-hop neighbor to process the Interest. The router may then update the Interest to replace the Interest's AID with the second AID prior to forwarding the Interest.

Abstract: One embodiment provides a system that facilitates mutating and caching content in a CCN. During operation, the system receives, by an intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level. The system re-encrypts the content object based on the encrypted payload and the parameter to obtain a new encrypted payload and a new signature, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload. The system transmits the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object and verify the new signature.

Abstract: Data is collected from a database arrangement about behavior of observed entities, wherein the collected data includes one or more features associated with the observed entities. A probabilistic model is determined that correlates the one or more features with malicious and/or benign behavior of the observed entities. Data is collected from the database arrangement for unobserved entities that have at least one common feature with at least one of the observed entities. One of the unobserved entities is determined to be a malicious entity based on the at least one common feature and the probabilistic model. Network policies are applied to packets sent from the malicious entity.

Abstract: Aspects of the embodiments include receiving a packet at a network element of a packet-switched network; identifying a presence of a shared service destination address in a header of the packet; identifying a shared service destination address for the packet based, at least in part, on a destination internet protocol (IP) address stored in a forward information base; and forwarding the packet to the shared service destination address.