Abstract: A central processor subsystem controls multiple transceivers. Each transceiver transmits protocol data units from antennas of that transceiver and produces receive waveforms from wirelessly received signals at the one or more antennas. A transmit waveform, including a frame addressed to one or more wireless client devices, is sent through a first transceiver to be transmitted wirelessly by the first transceiver on a frequency channel. A receive waveform, representative of the transmission by the first transceiver and wirelessly received at a second transceiver, is received from the second transceiver. While the transmit waveform is being sent to the first transceiver: a level of collision between the receive waveform and another transmission on the frequency channel is detected; and if the level of collision exceeds a threshold prior to an end of the receive waveform, the transmit waveform being sent to the first transceiver is modified to reduce the collision.

Abstract: In one embodiment, a server receives an authentication request from a device in a computer network, and authenticates the device. Then, upon receiving a service announcement from the authenticated device, the server determines authenticity of the service announcement from the authenticated device, and redistributes the service announcement into the computer network only when the service announcement from the authenticated device is an authentic service announcement.

Abstract: One embodiment provides a system that facilitates encryption of manifest content based on permutation. During operation, the system partitions, by a computer system, a collection of data into a first set of content objects, wherein a content object is a chunk comprised of a plurality of bytes. The system performs a first permutation function on the first set of content objects to obtain a first set of permuted content objects. The system creates a manifest based on the permuted content objects, wherein a manifest is a content object which indicates a second set of content objects, wherein a respective content object of the second set is a data object or another manifest. The system encodes the first permutation function and the permuted content objects in the manifest, thereby facilitating an authorized entity that receives the manifest to reassemble the manifest contents based on the permutation function.

Abstract: In one embodiment, a device in a network sends a long term reference frame of a video stream to one or more nodes in the network using a reliable transport mechanism. Subsequent to sending the long term reference frame, the device sends a sequence of regular frames of the video stream to the one or more nodes using an unreliable transport mechanism, whereby a frame in the sequence is derived from a directly prior frame in the sequence. The device identifies an expiration of a wait time from when the long term reference frame was first sent. The device sends a regular frame derived from the long term reference frame via the unreliable transport mechanism after the expiration of the wait time and subsequent to sending the sequence of regular frames.

Abstract: A CCN network node use reputation values for one or more interfaces to determine how to forward an Interest. During operation, the network node can receive an Interest or Content Object via a network interface, determines one or more candidate outbound faces for forwarding the Interest by performing a longest-prefix-matching lookup in a forwarding information base (FIB) using the Interest's name or name prefix as input. A respective FIB entry maps a name prefix to a forwarding rule that includes a corresponding outbound face for the name prefix. The node can determine a reputation value for each of the candidate outbound faces based on reputation information stored in association with the Interest's name or name prefix, and selects a candidate outbound face with a reputation value exceeding a first predetermined threshold. The node can then forward the received Interest via the selected outbound face.

Abstract: In one embodiment, a networking device in a network detects a traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

Abstract: In one embodiment, cells of a same packet are sent among multiple paths within a packet switching device. Each of these cells is associated with a same drop value for use in determining whether to drop or forward the cell at multiple positions within a packet switching fabric of a packet switching device in light of a current congestion measurement. In one embodiment, the drop value is calculated at each of these multiple positions based on fields of the cell that are packet variant, but not cell variant, so a same drop value is calculated by each cell of a packet. In one embodiment, at least one of these fields provides entropy (e.g., a timestamp of the packet) such that a produced drop value has, or approximately has, an equal probability of being any value within a predetermined range for fairness purposes.

Abstract: A local network element on an enterprise network caches Domain Name System (DNS) responses in association with user identifiers in accordance with a DNS-based access control policy. The network element receives a DNS request from a first endpoint device. The DNS request includes a domain name to resolve. The network element forwards the DNS request to a domain name server along with a first user identifier associated with the first endpoint device. The network element receives a DNS response from the domain name server. The DNS response includes a network address associated with the domain name, as well as the first user identifier and at least one other user identifier. The network element stores the network address in a DNS cache as a cached DNS response for the domain name. The cached DNS response is stored in association with the first user identifier and the other user identifier(s).

Abstract: A communication session is established between at least a first endpoint and a second endpoint, either or both of which is behind at least one network device in a network that performs network address translation. Candidate path information is obtained that indicates candidate paths in the network through which the communication session can traverse, taking into account, network address translation occurring in the network. The candidate path information is analyzed against training data and data about conditions observed on one or more candidate paths for the communication session with a machine learning-based interface selection process to produce path recommendation information indicating whether one or more candidate paths should or should not be used for the communication session between the first endpoint and the second endpoint. The path recommendation information is supplied to an endpoint in the communication session.

Abstract: Various systems and methods for performing fast fail-over. For example, one method involves electing a first node as a designated forwarder node and electing a second node as a backup designated forwarder node, where the designated forwarder node is used to forward at least a first packet to a downstream node. The method further involves detecting a loss of connectivity between the designated forwarder node and a downstream receiver node, where the designated forwarder node and the backup designated forwarder node are both elected prior to the loss of connectivity occurring. Moreover, subsequent to detecting the loss of connectivity, the method uses the backup designated forwarder node to forward at least a second packet to the downstream receiver node.

Abstract: A method including: receiving 16 10-bit Y samples stored in respective 16-bit words; logically ORing the 16 10-bit Y samples with the lowest 5-bits corresponding to each of the next 16 10-bit U samples; receiving the first consecutive 16 10-bit Y samples stored in respective 16-bit words; logically ORing the next consecutive 16 10-bit Y samples with the highest 5-bits corresponding to each of the next 16 10-bit U samples; receiving the second consecutive 16 10-bit Y samples stored in respective 16-bit words, logically ORing the second consecutive 16 10-bit Y samples with the lowest 5-bits corresponding to each of the next 16 10-bit V samples; receiving the third consecutive 16 10-bit Y samples stored in respective 16-bit words; and logically ORing the third consecutive 16 10-bit Y samples with the highest 5-bits corresponding to each of the next 16 10-bit V samples.

Abstract: The present technology adds code to a top level build configuration file of a configuration program that will gather metrics for each invocation of a build. These metrics are sent to a commonly accessible metric server for future analysis. The metrics are collected for a distributed engineering team over several machines. Compilation time metrics may then be collected for each compilation event and those metrics are analyzed by a common aggregator.

Abstract: A network switch includes a buffer to store network packets linked to queues to feed the packets to output ports of the switch associated with the queues. The buffer is shared dynamically among multiple traffic pools. The network switch determines per-pool dynamic thresholds each based on an amount of unused buffer space, and per-queue dynamic thresholds based on amounts of unused buffer space available in the pools with which the queues are associated. The network switch receives packets, and for each received packet, the network switch admits the packet to the pool with which the packet is associated and the queue for which the packet is destined if (i) occupancy of the associated pool is less than the corresponding per-pool dynamic threshold, and (ii) occupancy of the queue for which the packet is destined is less than the corresponding per-queue dynamic threshold, and otherwise drops the packet.

Abstract: In one embodiment, a primary server receives, from a client device, a first request to mitigate an external attack on the client device. The primary server sends, to a plurality of secondary servers, a second request to mitigate the external attack, wherein each one of the plurality of secondary servers has associated mitigation resources, and receives from at least one of the plurality of secondary servers an indication that it has mitigation resources capable of mitigating the external attack. The primary server sends, to the client device, a list including the secondary servers having mitigation resources capable of mitigating the attack, and receives, from the client device, an indication that a subset of the list is selected to mitigate the external attack. In response, the primary server sends a request for mitigation services to one of the secondary servers in the subset selected to mitigate the external attack.

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

Abstract: A representation of network resources and relationships among the network resources is established. The network resources include network resources of a tenant and network resources of a plurality of clouds. Input specifying at least one network resource of the tenant, at least one network resource of each of two of the plurality of clouds, and an action directed to the specified network resources is received in the representation. A multi-cloud extension is configured in accordance with the input. The multi-cloud extension extends to network resources of the tenant and the plurality of clouds, and is isolated from network resources of other tenants.

Abstract: A method for specialized processing of data in a port-extended network comprises receiving, by the control node of the port-extended network, a data frame that includes, at a first field of the data frame, information indicative of an incoming port at which the data frame was received, the first field having been inserted by a satellite node associated with the port. The method also comprises determining that one or more packets of a frame require specialized processing, and replacing the information contained in the first field with information indicative of the specialized processing. The method further comprises replacing information contained in a second field with information indicative of an outgoing port of a second satellite node of the port-extended network. A modified data frame is transmitted onto the port-extended network, the modified data frame that includes the information indicative of the specialized processing in the first field.

Abstract: Presented herein are techniques for performing packet forwarding or routing using a pipeline of a plurality of tiles. A method includes receiving a packet, parsing the packet to generate a vector, passing the vector to a first tile dedicated to a first type of lookup, performing a lookup in the first tile, storing a result of the first type of lookup in the vector to obtain a first updated vector, passing the first updated vector to a second tile dedicated to a second type of lookup, performing a lookup in the second tile, storing a result of the second type of lookup in the vector to obtain a second updated vector, and transmitting the packet from the network routing device via an output port thereof selected based on the second updated vector.

Abstract: A method is disclosed for use by a network element comprising a plurality of ports for communicating a common clock signal with one or more neighboring network elements. The method comprises, for at least one port of the plurality of ports, determining, while the port is in a predefined listening mode, whether the port is connected with a neighboring network element; and calculating, when the port is connected, a respective clock phase delay value between the network element and the neighboring network element. The method further comprises, based on a role assigned to the network element from a plurality of predefined roles, assigning a clock signal synchronization role to the port. The network element is configured to communicate the common clock signal using the clock phase delay value and using the clock signal synchronization role.

Abstract: In one embodiment, a network of nodes is configured to communicate according to a configuration of a vertical ladder topology as well as monitoring communication in the network, and/or selectively controls whether or not provisioned particular links will be used. One embodiment colors nodes of the network (e.g., a wireless deterministic network) along different paths through the network and marks packets with the color of each traversed node to track a path taken by a packet. One embodiment sends a particular packet through the network and marks over which links the packet traverses and aggregates these traversed links of other copies of the particular packet. One embodiment controls whether or not the provisioned time slots are used based on flooding a control packet through the network with enable or disable information for each of these links.