Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.

Abstract: In one embodiment, a networking device in a local area network (LAN) establishes a virtual network overlay in the LAN to redirect traffic associated with a particular node in the LAN to a server for analysis. The networking device receives an indication from the server that at least a portion of the traffic associated with the particular node is trusted for local sending within the LAN and adjusts the virtual network overlay to locally send the trusted portion of the traffic associated with the particular node to one or more other nodes in the LAN without redirection to the server. The networking device collects characteristic information regarding the trusted portion of the traffic sent locally within the LAN via the adjusted virtual network overlay and sends the collected characteristic information to the server for analysis.

Abstract: A method is provided in one example embodiment and may include negotiating power domain interference coordination (PDIC) parameters between a macro cell radio and at least one small cell radio; determining successive interference cancellation (SIC) parameters for each of one or more user equipment (UE) that are to perform SIC for one or more transmissions; and sending the SIC parameters to each of the one or more user equipment. Negotiating PDIC parameters can include determining, by the macro cell radio and at least one small cell radio, one or more physical resource blocks (PRBs) for which transmission power levels can be coordinated for a plurality of frequencies in a frequency domain and a plurality of subframes in a time domain and exchanging PDIC parameters between the cell radios in order to perform PDIC transmissions for UE served by the cell radios.

Abstract: Presented herein are techniques for actively monitoring, at a network controller, a network location of an endpoint connected to the network based on control plane updates. The network controller is configured to archive the network location of the endpoint, along with local information for the endpoint, in an endpoint tracking database of the network controller.

Abstract: In response to a path monitoring task for a particular source/destination pair, a network controller determines whether stored information includes paths for the particular source/destination pair. When the stored information includes paths for the particular source/destination pair, a subset of source ports is selected that covers all the paths for the particular source/destination pair. A probe message is sent to cause an ingress switch to send probe packets using the subset of source ports. Paths for the particular source/destination pair are computed based on received probe packets. A determination is made whether a topology for the data center network has changed by comparing the paths computed based on the receive probe packets for the particular source/destination pair with the paths included in the stored information for the particular source/destination pair.

Abstract: Techniques for adaptive noise cancellation for multiple audio endpoints in a shared space are described. According to one example, a method includes detecting, by a first audio endpoint, one or more audio endpoints co-located with the first audio endpoint at a first location. A selected audio endpoint of the one or more audio endpoints is identified as a target noise source. The method includes obtaining, from the selected audio endpoint, a loudspeaker reference signal associated with a loudspeaker of the selected audio endpoint and removing the loudspeaker reference signal from a microphone signal associated with a microphone of the first audio endpoint. The method also includes providing the microphone signal from the first audio endpoint to at least one of a voice user interface (VUI) or a second audio endpoint, wherein the second audio endpoint is located remotely from the first location.

Abstract: According to one or more embodiments of the disclosure, thing discovery and configuration for an Internet of Things (IoT) integrated developer environment (IDE) is shown and described. In particular, in one embodiment, a computer operates an IoT IDE that discovers real-world physical devices within a computer network that are available to participate with the IoT IDE. The IoT IDE may then determine a respective functionality of each of the real-world physical devices, and virtually represents the real-world physical devices as selectable options within the IoT IDE for an IoT application, where a respective virtual representation of each of the real-world physical devices is configured within the IoT IDE with the corresponding respective functionality of that real-world physical device. Simulating the IoT application within the IoT IDE then relays input and/or output (I/O) between the IoT IDE and a selected set of real-world physical devices according to their corresponding respective functionality.

Abstract: Methods and apparatus are provided for improving both node-based and message-based security in a fiber channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fiber channel network entities into a fiber channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fiber channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.

Abstract: The present disclosure discloses a photonic chip. The photonic chip receives a first optical signal and a second optical signal with different wavelengths from two optical sources, respectively. The photonic chip includes a polarization multiplexing element (PME). The PME receives the first and the second optical signals from the first and the second optical sources respectively and combines the first and the second optical signals into a single optical path. The PME polarizes the first optical signal to have a different polarization than the second optical signal and transmits the combined first and the second optical signals in a common waveguide.

Abstract: Asynchronous handoffs between threads and other software components may be automatically detected, and the corresponding working objects may be tracked. The system may report monitoring information for an overall transaction that includes the original request and corresponding asynchronous requests. Automatically detecting asynchronous requests may include instrumenting a virtual machine, such as a Java Virtual Machine (JVM), to detect the creation of thread handoff objects and the object and/or thread execution. Thread handoff objects may automatically tracked, tracked based on data learned over time, tracked based on user input, and otherwise configured. In some embodiments, after detecting the creation of a thread handoff object, an identification of the object of the call may be identified as being tracked in another server or application.

Abstract: Coexistence and migration of legacy and VXLAN networks may be provided. A first anchor leaf switch and a second anchor leaf switch may detect that they can reach each other over a Virtual Extensible Local Area Network (VXLAN) overlay layer 2 network. In response to detecting that they can reach each other over the VXLAN, the second anchor leaf switch may block VLANs mapped to the VXLAN's VXLAN Network Identifier (VNI) on the second anchor leaf switch's ports connecting to spine routers. In addition, the first anchor leaf switch and the second anchor leaf switch may detect that they can reach each other over a physical layer 2 network. In response to detecting that they can reach each other over a physical layer 2 network, the second anchor leaf switch may block Virtual Extensible Local Area Network (VXLAN) segments at the second anchor leaf switch.

Abstract: A method and related apparatus for performing inspection of flows within a software defined network includes monitoring an indicator indicative of a presence of malware in a selected flow in an electronic communications network, when the indicator suggests the presence of malware in the selected flow, requesting a network device to redirect the selected flow, or to copy the selected flow and send a resulting copy of the selected flow, to a security appliance, and causing the security appliance to be reconfigured in response to the indicator that suggest the presence of malware in the selected flow.

Abstract: Aspects of the embodiments are directed to a network element that is configured for receiving, from an access point, a data packet originating from a client, the data packet comprising a packet header that comprises a packet header augmented with context information; decapsulating the packet header to identify the context information; applying a client-specific policy on the packet based, at least in part, on the context information; and forwarding the packet to a next hop in the network. The network element can be part of a network, such as a datacenter fabric architecture.

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

Abstract: Local switching may be provided over a flexible cross-connect VLAN-aware based service. First, a failure of a first segment link of a first segment may be detected by a first network device. The first segment may have a first segment identifier and the first segment link may be connected to the first network device. Next, a route withdraw indicating the first segment identifier may be sent by the first network device in response to detecting the failure of the first segment link of the first segment. A second network device may then receive the route withdraw. Then, the second network device may forward, in response to receiving the route withdraw, traffic received from the first network device to a second segment link of the first segment connected to the second network device. The traffic may be received from the first network device over a backup connection over an Ethernet Virtual Private Network (EVPN) core.

Abstract: Per-port performance optimization may be provided. First, performance data may be received corresponding to each of a plurality of ports. Then it may be determined that performance of at least one of the plurality of ports can be improved based on the received performance data corresponding to the least one of the plurality of ports. Next, in response to determining that the performance of the at least one of the plurality of ports can be improved, at least one of a plurality of components may be adjusted corresponding to the at least one of the plurality of ports to improve performance of the least one of the plurality of ports.

Abstract: This disclosure relates to a system and method for modifying selected network congestion control parameters using mobile system information. The congestion control modification improves network performance between a remote server on the Internet and a mobile device. As the proliferation of data-rich content and increasingly more capable mobile devices has continued, mobile consumers increasingly demand better network performance from their mobile devices and mobile infrastructure. This disclosure provides systems and methods for using mobile system information related to Quality of Service guarantees to modify network congestion control.

Abstract: In one embodiment, a device in a network reserves first and second sets of local resources for an anomaly detection mechanism. The device reports the first set of local resources to a supervisory node in the network. The device applies one or more anomaly detection rules from the supervisory node using the first set of reserved resources. The device receives one or more anomaly detection rules from a peer node in the network. The device applies the one or more anomaly detection rules from the peer node using the second set of reserved resources.

Abstract: A packet is generated at a first network connected device for transmission to a destination network device through a network comprising a plurality of pods. At least two of the plurality of pods are within separate management domains, and generating the packet comprises generating the packet with a first identifier and a second identifier. The first identifier indicates a pod of the plurality of pods in which the destination network connected device is located, and the second identifier indicates an identity of the destination network connected device within the pod of the plurality of pods. The packet is transmitted from the first network connected device to the destination network connected device.

Abstract: A method and system for managing connections with a distributed control plane is provided. The method includes generating, by a router, a controller identifier (ID) list comprising a plurality of controller group IDs of a plurality of controller groups, wherein one controller group ID uniquely identifies one controller group. The method also includes identifying a first controller group, by the router from the list, with which a connection is to be established. Further, the method includes establishing, by the router, the connection with a controller of the first controller group if at least one of following conditions is met 1) the router has not exhausted maximum number of connections, 2) the router has previously had a connection with the controller of the first controller group, and 3) the router has an existing connection with a controller of a second controller group not present in the list.