Abstract: In one embodiment, a method includes processing network data models at a network device configured to operate in a network comprising one or more network components associated with one of the network data models, generating representations of the network data models, the representations comprising labels for elements in the network data models, comparing the labels associated with leaf nodes of the network data models to identify matching leaf nodes, comparing the labels associated with parent nodes of the matching leaf nodes to identify a strength of matching, and mapping at least two of the network data models at the network device based on the strength of matching for use in a network application. An apparatus and logic are also disclosed herein.

Abstract: Identifying malicious network traffic based on distributed, collaborative sampling includes, at a computing device having connectivity to a network, obtaining a first set of data flows, based on sampling criteria, that represents network traffic between one or more nodes in the network and one or more domains outside of the network, each data flow in the first set of data flows including a plurality of data packets. The first set of data flows is forwarded for correlation with a plurality of other sets of data flows from other networks to generate global intelligence data. Adjusted sampling criteria is generated based on the global intelligence data and a second set of data flows is obtained based on the adjusted sampling criteria.

Abstract: A community exchange gathers machine consumable modules in a centralized database. The community exchange receives information associated with the status of a computing device. One or more device tags are generated based on the first information. Each of the device tags is related to at least a portion of the status of the computing device. The community exchange stores a database of machine consumable modules in association with one or more existing tags. By cross-referencing the device tags with the existing tags, the community exchange determines whether one of the machine consumable modules is associated with the device tags. Responsive to a determination that no machine consumable module in the database is associated with the device tags, the information received from the computing device is stored as a machine consumable module associated with the device tags.

Abstract: A hermetically sealed package effectively dissipates heat generated inside the package. The hermetically sealed package includes a hermetically sealed enclosure formed from a base portion and a lid. Within the enclosure two or more heat generating elements, such as integrated circuit chips, are supported by the base portion and rise to different heights from the base portion. At least one resilient heat exchange component, such as a leaf spring, extends from the lid of the hermetically sealed enclosure to the different heights. The heat exchange component is configured to conduct heat from the plurality of heat generating elements to the lid of the enclosure.

Abstract: In one embodiment, a service function classifier device determines a classification of a packet using one or more packet classification rules. The device selects a service function path based on the classification of the packet. The device determines one or more traffic flow characteristics based on the classification of the packet. The device generates a service function chaining (SFC) header that identifies the selected service function path and the determined one or more traffic flow characteristics. The SFC header is configured to cause a device along the service function path to forward the encapsulated packet based on the identified service function path and the determined one or more traffic flow characteristics. The device sends the packet along the selected service function path as an encapsulated packet that includes the generated SFC header.

Abstract: One embodiment provides a system that facilitates forwarding of packets with variable length names. During operation, the system receives a packet with a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level. The system performs a longest prefix match lookup by selecting an entry from a first data structure of entries. The entries indicate a name component, forwarding information for the name component, and a plurality of entry identifiers that chain an entry to another entry. If a size of the name component is less than or equal to a predetermined threshold, the system selects an entry based on the name component. If the size is greater, the system selects an entry based on a compressed key which can be a hash of the name component. The system also resolves collisions associated with the selected entry.

Abstract: In one embodiment, a device in a network receives traffic data regarding one or more traffic flows in the network. The device applies a machine learning classifier to the traffic data. The device determines a priority for the traffic data based in part on an output of the machine learning classifier. The output of the machine learning classifier comprises a probability of the traffic data belonging to a particular class. The device stores the traffic data for a period of time that is a function of the determined priority for the traffic data.

Abstract: Techniques whereby a LAN-side border router observes all packets of an application flow from both directions so that the application recognition performed on the LAN-side border router functions properly. A border router may implement flags in a flow cache to indicate whether the border router is the LAN-side border router and/or a WAN-side border router for an application flow. As packets are received at a border router at either the LAN interface or WAN interface, the flags associated with packet's application flows are examined to determine if the border router is the LAN-side border router for the application flow. If so, then application recognition and routing control may be performed. If not, the packet may be redirected to another border router that may be the LAN-side border router or the WAN-side border router for the application flow to insure that border router observes the packet.

Abstract: One embodiment provides a system that facilitates secure communication between computing entities. During operation, the system generates a first interest that indicates a vote for a value associated with a group prefix and a round number. In response to the first interest, the system receives a first content object that indicates an acknowledgment of the vote and has a payload that includes a nonce validator. In response to a second interest that indicates an acknowledgment of the first content object, the system receives a second content object that indicates a decision for the value and has a payload that includes a nonce which is used as a pre-image of the nonce validator. The system verifies the second content object based on the nonce and the nonce validator.

Abstract: A system creates and monitors virtual threads within a node.js application. Callbacks executing within an event loop for a node.js system are identified and may be traced. The callbacks are associated with a context, and resources associated with execution flow during each context may be identified. Callback registrations, callback calls, and callback completion messages may each be detected and recorded. Each registration, call, and completion message is associated with a virtual thread or other transaction identifier. The timing information for each virtual thread and other resource usage for each context may then be identified, stitched together for distributed transactions and reported to a user to provide more detail for node.js application processing.

Abstract: In one embodiment, a method for improving content delivery for a user equipment (UE) is implemented on a computing device and includes: receiving a request from an application layer on the UE, determining whether said request is an ICN-based request using Information Centric Networking (ICN) transport protocol or an IP-based request using Internet Protocol (IP) transport protocol, and for each ICN-based request according to the determining: forwarding the ICN-based request to an ICN function on the UE, and compressing ICN headers in the ICN-based request using robust header (RoHC) compression.

Abstract: In one embodiment, a method is provided to intelligently frame groups of participants in a meeting. This gives a more pleasing experience with fewer switches, better contextual understanding, and more natural framing, as would be seen in a video production made by a human director. Furthermore, in accordance with another embodiment, conversational framing techniques are provided. During speaker tracking, when two local participants are addressing each other, a method is provided to show a close-up framing showing both participants. By evaluating the direction participants are looking and a speaker history, it is determined if there is a local discussion going on, and an appropriate framing is selected to give far-end participants the most contextually rich experience.

Abstract: A plurality of paths through a network are determined for transmitting a packet from a source device to a destination device. The paths are modelled as nodes in a Random Neural Network, each node corresponding to a path and a reward is calculated for each of the nodes. An excitatory weight and an inhibitory weight are determined for each of the nodes in the Random Neural Network. The excitatory weight is set directly proportional to the reward corresponding to the node for which the excitatory weight is being determined, and the inhibitory weight is set inversely proportional to the reward corresponding to the node for which the inhibitory weight is being determined. A potential is determined for each of the nodes based upon the excitatory and inhibitory weights. A path corresponding to the node with the highest potential is selected, and the packet is transmitted over the selected path.

Abstract: A method including obtaining location estimates of a wireless mobile device inside a structure based on wireless signals transmitted by the wireless mobile device and received at a plurality of wireless access points, wherein the inside of the structure is represented by a plurality of path segments; modeling a transition from a first estimated location of the wireless mobile device to a second estimated location of the wireless mobile device by minimizing a ratio of an angle to a length between the first estimated location and the second estimated location; selecting, based on the modeling a particular path segment of the plurality of path segments; and aligning the second estimated location of the mobile device to the particular path segment. An apparatus and a computer-readable storage media implementing the method are also disclosed.

Abstract: Neighbor discovery is used to create a generic trust database for other applications. As part of the neighbor discovery, each device performs classification and validation of the credentials of the neighboring devices. The credentials and validation results are stored locally without having to perform a separate authentication step. The trust database is created and maintained as a neighbor table with the results of the validation. The generic trust database may then be consulted by other protocols. The neighbor discovery may use any of various underlying protocols, but the resulting table unifies the results such that other applications or protocols may take advantage of the secured identity without having to implement their own discovery process. Both discovery and validation may be implemented locally without relying on centralized servers. Manual configuration may be avoided.

Abstract: A redundancy network protocol system may include a server to manage one or more virtual internet protocol address (VIP) profiles. Each VIP profile may be shared across one or more neighboring servers. The neighboring servers may be in the same broadcast domain or distributed to be multiple Layer 3 hops away from one another. The redundancy network protocol system may monitor server health and reachability and further manage the server health and reachability to achieve redundancy. The system may be used to provide high availability to selected applications.

Abstract: A method is disclosed and in one embodiment includes presenting to a user a display layout associated with a video conferencing session, the display layout comprising a plurality of images of participants in the video conferencing session, wherein each of the participants is assigned to a layout category; accumulating gaze tracking information indicative of an amount of time the user has spent looking at the image of a first one of the participants relative to the images of other ones of the participants; assigning a measure of interest (“MOI”) to the first one of the participants based on the accumulated gaze tracking information; determining whether the assigned MOI meets a first threshold value; if the assigned MOI meets the first threshold value, updating the layout category to which the first one of the participants is assigned; and updating the display layout using the updated layout category to which the first one of the participants is assigned.

Abstract: Embodiments herein describe control logic for seamlessly switching client devices between radios co-located on the same network device or between radios located on different network devices that have overlapping coverage areas. In one embodiment, the radios are assigned different channels in the same frequency band. To move the client devices between the radios, one of the radios transmits a Channel Switch Announcement (CSA) which instructs the client devices serviced by a first radio to switch to a channel assigned to a second, different radio. For example, the CSA may be used when the first radio fails, is upgraded, performs a Channel Availability Check (CAC), is overloaded, and the like. After the CSA is transmitted, the second radio spoofs the service identifier of the first radio so to the perspective of the client devices, they are still communicating with the first radio.

Abstract: The embodiments herein use a factorization based technique for determining filter coefficients for a subset of the subcarriers in a wireless frequency band. Once the filter coefficients for the subset of the subcarriers are calculated, the network device uses these filter coefficients to identify the filter coefficients in a neighboring subcarrier. To do so, the network device uses pseudo-inverse iteration to convert the already calculated filter coefficients into filter coefficients for a neighboring subcarrier. The network device can repeat this process for the next set of neighboring subcarriers until all the filter coefficients have been calculated.

Abstract: A management server includes a configuration and management module processing server configuration information, including a VPN peer list and VLAN/subnet settings. The management server automatically calculates the VPN configuration information, including the VPN peer subnet route information identifying which of the subnets participating in the VPN are behind which of the routers and keys to establish VPN tunnels between those routers participating in the VPN. Each of the routers participating in the VPN includes a VPN tunnel with the other routers participating in the VPN, a set of data structures storing data identifying contact information for each of the subnets participating in the VPN, a combination of an IP address and port to reach one of routers that that subnet is behind, and a forwarding module to forward traffic between the subnets.