Abstract: The present technology correlates tasks between multiple threads of an application. A payload consisting of a task object may be identified as part of a method. Identification of the task object may be performed using instrumentation or some other method. Once the task object is identified, the payload may be instrumented to track the task object or payload and correlate the task object with other executing threads. Instrumenting the payload may include determining the constructor of the task object and instrumenting the task object constructors to determine what creates the task object. Once the source of a task object or payload is determined, the current thread having the task object as a parameter and another thread which creates the task may be tied together as part of a business transaction.

Abstract: Embodiments herein use a real-time system to conduct a line of sight (LOS) survey between radio sites. The system includes a drone controlled by a UAV LOS System (ULS) server to gather information regarding the LOS path between the radio sites. In one embodiment, the ULS server instructs the UAV to travel a LOS path between a first location and a second location, and determine a Fresnel radius at one or more defined locations along the LOS path between the first location and the second location. The ULS server determines a Fresnel zone between the first location and second location based in part on the determined Fresnel radius for each of the defined locations along the LOS path. The ULS server evaluates the Fresnel zone to determine if the LOS path can support a LOS wireless communication link.

Abstract: In one embodiment, a controller device in a computer network domain learns border gateway protocol (BGP) egress peering segments from one or more border routers of the domain, and determines a selected flow to segment route via a particular egress peering segment, the selected flow from a given routing device within the domain to a given destination of a remote domain. As such, the controller device may then instruct the given routing device to segment route the selected flow via the particular egress peering segment. In another embodiment, an egress border router shares its BGP egress peering segments, and receives a flow to segment route. The egress border router may determine, from a segment route contained within the flow, to which particular egress peering segment of the border router to segment route the flow, and forwards the flow out of the domain via the particular egress peering segment.

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

Abstract: Methods and apparatus for optimizing data center routing in the event of virtual machine (VM) mobility are provided. In one embodiment, a first gateway router, acting as an interface between an Ethernet Virtual Private Network (EVPN) domain and a Locator/ID Separation Protocol (LISP) domain, detects EVPN mobility messages advertised when a VM that has moved connects to a gateway router at a data center. The first gateway router then initiates a LISP mobility event that registers the new location of the moved VM to a LISP mapping system. In another embodiment, the first gateway router may notify a second gateway router, located at another data center from which the VM departed, to clean up the state maintained in that data center. This notification may be made via EVPN or LISP mechanisms. In response, the second gateway router may insert a new sequence into the other data center.

Abstract: In one embodiment, a device in a network receives data from one or more other devices in the network via one or more protocol adaptors. The device transforms the received data into a common data model. The device executes a containerized application. The device exposes the transformed data to the application.

Abstract: In one embodiment, a computing system identifies one or more terminal nodes in a digraph, and then back-walks primitives up the digraph from each terminal node to a corresponding parent terminal node or a root of the digraph, whichever is first. The system then identifies chains of back-walked primitives for each of the one or more terminal nodes (e.g., where each chain consists of a respective terminal node and any primitives either a) up to but not including a corresponding parent terminal node or else b) up to and including the root of the digraph when the back-walking reaches the root). Based on this, the system can then merge each set of any two or more chains of the identified chains that intersect on a decision operation into a corresponding new single chain, and maps each of the chains to a respective rule.

Abstract: In one embodiment, a hot swap circuit is disclosed. The hot swap circuit includes a capacitor in parallel with an input line to a power system. The hot swap circuit also includes a switch in parallel with the input line to the power system and coupled to the capacitor. The hot swap circuit further includes circuitry configured to pre-charge the capacitor to a first voltage while the switch is open. The switch is operable to cause the capacitor to be charged from the first voltage to a second voltage when the switch is closed.

Abstract: Particular embodiments described herein provide for a communication system that can be configured for receiving, at an electronic device, data related to one or more wireless access points visible to the electronic device, communicating the data related to the one or more wireless access points to a network element, and receiving an approximate distance to one or more points of interest from the electronic device.

Abstract: Various systems and methods for bypassing one or more non-capable nodes. For example, one method involves a capable node determining that an adjacent node is non-capable, where capable nodes are configured to implement a data plane capability and non-capable nodes are not. The method then involves identifying a downstream node that is capable. The downstream node is on a shortest path. The method also involves generating information that identifies a tunnel to the downstream node.

Abstract: In one embodiment, a device in a network receives data indicative of traffic characteristics of traffic associated with a particular application. The device identifies one or more paths in the network via which the traffic associated with the particular application was sent, based on the traffic characteristics. The device determines a probing schedule based on the traffic characteristics. The probing schedule simulates the traffic associated with the particular application. The device sends probes along the one or more identified paths according to the determined probing schedule.

Abstract: Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.

Abstract: In one embodiment, a method for reordering video packets from a multiplexed video bitstream is implemented on a computing device and includes: defining a current program identifier (PID), receiving the video packets, where each of the video packets is associated with an associated PID and a next-PID indication, for each video packet from among the received video packets, checking whether the associated PID is equal to the current PID, upon determining that the associated PID is equal to the current PID, appending the video packet as an output video packet to a reordered video bitstream, upon determining that the associated PID is not equal to the current PID, queueing the video packet as a queued video packet in a PID queue associated with the associated PID, and updating the current PID in accordance with the next-PID indication from a most recently appended output video packet in the reordered video bitstream.

Abstract: Techniques are described for a memory device. In various embodiments, a scheduler/controller is configured to manage data as it read to or written from a memory. A memory is partitioned into a group of sub-blocks, a parity block is associated with the sub-blocks, and the sub-blocks are accessed to read data as needed. A pending write buffer is added to a group of memory sub-blocks. Such a buffer may be sized to be equal to the group of memory sub-blocks. The pending write buffer handles collisions for write accesses to the same block.

Abstract: In one implementation, a public key infrastructure utilizes a two stage revocation process for a set of data. One stage authenticates or revokes the set of data based on the status of the digital signature and another stage authenticates or revokes the set of data based on the status of an individual signature by the digital certificate. For example, a digital certificate based is assigned a certificate number. A serial number is assigned for a signature for the set of data as signed by the digital certificate. A data transmission, data packet, or install package includes the set of data, the certificate number and the serial number. Therefore, individual instances of the signature may be revoked according to serial number.

Abstract: Methods and systems are provided for filtering packets in a wireless communication system in the to-subscriber direction. This filtering is at least in part based on RF circuit state information. For example, a packet filter is used that either permits or denies packets from reaching a mobile subscriber based on whether there is already an established RF circuit to provide packets to the mobile subscriber. Alternatively, or in addition, the packet filter may consider the history of circuit state transitions associated with a particular mobile subscriber, the percentage (or aggregate number) of available airlink resources that are currently in use, and/or the length of time associated with the dormancy of a mobile subscriber's RF connection. In various embodiments, the packet filter may cause one or more packets to be sent to a mobile subscriber using a special data channel that does not require the establishment of an RF circuit.

Abstract: In one embodiment, a device in a network sets a timer interval based in part on a distance between the device and a backbone of the network. The device receives a unicast communication destined for a remote destination that was sent via broadcast. The device determines a count of receipt acknowledgements of the communication sent by other devices in the network. At the end of the timer interval, the device sends a receipt acknowledgement of the communication via broadcast, in response to the count of receipt acknowledgements sent by other devices in the network being below a threshold amount.

Abstract: In one embodiment, a device in a network sends a first multicast message to a plurality of destinations in the network. The first multicast message includes a first bitmap that identifies the destinations. The device receives one or more acknowledgements from a subset of the destinations. The device determines a retransmission bitmap that identifies those of the plurality of destinations that did not acknowledge the first multicast message, based on the received one or more acknowledgements. The device sends a retransmission multicast message to those of the plurality of destinations that did not acknowledge the first multicast message. The retransmission multicast message includes the retransmission bitmap.

Abstract: In one embodiment, a method is provided for using a server computer, creating and storing a first module name, a first indication of a first version, and a first signature for a first data model that is digitally stored in a digital electronic data storage unit; receiving a second data model from the data storage unit and identifying a second module name in the second data model; comparing the second module name of the second data model to the first module name of the first data model; determining that the first module name and the second module name comprise a same name, and in response thereto, identifying a second indication of a second version from a revision field of the second data model; using the server computer, comparing the second indication of the second version from the second data model to the first indication of the first version of the first data model; determining the first indication and the second indication indicate the same version, determining a second signature for the second data model

Abstract: In one embodiment, a traffic model manager node receives data flows in a network and determines a degree to which the received data flows conform to one or more traffic models classifying particular types of data flows as non-malicious. If the degree to which the received data flows conform to the one or more traffic models is sufficient, the traffic model manager node characterizes the received data flows as non-malicious. Otherwise, the traffic model manager node provides the received data flows to a denial of service (DoS) attack detector in the network to allow the received data flows to be scanned for potential attacks.