Abstract: Techniques for encoding metadata representing a policy into a QUIC connection ID are described herein. A metadata-aware network including one or more enforcement nodes, a policy engine, and/or a connection datastore may be utilized to enforce a policy and route communications on a QUIC connection. The policy engine may be configured to encode metadata representing one or more network policies into a QUIC source connection ID (SCID) and/or may store a mapping between the SCID and a corresponding destination connection ID (DCID) in the connection datastore. The policy engine may communicate with a QUIC application server and/or one or more QUIC proxy nodes to encode the SCID into a QUIC packet. The enforcement nodes may access the metadata and enforce the policies via a connection ID included in a QUIC header of a QUIC packet or by performing a lookup in the connection datastore using the connection ID.

Abstract: In one embodiment, a data sharing platform uses data associated with a data owner to share data via a plurality of sharing services, each sharing service in the plurality of sharing services providing a different type of data. The data sharing platform tracks access to each of the plurality of sharing services. The data sharing platform computes, based in part on the access to each of the plurality of sharing services, an importance metric for the data associated with the data owner. The data sharing platform provides an indication of the importance metric for display to the data owner.

Abstract: A virtual collaboration system provides communication between a plurality of participants via a collaboration session that includes a corresponding plurality of participant devices. The collaboration session facilitates communication between the participant devices via a plurality of communication channels over which the participants communicate. For example, in some embodiments, the channels include one or more of a video channel, audio channel, or document sharing channel. A participant designates in which of the plurality of channels they will participate, and the designations are communicated to other participants. This provides a broader understanding of each participant's circumstances and ability to engage across the different channels with the plurality of participants.

Abstract: Techniques for operationalizing workloads at edge network nodes, while maintaining centralized intent and policy controls. The techniques may include storing, in a cloud-computing network, a workload image that includes a function capability. The techniques may also include receiving, at the cloud-computing network, a networking policy associated with an enterprise network. Based at least in part on the networking policy, a determination may be made at the cloud-computing network that the function capability is to be operationalized on an edge device of the enterprise network. The techniques may also include sending the workload image to the edge device to be installed on the edge device to operationalize the function capability. In some examples, the function capability may be a security function capability (e.g., proxy, firewall, etc.), a routing function capability (e.g., network address translation, load balancing, etc.), or any other function capability.

Abstract: Network side beacon reports (NSBRs) may be generated based on probe signals received from one or more client devices (CDs) in a wireless network. Once enabled, an NSBR mode is configured to generate NSBRs remotely from a CD. When in the NSBR mode, an NSBR may be generated based on compiled probe signal parameters associated with one or more probe signals received from the CD.

Abstract: Systems, methods, and computer-readable media for locally applying endpoint-specific policies to an endpoint in a network environment. A network device local to one or more endpoints in a network environment can receive from a centralized network controller one or more network-wide endpoint policies. A first endpoint of the one or more endpoints can be configured to inject policy metadata into first data traffic. Policy metadata injected into the first traffic data can be received from the first endpoint. The network device can determine one or more first endpoint-specific polices for the first endpoint by evaluation the first policy metadata with respect to the one or more network-wide endpoint policies. As follows, the one or more first endpoint-specific policies can be applied to control data traffic associated with the first endpoint.

Abstract: In one embodiment, a device instruments an application to generate OpenTelemetry trace data during execution of the application. The device detects an occurrence of a security event during execution of the application. The device identifies a correlation between the security event and the OpenTelemetry trace data. The device provides an indication of the security event in conjunction with the OpenTelemetry trace data, based on the security event being correlated with the OpenTelemetry trace data.

Abstract: In one embodiment, a method includes receiving a request to establish a path for a data stream from the first network apparatus to a second network apparatus, where the request is associated with a requested bandwidth for the data stream, and where the first network apparatus and the second network apparatus are connected by a link aggregation group including a number of physical Ethernet links, accessing bandwidth information representing a number of remaining bandwidths of the respective multiple of physical Ethernet links, determining that the requested bandwidth is not satisfied by any of the number of remaining bandwidths of the number of physical Ethernet links, and sending a response rejecting the request to establish the path.

Abstract: Embodiments herein describe using translation mappings and security contracts to establish interconnects and policies between switching fabrics at different sites to create a unified fabric. In one embodiment, a multi-site controller can stretch endpoint groups (EPGs) between the sites so that a host or application in a first site can communicate with a host or application in a second site which is assigned to the same stretched EPG, despite the two sites have different namespaces. Further, the shadow EPGs can be formed to facilitate security contracts between EPGs in different sites. Each site can store namespace translation mapping that enable the site to convert namespace information in packets received from a different site into its own namespace values. As a result, independent bridging and routing segments in the various sites can be interconnected as well as providing application accessibility across different fabrics with independent and private namespaces.

Abstract: AP coordination, and more specifically intelligent AP coordination using a graph network and reinforcement learning may be provided. AP coordination may include translating a physical space into a logical space, wherein the physical space is being evaluated for AP coordination. A machine learning process may predict signal strengths of signals sent by one or more Access Points (APs) and received by one or more Stations (STAs), wherein the machine learning process uses the logical space, and wherein each STA is in a location of the physical space. One or more AP placements may be evaluated based on the signal strengths, and a recommended AP placement may be determined based on the evaluation.

Abstract: Systems and methods for providing adaptive probe responses may be provided. An Access Point (AP) may receive a new probe response configuration, and compare the new probe response configuration to an old probe response configuration. The AP may determine that AP is operating in an ignore, a duplicate, or a hybrid mode based on the comparison of the new probe response configuration to the old probe response configuration. The AP may determine one or more probe response structures using the new probe response configuration and/or the old probe response configuration based on the mode the AP is operating in. When the AP receives a probe request from a Station (STA), the AP may send one or more probe responses in the probe response structures based the mode the AP is operating in.

Abstract: Increased channel availability may be provided. A computing device may receive radio channel information comprising a radio channel to operate within and an incumbent indication indicating whether an incumbent is using the radio channel. Next, power to operate a radio at may be determined based on the incumbent indication. When the incumbent indication indicates an incumbent is present on the radio channel, determining the power to operate the radio based on the incumbent indication comprises: i) determining a first power level for subcarriers in the radio channel that are non-overlapping with a portion of the radio channel used by the incumbent; and ii) determining a second power level for subcarriers in the radio channel that are overlapping with the portion of the radio channel used by the incumbent wherein the first power level is greater than the second power level. The radio may then be operated at the determined power.

Abstract: A multi-layer substrate stacking a plurality of insulating substrates supports one or more devices. Each substrate includes a face supporting conductive traces and edges surrounding the face at a substantially perpendicular angle. The multi-layer substrate includes a ground plane on a first substrate and a power plane on a second substrate. The ground plane is connected to at least one ground pad disposed on a first edge of the first substrate, which provides a low inductance ground path to the ground plane. The power plane is connected to at least one power pad disposed on a second edge of the second substrate, which provides a low inductance power path to the power plane.

Abstract: A method for encoding a sequence of packets includes receiving the sequence of packets, generating a parity packet for a first group of packets within the sequence of packets, and transmitting the first group of packets and the parity packet. The parity packet is generated by performing an exclusive OR (XOR) operation over a plurality of packets in the first group of packets and at least one packet in a second group of packets. The second group is separated from the first group in the sequence by one or more packets.

Abstract: In one embodiment, a method includes a method includes receiving, by a headend node, network traffic. The method also includes determining, by the headend node, that the network traffic matches a service route. The method further includes steering, by the headend node, the network traffic into an SR-TE policy. The SR-TE policy is associated with the service route and includes a security level constraint.

Abstract: In one embodiment, a service in a network computes an expected information gain associated with rerouting traffic from a first tunnel onto a backup tunnel in the network. The service initiates, based on the expected information gain, rerouting of the traffic from the first tunnel onto the backup tunnel. The service obtains performance measurements for the traffic rerouted onto the backup tunnel. The service uses the performance measurements to train a machine learning model to predict whether rerouting traffic from the first tunnel onto the backup tunnel will satisfy a service level agreement (SLA) of the traffic.

Abstract: Aspects described herein include an exclusionary approach for basic service set (BSS) color selection and assignment in a network. A network controller for a network selects a radio associated with an access point (AP) under management of the network controller and determines a potential set of BSS colors for the radio. The network controller then removes/excludes a set of BSS colors that impacts the radio from the potential set of BSS colors and updates or assigns a BSS color for the selected radio using the potential set of BSS colors, minimizing the chances that the assigned BSS color will cause an overlapping BSS color condition in the network.

Abstract: A selection to activate a standby layout during the online meeting is received from a user device associated with a host of an online meeting. The online meeting including the host and one or more participants. The standby layout is provided for display on the user device associated with the host. The standby layout is populated with standby content based on selections from the host and one or more content streams associated with the standby content are transmitted to the host and the one or more participants. A selection is received from the host to synchronize the standby layout as a current layout for the online meeting for the one or more participants and the standby layout is broadcast to the one or more participants for display as the current layout for the online meeting in response to receiving the selection.

Abstract: In one example embodiment, a communication group for a communication space is determined from among a plurality of communication groups of a communication system based on comparisons of a plurality of attributes of the communication space to corresponding attributes and content of the plurality of communication groups. The communication space includes communication sessions between members and the plurality of communication groups include one or more from a group of communication spaces and communication threads. The communication space is placed within the communication group on the communication system.

Abstract: The present disclosure is directed to network traffic management and load balancing at a cloud-based secure access service accessible to remotely connected user devices. In one example, a cloud-based secure service system includes a network controller configured to receive network traffic from one or more user devices remotely connected to the controller; parse the network traffic into flow data and contextual information associated with the network traffic; determine that the network traffic is to be serviced by a target firewall service at the cloud-based secure service system based on the flow data and the contextual information; and direct the network traffic to the target firewall service to be serviced.