Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media to encode network functions in a packet header. A method includes receiving a first packet from a source device that is to be delivered to a destination address through a network; determining a route to the destination address; identifying at least one network function for the first packet; encapsulating the first packet in a second packet, wherein a header of the second packet includes the route to the destination address in a destination address field and local processing metadata associated with the at least one network function in a source address field; and forwarding the second packet to a next network node of the network identified in the destination address.

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

Abstract: The present technology allows coordination of channels of private wireless networks utilizing shared licensed and unlicensed spectrum. Wireless network operators in an enterprise location register to participate in a consortium and register licensed, shared, and unlicensed spectrum resources to be shared with other members of the consortium. The wireless network operators request an allocation of spectrum resources from the consortium. The consortium generates a radio resource management (“RRM”) plan for shared use of the licensed, shared, and unlicensed spectrum resources. The consortium combines the allocated licensed, shared, and unlicensed spectrum from each of the wireless network operators to meet the target RRM plan. The consortium monitors spectrum utilization to dynamically update the RRM. The consortium monitors spectrum utilization in real time to determine how closely the RRM plan matches the resources allocated to each wireless network operator.

Abstract: Interoperable Transmit Power Envelop (TPE) signaling with Automated Frequency Coordination (AFC) frequency response may be provided. First, AFC information may be received. Next a mask may be determined for a punctured channel indicated in the AFC information. Then a first amount may be determined that the mask needs to be altered to reach an AFC response for the punctured channel indicated in the AFC information. A Transmit Power Envelop (TPE) value may then be reported for the punctured channel comprising the first amount plus a second amount.

Abstract: An epoch scheme for Station (STA) privacy and, specifically, a structured Media Access Control (MAC) address rotation schedule for STAs may be provided. Providing an epoch scheme for STA privacy can include determining epoch parameters for a STA, the epoch parameters comprising a minimum epoch period duration and a maximum epoch period duration. The epoch parameters are sent to the STA, wherein the STA is operable to rotate a MAC address each epoch period at a time between the minimum epoch period duration and the maximum epoch period duration. A mapping of the STA and the MAC address can be updated each epoch period.

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

Abstract: Techniques for determining a preferred HTTP protocol for communication between a client device and a server over a network are described. A first type of HTTP probe is transmitted over a network from a client device to a server. A second type of HTTP probe is transmitted over a network from the client device to the server. If either the first type of HTTP probe response or the second type of HTTP probe response, the type of the HTTP probe response received is the preferred communication protocol. If the first type of HTTP probe response and the second type of HTTP probe response is received, a type of HTTP probe response received first is the preferred communication protocol. The client device communicates with the server over the network using the preferred communication protocol.

Abstract: A method of provisioning a network may include, with a network controller, identifying a first network intent of a computing network based at least in part on an execution of a user interface (UI) or API layer at a client device, and identifying a modification of at least one object within the first network intent within the UI or API layer at the client device as the first network intent is being modified. The modification defines a delta between the first network intent and a second network intent. The method may further include, with a provisioning service executed by the network controller, receiving the delta as a payload from the client device, and provisioning at least one computing device within the computing network based at least in part on the delta. The method further includes automatically modifying the at least one object based on the received delta, including a further modification of the second network intent.

Abstract: In one embodiment, a device receives, via a user interface, definition of a first sequence of transactional milestones performed by users of an online application and identified using a first type of identifier. The device also receives, via the user interface, definition of a second sequence of transactional milestones performed by users of the online application and identified using a second type of identifier. The device further receives, via the user interface, definition of a key transition associated with at least one transactional milestone in the first sequence of transactional milestones or second sequence of transactional milestones that links the first type of identifier with the second type of identifier. The device represents, using the key transition, performance of the first sequence of transactional milestones and the second sequence of transactional milestones by a particular user of the online application as a unified sequence.

Abstract: Techniques for enabling service insertion using dynamic service path selection are described herein. In some aspects, the techniques described herein relate to avoiding a service route that passes through a service router when the second-leg path from the service router to a destination router is unreachable. In some cases, the techniques described herein relate to avoiding a route that includes a service router that does not have a path to a viable target in a core service region.

Abstract: In one embodiment, a device causes, in accordance with a probing strategy, performance of a probing test by one or more agents in a network and with respect to an online application. The device obtains quality of experience measurements for the online application. The device adjusts, using reinforcement learning, the probing strategy based on how well a predictive model was able to predict the quality of experience measurements given results of the probing test. The device repeats the causing, obtaining, and adjusting steps using the probing strategy adjusted by the device, to find a minimally disruptive probing strategy that provides acceptable performance by the predictive model.

Abstract: A computing device receives an ingest preview request to preview events to be stored by at least one indexer. Responsive to the ingest preview request, the computing device sends a subscription request to the forwarders. The forwarders receive the subscription request and intercept the events that are being sent to at least one of the indexers. The forwarders then clone matching events to the subscription request and responds to the computing device with the matching events. When the computing device receives the matching events, the computing device adds the matching events to a dispatch directory. The user interface is then populated with events in the dispatch directory.

Abstract: A computer-implemented method includes a processing node sending a request that includes an identified alert record from a shared alert data store that is shared amongst a cluster of processing nodes including the processing node. The processing node receives, responsive to the request, a delete alert record uniquely identifying the identified alert record and including an annotation identifying a new delete alert record as being a delete alert record type. The processing node matches, responsive to the annotation, the delete alert record to a local copy of the identified alert record based on the delete alert record uniquely identifying the identified alert record. The processing node deletes, based on the annotation, the local copy of the identified alert record according to the delete alert record.

Abstract: A pluggable device and method are presented. The pluggable device includes a substrate, a first pin positioned on the substrate, an optical source positioned on the substrate, and an integrated circuit positioned on the substrate. The optical source produces a source optical signal and transmits the source optical signal through the first pin. The integrated circuit transmits a received optical data signal and transmits a data signal based on a portion of the optical data signal.

Abstract: The disclosed technology relates to a process for optimizing data flow within a computer network. The technology utilizes shared memory and machine learning logic to improve the efficiency of how computing resources are used during a transmission of data packets in the computer network. The shared memory is implemented during the transmission of data packets between the data plane and the service plane so that the copying of data packets after the data packets have been received and processed by an application is not necessary. The machine learning logic is implemented during the processing of the data packets in order to adjust a frequency or extent that the data packets (and corresponding source of the data packets) need to be evaluated to ensure that malicious content is not being transmitted across the computer network.

Abstract: An example method of implementing a layered feature set management model by a service monitoring system includes: monitoring a feature set configuration associated with a specified application instance; setting, based on the feature set configuration, a feature set level transition marker associated with the specified application instance; identifying, based on a current feature set level associated with the specified application instance and the feature set level transition marker, a new feature set level associated with the specified application instance; identifying a new feature set corresponding to the new feature set level and one or more roles associated with a specified user; and configuring a graphical user interface (GUI) enabling the new feature set for the specified user of the specified application instance.

Abstract: The disclosure provides a method for providing an enterprise gNB for connection to a 5G packet core network. The method includes provisioning the enterprise gNB. The enterprise gNB hosts a local user plane function (L-UPF). The method also includes configuring the 5G packet core network comprising a session management function (SMF) to select the local user plane function to service user equipment (UE) connected to the enterprise gNB.

Abstract: This technology allows time synchronization in wireless networks with mobile stations. A wireless network controller transmits instructions to access points (“APs”) within the wireless network to monitor transmissions for time synchronization. One or more second APs observe fine time measurement (“FTM”) exchanges between a first AP and a mobile station. A particular second AP determines whether to perform a time synchronization with the first AP based on the detection of the FTM exchange or a determination that the station is moving toward the second AP. For time synchronization, the second AP determines the time that the first AP transmitted the FTM exchange and the time of transmission from the first AP to the second AP. The second AP synchronizes a second AP clock to the summation of the time of the transmission of the FTM exchange and the time of transmission from the first AP to the second AP.

Abstract: Techniques for leveraging efficient metadata communications to improve domain name system (DNS) security are described. The DNS service uses a hash value to uniquely identify a client, and detect any change in metadata in order to keep policies up-to-date for the client. In an example method a first DNS query for a client device is intercepted. A cryptographic hash function is applied to metadata associated with the client device to generate a hash value. The hash value is added to an additional records section of the first DNS query to generate a second DNS query. The second DNS query is transmitted to a DNS service. The metadata associated with the client device is transmitted to the DNS service on an out-of-band encrypted channel. A DNS response, including the hash value, is received from the DNS service and transmitted to the client device.

Abstract: In one embodiment, Ethernet Virtual Private Network (EVPN) is implemented using Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) underlay network and SRv6-enhanced Border Gateway Protocol (BGP) signaling. A particular route associated with a particular Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) Segment Identifier (SID) is advertised in a particular route advertisement message of a routing protocol (e.g., BGP). The SID includes encoding representing a particular Ethernet Virtual Private Network (EVPN) Layer 2 (L2) flooding Segment Routing end function of the particular router and a particular Ethernet Segment Identifier (ESI), with the particular SID including a routable prefix to the particular router. The particular router receives a particular packet including the particular SID; and in response, the particular router performs the particular EVPN end function on the particular packet.