Abstract: In one embodiment, a device obtains a set of one or more configuration parameters of an online application accessed by a plurality of clients via a network. The device obtains path information regarding paths in the network via which the plurality of clients accesses the online application. The device determines an updated configuration parameter predicted by a prediction model to increase application experience of the online application based on the path information and the set of one or more configuration parameters. The device provides the updated configuration parameter for use by the online application.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: Process margin relaxation is provided in relation to a compensated-for process via a first optical device, fabricated to satisfy an operational specification when a compensated-for process is within a first tolerance range; a second optical device, fabricated to satisfy the operational specification when the compensated-for process is within second tolerance range, different than the first tolerance range; a first optical switch connected to an input and configured to output an optical signal received from the input to one of the first optical device and the second optical device; and a second optical switch configured to combine outputs from the first optical device and the second optical device.

Abstract: The techniques described herein relate to methods that include: obtaining criteria for a mobile network deployment; selecting a server configuration template for a server configuration based upon the criteria; generating the server configuration for the mobile network deployment based upon the server configuration template; validating the server configuration to ensure the criteria are met by the mobile network deployment of the server configuration; deploying the server configuration as the mobile network deployment; obtaining key performance indicators from the mobile network deployment; updating the mobile network deployment in response to obtaining the key performance indicators; and updating the server configuration template in response to obtaining the key performance indicators.

Abstract: In one embodiment, a method includes generating an application stack. The application stack includes an application logic module. The method also includes embedding a service mesh module into the application stack. The method further includes managing, by the service mesh module, security of a network packet while maintaining separation of memory regions between the application logic module and the service mesh module.

Abstract: A method, system, and apparatus for a coherent optical breakout; wherein the optical breakout has a laser; wherein the coherent optical breakout has a set of optical connections; wherein the set has at least two optical connections; wherein the coherent optical breakout enables coherent optical communication of X Gbs across each of the set of optical connections.

Abstract: In an enterprise network environment where there is deployment of two (or more) types of access network technologies, when a terminal device is unable to connect to one of the access networks, techniques are presented herein that the terminal device and the network can use for sharing error conditions/cause codes/remedial hints on the access technology that the terminal device is able to connect. With this approach, self-healing, proactive reporting and diagnostic actions are brought to terminal device access connectivity issues.

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

Abstract: A first access point of a wireless network minimizes Media Access Control (MAC) address collisions in the wireless network. The first access point receives an association request from a first wireless device. The association request identifies a first MAC address of the first wireless device. The first access point determines whether a second wireless device is associated with the wireless network using the first MAC address. Responsive to a determination that the second wireless device is associated with a second access point of the wireless network, the first access point obtains a virtual MAC address for the first wireless device. The first access point translates between the first MAC address and the virtual MAC address for network traffic of the first wireless device.

Abstract: A method includes detecting, by a mobile device, a light sequence emitted from a light emitting diode associated with an access point and determining, by the mobile device, an identifier for the access point based on the light sequence. The method also includes reporting, by the mobile device, a geospatial location of the mobile device and the identifier for the access point to an automated frequency coordination (AFC) server to perform AFC for the access point.

Abstract: Backup communication paths can be determined for use by different circuits of a network in the event of a failure of active communication paths. The disclosed backup path determination techniques can reduce contention in which multiple circuits share a backup path. Contention metrics are determined for communication paths in the network. The contention metrics are used to determine a communication path for contention reduction. A circuit that uses the communication path as a backup path is selected, and the backup path of the selected circuit is modified to avoid the communication path. Contention metrics can then be recalculated, and contention reduction techniques can be repeated until a desired convergence point is reached.

Abstract: The present technology addresses a need in the art for an automated tool that allows users to create network-based custom workflows for networks and associated management applications. The users do not need to have in-depth network knowledge to work with the tool or even write any code/script. The tool provides the users with a flexible graphical user interface for automated troubleshooting, network provisioning, and closed-loop automation. Further, the tool uses a domain-independent semantic machine reasoning engine as an underlying engine and a mock data engine to test and validate network-based workflows created by the users.

Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

Abstract: In one example embodiment, a server that is in communication with a network that includes a plurality of network elements obtains, from the network, a service request record that includes sensitive information related to at least one of the plurality of network elements. The server parses the service request record to determine that the service request record includes a sequence of characters that is repeated in the service request record, and tags the sequence of characters as a particular sensitive information type. Based on the tagging, the server identically replaces the sequence of characters so as to preserve an internal consistency of the service request record. After identically replacing the sequence of characters, the server publishes the service request record for analysis without revealing the sequence of characters.

Abstract: Techniques for dynamically adapting a router capacity to system needs in a network. The border router may receive a list of summarized prefixes for endpoint devices associated with the router from control-plane nodes. The router may store the list of summarized prefixes in memory of the border router. Once the router receives traffic that is destined for endpoint devices associated with the border router, it may determine that the destination address is included in the summarized prefixes. In some examples, the router may download complete prefixes from the control-plane nodes, and forward the traffic to the destination address indicated by the complete prefixes.

Abstract: The present technology addresses a need in the art for an automated and scalable mechanism to authorize a containerized process. An aspect of the present technology deals with authorizing an unprivileged process by a privileged process without embedding credentials or network access at the time of validation. The present technology provides the possibility for the privileged process to continuously (dynamically) validate the authenticity of the unprivileged process by performing a plurality of operations to ensure the unprivileged process has maintained its authenticity while having access to sensitive information.

Abstract: This disclosure relates to methods, systems, and non-transitory computer-readable storage media for integrating a multi-factor authentication system with a security system. The present technology can receive authentication data descriptive of a user associated with a user device. The present technology can also permit the user to access a secure physical location. The present technology can also limit capabilities of the user device while the user is within the secure physical location.

Abstract: Techniques for using global virtual network instance (VNI) labels in a multi-domain network to route network data with a multi-tenant network overlay are described herein. A routing device provisioned in a network domain of the multi-domain network may register with a service discovery system of the network domain for use of network configuration data to establish routes through the multi-domain network with network nodes. Each network domain of the multi-domain network may include an application programming interface (API) server for processing API requests to make changes to configurations of a network domain. A border gateway protocol (BGP) large community may be utilized to encode global VNI labels, network addresses, local next hop nodes, and/or additional network information and sent to routing devices provisioned in separate network domains. A service chain may be signaled by global VNI labels to route network traffic through various services prior to reaching a destination endpoint.

Abstract: In one embodiment, a device predicts, for each of a plurality of applications accessible via a network, quality metrics for different network paths where traffic for that application be routed via one or more paths among the different network paths. The device generates a congestion risk prediction model that predicts a risk of traffic congestion for a particular combination of: applications from among the plurality of applications, traffic flows associated with those applications, and paths among the network paths via which those traffic flows may be routed. The device performs a constrained optimization based on the predicted quality metrics and on the risk of traffic congestion predicted by the model, to assign traffic flows for the applications to a selected subset of the different paths. The device causes the traffic flows to be routed in the network via the selected subset of the different paths to which they are assigned.

Abstract: The present technology is directed to a system and method for implementing passive power harvesting from ambient electromagnetic emissions with a smart rectenna that incorporates automatic frequency response tuning features. The disclosed system incorporates a tunable High Pass Filter and voltage multiplier rectifier with a front-end ultra wide band antenna unit. The frequency response of tunable components can be actively adjusted to match the frequency band containing most of the energy in the incident electromagnetic emission. A look up table is used for determining the appropriate biasing levels of the tunable components for each frequency in a frequency band of interest. By tuning a frequency response of impedance matching, filtering and rectifying components to correspond to a frequency region of maximum power spectral density in the incident energy signal, the system facilitates the scavenging of ambient electromagnetic energy from the spectral region with the highest power spectral density.