Abstract: A network device has a first OS component, a second OS component is added to run concurrently with the first. The first OS component transmits routing information to the second OS component where it is stored in memory. The second OS component registers with a routing infrastructure to receive packets that are routed to the first OS component. A timestamp and a first ID are added to a first instance of a packet and transmitted to the first OS component. The timestamp and a second ID are added to a second instance of the packet and transmitted to the second OS component. First functionality data for the first OS component is transmitted to a controller. Second functionality data for the second OS component is transmitted to the controller. The first and second functionality data are compared to determine whether to replace the first OS component with the second OS component.

Abstract: A method, network device, and computer program product for network traffic diversion are disclosed. In one embodiment, a method according to the present disclosure includes receiving a frame at a core edge node that is a member of a redundancy group (where the frame comprises network address information and a packet), and determining whether a link is affected by a network failure. The frame was sourced by a remote core edge node that is not a member of the redundancy group, and the network address information indicates that the packet is to be forwarded via the link. In response to the link being affected by the network failure, the method further includes generating a modified frame and forwarding the modified frame to another core edge node. The generating comprises including a redirect label in the modified frame. The another core edge node is another member of the redundancy group.

Abstract: Techniques for a network controller associated with a firewall service to determine a network policy based on operational tolerances associated with a device, and cause the network policy to be provisioned at the firewall service where control commands, such as, for example, supervisory control and data acquisition (SCADA) commands, may be allowed or denied transmission to the device based on the operational tolerance(s) associated with the device. In some examples, the network controller may be configured as a manufacturer usage description (MUD) controller configured to transmit a MUD uniform resource identifier (URI), emitted by the device, to a MUD file server associated with the manufacturer of the device. The MUD file may be enhanced to include the operational tolerances associated with the device and transmitted back to the MUD controller where it may be parsed to determine a corresponding network policy.

Abstract: In one example, an indication of a time during which a network communication obtained from a first network node was processed by the first network node, and an indication of a propagation delay from a second network node to the first network node, are obtained. A time during which the network communication was processed by the second network node is determined. A propagation delay from the first network node to the second network node is calculated based on the time during which the network communication was processed by the first network node and the time during which the network communication was processed by the second network node. A difference between the propagation delay from the first network node to the second network node, and the propagation delay from the second network node to the first network node, is determined and compensated is made for that difference.

Abstract: This disclosure describes techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.

Abstract: In one embodiment, a system for allocating clients between radios of an access point is disclosed. The system includes a first antenna coupled to a first radio, a second antenna coupled to a second radio, and a monitoring radio coupled to the first antenna and second antenna. The system includes computer-readable instructions that cause the system to receive at the monitoring radio, a first client attribute from each of a plurality of first client devices, and a second client attribute from each of a plurality of second client devices, and provide each aforementioned attribute to an optimization function. The system determines, with the optimization function, that one of the first radio and second radio will optimize performance for at least one device of the plurality of first client devices and second client devices and steer the at least one device accordingly.

Abstract: Presented herein are techniques to support handovers in hybrid cell configuration environments. In one example, a method may include determining that a user equipment (UE) is connected to a first shared cell or a first unique cell of a radio access network; and causing a handover for the UE to a second shared cell or a second unique cell of the radio access network based on whether the UE is connected to the first shared cell or the first unique cell, wherein the handover is performed between one of the first shared cell and the second shared cell or the first unique cell and the second unique cell.

Abstract: A method for providing a symbiotic network orchestrator utilized to automatically commission edge computing devices on corporate computing networks and edge site computing networks is presented. The method includes receiving an indication of a potential connection of an edge computing device to one or more computing networks associated with the orchestrator. The one or more computing networks includes a corporate computing network and an edge site computing network. The method further includes determining, based on the corporate computing network, the edge site computing network, and a predetermined set of rules, an intent for commissioning the edge computing device, reconfiguring, based on the intent, the corporate computing network and the edge site computing network, and commissioning the edge computing device on one or more of the corporate computing network or the edge site computing network in accordance with the reconfiguring.

Abstract: Excess slot-time re-farming may be provided. A first Access Point (AP) may be received by a first Access Point (AP). Next, excess time in the slot allocation may be determined. Then wireless exchanges may be used to allocate the excess time in the slot allocation to a second AP.

Abstract: Differential time synchronization and scheduling may be provided. A first Access Point (AP) may wirelessly receive time-base translation parameters of a second AP. The first AP and the second AP may be neighboring. Next, a first transmission schedule for the first AP and a second transmission schedule for the second AP may be maintained. Then the second transmission schedule for the second AP may be translated into a time-base of the first AP based on the time-base translation parameters of the second AP. Then the first AP may transmit based upon the first transmission schedule for the first AP and the translated second transmission schedule for the second AP.

Abstract: A method, computer system, and computer program product are provided for performing policy enforcement, attestation, and network forensics. A universal reference for a computing entity is obtained, wherein the universal reference identifies one or more components of the computing entity by additional universal references assigned to the one or more components. A hierarchical description of the computing entity is determined by enumerating each additional universal reference of the one or more components and additional sub-components, wherein the hierarchical description exhaustively identifies the components and sub-components of the computing entity. The hierarchical description is analyzed by accessing a database to identify mappings of the one or more additional universal references to the one or more components and sub-components.

Abstract: Presented herein are techniques to conserve power by network devices in a software define wide area network (SDWAN). A method includes monitoring operations of a software defined wide area network including a network device in the software defined wide area network, based on results of the monitoring, generating a usage model for the network device, determining, based on the usage model, an interface selection scheme for the network device, and causing the network device to execute the interface selection scheme.

Abstract: A method comprises, at a first router configured to perform Bit Index Explicit Replication (BIER) for forwarding of multicast packets in a network, storing configuration information that indicates that the first router belongs to multiple subdomains of a BIER domain, and is able to forward the multicast packets for a virtual private network on the multiple subdomains. The method further comprises, during an auto-discovery procedure, generating an auto-discovery message to include an auto-discovery route and route attributes that indicate the multiple subdomains, and sending the auto-discovery message to a second router of the virtual private network the network.

Abstract: Presented herein is an air vent including a plate, and a non-uniform array of openings extending through a thickness of the plate. The non-uniform array of openings arranged to admit a flow of cooling air through the plate. The plate and the non-uniform array of openings are arranged to attenuate electromagnetic interference (EMI) emitted through the plate.

Abstract: Techniques for improving options templates for network traffic monitoring and analysis, using pull mode by a network collector device, and sending an acknowledgement, by the network collector device that the download was successfully received are described. The techniques may include transmitting, by a network collector device and to a network edge device, a request to download a full options template, receiving, by the network collector device, responses from the network edge device, each response including a segment of the full options template and each segment including a last segment flag indicating whether the segment is a last segment, and in response to receiving a segment having the last segment flag set, transmitting, by the network collector device and to the network edge device, an acknowledgement that the full options template has been received.

Abstract: In one embodiment, a method includes receiving, by a WebAuthn proxy, login prompt information from a browser. The WebAuthn proxy and the browser are installed on a device. The method also includes generating, by the WebAuthn proxy, a WebAuthn credential request based on the login prompt information and communicating, by the WebAuthn proxy, the WebAuthn credential request to a WebAuthn authenticator. The method further includes receiving, by the WebAuthn proxy, a WebAuthn response from the WebAuthn authenticator and communicating, by the WebAuthn proxy, the WebAuthn response to the browser.

Abstract: A method is provided for deterministically generating a photonic resource state for computational quantum computing. The method includes producing a sequence of emitted photonic qubits. The sequence of emitted photonic qubits is directed to an optical circulator of a passive entanglement component. The passive entanglement component includes the optical circulator, a delay line, and a Controlled-Z (CZ) gate. Each photon in the sequence of emitted photonic qubits is reflected at the end of the first delay line to generate a sequence of reflected photonic qubits after a predetermined time delay. The CZ gate entangles the sequence of emitted photonic qubits with the sequence of reflected photonic qubits. The optical circulator directs a resource state generated from the sequence of reflected photonic qubits entangled with the sequence of emitted photonic qubits to an output of the passive component. The resource state is emitted as a sequence of entangled photonic qubits.

Abstract: Techniques and architecture are described grouping various sources of traffic within a network into grouping fields and assigning each combination of grouping field values an aggregate identification (ID). A first hop edge router may receive a packet and search a mapping table for a corresponding aggregate ID for the combination of grouping field values within the mapping table. If not found, the first hop edge router may assign a corresponding aggregate ID for the combination of grouping field values and store the new aggregate ID for the combination of grouping field values in the mapping table. The first hop edge router may forward the packet on through the network with the aggregate ID embedded in metadata. Routers within the network may measure and aggregate flow metrics of the packet within the network based on the aggregate ID and provide the measurements to the network controller.

Abstract: According to certain embodiments, a router comprises one or more processors and one or more computer-readable non-transitory storage media. The one or more computer-readable non-transitory storage media comprise instructions that, when executed by the one or more processors, cause one or more components of the router to perform operations comprising determining an occurrence of one or more network events associated with a multicast service, generating route exchange information associated with the multicast service locally by the router based on the one or more network events, and using the route exchange information locally to configure the router.

Abstract: According to some embodiments, a method performed by a software defined wide area network (SD-WAN) controller communicably coupled to a voice gateway comprises determining a user profile from one or more stored user profiles is to be associated with an analog telephone and transmitting the user profile to the voice gateway. In particular embodiments, the SD-WAN controller may receive a request to associate the analog telephone with a user from the voice gateway.