Abstract: Techniques for migrating on-premises and/or cloud-based workloads to follow a network session as it potentially migrates, due to multipathing techniques, across multiple edge and/or cloud datacenters. The techniques may include determining, by a controller of a network, that a traffic flow between an endpoint device and a workload has migrated to a different path of a multipath flow such that the traffic flow terminates at a different termination point than the workload. Based at least in part on determining that the traffic flow has migrated, the controller may cause a migration of a state of the workload to a location associated with the different termination point. That is, the controller may cause the workload to be migrated in its current state, which may be specific to the endpoint device, to follow the traffic flow.

Abstract: A multicast state is generated within a Layer 2 (L2) fabric through a set of L2 tunnel router devices within the L2 fabric. The multicast state is generated without forwarding multicast traffic through Layer 3 (L3) gateways. When a data packet is received for distribution to other devices in the L2 fabric, an underlay multicast tree is defined at an L2 tunnel router device that is to serve as the multicast source for the data packet in the L2 fabric. The data packet is streamed to the other devices through the L2 tunnel router device along the underlay multicast tree without forwarding the data packet through the L3 gateways.

Abstract: The present technology pertains to receiving a tag associating at least one routing domain in an on-premises site with at least one virtual network in a cloud environment associated with a cloud service provider. The present technology also pertains to the automation of populating route and propagation tables with the cloud service provider.

Abstract: Systems, methods, and computer-readable media for intelligent webhook are described herein. The intelligent webhook can insert code into one or containers associated with an application being deployed by an orchestration service. The code enables the intelligent webhook to monitor operations, including startup, of a container mutated to include the code. The intelligent webhook has knowledge of whether a mutated container failed to startup in a prior instance, and if it fails, the intelligent webhook can insert a modified version of the code and/or adjust resource limit constraints to facilitate mutation of a container scheduled to be deployed with an application.

Abstract: In one embodiment, a device obtains data indicative of quality of experience for an online application. The device predicts, based on the data, path performances of network paths between an endpoint and the online application for different traffic loads. The device selects traffic loads for the network paths between the endpoint and the online application, based on the path performances predicted by the device. The device causes application traffic to be load balanced across the network paths between the endpoint and the online application, in accordance with those traffic loads selected by the device.

Abstract: Techniques for sharing the probing of software-as-a-service clouds among a cluster of routers are described herein. The techniques may include establishing a first path between a cluster of routers and an application infrastructure. Establishing a second path between the cluster of routers and the application infrastructure. Designating a first router in the cluster of routers to send probes over the first path to the application infrastructure. Designating a second router in the cluster of routers to send probes over the second path to the application infrastructure. Distributing, by the first router and to the cluster of routers, first routing performance data indicating a performance of the first path when communicating with the application infrastructure over the first path, distributing, by the second router and to the cluster of routers, second routing performance data indicating a performance of the second path when communicating with the application infrastructure over the second path.

Abstract: A system is provided for supporting roaming between LTE EPC network and 5G network of a first mobile network operator by 5GC network of a second network operator. The system may include the EPC network including a serving gateway in communication with a 4G base station being in the EPC network. The system may also include the 5G network of the first mobile network operator including a vSMF in communication with a 5G base station being in the 5G network of the first network operator. The system may also include the 5GC network of the second network operator including a hSMF. The vSMF is configured to receive a communication from the serving gateway to anchor mobility between the LTE EPC network and the 5G network of the first mobile network operator, and to communicate with the hSMF in the 5GC network of the second network operator using 5G roaming interfaces.

Abstract: A multi-link procedure to identify link disablement in Basic Service Set (BSS) transition management frames may be provided. First, a Basic Service Set (BSS) Transition Management (BTM) request may be created. The BTM request may indicate a link disablement that will happen in the future. Then the BTM request may be sent.

Abstract: Low Latency, Low Loss, Scalable Throughput (L4S) support and queuing and, specifically, L4S proxy support for non-L4S-compatible devices and L4S queuing for Access Points (APs) may be provided. Providing L4S support can include determining a flow for a L4S capable Station (STA) is L4S enabled. In response to determining the flow is L4S enabled, a shallow queuing mechanism is implemented for queuing traffic by replacing one or more alternate queues with one or more L4S queues, the shallow queuing mechanism comprising one or more classic queues and the one or more L4S queues. L4S traffic of the flow is queued in at least one of the one or more L4S queues.

Abstract: In one embodiment, a method comprises: obtaining, by a process, path trace data collected by a plurality of performance monitoring agents across a computer network; obtaining, by the process, one or more catalogs having application-based correlation information for the path trace data; generating, by the process, network mapping directed graphs by correlating the path trace data using the one or more catalogs, the network mapping directed graphs logically comprising nodes categorized at a plurality of levels of aggregation and edges connecting the nodes; associating, by the process, test-based performance data with the edges of the network mapping directed graphs; and providing, by the process, at least one Sankey diagram based on the network mapping directed graphs and test-based performance data associated with their edges for selectable display by a user interface.

Abstract: The present technology is generally directed to optimizing a non-3GPP untrusted Wi-Fi to 5G system handover followed by Evolved Packet System (EPS) fallback, more specifically, to delaying removal of the Wi-Fi session resources and creating a voice flow as part of the EPS fallback.

Abstract: This disclosure describes techniques for device to device authentication. For instance, a first device may detect a second device, such as when a user physically attaches the second device to the first device or when the second device wireless communicates with the first device. A component of the first device and/or an authentication entity may then determine to authenticate the second device. In some instances, the component determines to authenticate the second device using information associated with an environment of the second device. To authenticate the second device, the authentication entity may send a request to a user, receive a response from the user, and then verify the response. After the authentication, the first device may determine that the second device includes a trusted device and establish a connection with the second device.

Abstract: In one embodiment, a device identifies a set of attributes from telemetry data generated by one or more agents regarding an online application accessible via a network. The device provides an interactive display to a user interface that includes options for a user to specify a selection of one or more attributes from the set of attributes and to specify an aggregation function. The device updates the interactive display to show a visualization of the aggregation function applied to the selection of one or more attributes and configures the one or more agents to collect only a subset of the telemetry data based on the selection of the one or more attributes and the aggregation function.

Abstract: Backscatter Device (BKD) scheduling and, specifically, narrowband BKD excitation for multiple BKD scheduling may be provided. An AP may determine to transmit an excitation transmission to a plurality of BKDs. The AP may determine a trigger frequency for each of the plurality of BKDs, and the AP may transmit an excitation transmission comprising a plurality of excitation signals. Each excitation signal may have a frequency corresponding to one of the trigger frequencies for the plurality of BKDs. The plurality of excitation signals may be ordered for the plurality of BKDs to perform backscattering (i) concurrently; (ii) staggered in a single Transmit Opportunity; or (iii) a combination of (i) and (ii).

Abstract: This disclosure describes techniques for identifying the criticality of an asset in a network. In an example method, a first security metric of a first asset in a network, as well as network data that identifies data flows associated with a second asset in the network are identified. The second asset is a nearest neighbor of the first asset in the network. The method includes determining, based on the network data, a number of hosts in the network that exchanged data traffic with the second asset during a time period and generating a second security metric of the second asset based on the first security metric and the number of hosts. A security policy of the second asset is adjusted based on the security metric.

Abstract: Techniques for an email-security system to screen emails, extract information from the emails, analyze the information, assign probability scores to the emails, and classify the emails as likely fraudulent or not. The system may analyze emails for users and identify fraudulent emails by analyzing the contents of the emails. The system may evaluate the contents of the emails to determine probability score(s) which may further determine an overall probability score. The system may then classify the email as fraudulent, or not, and may perform actions including blocking the email, allowing the email, flagging the email, etc. In some instances, the screened emails may include legitimate brand domain addresses, names, images, URL(s), and the like. However, the screened emails may contain a reply-to domain address that matches a free email service provider domain. In such instances, the email-security system may assign a probability score indicative that the screened email is fraudulent.

Abstract: A method includes receiving, at a chaos level engine, initial input parameters. The method may further include, with the chaos level engine, determining scaled input parameters based on the initial input parameters. The scaled input parameters define how the initial input parameters effect a computing environment to be tested. The method may further include, with the chaos level engine determining a chaos level for performing a chaos experiment on the computing environment based on the scaled input parameters and sending the chaos level to the computing environment for the chaos experiment. The method may further include, with the chaos level engine, receiving, from the computing environment, feedback defining an impact caused by the chaos experiment created at the computing environment and an intended level of chaos.

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

Abstract: An access point in a wireless network communicates wirelessly with one or more client devices over a channel that includes a plurality of subchannels. Radar is detected on a first subchannel of the plurality of subchannels. It is determined to puncture the first subchannel, based on the detecting the radar on the first subchannel and based on one or more puncturing factors. The first subchannel is punctured, the puncturing comprising muting one or more subcarriers on the first subchannel.

Abstract: A system and associated methods provide solutions for reducing a volume of traffic through a multicast network attributed to repeated maintenance messages, which are required in order to maintain a multicast connection. The system configures provider edge devices to generate and send maintenance messages on behalf of members of a multicast group to establish and maintain the multicast connection and provides options for determining unknown locations of sources and/or subscribers, thereby reducing the overall volume of traffic transmitted over the multicast network.