Abstract: Multi-link selection based on Transmit Power Control (TPC) may be provided. A computing device may receive Multi-Link Device (MLD) association information associated with a client device. The MLD association information may describe MLD links the client device may require. A set of MLD links available on a network may be determined based on the MLD association information. The determined set of MLD links may then be sent to the client device.

Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.

Abstract: In one embodiment, a method includes identifying, by a network component, a first segment identifier (SID) within a SID list. The first SID includes a first SID block and a first micro SID (uSID). The method also includes initializing, by the network component, a packing list of a uSID carrier with the first uSID of the first SID and initializing, by the network component, a packing block of the uSID carrier with the first SID block of the first SID. The method further includes initializing, by the network component, a remaining packing capacity of the packing list with a carrier capacity of the first SID and initializing, by the network component, an empty compressed SID list.

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.

Abstract: Techniques and mechanisms for using passively collected network data to automatically generate a fingerprint prevalence database without the need for endpoint ground truth. The process first clusters all observations with the same fingerprint string and similar source and destination context. The process then annotates each cluster with descriptive information and uses a rule-based system to derive an informative name from that descriptive information, e.g., “winnt amp client” or “cross-platform browser”. Optionally, the learned database may be augmented by a user to clarify custom process labels. Additionally, the generated database may be used to report the inferred processes in the same way as databases generated with endpoint ground truth.

Abstract: Techniques for temperature control for multiple dies in an element. A temperature of a first die is measured, in an element comprising the first die and a second die. The second die includes at least a portion of a controller. The temperature of the first die is changed by adjusting activity, from the second die to the first die, based on a target temperature for the first die and the measured temperature for the first die.

Abstract: A method of provisioning a network may include, with a network controller, identifying a first network intent of a computing network based at least in part on an execution of a user interface (UI) or API layer at a client device, and identifying a modification of at least one object within the first network intent within the UI or API layer at the client device as the first network intent is being modified. The modification defines a delta between the first network intent and a second network intent. The method may further include, with a provisioning service executed by the network controller, receiving the delta as a payload from the client device, and provisioning at least one computing device within the computing network based at least in part on the delta. The method further includes automatically modifying the at least one object based on the received delta, including a further modification of the second network intent.

Abstract: One technique includes receiving, in a first network, a multi-destination packet from a second network, and determining, based on the multi-destination packet, a first multi-destination tree in the first network for forwarding the multi-destination packet. In response to determining that the first multi-destination tree is not rooted on the network device, a second multi-destination tree in the first network is determined, and the multi-destination packet is transmitted using the second multi-destination tree. Another technique includes, upon detecting a first network device joining a network, sending a first indication to a second network device that the first network device is in a state for an amount of time. After the amount of time has elapsed, a second indication that the first network device has exited the state is sent to the second network device. A topology of the network is updated after the first network device has exited the state.

Abstract: Techniques for a TCP proxy to communicate over a LEO satellite network on behalf of a client device by selecting a TCP congestion-control algorithm that is optimal for the LEO satellite network based on the time of day and/or location of the TCP proxy. Based on the locations of satellites during the day as they traverse predefined and patterned orbital paths, different TCP congestion-control algorithms may be more optimized to communicate data through the LEO satellite network. However, client devices generally use a single TCP congestion-control algorithm to communicate over WAN networks. Accordingly, a TCP proxy may be inserted on, for example, a router to communicate with the client device using a TCP congestion-control algorithm that the client device is configured to use, but then communicate over the LEO satellite network using a different TCP congestion-control algorithm that is optimal based on the time of day and/or other factors.

Abstract: Preemption in wireless may be provided. Access Category (AC) parameters may be received for a preemption AC within a plurality of ACs. The preemption AC parameters may comprise a Contention Window maximum (CWmax) comprising a first predetermined value and a preemption Arbitrary Interframe Space Number (AIFSN) of less than or equal to a second predetermined value. AC parameters for others of the plurality of ACs may be received wherein a non-preemption AIFSN associated with any of the others of the plurality of ACs is greater than a sum of the first predetermined value the second predetermined value. Preemption for traffic in the preemption AC may be allowed.

Abstract: Time Sensitive Network (TSN) Quality of Service (QoS) management may be provided. A number of Transmit Opportunities (TxOPs) to use for transmitting data between an Access Point (AP) and a client device over a wireless link may be received. An initial gate configuration to the AP for transmitting data between the AP and the client device over the wireless link for a transmit period of each cycle of a number of cycles may be provided based on the number of TxOPs. A change in a network condition of the wireless link may be detected. The initial gate configuration for the transmit period in a current cycle of the number of cycles may be adjusted in response detecting the change in the network condition of the wireless link.

Abstract: A method includes receiving a DNS request, notifying a serverless orchestrator system of data associated with the DNS request, provisioning a function on a serverless function node based on the DNS request, notifying a load balancer regarding the serverless function node, providing a response to the DNS request and routing an API request associated with the DNS request to the serverless function node.

Abstract: Techniques for ensuring symmetric forwarding between disparate networks. The techniques may include receiving a gateway preference order associated with a route advertised by an edge node, the edge node associated with a first network. The techniques may also include determining, based at least in part on the gateway preference order, that a gateway node is a more preferred gateway for the route than another gateway node, the gateway node configured to facilitate communications between the first network and a second network. In some examples, the techniques may also include converting the gateway preference order into a metric associated with an IP routing protocol that is in use in the second network. In some examples, the route including the metric may be distributed within the second network such that the gateway node is the more preferred gateway for return traffic of the route.

Abstract: Presented herein are techniques in which a software-controlled load is embedded at an output of a point of load (POL) in parallel to a load that receives power from the POL. A small incremental load is applied to the POL using the software-controlled load. A transient response of the POL to the applied small incremental load is measured using an embedded analysis functionality.

Abstract: In one embodiment, an access point of an overhead mesh of access points in an area selects a range of client identifiers. The access point sends, via a beam cone transmitted in a substantially downward direction towards a floor of the area, a trigger signal that includes the range of client identifiers and prompts client devices having identifiers in that range to send best effort transmissions towards the overhead mesh. The access point detects a collision between the best effort transmissions of the client devices. The access point adjusts the range of client identifiers so as to avoid future collisions between the best effort transmissions of the client devices.

Abstract: Techniques for determining whether HTTP/2 or HTTP/3 is a preferred protocol for communication between a client device and a server over a network are described. A change associated with a network interface of a client device is detected. Based at least in part on detecting the change, a determination is made to identify a preferred communication protocol for a network over which the client device communicates using the network interface. A HTTP/2 probe is transmitted over the network and to a server. A HTTP/3 probe is transmitted over the network and to the server. In response to not receiving a HTTP/3 probe response, the preferred communication protocol is determined to be HTTP/2. In response to receiving the HTTP/2 probe response and the HTTP/3 probe response, the preferred communication protocol is determined to be HTTP/3. The client device communicates with the server over the network using the preferred communication protocol.

Abstract: A meeting system facilitates spontaneous social encounter between users with a meeting server. The meeting server obtains calendar data, user preferences, and an organization chart associated with each user of a plurality of users. The meeting server selects a first user and a second user for a social encounter based on the calendar data, user preferences, and roles in the organization chart. The meeting server prompts a first user device associated with the first user, and a second user device associated with the second user, for a social encounter. Responsive to obtaining acceptances from the first user and the second user, the meeting server facilitates the social encounter between the first user and the second user.

Abstract: Techniques for a head-end node in one or more network autonomous systems to utilize a protocol to instantiate services on tail-end nodes. The head-end node can use a service request mechanism that is enabled by the protocol to request service instantiation on the tail-end node without a network operator having to manually configure the tail-end node, or even having access to the tail-end node. Additionally, the protocol may provide mechanisms to define handling attributes for traffic of the service (e.g., quality of service (QoS) attributes, Maximum Transmission Unit (MTU) settings, etc.), service acknowledgement mechanisms for the head-end node to determine that the service was instantiated on the tail-end node, and so forth. In this way, a head-end node can be used to instantiate a service on a tail-end node without a network operator having to have direct access to the tail-end node to manually configure the tail-end node.

Abstract: In one embodiment, a method includes identifying a problematic event between a first interest point and a second interest point of a network and activating, in response to identifying the problematic event between the first interest point and the second interest point, a first endpoint associated with the first interest point and a second endpoint associated with the second interest point. The method also includes receiving, from the first endpoint and the second endpoint, telemetry data associated with a problematic path between the first interest point and the second interest point. The method further includes determining the problematic path between the first interest point and the second interest point using the telemetry data received from the first endpoint and the second endpoint.

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.