Abstract: A method includes providing a photonic wafer that includes an electrical layer and a layer disposed on a substrate. The layer includes at least one optical waveguide that is disposed between the electrical layer and the substrate. The method also includes removing a portion of the substrate underneath the at least one optical waveguide and forming an end-face coupler. A portion of the end-face coupler is within the removed portion of the substrate. The end-face coupler transmits an optical signal to, or receives an optical signal from, an external optical device.

Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.

Abstract: A Domain Name System (DNS) device stores data indicative of a user device and data indicative of a policy setting a level of access of the user device to a responding device. The DNS device receives, from the user device, a request for an Internet Protocol address of the responding device. The DNS device determines, based upon the request and the data indicative of the user device, that the policy applies to the request. The DNS device applies the policy in response to the determining.

Abstract: In one embodiment, a battery backup unit (BBU) cut-off and recharge circuit includes: a first transistor, a power entry connection connected to a main power supply, where power from the power entry connection flows to application circuits for an electronic device, and the first transistor is positioned between a BBU and the power entry connection, and a microcontroller, where the microcontroller is operative to: detect a loss of power from the main power supply, turn on the first transistor to enable the BBU to discharge through the power entry connection to application circuits, detect a status of charge (SOC) for the BBU, and upon detecting that the SOC is under a predefined threshold, set the BBU cut-off and recharge circuit to a lockdown state by turning off the first transistor.

Abstract: A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.

Abstract: Systems, methods, and computer-readable media may determine location-related data for a plurality of access points located in an area in communication with a network by determining that a plurality of access points in a network are associated with a same geographical area including identifying, from among the plurality of access points, a first access point associated with the geographical area, determining first location-related data for the first access point, determining second location-related data for a second access point of the plurality of access points, the second access point being interior to the first access point within the network based at least in part on a determination that the second access point has at least a threshold number of the neighbor access points, and exchanging ranging data indicative of a first relative distance between the first access point and the second access point, the ranging data based at least in part on ranging message exchange measurements.

Abstract: Methods and systems for distinguishing between radar signals and Wi-Fi signals are provided. When a set of electromagnetic signals are received, various tests are performed on the signals to determine if the signals are associated with radar pulses or if the signals are more likely to be associated with stray Wi-Fi signals or other non-radar interference. One such test relies on the relatively small variance of frequencies used by radar pulses when compared to the high variation of Wi-Fi signals. Another test relies on the relatively low peak to average power ratio of signals associated with radar pulses when compared to Wi-Fi signals. The tests described herein are an improvement on existing methods for distinguishing radar signals from Wi-Fi signals and result in less switching of Wi-Fi channels due to erroneously detected radar signals.

Abstract: The present disclosure includes methods, systems, and non-transitory computer-readable media for validating data in a data structure used for forwarding packets by a network device comprising sending a data packet probe identifying a destination and including a segment ID, wherein the segment ID maps to a first interpretation by a receiving router to perform an action on the data packet probe to rewrite a portion of a destination address in a header of the data packet probe, and to redirect the data packet probe to the network device that initiated the data packet probe.

Abstract: Techniques are described herein for generating network topologies based on models, and deploying the network topologies across hybrid clouds and other computing environments that include multiple workload resource domains. A topology deployment system may receive data representing a logical topology model, and may generate a network topology for deployment based on the logical model. The network topology may include various services and/or other resources provided by different tenants in the computing environment, and tenant may be associated with different set of resources and deployment constraints. The topology deployment system may determine and generate the network topology to use the various resources and comply with various deployment constraints of the different tenants providing the services, and the tenants consuming the network topology.

Abstract: Techniques for optimizing segment routing (SR) paths using segment identifiers (SIDs) are disclosed, including determining a packet is to be sent from a first node to a second node of a network using an SR method. The techniques may also include determining a segment quantization factor that is representative of a first number of SIDs that are included in a segment quantization interval. Based at least in part on the segment quantization factor and a cost constraint, an SR path defined by a second number of SIDs to send the packet may be determined. The second number of SIDs may be associated with maximizing the SIDs included in individual ones of segment quantization intervals. The techniques further include modifying the packet to include at least the second number of SIDs and causing the packet to flow from the first node to the second node via the SR path.

Abstract: Techniques are disclosed for providing backup protection. A first subnet is established for replication in a first cluster that includes a plurality of host devices. Each of the host devices includes a respective controller virtual machine, which together form a virtual local area network for replication. Each of the controller virtual machines is assigned an Ethernet interface. A replication Internet Protocol address is assigned to each of the Ethernet interfaces of the controller virtual machines. Route tables and firewall rules of the controller virtual machines are modified to allow communications between nodes of the first subnet. The first subnet is configured with information related to a second subnet for replication in a second cluster. A dedicated communication channel is generated for replication between the first cluster and the second cluster based on the configuring.

Abstract: In one embodiment, dynamic user private networks are virtually segmented within a shared virtual network. A network control system maintains the dynamic logical segmentation of the shared virtual network. User entities (e.g., user devices and/or services) are communicatively coupled to respective personal virtual networks via endpoints of access devices. Each of these endpoints is associated with a corresponding user private network. Responsive in real-time to automated processing of a received electronic particular user request, the network control system automatically modifies the dynamic logical segmentation of the shared virtual network to move a particular user entity on the shared virtual network to newly being on the first dynamic user private network without being disconnected from the shared virtual network. One embodiment uses different user private network identifiers (UPN-IDs) associated with endpoints and received packets to identify their respective user private network.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for monitoring application health via correctable errors. The method includes identifying, by a network device, a network packet associated with an application and detecting an error associated with the network packet. In response to detecting the error, the network device increments a counter associated with the application, determines an application score based at least in part on the counter, and telemeters the application score to a controller. The controller can generate a graphical interface based at least in part on the application score and a timestamp associated with the application score, wherein the graphical interface depicts a trend in correctable errors experienced by the application over a network.

Abstract: Techniques are described for safely overwriting decided slots and in-order fault tolerant consensus logs for replicated services. Using techniques described herein, a broad class of already-existing consensus log protocols may be enhanced/extended to safely overwrite decided slots and provide in-order fault tolerant consensus logs. When changing to a different epoch of a consensus log, slots determined to be unreachable may be changed/deleted even if slots after the gap were decided. A sequencer protocol establishes distributed consensus among a group of services. The sequencer protocol provides in-order execution of messages from multiple clients, and flow control from within the sequencer protocol, without offloading de-duplicate and reorder (DDRO) logic to the application layer. Fault tolerance is provided by egress cursors and ingress cursors, which provide awareness of which specific messages from each client sender should be executed next, even if those messages are not presently in the consensus log.

Abstract: A virtual network function (VNF) controller (or module) instantiates two or more VNFs in a communication network to support a network service where the two or more VNFs include at least a first VNF and a second VNF. The VNF controller assigns a priority value to each VNF base on an overall network impact, a physical location of at least one network resource allocated to the respective VNF, a type of service to be implemented by the respective VNF and a customer impact based on how many customers would be using the respective VNF. The VNF controller monitors network resources allocated to each VNF. The VNF controller further determines the first VNF requires additional network resources and releases the network resources allocated to the second VNF based on respective priority values. The VNF controller further allocates the network resources released by the second VNF to the first VNF.

Abstract: In one embodiment, a device generates an application map for an online application accessed via a network that indicates a set of network addresses at which the online application was accessed, client information for clients that accessed the online application via the network, and quality of experience metrics for the online application. The device identifies a location change of the online application by tracking changes to the application map. The device determines a correlation between the location change and a degradation in the quality of experience metrics. The device adjusts, based on the correlation, routing of traffic associated with the online application in the network.

Abstract: In one embodiment, a device may identify a plurality of impairment scenarios for a network. The device may estimate quality of experience metrics for a plurality of applications accessible via the network for each of the plurality of impairment scenarios. The device may select a particular application from among the plurality of applications based on a comparison between the quality of experience metrics for the plurality of applications. The device may provide an indication for presentation by a user interface that a user should use the particular application from among the plurality of applications.

Abstract: A first data plane is established between a user equipment device and a gateway device, wherein the user equipment device comprises a 3rd Generation Partnership Project (3GPP) user equipment device, and wherein the first data plane comprises a 3GPP data plane. A second data plane is established between the gateway device and an anchor device, wherein the second data plane comprises a Proxy Mobile Internet Protocol version 6 (PMIPv6) data plane. Mobility management is performed for the user equipment device via communications between the gateway device and the anchor device.

Abstract: The present technology pertains to a distributed server system for verifying vendors. The distributed server system comprises one or more nodes on a distributed network; a communication interface of a first node that communicates over a communication network with the one or more nodes on the distributed network, wherein the communication interface receives information about a unique seal associated with a product in response to a query; and a processor of the first node that executes instructions stored in memory, wherein execution of the instructions by the processor verifies that a vendor is associated with the unique seal has been appended to a distributed ledger, determines a match between the unique seal and the vendor; and, after determining the match, confirms that the vendor is a certified vendor of the product.

Abstract: A network of access points (AP) in a high-density environment may be provided. A number of packet transmission retries for one or more of the AP may be determined by setting a number, m, of retries for transmitting a data packet, where m is the upper limit of the number of retries. Data packets are then transmitted m times. Upon transmitting the data packet m times, a success probability SP(u,m) for transmission of the data packet, where u is the number of users, may be calculated. The transmission of the data packet may be repeated m?x times where x is an integer. Upon calculating the success probability for m?x times, a success probability SP(u,m?x) for transmission of the data packet may be calculated. If SP (u,m?x) is larger than SP(u,m) then x may be decreased by one and actions (b)-(f) may be repeated. If SP (u,m?x) is not larger than SP(u,m) then m?x may be set as the maximum number of retries for the data packet.