Abstract: Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

Abstract: The present technology is directed to a system and method for automatic triggering of relevant code segments corresponding to a sequence of code segments or function codes having a preferred execution order. The automatic triggering action is based on the snooping of a response generated from an execution of a previous code segment. Information with respect to the next code segment in the preferred execution order may be obtained by directing a network proxy, such as Envoy to snoop the Uniform Resource Identifier (URI) field of a response packet being forwarded to a client entity. In this way, a network proxy may preemptively spawn and instantiate the following function codes (pointed to by the snooped Uniform Resource Identifier) prior to receiving the corresponding client request. As such, by the time a client request for the subsequent function code is received the code ready for execution.

Abstract: In one embodiment, a video analysis service receives video data captured by one or more cameras at a particular location. The service applies a neural network-based model to portions of the video data, to identify objects within the video data. The service maps outputs of the neural network-based model to symbols using a conceptual space. The outputs of the model comprise the identified objects. The service applies a symbolic reasoning engine to the symbols, to generate an alert. The service sends the alert to a user interface in conjunction with the video data.

Abstract: Systems, methods, and computer-readable media for detecting and reporting anomalies in a network environment for providing network assurance. In some embodiments, a system can determine confidence scores for at least one value of parameters of a network environment defining network events occurring in the network environment. The confidences scores can indicate a frequency that the defined network events have a specific event state. The confidence scores can be monitored to detect an anomaly in the network environment. In response to detecting the anomaly in the network environment, the system can determine a relevant network state of the network environment. The relevant network state of the network environment and the anomaly in the network environment can be presented to a user.

Abstract: This disclosure describes techniques for monitoring expected behavior of devices in a computing network. Behavior of network devices may include performing various functions associated with transferring data packets through the computing network. Monitoring expected behavior may include sending a probe packet into the computing network, and determining whether network devices behave as expected with respect to the probe packet. In some examples, behaviors such as replicating, forwarding, eliminating, ordering, and/or other functions regarding data packets may be validated using the present techniques. As computing networks and/or operations become more complex, assuring the expected behavior of network devices may become more important for the continued efficient, smooth, successful, and/or timely flow of data traffic.

Abstract: Systems, methods, computer-readable media, and devices are disclosed for collecting access point telemetry. A first access point is identified that is associated with a single instance on a pod. A hash identifier is identified, where the hash identifier identifies a radio frequency (RF) neighborhood of the first access point based on a geographical location of the first access point. Subsequent access point members of the RF neighborhood are dynamically determined by dynamically assigning a second access point to the RF neighborhood, the dynamic assignment based on the second access point being within a threshold geographical location to the first access point. Telemetry from the second access point is directed towards the single instance on the pod, where the pod receives telemetry for all access points in the dynamically determined RF neighborhood.

Abstract: Techniques for determining a location of a client device using recursive phase vector subspace estimation are described. One technique includes receiving a plurality of angle-of-arrival (AoA) measurements from a plurality of access points (APs). Each AoA measurement includes a plurality of entries for phase values measured from a signal received from a client device at the plurality of APs. At least one AoA measurement of the plurality of AoA measurements that includes at least one of: (i) one or more entries with missing phase values and (ii) one or more entries with erroneous phase values is identified, based on a recursive phase estimation. The plurality of AoA measurements are updated based on the identified at least one AoA measurement. The location of the client device is determined, based on the updated plurality of AoA measurements.

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for generating an application protectability index for network applications and a corresponding protectability scheme. In one aspect, a method includes identifying, by a network controller, network layers associated with an application; determining, by the network controller, a corresponding security index for the application at each of the network layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the network layers; determining, by the network controller, an application protectability index; and providing an application protectability scheme for protecting the application based on the application protectability index.

Abstract: A system and method are disclosed for enabling interoperability between asymmetric and symmetric Integrated Routing and Bridging (IRB) modes. A system is configured to receive a route advertisement, examine the label fields of the route advertisement, and determine whether Layer 2 or Layer 3 information is conveyed. The system is further configured to build a route advertisement to advertise to a second device based on whether Layer 2 or Layer 3 information is conveyed in the first route advertisement.

Abstract: Coordinated Frequency Division Multiplexing (FDM) Transmission Opportunity (TXOP) sharing may be provided by determining that at least two Access Points (APs) of a wireless network support coordinated FDM TXOP sharing. In response to the determination that the at least two APs support coordinated FDM TXOP sharing, at least one of: a first bias is applied to a channel assignment algorithm to promote an assignment of overlapping channels of the at least two APs, and a second bias is applied to the channel assignment algorithm to promote an assignment of adjacent channels of the at least two APs. Next, channels are assigned to the at least two APs based on an output of the channel assignment algorithm.

Abstract: In an example method for redundant multicast trees with fast recovery, a protocol independent multicast (PIM) backup designated router (BDR) can receive a request from a host to join a multicast group associated with a source; send to a next hop a PIM join message identifying an address of the PIM BDR and identifying the PIM join message as a backup PIM join; receive, from a PIM router along a path to/from the source, a unicast message sent to the address which identifies a second address associated with the PIM router; store the second address and a route associated with the unicast message; in response to a designated router migration trigger, set to blocking a backup multicast tree state associated with the source and multicast group; and send, to the PIM router, a unicast message including instructions to set to blocking a backup multicast tree state at the PIM router.

Abstract: This disclosure describes various methods, systems, and devices related to mirrored traffic forwarding in a hybrid network. An example method includes receiving, from a source forwarder in a source network, a mirrored data packet. A session of the mirrored data packet may be identified based on a header of the mirrored data packet. A destination forwarder in a destination network may be identified based on the session. The destination network may be different than the source network. The mirrored data packet may be forwarded to the destination forwarder.

Abstract: Techniques and architecture are described for providing broadcast/multicast support using VXLAN in and among private on-premises/cloud networks and public cloud networks by defining peer groups comprising VXLAN tunnel endpoints (VTEPs) within clustered network security devices. For example, a static peer group comprising two or more virtual extensible local access network (VXLAN) tunnel end points (VTEPs) is defined. The two or more VTEPs may each comprise a data interface of a network security device. Based at least in part on the static peer group, an overlay network comprising the two or more VTEPs is defined. A network security device discovers available VTEPs within the static peer group. The network security device establishes a mesh network of available VTEPs.

Abstract: In one embodiment, a method for FPGA accelerated serverless computing comprises receiving, from a user, a definition of a serverless computing task comprising one or more functions to be executed. A task scheduler performs an initial placement of the serverless computing task to a first host determined to be a first optimal host for executing the serverless computing task. The task scheduler determines a supplemental placement of a first function to a second host determined to be a second optimal host for accelerating execution of the first function, wherein the first function is not able to accelerated by one or more FPGAs in the first host. The serverless computing task is executed on the first host and the second host according to the initial placement and the supplemental placement.

Abstract: In one embodiment, a device uses a classification model to determine whether implementation of a routing change suggested by a predictive routing engine for a network will result in a violation of one or more network policies. The device computes a trust score, based on performance metrics for the classification model. The device causes, based in part on the trust score, implementation of the routing change in the network, when the classification model determines that application of the routing change will not result in a violation of the one or more network policies.

Abstract: In one embodiment, a supervisory service for a software-defined wide area network (SD-WAN) obtains telemetry data from one or more edge devices in the SD-WAN. The service trains, using the telemetry data as training data, a machine learning-based model to predict tunnel failures in the SD-WAN. The service receives feedback from the one or more edge devices regarding failure predictions made by the trained machine learning-based model. The service retrains the machine learning-based model, based on the received feedback.

Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.

Abstract: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

Abstract: A method includes identifying a potentially malicious node using a rating assigned to nodes within the network and decrementing the rating based on detected dropped messages to identify a potentially malicious node. The malicious node is identified based on location information obtained from the nodes within the network and comparable distances from the potentially malicious node. The method further includes ending communications with the malicious node and selecting a new parent node based on a presumption that any of the plurality of nodes other than the malicious node are non-malicious.

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.