Abstract: Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.

Abstract: A method of provisioning a network may include, with a network controller, identifying a first network intent of a computing network based at least in part on an execution of a user interface (UI) or API layer at a client device, and identifying a modification of at least one object within the first network intent within the UI or API layer at the client device as the first network intent is being modified. The modification defines a delta between the first network intent and a second network intent. The method may further include, with a provisioning service executed by the network controller, receiving the delta as a payload from the client device, and provisioning at least one computing device within the computing network based at least in part on the delta. The method further includes automatically modifying the at least one object based on the received delta, including a further modification of the second network intent.

Abstract: Techniques for enabling service insertion using dynamic service path selection are described herein. In some aspects, the techniques described herein relate to avoiding a service route that passes through a service router when the second-leg path from the service router to a destination router is unreachable. In some cases, the techniques described herein relate to avoiding a route that includes a service router that does not have a path to a viable target in a core service region.

Abstract: A system and method for a coordinated edge-assisted reliability mechanism for real-time media services. In one embodiment, a method includes forwarding, by an edge relay device, data packets between a media server and a client device; measuring packet loss and latency associated with communications between the edge relay device, the media server, and the client device; determining an error correction procedure based at least in part on the measured latency; and implementing the error correction procedure at the edge relay device.

Abstract: In one embodiment, a device receives, via a user interface, definition of a first sequence of transactional milestones performed by users of an online application and identified using a first type of identifier. The device also receives, via the user interface, definition of a second sequence of transactional milestones performed by users of the online application and identified using a second type of identifier. The device further receives, via the user interface, definition of a key transition associated with at least one transactional milestone in the first sequence of transactional milestones or second sequence of transactional milestones that links the first type of identifier with the second type of identifier. The device represents, using the key transition, performance of the first sequence of transactional milestones and the second sequence of transactional milestones by a particular user of the online application as a unified sequence.

Abstract: A system of one embodiment allows for redirecting service and API calls for containerized applications in a computer network. The system includes a memory and a processor. The system processes a plurality of application workflows of a containerized application workload. The system then identifies at least one application workflow of the plurality of application workflows and at least one workflow-specific routing rule associated with the at least one application workflow. The system then determines at least one proxy server address for each identified application workflow based on the at least one associated workflow-specific routing rule. Then the system determines at least one proxy server address for each identified application workflow based on the at least one associated workflow-specific routing rule. The system then may communicate the at least one identified application workflow to the at least one proxy server using the at least one determined proxy server addresses.

Abstract: Distance-based framing includes obtaining at least a video stream during an online conference session. The video stream, an audio stream received with the video stream, or both the video stream and the audio stream are analyzed and a framing that either focuses on a speaker in the video stream or provides an overview of participants in the video stream, the framing being is composed based on the analyzing. A potential error in the framing is detected based on further analysis of the video stream, the audio stream, and an amount of motion in the room. If the distance sensor data contradicts the potential error, the framing is maintained, but if the distance sensor data confirms the potential error, a new framing is generated.

Abstract: In one embodiment, a method includes receiving at a thermal modeling module, data from a Power Sourcing Equipment device (PSE) for cables extending from the PSE to Powered Devices (PDs), the cables configured to transmit power and data from the PSE to the PDs, calculating at the thermal modeling module, thermal characteristics for the cables based on the data, and identifying a thermal rise above a specified threshold at one of the cables. The data comprises real-time electrical data for the cables. An apparatus and logic are also disclosed herein.

Abstract: Techniques for determining a preferred HTTP protocol for communication between a client device and a server over a network are described. A first type of HTTP probe is transmitted over a network from a client device to a server. A second type of HTTP probe is transmitted over a network from the client device to the server. If either the first type of HTTP probe response or the second type of HTTP probe response, the type of the HTTP probe response received is the preferred communication protocol. If the first type of HTTP probe response and the second type of HTTP probe response is received, a type of HTTP probe response received first is the preferred communication protocol. The client device communicates with the server over the network using the preferred communication protocol.

Abstract: In one embodiment, a power system includes a power panel operable to distribute alternating current (AC) power and pulse power to a plurality of power outlets and having an AC circuit breaker and a pulse power circuit breaker, the pulse power comprising a sequence of pulses alternating between a low direct current (DC) voltage state and a high DC voltage state, a power inverter and converter coupled to the power panel through an AC power connection and a pulse power connection and including a DC power input for receiving DC power from a renewable energy source, an AC power input for receiving AC power, and a connection to an energy storage device, and a power controller in communication with the power inverter and converter and operable to balance power load and allocate power received at the DC power input and the AC power input to the power panel.

Abstract: Presented herein are techniques associated with replicating an OpenRoaming™ policy federation in a Third Generation Partnership Project (3GPP) network environment. For example, techniques herein provide a roaming policy federation architecture for a 3GPP network environment.

Abstract: In one embodiment, a device causes, in accordance with a probing strategy, performance of a probing test by one or more agents in a network and with respect to an online application. The device obtains quality of experience measurements for the online application. The device adjusts, using reinforcement learning, the probing strategy based on how well a predictive model was able to predict the quality of experience measurements given results of the probing test. The device repeats the causing, obtaining, and adjusting steps using the probing strategy adjusted by the device, to find a minimally disruptive probing strategy that provides acceptable performance by the predictive model.

Abstract: A computing device receives an ingest preview request to preview events to be stored by at least one indexer. Responsive to the ingest preview request, the computing device sends a subscription request to the forwarders. The forwarders receive the subscription request and intercept the events that are being sent to at least one of the indexers. The forwarders then clone matching events to the subscription request and responds to the computing device with the matching events. When the computing device receives the matching events, the computing device adds the matching events to a dispatch directory. The user interface is then populated with events in the dispatch directory.

Abstract: A computer-implemented method includes a processing node sending a request that includes an identified alert record from a shared alert data store that is shared amongst a cluster of processing nodes including the processing node. The processing node receives, responsive to the request, a delete alert record uniquely identifying the identified alert record and including an annotation identifying a new delete alert record as being a delete alert record type. The processing node matches, responsive to the annotation, the delete alert record to a local copy of the identified alert record based on the delete alert record uniquely identifying the identified alert record. The processing node deletes, based on the annotation, the local copy of the identified alert record according to the delete alert record.

Abstract: Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.

Abstract: In one embodiment, Ethernet Virtual Private Network (EVPN) is implemented using Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) underlay network and SRv6-enhanced Border Gateway Protocol (BGP) signaling. A particular route associated with a particular Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) Segment Identifier (SID) is advertised in a particular route advertisement message of a routing protocol (e.g., BGP). The SID includes encoding representing a particular Ethernet Virtual Private Network (EVPN) Layer 2 (L2) flooding Segment Routing end function of the particular router and a particular Ethernet Segment Identifier (ESI), with the particular SID including a routable prefix to the particular router. The particular router receives a particular packet including the particular SID; and in response, the particular router performs the particular EVPN end function on the particular packet.

Abstract: According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and receiving, from the hardware component, a message encrypted using the random value (K). The message comprises an identifier associated with the hardware component. Performing the posture assessment further comprises determining whether the hardware component is authorized to run on the product based at least in part on the identifier associated with the hardware component. The method further comprises performing an action that depends on whether the hardware component is authorized to run on the product.

Abstract: Techniques for migrating on-premises and/or cloud-based workloads to follow a network session as it potentially migrates, due to multipathing techniques, across multiple edge and/or cloud datacenters. The techniques may include determining, by a controller of a network, that a traffic flow between an endpoint device and a workload has migrated to a different path of a multipath flow such that the traffic flow terminates at a different termination point than the workload. Based at least in part on determining that the traffic flow has migrated, the controller may cause a migration of a state of the workload to a location associated with the different termination point. That is, the controller may cause the workload to be migrated in its current state, which may be specific to the endpoint device, to follow the traffic flow.

Abstract: A pluggable device and method are presented. The pluggable device includes a substrate, a first pin positioned on the substrate, an optical source positioned on the substrate, and an integrated circuit positioned on the substrate. The optical source produces a source optical signal and transmits the source optical signal through the first pin. The integrated circuit transmits a received optical data signal and transmits a data signal based on a portion of the optical data signal.

Abstract: Techniques for leveraging efficient metadata communications to improve domain name system (DNS) security are described. The DNS service uses a hash value to uniquely identify a client, and detect any change in metadata in order to keep policies up-to-date for the client. In an example method a first DNS query for a client device is intercepted. A cryptographic hash function is applied to metadata associated with the client device to generate a hash value. The hash value is added to an additional records section of the first DNS query to generate a second DNS query. The second DNS query is transmitted to a DNS service. The metadata associated with the client device is transmitted to the DNS service on an out-of-band encrypted channel. A DNS response, including the hash value, is received from the DNS service and transmitted to the client device.