Abstract: Ranging and timing may be provided. A station may send an action frame. The action frame may include an Identifier (ID) associated with an upcoming Timing Measurement (TM)/Fine Timing Measurement (FTM) session. The action frame may indicate a purpose of the upcoming TM/FTM session. Next, the station may send, subsequent to sending the action frame, a TM/FTM session request associated with the action frame. The station may then perform the purpose indicated by the action frame.

Abstract: An elastic Internet Protocol (IP) address for hypervisor and virtual router management in a branch environment may be provided. First, an IP address may be assigned to a hypervisor associated with a virtual branch. Next, it may be determined that a virtual machine (VM) has been instantiated at the virtual branch. In response to determining that the VM has been instantiated at the virtual branch, the IP address may then be released. It may next be determined that the VM is in a failed state and then, in response to determining that the VM is in the failed state, the IP address may be reassigned to the hypervisor.

Abstract: A method may include monitoring a network performance metric for multiple paths to a destination through a network, and storing historical performance data for the paths. The method may also include receiving a data flow directed to the destination, where the data flow may be subject to a network performance agreement. The method may additionally include determining aggregate historical performances for the paths, and comparing the aggregate historical performances for the paths. The method may also include, based on the comparison of the aggregate historical performances, routing the data flow through the network.

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

Abstract: A fiber array unit (FAU) includes a substrate, a plurality of optical fibers, and a lid. The substrate includes: an optical window extending through a layer of non-transparent material, a plurality of grooves, and an alignment protrusion configured to mate with an alignment receiver. The plurality of optical fibers are disposed in the plurality of grooves. The alignment protrusion is configured to align the plurality of optical fibers with an external device when mated with the alignment receiver. The plurality of optical fibers is disposed between the lid and the substrate.

Abstract: Dynamic configuration of Overlapping Basic Set Service Preamble Detect (OBSS/PD) parameters for an Access Point (AP) may be provided. First, a plurality of stations within a Spatial Reuse (SR) range of the AP may be determined. Next, Signal to Interference plus Noise Ratio (SINR) calculations associated with the plurality of stations may be performed to determine an SINR impact on the plurality of stations if the AP performs an SR transmission given OBSS/PD parameters currently configured for the AP. Then, based on the SINR calculations, the OBSS/PD parameters for the AP may be dynamically adjusted.

Abstract: Techniques and mechanisms for compressing the size of SIDs to be smaller than a complete IPv6 address (or “micro SIDs”), and scaling micro SIDs across a multi-domain environment using micro SID-domain-blocks. Segment routing over IPv6 (SRv6) uses 128-bit IPv6 addresses as SIDs for segment routing. According to this disclosure, multiple SRv6 SIDs may be expressed in a compact format such that a 128-bit IPv6 address, such as the destination address field of the IPv6 header, may store multiple micro SIDs. Further, SID-domain-blocks may be assigned to each domain in a multi-domain network such that micro SIDs may be expressed in the context of a given domain, rather than being shared in the global multi-domain network. In this way, lists of domain-specific SIDs may be fully expressed in the IPv6 destination address of the packet to scale micro SID into large, multi-domain networks.

Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: A computing device determines an onboarding algorithm to use for onboarding a wireless device. The computing device determines, based on the onboarding algorithm, a first set of predefined information and a second set of dynamically generated information to use as inputs to the onboarding algorithm. The computing device generates, via the onboarding algorithm, a set of credentials based on the first set of predefined information and the second set of dynamically generated information, and uses the set of credentials to secure a connection for onboarding the wireless device.

Abstract: In one embodiment, an illustrative method herein comprises: receiving, at a device, a plurality of captured end-user navigation sessions for a monitored application; generating, by the device, a mapping of end-user workflows for the monitored application based on an aggregation of the plurality of captured end-user navigation sessions; determining, by the device, one or more particular end-user workflows from the mapping of end-user workflows for synthetic testing; generating, by the device, one or more synthetic scripts that traverse the one or more particular end-user workflows respectively; and sharing, by the device, the one or more synthetic scripts with a synthetic monitoring system to cause the synthetic monitoring system to synthetically test the monitored application using the one or more synthetic scripts to traverse the one or more particular end-user workflows.

Abstract: Techniques for uplink scheduling in a wireless network are disclosed. A wireless access point (AP) receives, from a wireless station (STA), a buffer status report (BSR) reflecting data accumulated at the STA for uplink to the AP. The AP identifies, based on the BSR, a scheduling mode under which the data was accumulated at the STA. The AP schedules an uplink parameter for the STA, based on the identified scheduling mode. The uplink parameter relates to at least one of: (i) an uplink transmission for the STA or (ii) a buffer status poll for the STA. The AP transmits, to the STA, an allocation relating to the scheduled uplink parameter for the STA.

Abstract: Automatic onboarding of a device onto a cellular network may be provided through a Wireless Local Area Network (WLAN). Subsequent to a device connecting to a first network (e.g., the WLAN), information associated with the device and the first network may be received. One or more tags may be generated and an intent profile may be defined for the device based on the received information, where the intent profile may indicate at least a second network (e.g., the cellular network) that the device is enabled to connect with and one or more policies associated with the connection. The tags and intent profile may be transmitted to a service provider platform, and an onboarding profile template identified using the tags and the intent profile may be received from the service provider platform. The onboarding profile template may be provided to the device to enable connection to the second network.

Abstract: Optimal determination of a Wireless Local Area Network (WLAN) sounding method and system may be provided. An Access Point (AP) selects a subchannel for the partial sounding. The AP then sounds the selected subchannel. A client station responds with Channel State Information (CSI). The AP can receive the CSI, from the client station, in response to the sounding. Based on the CSI from the selected subchannel, the AP extrapolates the CSI to determine predicted CSI for a wider bandwidth channel.

Abstract: This disclosure describes techniques for enabling selective connections between user devices and trusted network devices. An example method includes receiving a beacon from a network device. The beacon includes a trust level of the network device. The method further includes determining that the trust level of the network device satisfies a predetermined trust criterion. Based on determining that the trust level of the network device satisfies the predetermined trust criterion, the method includes transmitting a connection request to the network device. Further, user data is received from the network device.

Abstract: Connectors for a networking device may be provided. A networking device may comprise a first plurality of switch bars each comprising a first switch type arranged parallel to one another, a second plurality of switch bars each comprising a second switch type arranged parallel to one another, and a third plurality of switch bars each comprising a third switch type arranged parallel to one another. The first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars may be arranged orthogonally. A first one of the first plurality of switch bars may be connected to a first one of the second plurality of switch bars via a retractable mechanical connector mechanism.

Abstract: Systems, methods, and computer-readable media may determine location-related data for a plurality of access points located in an area in communication with a network by determining that a plurality of access points in a network are associated with a same geographical area including identifying, from among the plurality of access points, a first access point associated with the geographical area, determining first location-related data for the first access point, determining second location-related data for a second access point of the plurality of access points, the second access point being interior to the first access point within the network based at least in part on a determination that the second access point has at least a threshold number of the neighbor access points, and exchanging ranging data indicative of a first relative distance between the first access point and the second access point, the ranging data based at least in part on ranging message exchange measurements.

Abstract: Techniques for adaptive thresholding are provided. A first data point in a data stream is received, and a first plurality of data points from the data stream is identified, where the first plurality of data points corresponds to a timestamp associated with the first data point. At least a first cluster is generated for the first plurality of data points, and a predicted value for the first data point is generated based at least in part on data points in the first cluster. A deviation is computed between the predicted value for the first data point and an actual value for the first data point. Upon determining that the deviation exceeds a first predefined threshold, the first data point is labeled as anomalous, and reallocation of computing resources is facilitated based on labeling the first data point as anomalous.

Abstract: In one embodiment, a sender node in a serial network identifies a message identifier for a packet to be sent by the sender node. The sender node selects a cyclical redundancy check (CRC) initialization vector associated with the message identifier. The sender node generates a CRC value for the packet, based on the selected initialization vector. The sender node sends the packet via the serial network. The sent packet includes the message identifier and the generated CRC value. In turn, a receiver node that receives the packet uses the generated CRC value to authenticate the sender node.

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

Abstract: An example method for a programmable infrastructure gateway for enabling hybrid cloud services in a network environment is provided and includes receiving an instruction from a hybrid cloud application executing in a private cloud, interpreting the instruction according to a hybrid cloud application programming interface, and executing the interpreted instruction in a public cloud using a cloud adapter. The method is generally executed in the infrastructure gateway including a programmable integration framework allowing generation of various cloud adapters using a cloud adapter software development kit, the cloud adapter being generated and programmed to be compatible with a specific public cloud platform of the public cloud.