Abstract: In one embodiment, a network assurance service that monitors a network detects an anomaly in the network by applying an anomaly detector to telemetry data collected from the network. The service sends first data to a user interface that causes the interface to present the detected anomaly and one or more candidate root cause metrics from the telemetry data associated with the detected anomaly. The service receives feedback regarding the candidate root cause metric(s) and learns a root cause of the anomaly as one or more thresholds of the candidate root cause metric(s), based in part on the received feedback regarding the candidate root cause metric(s). The service sends second data to the user interface that causes the user interface to present at least one of the candidate root cause metric(s) as a candidate root cause of a subsequent detected anomaly, based on the learned threshold(s).

Abstract: A method is performed at one or more entities configured to configure and provide assurance for a service enabled on a network. The service is configured as a collection of subservices on network devices of the network. A definition of the service is decomposed into a subservice dependency graph that indicates the subservices and dependencies between the subservices that collectively implement the service. Based on the subservice dependency graph, the subservices are configured to record and report subservice metrics indicative of subservice health states of the subservices. The subservice metrics are obtained from the subservices, and the subservice health states of the subservices are determined based on the subservice metrics. A health state of the service is determined based on the subservice health states. One or more of the subservices are reconfigured based on the health state of the service.

Abstract: A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

Abstract: In one embodiment, a method includes receiving a traffic flow including a plurality of packets encrypted using a cryptographic protocol, determining cryptographic protocol data of the traffic flow, and transmitting telemetry data of the traffic flow including the cryptographic protocol data. In another embodiment, a method includes receiving telemetry data of a traffic flow including a plurality of packets encrypted using a cryptographic protocol, the telemetry data including cryptographic protocol data of the traffic flow, classifying the traffic flow based on the cryptographic protocol data using a machine learning classifier; and taking a remedial action with respect to the traffic flow based on the classification of the traffic flow.

Abstract: In one embodiment, a service receives telemetry data collected from a plurality of different networks. The service combines the telemetry data into a synthetic input trace. The service inputs the synthetic input trace into a plurality of machine learning models to generate a plurality of predicted key performance indicators (KPIs), each of the models having been trained to assess telemetry data from an associated network in the plurality of different networks and predict a KPI for that network. The service compares the plurality of predicted KPIs to identify one of the plurality of different networks as exhibiting an abnormal behavior.

Abstract: Cloud services are provided by a distributed network including a number of geographically distributed datacenters, to client devices in accordance with data sovereignty requirements. A server within the distributed network may receive a service request and determine whether it complies with the data sovereignty requirements of the client. When the geographic location of the server does not comply with the client's data sovereignty requirements, the server may determine and transmit back to the client device a set of alternative datacenters within the distributed network that comply with the client's data sovereignty requirements. The client device may use network probes to select an alternative datacenter, and the cloud service request of the client device may be migrated from the server to the selected datacenter.

Abstract: Systems, methods, and computer-readable media for discovering silent hosts in a software-defined network and directing traffic to the silent hosts in a scalable and targeted manner include determining interfaces of a fabric device that are connected to respective one or more endpoints, where the fabric device is configured to connect the endpoints to a network fabric of the software-defined network. At least a first interface is identified, where an address of a first endpoint connected to the first interface is not available at the fabric device. A first notification is transmitted to a control plane of the software-defined network based on identifying the first interface, where the control plane may create a flood list which includes the fabric device. Traffic intended for the first endpoint from the network fabric is received by the fabric device can be based on the flood list.

Abstract: A first access and mobility management function (AMF) in a network receives, from user equipment (UE), a registration request listing a first network slice and a second network slice. Upon determining that the first AMF supports the first, but not the second, network slice, the first AMF causes selection of (i) the first AMF as a session and mobility management (SM)-AMF to perform mobility management, and first session management signaling for the first network slice; and (ii) a second AMF as a session management only (SO)-AMF to perform only second session management signaling for the second network slice. The first AMF, acting as SM-AMF, performs the first session management signaling for a first data session on the first network slice, while the second AMF, acting as SO-AMF, performs only the second session management signaling for a second data session on the second network slice.

Abstract: Systems, methods, and computer-readable media for improving resource management in Citizens Broadband Radio Service (CBRS) networks include a Spectrum Access System (SAS) in coordination with one or more CBRS devices (CBSDs) and a Digital Network Architecture center (DNA-C). Resource allocation decisions can be based on one or more policies such as a priority, a preemption capability index and/or a preemption vulnerability index associated with the CBSDs. Resource allocation can also be based on inter-access point (AP) coordination between two or more CBSDs and comparative performance indicators of the two or more CBSDs. Managing interference between two or more groups of CBSDs can be based on the inter-AP coordination and group identifiers associated with the two or more groups. Bandwidth allocation can be modified to the two or more CBSDs and seamless transition can be implemented using timers.

Abstract: In one embodiment, a method includes identifying a plurality of servers located in a plurality of electric vehicles, associating the servers with an electric vehicle based cloud data center, allocating resources to the servers in the electric vehicle based cloud data center to perform data center functions, and managing the servers in the electric vehicle based cloud data center.

Abstract: Systems, methods, and computer-readable media for creating service chains for inter-cloud traffic. In some examples, a system receives domain name system (DNS) queries associated with cloud domains and collects DNS information associated the cloud domains. The system spoofs DNS entries defining a subset of IPs for each cloud domain. Based on the spoofed DNS entries, the system creates IP-to-domain mappings associating each cloud domain with a respective IP from the subset of IPs. Based on the IP-to-domain mappings, the system programs different service chains for traffic between a private network and respective cloud domains. The system routes, through the respective service chain, traffic having a source associated with the private network and a destination matching the IP in the respective IP-to-domain mapping.

Abstract: In one embodiment, a device identifies a path of travel of a mobile system. The device subdivides the path of travel into a plurality of zones. The device generates time-slotted channel hopping schedules for the plurality of zones, each time-slotted channel hopping schedule having an associated zone among the plurality of zones. The device causes the mobile system to communicate wirelessly with networking infrastructure located along the path of travel, in accordance with a particular one of the time-slotted channel hopping schedules while the mobile system is located in its associated zone.

Abstract: A device includes a memory and a hardware processor communicatively coupled to the memory. The hardware processor determines that a computing device communicatively coupled to an access point performed an action with respect to the access point and in response to determining that the action causes a deviation from a multi-user uplink policy of the access point, transmits a disciplinary message to the computing device.

Abstract: This disclosure describes techniques for identifying an application (e.g., accessing application) that is attempting to access a resource. In some examples, access may be managed by an authentication service. When an access request is received at the authentication service from an application on a client device, the authentication service may ask the application to communicate with an identification agent on the client device. The identification agent may perform one or more tests to discover the identity of the application. In some cases, the identification agent may send the identity of the application to the authentication service. The authentication service may then allow or deny access by the accessing application to the resource based at least in part on the discovered identity.

Abstract: Techniques for utilizing entropy labels of a Multiprotocol Label Switching (MPLS) label stack for performing monitoring operations (e.g., telemetry, performance measurement, OAM, etc.) without altering the MPLS label stack and/or packet path (e.g., ECMP path). The techniques may include determining, by a node of a network, to perform a monitoring operation associated with traffic that is to be sent along a path through the network. In some examples, the node may receive a packet that is to be sent along the path and encapsulate the packet with an MPLS header. The MPLS header may include an entropy label, entropy label indicator, or other label that is capable of carrying a flag indicating the monitoring operation to be performed. The flag may be carried in a TTL field or traffic class field of the label such that the MPLS label stack is not altered to trigger the monitoring operation.

Abstract: This disclosure describes various methods, systems, and devices related to dynamic service node discovery in a network. In an example method, a service node generates a discover message including a discovery field. The discovery field indicates an identifier of the service node. The service node further transmits the discovery message to an intermediary node.

Abstract: Inverse imbalance subspace searching techniques are used to detect potential malware among samples of network communication data. A large number of samples of network communication data, such as proxy log data and/or network flows, are received and analyzed by a malware detection system. A number of the samples are associated with known malware, while other unlabeled samples are either benign or may be associated with unknown malware. An inverse imbalance subspace search may be performed, in which the sample sets are divided into subsets based on random feature thresholds, and each subset is evaluated based on the ratio of known malware samples to unlabeled samples. Unlabeled samples within subsets having high malware sample ratios may be identified, aggregated, and processed as potential malware.

Abstract: In an aspect, an embodiment of the present disclosure is directed to network control topology that implements a centralized network controller to deterministically assign, and reassign, underlay multicast groups according to one or more policies and/or parameterized intent of the network administrator. The centralized network controller, in some embodiments, comprises a map server-neap resolver controller configured to provide deterministic and centralized allocation of underlay multi cast groups, e.g., to provide security, traffic engineering, network and resource management.

Abstract: Systems, methods, and computer-readable media for offloading session management processing into a forwarding plane. In some examples, a subscriber is coupled to a network endpoint through a session manager during a network session of the subscriber in a network environment. A session manager offloading system of the session manager can be maintained in a vector packet processing system in a forwarding plane of the network environment. The session manager offloading system can be configured to offload processing from the session manager into the forwarding plane. Further, at least a portion of subscriber traffic in a stream between the subscriber and the network endpoint through the session manager can be intercepted. Subsequently, the at least the portion of the subscribed traffic that is intercepted can be processed at the session manager offloading system as part of offloading the processing from the session manager into the forwarding plane.

Abstract: A server or other computing device manages meetings in a virtual meeting room on behalf of a virtual meeting room owner. A request is received from an attendee to join a meeting in the virtual meeting room. A determination is made, based on configurations set by the virtual meeting room owner, whether to connect the attendee to a virtual waiting room. The attendee is connected to the virtual waiting room in accordance with the configurations set by the virtual meeting room owner.