Abstract: An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.

Abstract: A wireless access point device is full-duplex capable and serves wireless communication for at least first and second wireless client devices. The wireless access point device sends to the first wireless client device a trigger frame that causes the first wireless client device to send an uplink transmission to the wireless access point after a first time interval. The wireless access point device waits a second time interval after the first wireless client is expected to begin sending the uplink transmission. The wireless access point device receives the uplink transmission from the first wireless client device. After the second time interval, and while receiving the uplink transmission from the first wireless client device, the wireless access point device sends to the second wireless client device a downlink transmission that overlaps at least partially in frequency and time with the uplink transmission from the first wireless client device.

Abstract: Systems and methods for causation analysis of network anomalies in a network include detecting an alarm condition at a network device, the alarm condition pertaining to an anomaly or increase in a traffic condition such as packet loss. A dominant key is identified in each of one or more key types which contributed to the alarm condition, the key types including dimensions of traffic flow. Two or more dominant keys of two or more key types are aggregated and clustered to determine a combination of dominant keys which contributed to the alarm condition. A dominant traffic flow comprising the combination of dominant keys which contributed to the alarm condition is identified based on the aggregation and clustering. Malware or security threats can be identified from detecting a dominant source IP address or host which contributed to a predominant number of packet drops or retransmissions at ports of the network.

Abstract: A device for cleaning an optical communication device includes a hollow outer stem, an inner stem core, a locking handle, a flexible base, at least one ring seal, and a flexible cover. The inner stem core, fits within a length of the hollow outer stem and is slidable along the length of the hollow outer stem. The locking handle is coupled to a top end of the inner stem core, and is movable between a released position and a locked position, where moving the locking handle to the locked position from the released position slides the inner stem core within the hollow outer stem. The flexible base is coupled to a bottom end of the hollow outer stem, and is transformable between a contracted position when the locking handle is in the released position and an expanded position when the locking handle is in the locked position. The at least one ring seal is coupled to the flexible base. The flexible cover is wrapped around the flexible base and the at least one ring seal.

Abstract: A Thermal Interface Material (TIM) for chip warpage may be provided. A system may comprise an Integrated Circuit (IC) chip, a Thermal Interface Material (TIM) layer disposed on the IC chip, and a heatsink disposed on the TIM layer. The heatsink may comprise, a plate, a plurality of fins, and at least one TIM storage chamber disposed in the plate between two of the plurality of fins. The at least one TIM storage chamber may be filled with a TIM that is solid at a lower temperature end of a thermal cycle of the IC chip and that is liquid at a higher temperature end of the thermal cycle of the IC chip.

Abstract: A method is provided in one example embodiment and includes storing secure boot variables in a baseboard management controller; and sending the secure boot variables to a basic input/output system (BIOS) during a power on self-test, where the BIOS utilizes the secure boot variables during runtime to authenticate drivers and an operating system loader execution. In particular embodiments, the secure boot variables may be included in a white list, a black list, or a key list and, further, stored in erasable programmable read only memory.

Abstract: Methods are provided in which a computing device obtains, from one or more disparate data sources, inventory data of a plurality of network resources in a plurality of domains of an enterprise network. The inventory data includes configuration information of the enterprise network. The method further includes the computing device selecting one or more contextual insights that apply to the inventory data of the enterprise network from contextual information related to one or more networks and configuration of the one or more networks and generating one or more contextual guides specific to one or more affected network resources of the enterprise network based on the one or more contextual insights.

Abstract: In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.

Abstract: Presented herein are techniques to provide for the ability to utilize 3GPP-generated Session Keys that can be generated via a primary authentication or a secondary authentication process for a user equipment (UE) via a private wireless wide area (WWA) access network in which the keys can be leveraged to facilitate connection of the UE to a wireless local area (WLA) access network. In one example, a method may include obtaining a request to authenticate a UE for connection to a WWA access network; determining that the UE is capable of a Fast Transition (FT) capability; authenticating the UE for connection to the WWA access in which, based on the FT capability, the authenticating includes generating a root security key for the UE; and upon determining that the UE is attempting to access the WLA access network, providing the root security key for the UE to the WLA access network.

Abstract: This disclosure describes techniques for authenticating one or more devices of a user in association with cloud computing services. The techniques include generating credential portions. The credential portions may be used in a signing protocol between one of the user devices and a cloud authenticator. The signing protocol may generate a signature that may be used in authentication with a cloud computing service. In some cases, the credential portions may be shared with other devices of the user. As such, the cloud authenticate may assist multiple user devices to authenticate with the cloud computing service.

Abstract: In one embodiment, a method comprises: receiving, by a root network device providing a DAG topology in a low power and lossy network (LLN), one or more multicast registration messages from an LLN device and identifying distinct properties of the LLN device; receiving, by the root network device, one or more multicast address group identifiers of one or more multicast streams to which the LLN device has subscribed, and associating the one or more multicast address group identifiers with the distinct properties; receiving a multicast message specifying one of the multicast address group identifiers; and generating, by the root network device, a directed multicast message having a multi-dimensional addressing data structure comprising a selected one of the distinct properties and the one multicast address group identifier, causing parent network devices in the DAG topology to selectively retransmit based on determining a child network device has the selected one distinct property.

Abstract: A control method improves the efficiency profile of a power supply across a wide range of output loading. The method includes obtaining a measure of output power for a power supply, which includes one or more output modules and an auxiliary power supply. The method determines whether a maximum power rating of the auxiliary power supply is sufficient to provide the measure of output power. Responsive to a determination that the maximum power rating of the auxiliary power supply is sufficient to provide the measure of output power, the controller of the power supply directs the auxiliary power supply to provide the output power.

Abstract: The disclosed technology relates to a process for optimizing data flow within a computer network. The technology utilizes shared memory and machine learning logic to improve the efficiency of how computing resources are used during a transmission of data packets in the computer network. The shared memory is implemented during the transmission of data packets between the data plane and the service plane so that the copying of data packets after the data packets have been received and processed by an application is not necessary. The machine learning logic is implemented during the processing of the data packets in order to adjust a frequency or extent that the data packets (and corresponding source of the data packets) need to be evaluated to ensure that malicious content is not being transmitted across the computer network.

Abstract: In one embodiment, a method includes collecting DNS (Domain Name System) communications, analyzing the DNS communications, and identifying DNS tunneling or exfiltration based analysis of the DNS communications. Analyzing the DNS communications includes identifying a distinct query count for each of a plurality of clients over a specified time period and a data transfer direction between the clients and one or more servers, and categorizing the DNS communications based on session features associated with at least one of query type, transfer capability, and server response. An apparatus and logic are also disclosed herein.

Abstract: A network function (NF) entity in a communication network receives User Plane Function (UPF) registration information for a plurality of UPFs, the registration information including a respective network attribute for each UPF. The NF entity associates each UPF with a corresponding network based on the respective network attribute, and map one or more User Equipment (UE) to the corresponding network based on a security policy to create a UE-to-network table. The NF further receives a request to establish a session for a subsequent UE, the request including a subsequent UE identifier, and determine an access permission for the subsequent UE to access the corresponding network based on the subsequent UE identifier and the UE-to-network table. The NF selects one UPF from the plurality of UPF to service the session for the subsequent UE based on the access permission, and an association between the one UPF and the corresponding network.

Abstract: A method for optical transceiver misconnection identification that allows a simple low-level process to monitor and communicate optical transceiver characteristics information between two optical transceiver modules regardless of their transceiver type to determine if they are correctly connected or mismatched. If a mismatch is determined, the knowledge gained about the transceiver type of a far end module may be obtained (and presented to an installer) and used by an installer to select and install a module that is operationally compatible with the far end optical module.

Abstract: A method for providing multicast frames in a Multi-Dwelling Unit (MDU) is provided herein. An Access Point (AP) can receive a join request from a first client device. The AP can generate a Group Master Key (GMK) from the Pre-Shared Key (PSK) associated with a Basic Service Set (BSS) that includes the first client device. The AP can then derive a Group Transient Key (GTK) from the GMK. The AP may then send the GTK to the first client device. Thereinafter, the AP can send multicast frames to the first client device encrypted by the GTK. The first client device can decrypt the multicast frames with the GTK. However, a second client device, that does not share the PSK, may receive the multicast frame but cannot decrypt the multicast frames.

Abstract: The disclosed technology relates to a process of providing dynamic machine learning on premise model selection. In particular, a set of machine learned models are generated and provided to an on premise computing device. The machine learned models are generated using a cluster of customer data (e.g. telemetric data) stored on a computing network having different ranges of computational complexity. One of the machine learned models from the set of machine learned models will be selected based on the current available computational resources detected at the on premise computing device. Different machine learned models from the set of machine learned models can then be selected based on changes in the available computational resources and/or customer feedback.

Abstract: Techniques and mechanisms for providing continuous integrity validation-based control plane communication in a container-orchestration system, e.g., the Kubernetes platform. A worker node generates a nonce and forwards the nonce to a master node while requesting an attestation token. Using the nonce, the master node generates the attestation token and replies back to the worker node with the attestation token. The worker node validates the attestation token with a CA server to ensure that the master node is not compromised. The worker node sends its authentication credentials to the master node. The master node generates a nonce and forwards the nonce to the worker node while requesting an attestation token. Using the nonce, the worker node generates the attestation token and replies back to the master node with the attestation token. The master node validates the attestation token with the CA server to ensure that the worker node is not compromised.

Abstract: In one embodiment, a traffic analysis service receives captured traffic data regarding a Transport Layer Security (TLS) connection between a client and a server. The traffic analysis service applies a first machine learning-based classifier to TLS records from the traffic data, to identify a set of the TLS records that include Hypertext Transfer Protocol (HTTP) header information. The traffic analysis service estimates one or more HTTP transaction labels for the connection by applying a second machine learning-based classifier to the identified set of TLS records that include HTTP header information. The traffic analysis service augments the captured traffic data with the one or more HTTP transaction labels. The traffic analysis service causes performance of a network security function based on the augmented traffic data.