Abstract: The present technology allows coordination of channels of private wireless networks utilizing shared licensed and unlicensed spectrum. Wireless network operators in an enterprise location register to participate in a consortium and register licensed, shared, and unlicensed spectrum resources to be shared with other members of the consortium. The wireless network operators request an allocation of spectrum resources from the consortium. The consortium generates a radio resource management (“RRM”) plan for shared use of the licensed, shared, and unlicensed spectrum resources. The consortium combines the allocated licensed, shared, and unlicensed spectrum from each of the wireless network operators to meet the target RRM plan. The consortium monitors spectrum utilization to dynamically update the RRM. The consortium monitors spectrum utilization in real time to determine how closely the RRM plan matches the resources allocated to each wireless network operator.

Abstract: Techniques for application aware device monitoring correlation and visualization are disclosed. In some embodiments, a system, a process, and/or a computer program product for providing application aware device monitoring includes collecting network layer information from one or more agents utilizing a plurality of tests; collecting device layer information from the one or more agents deployed to monitor a plurality of devices in a network computing environment; correlating the network layer information and the device layer information; and generating a graphical visualization based on the correlated network layer and device layer information (e.g., an alert, report, and/or a graphical visualization can be provided based on the correlated network layer and device layer information to facilitate root cause detection for application performance issues).

Abstract: A network system comprises a plurality of access points (APs) and a distributed cache. The distributed cache is formed using memory in the plurality of APs. The plurality of APs are configured to measure telemetry data and store the telemetry data in the distributed cache. One of the plurality of APs is assigned as a controller AP configured to assign, based on the telemetry data stored in the distributed cache, multiple APs of the plurality of APs to different roles to analyze the plurality of APs and update resource configurations of the plurality of APs.

Abstract: This disclosure describes a method of utilizing network controllers to store mappings between policies, dynamic operating attributes (DOA), and trigger values in a manifest and utilizing software agents in communication to monitor DOAs of respective workloads or workload groupings for trigger values associated with the DOAs to apply a corresponding policy at run-time. The method provides for flexible policy semantics and on-demand policy provisioning. The method includes receiving at a network controller, a definition of a policy, a DOA associated with a workload, and a trigger value associated with the DOA, storing a mapping between the policy, DOA and trigger value, sending the DOA and the trigger value to a datapath agent monitoring respective workloads, receiving an indication that a current value of the DOA of the workload corresponds to the trigger value from the software agent, and sending the policy to the software agent for distribution to the workload.

Abstract: Optimal determination of wireless network pathway configurations may be provided. A computing device may receive an error profile and a response instruction associated with the error profile, as generated by a network controller. The computing device may then monitor, for an error, on a communication Track, in a network, between an ingress node and an egress node. Then, the computing device, upon detecting the error, can determine that the error is similar to the error profile, and based on the determination that the error is similar to the error profile, enact the response instruction. The response instruction can direct the computing device to switch from the communication Track to a communication subTrack between the ingress node and the egress node.

Abstract: Channel availability check optimization may be provided. A plurality of Pulse Repetition Intervals (PRIs) may be determined for a respective plurality of bursts on a respective plurality of frequencies. A list of at least a portion of the plurality of frequencies may be generated. The list may include a plurality of bias factors respectively indicating a probability that each of the respective plurality of bursts was a radar burst based on the respective plurality of PRIs. An Access Point (AP) may perform a plurality of preemptive Channel Availability Checks (CACs) on each of the respective plurality of frequencies on the list in order of highest probability to lowest probability based on the plurality of bias factors.

Abstract: A method and system for providing location services at a network edge is described. An AP can receive location information associated with a second AP in a location group. The AP can also receive client location data from the second AP and associated with a first client. From at least the received client location data, the AP can determine a location of the first client. The AP can then send the location of the first client to a location service.

Abstract: A traffic flow based map cache refresh may be provided. A computing device may receive a dropped packet message when a packet associated with a flow having a destination and a source was dropped before it reached the destination. Next, in response to receiving the dropped packet message, a map request message may be sent to a Map Server (MS). In response to sending the map request message, a map response message may be received indicating an updated destination for the flow. A map cache may then be refreshed for the source of the flow based on the updated destination from the received map response message.

Abstract: Zero-trust dynamic discovery in provided by identifying a plurality of endpoints, including targets and initiators, connected to a software defined network, wherein the targets are provided on the software defined network according to a network addressable memory standard that lacks a native discovery service; grouping the targets into a plurality of target groups and the initiators into a plurality of initiator groups; and in response to receiving a discovery request from a given initiator grouped in a given initiator group of the plurality of initiator groups, returning addressing information for a target group of the plurality of target groups associated with the given initiator group in a security policy configuration for the software defined network.

Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting, identifying, and/or assessing hidden vulnerabilities in an enterprise network. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to receive vulnerability data of network components within an enterprise network. The vulnerability data can include identification of one or more vulnerabilities detected within the enterprise network. The device can then determine a vulnerability frequency and a machine frequency associated with each of the one or more vulnerabilities. The device can then determine a vulnerability score for each of the one or more vulnerabilities based on the vulnerability frequency and an inverse of the machine frequency, to yield a plurality of vulnerability scores. The device can then rank the one or more vulnerabilities based on the plurality of vulnerability scores.

Abstract: First, a plurality of access tokens may be received from a respective plurality of identity provider services. Each of the plurality of access tokens may be associated with a user. Then, the plurality of access tokens may be stored in a profile associated with the user. Next, user polices associated with the use of the plurality of access tokens may be assigned. A device token may then be provided to a user device associated with the user. The device token may be associated with the profile. The device token and network policies may be received and then it may be determined that the user polices and the network policies are congruent. In response to determining that the user polices and the network policies are congruent, authentication to at least one of the plurality identity provider services may be made.

Abstract: Techniques and apparatus for managing a message relaying system are described. One technique includes an access point (AP) detecting a first signal and a second signal from a computing device. A validation of the first signal is performed based on parameters of the first signal and the second signal. After the validation, information associated with the first signal is transmitted to a computing system. In another technique, the computing system may designate one of multiple APs reporting information regarding first signals as a primary reporting AP and designate the remaining APs as secondary reporting APs. The computing system may instruct the secondary reporting APs to refrain from reporting information regarding first signals to the computing system.

Abstract: A method includes linking, at an access node, a first media control access (MAC) address of a device to an identifier of the device to establish a communication session between the access node and the device and during the communication session, receiving, at the access node, an indication of a change of the first MAC address to a second MAC address. The method also includes linking, at the access node, the second MAC address to the first MAC address and the identifier and receiving, at the access node, a communication from the device using the second MAC address while maintaining the communication session.

Abstract: Disclosed in a fast, compact, efficient, hardware agnostic, stateful data store that can universally store and track millions of stateful data objects, such as networking routing data (or any stateful data) in files for use in, for example, embedded applications. Stateful data objects can be tracked by a modified tree for updating and insert data objects into the stateful data store. The stateful data object can also be allocated additional space in memory for potential future data updates.

Abstract: This disclosure describes techniques for identifying the criticality of an asset in a network. In an example method, a first security metric of a first asset in a network, as well as network data that identifies data flows associated with a second asset in the network are identified. The second asset is a nearest neighbor of the first asset in the network. The method includes determining, based on the network data, a number of hosts in the network that exchanged data traffic with the second asset during a time period and generating a second security metric of the second asset based on the first security metric and the number of hosts. A security policy of the second asset is adjusted based on the security metric.

Abstract: A method is provided in one example embodiment and may include generating feedback information by a small cell radio and a macro cell radio; setting a high mobility handover threshold for the macro cell radio based, at least in part, on the feedback information, wherein the high mobility handover threshold is used to trigger handover of one or more high mobility user equipment (UE) associated with the macro cell radio to the small cell radio; and setting a maximum downlink transmit power for the small cell radio based, at least in part, on the feedback information and the high mobility handover threshold.

Abstract: The present technology pertains to a distributed server system for verifying vendors. The distributed server system comprises one or more nodes on a distributed network; a communication interface of a first node that communicates over a communication network with the one or more nodes on the distributed network, wherein the communication interface receives information about a unique seal associated with a product in response to a query; and a processor of the first node that executes instructions stored in memory, wherein execution of the instructions by the processor verifies that a vendor is associated with the unique seal has been appended to a distributed ledger, determines a match between the unique seal and the vendor; and, after determining the match, confirms that the vendor is a certified vendor of the product.

Abstract: A method performed by a system which manages station transition from a Wi-Fi access point includes sending, based on the station roaming to an edge-of-domain access point, a request to neighboring access points to the edge-of-domain access point for neighbor reports. The method includes receiving a cellular signal value from the station, comparing a first signal grade associated with the edge-of-domain access point to a second signal grade associated with the cellular signal value to yield a comparison and generating a link usability rating associated with a link between the station and the edge-of-domain access point. Based at least in part on the comparison and the link usability rating, the method includes transmitting a message to the station suggesting that the station roam from the edge-of-domain access point to a cellular network. An edge of the domain can also be dynamic and vary based on station characteristics.

Abstract: Client device blocking may be provided. A switching device may receive data from a first client device. The data may be addressed to a second client device. Then it may be determined that both the first client device and the second client device belong to a protected group. Next, in response to determining that both the first client device and the second client device belong to the protected group, the data may be blocked from being forwarding to the second client device on a network interface of the switching device.

Abstract: According to one or more embodiments, a first router receives a latency measurement indicative of latency associated with traffic sent from the first router to a second router. The first router calculates an asymmetrical latency as a difference between the latency measurement and a latency associated with traffic sent from the second router to the first router. The first router determines, based on the asymmetrical latency, a symmetrical latency target. The first router sends, to the second router, an indication of the symmetrical latency target. The first router and the second router adjust their respective de-jitter buffers to achieve the symmetrical latency target between the first router and the second router.