Abstract: In one embodiment, a supervisory device in a network forms a virtual access point (VAP) for a node in the network. A set of access points (APs) in the network are mapped to the VAP as part of a VAP mapping and the node treats the APs in the VAP mapping as a single AP for purposes of communicating with the network. The supervisory device receives measurements from the APs in the VAP mapping regarding communications associated with the node. The supervisory device identifies a movement of the node based on the received measurements from the APs in the VAP mapping. The supervisory device adjusts the set of APs in the VAP mapping based on the identified movement of the node.

Abstract: Techniques are described for safely overwriting decided slots and in-order fault tolerant consensus logs for replicated services. Using techniques described herein, a broad class of already-existing consensus log protocols may be enhanced/extended to safely overwrite decided slots and provide in-order fault tolerant consensus logs. When changing to a different epoch of a consensus log, slots determined to be unreachable may be changed/deleted even if slots after the gap were decided. A sequencer protocol establishes distributed consensus among a group of services. The sequencer protocol provides in-order execution of messages from multiple clients, and flow control from within the sequencer protocol, without offloading de-duplicate and reorder (DDRO) logic to the application layer. Fault tolerance is provided by egress cursors and ingress cursors, which provide awareness of which specific messages from each client sender should be executed next, even if those messages are not presently in the consensus log.

Abstract: Techniques for adaptive thresholding are provided. First and second data points are received. A plurality of data points are identified, where the plurality of data points corresponds to timestamps associated with the first and second data points. At least one cluster is generated for the plurality of data points based on a predefined cluster radius. Upon determining that the first data point is outside of the cluster, the first data point is labeled as anomalous. A predicted value is generated for the second data point, based on processing data points in the cluster using a machine learning model, and a deviation between the predicted value and an actual value for the second data point is computed. Upon determining that the deviation exceeds a threshold, the second data point is labeled as anomalous. Finally, computing resources are reallocated, based on at least one of the anomalous data points.

Abstract: In one embodiment, a device in a network detects an encrypted traffic flow associated with a client in the network. The device captures contextual traffic data regarding the encrypted traffic flow from one or more unencrypted packets associated with the client. The device performs a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier. The device generates an alert based on the classification of the encrypted traffic flow.

Abstract: Techniques for container management and topology visualization are provided. A network topology of a data center is determined, where the network topology includes a plurality of physical servers. A plurality of containers executing in the data center is identified, and for each respective container of the plurality of containers, a respective server from the plurality of physical servers that is executing the respective container is determined. An augmented network topology is generated by correlating the network topology and the determined server executing each container, where the augmented network topology indicates relationships among the plurality of containers and physical resources in the data center.

Abstract: In one embodiment, a device obtains execution records regarding executions of a plurality of binaries. The execution records comprise command line arguments used during the execution. The device determines measures of similarity between the executions of the binaries based on their command line arguments. The device clusters the executions into clusters based on the determined measures of similarity. The device flags the command line arguments for a particular one of the clusters as an indicator of compromise for malware, based on at least one of the binaries associated with the particular cluster being malware.

Abstract: Automating and extending path tracing through wireless links is provided by receiving a request to perform a network trace over a wireless link provided by an Access Point (AP) configured as a transparent forwarder between a trace source and a trace target; monitoring a trace packet from a first time of arrival at the AP, a first time of departure from the AP, a second time of arrival at the AP, and a second time of departure from the AP; monitoring a buffer status of the AP at the first time of arrival and the second time of arrival; and in response to identifying a network anomaly based on the trace packet and the buffer status, adjusting a network setting at the AP.

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

Abstract: Providing for time sensitive networking (TSN) traffic in high density deployments is described. An access point (AP) is a high density deployment receives a message identifying another AP as a TSN neighbor and also detects a TSN device within an area covered by the APs. This arrangement may cause traffic interruptions for the TSN traffic between the TSN device and the APs. In order to prevent disruption in TSN traffic, a TSN time slot and a resource unit (RU) is determined for each of the APs, and the TSN traffic is communicated between the various devices in network according to the determined TSN time slot and RU.

Abstract: Techniques for compiling source code include generating object code by processing source code corresponding to a portion of a software program. The source code includes an instruction, native to a program language, for a memory location access. Based at least in part on processing the source code, the compiler generates second object code that, when executed by one or more processors, configures the one or more processors to determine to implement the memory location access using first database access transaction operations or to implement the memory location access using second database access transaction operations. The compiler may generate third object code that configures the one or more processors to implement the memory location access using the first database access transaction operations or to implement the memory location access using the second database access transaction operations, based at least in part based on the determining.

Abstract: Network environment health monitoring is provided by receiving an alert indicating that a first station (STA) is experiencing a connection with a first Access Point (AP) below a quality threshold; identifying a set of APs connected to a shared network with the first AP within one hop of the first AP; aggregating signal metrics for the first STA from the first AP and each AP of the set of APs; identifying a cause for the connection performing below the quality threshold based on the signal metrics as aggregated; and performing a remediation strategy based on the cause as identified.

Abstract: This disclosure describes techniques and mechanisms for using a domain-specific language (DSL) to express and compile serverless network functions, and optimizing the deployment location for the serverless network functions on network devices. In some examples, the serverless network functions may be expressed entirely in the DSL (e.g., via a text-based editor, a graphics-based editor, etc.), where the DSL is a computer language specialized to a particular domain, such as a network function domain. In additional examples, the serverless network functions may be expressed and compiled using a DSL in combination with a general-purpose language (GSL). Once the serverless network function have been expressed and/or compiled, the techniques of this disclosure further include determining an optimized network component on which the serverless network function is to execute, and deploying the serverless function to the optimized network component.

Abstract: Techniques for utilizing a cloud service to compute an end-to-end SLA-aware path using dynamic software-defined cloud interconnect (SDCI) tunnels between a user device and an access point-of-presence (POP) node and inter-POP tunnels of the SDCI. The cloud service may include a performance aware path instantiation (PAPI) component including a POP database for storing performance metrics associated with the POPs of the SDCI, an enterprise policy database for storing user specific policies, and/or a path computation component. The path computation component may compute the path, based on the user specific policies, performance metrics associated with the POP nodes, and/or real-time contextual data associated with the user device and/or destination device. The path may include a first tunnel between the user device and the most optimal access POP node of the SDCI and a second tunnel between the access POP node, through the internal POP nodes, and to the destination device.

Abstract: In one embodiment, a device receives data regarding a node from a plurality of management platforms, each management platform being associated with a different access network used by the node. The device applies a unified data model to the data regarding the node received from the plurality of management platforms, to form unified data regarding the node. The device analyzes the unified data regarding the node, to generate insight information. The device provides the insight information to an application associated with a manufacturer of the node.

Abstract: This disclosure describes techniques for enhanced segment routing across computer networks. The routing of data traffic may be enhanced by accounting for additional considerations, beyond typical network parameters, when selecting segment routes via which to route the data traffic. For instance, a service provider (SP) may wish to consider business priorities when selecting a segment route to another SP. The techniques described herein include mechanisms for gathering and/or receiving information regarding business priorities, analyzing the business priorities, and determining a segment route. As such, through accounting for additional considerations beyond typical network parameters, enhanced segment routing may potentially improve client service and network operations.

Abstract: A system for providing services for microservices applications is described herein. In an embodiment, a system comprises a plurality of container environments, each of which comprising a host node. A virtual fabric edge instance executes on each host node. The host nodes are interconnected through a plurality of switches. A fabric controller manages the plurality of switches and implements policies through the virtual fabric edge instances executing on each host node. The fabric controller additionally provides services for the application instances through the virtual fabric edge instances by routing traffic, data, queries from an application or proxy instance to another application or proxy instance in the container environment through the virtual fabric edge instances.

Abstract: In one embodiment, Segment Routing Internet Protocol Version 6 (SRv6) micro segments (“uSIDs”) are included in destination addresses, and possibly in other Segment Identifiers (“SIDs”), of packets transported through a network, and invoking corresponding network behavior, including, but not limited to, realization of corresponding network slices. In one embodiment, network nodes are configured to perform differential network slice realization functionality based on values slice-representative value(s) provided by global and/or local uSIDs of packets. This configuration may be defined by a controller in the network and/or routing protocol advertisements. Responsive to a received packet, a network node identifies and performs the corresponding network slice realization functionality based on slice-representative value(s) provided by one or more global and/or local uSIDs of the destination address of the received packet.

Abstract: Hybrid ranging may be provided. A coverage environment may be divided into a plurality of areas and a corresponding plurality accuracy gradients for each of the plurality of areas may be determined. Passive ranging may be implemented for ones of the plurality of areas that have a high accuracy gradient and one of a high client device density and low client device movement. Active ranging may be implemented for ones of the plurality of areas that have a low client device density. Based on at least one of a level of client device density and movement speed of client devices, switching may be performed between passive ranging and active ranging for ones of the plurality of areas that have at least one of high client device density and high client device movement.

Abstract: In one embodiment, an agent inserts instrumentation into a Java Platform Module System in which a plurality of Java modules of an application is executed. The agent captures, using the instrumentation, an access check failure for an inter-module operation between the Java modules. The agent overrides, using the instrumentation, the access check failure. The agent reports the captured access check failure to a user interface.

Abstract: Systems, methods, and computer-readable media are disclosed for validating endpoint information for nodes in a network. A network assurance appliance is configured to retrieve, from a first leaf node in a network, first endpoint information for a first set of endpoints connected to the first leaf node, wherein the first set of endpoints includes a virtual port channel (VPC) endpoint. The network assurance appliance retrieves second endpoint information from a second node in the network, compares the first endpoint information with the second endpoint information, and identifies an inconsistency when the first endpoint information and the second endpoint information do not match.