Abstract: Embodiments for preliminary antenna configuration for a radio in an access point are described. A preliminary antenna configuration with a first number of antennas transmitting at a first power level based on a maximum transmission power for the radio is used to determine a second antenna configuration based on network level factors, where the second antenna configuration includes a second number of antennas. The second antenna configuration is used to determine a third antenna configuration from the second antenna configuration, where the third antenna configuration includes a third number of antennas transmitting at a third power level based on a client transmission factors for a plurality of client devices connected to the access point. The third antenna configuration is used to transmit network traffic from the access point to the plurality of client devices using the third antenna configuration.

Abstract: This technology enables a dynamic host configuration protocol (“DHCP”) Layer 2 relay in a Virtual Extensible Local Area Network (“VXLAN”) overlay fabric. A host device broadcasts a configuration request, such as a DHCP discover, across an Ethernet virtual private network (“EVPN”) overlay fabric. The DHCP discover is intercepted by a VXLAN Tunnel End Point (“VTEP”) device with Layer 2 bridging functionality. The VTEP device selects a centralized gateway (“CGW”) device with Layer 3 relay functionality as a destination for the DHCP discover. The VTEP device encapsulates the DHCP discover with a unicast VXLAN header comprising the media access control (“MAC”) address of the CGW device and transmits the encapsulated DHCP discover to the CGW device, resolving the destination address associated with the broadcast. The CGW device transmits the DHCP discover to an Internet Protocol (“IP”) address associated with a DHCP server that is external to the EVPN overlay fabric.

Abstract: In one embodiment, a device calculates one or more distributions of bitrates associated with an application whose traffic is conveyed via one or more paths in a network. The device detects throughput modes of the application, based on the one or more distributions of bitrates associated with the application. The device associates each throughput mode with a quality of experience label, to form a plurality of pairs of throughput modes and quality of experience labels. The device estimates a quality of experience metric for the application, based on a bitrate of the application and the plurality of pairs of throughput modes and quality of experience labels.

Abstract: A method may include, with a controller of an AS, routing a data flow from a source device, through at least one front-end node to a plurality of back-end nodes, and balancing, by the controller, the data flow to the back-end nodes equally based at least in part on ECMP routing. A number of routes from the back-end nodes to endpoint devices may be determined based at least in part on a preference for a primary route from the back-end nodes to a corresponding one of the endpoint devices, and backup routes from the back-end nodes to the corresponding one of the endpoint devices. An indication of a failure of a first endpoint device is received, and the back-end nodes utilize a first backup route that is associated with a second endpoint device to rebalance the data flow from the first endpoint device to the second endpoint device.

Abstract: In one embodiment, a service receives a feature availability report indicative of which telemetry variables are available at a device in a network and resource costs associated with data features that the device could compute from the telemetry variables. The service selects at least a subset of the data features for input to a machine learning model, based on their associated resource costs and on their respective impacts on one or more performance metrics for the machine learning model. The service trains the machine learning model to evaluate the selected data features. The service sends the trained machine learning model to the device. The device computes the selected data features from the telemetry variables available at the device and uses the computed data features as input to the machine learning model.

Abstract: Techniques and mechanisms for using a domain-specific language (DSL) to express overall network behaviors by describing what network-level behavior is desired. A compiler breaks down the DSL into portions of executable code that are to be run at different network devices and locations of the network architecture. In some instances, the executable code output from the compiler may be used to determine what network functions, network devices, and/or network topology is required to implement the overall network behavior that is desired. In other examples, an inventory and/or topology of available network devices may be fed into the compiler, and the compiler may compile the DSL into executable code that is able to be supported by the inventory and/or topology of available network devices. Thus, the DSL can be used to describe overall network behaviors to easily generate executable code that is used to implement a desired network-level behavior.

Abstract: In various embodiments, a device classification service obtains data indicative of device attributes of a plurality of devices. The device classification service forms, based on the obtained data indicative of the device attributes, a concept graph that comprises nodes that represent different sets of the device attributes. The device classification service determines, by analyzing the concept graph, a relevance score for each of the device attributes that quantifies how relevant that attribute is to classifying a device by its device type. The device classification service uses the relevance scores for the device attributes to cluster the plurality of devices into device type clusters by their device attributes.

Abstract: Systems and methods may include sending, to a network registrar, a first message including a first nonce generated by a host computing device, and receiving, from the network registrar, a second message including a second nonce, the second nonce being signed by the network registrar via a private key of a first public key infrastructure (PKI) key pair of the network registrar via a first signature. The method further includes sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and the private key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that the router is not impersonating the network.

Abstract: Techniques for determining packet path visibility, packet drops, and latency measurements associated with data flows of a networked computing environment are disclosed herein. The techniques may include receiving flow data associated with a data flow of a networked computing environment and determining a packet path associated with the data flow. The packet path may indicate that a first leaf switch is configured to send packets to a service chain device and that a second leaf switch is configured to receive the packets from the service chain device. The techniques may also include receiving timestamp data indicating a first time when the first leaf switch sent a packet to the service chain device and a second time when the second leaf switch received the packet from the service chain device. Based at least in part on the timestamp data, a latency associated with the service chain device may be calculated.

Abstract: Described herein is a two chip photonic device (e.g., a hybrid master oscillator power amplifier (MOPA)) where a gain region and optical amplifier region are formed on a III-V chip and a variable reflector (which in combination with the gain region forms a laser cavity) is formed on a different semiconductor chip that includes silicon, silicon nitride, lithium niobate, or the like. Sides of the two chips are disposed in a facing relationship so that optical signals can transfer between the gain region, the variable reflector, and the optical amplifier.

Abstract: A sub-40 kilohertz low-frequency cutoff is provided for via a transimpedance amplifier comprising differential inputs and differential outputs; coupling capacitors comprising input terminals configured to receive electrical signals, and output terminals coupled to the differential inputs; and feedback paths coupled to the differential outputs and operable to level shift voltage levels at the input terminals. In some embodiments, the feedback paths comprise source follower transistors wherein the differential outputs are coupled to gate terminals of the source follower transistors or the feedback paths further comprise feedback resistors. In some embodiments, a bias resistor is coupled between the differential inputs.

Abstract: Management of radio resources of a wireless network according to a Flexible Radio Assignment (FRA) mode may be provided. For each Access Point (AP) of the wireless network: a type of AP may be identified including determining whether each AP has Multi-Link (ML) capability, and when the FRA mode is for performance, a bias may be applied to each ML capable AP to reduce a likelihood of a radio of each ML capable AP being identified as a redundant radio. For each Client Device (CD) of the wireless network, an identification of whether each CD has ML capability may be made, and a radio configuration of at least one ML capable AP may be tailored to support one or more ML capable CDs.

Abstract: In one embodiment, a service receives signal characteristic data indicative of characteristics of wireless signals received by one or more antennas located in a particular area. The service identifies an object in the particular area, based on the received signal characteristic data. The service associates the identified object with an object kinematics model. The service updates the object kinematics model over time by applying Bayesian inference to changes in the signal characteristic data.

Abstract: Embodiments herein describe a retroactive tracer that retroactively generates traces using data stored in local caches. Rather than continually generating and collecting tracing data in a distributed system (which may requires massive amounts of storage and bandwidth), the embodiments herein store tracing data in local caches corresponding to nodes in the distributed system (e.g., a service, application, virtual machine, server, network device, etc.). When an error is detected when executing a task, the retroactive tracer can broadcast a request that the nodes send any trace data they may have corresponding to that task. The tracer can then retroactively generate the trace from the collected trace data. In contrast, if a task completes without an error, the nodes delete the trace data from their local caches (i.e., the trace data is not collected by the retroactive tracer).

Abstract: Techniques for optimizing segment routing (SR) paths using segment identifiers (SIDs) are disclosed, including determining a packet is to be sent from a first node to a second node of a network using an SR method. The techniques may also include determining a segment quantization factor that is representative of a first number of SIDs that are included in a segment quantization interval. Based at least in part on the segment quantization factor and a cost constraint, an SR path defined by a second number of SIDs to send the packet may be determined. The second number of SIDs may be associated with maximizing the SIDs included in individual ones of segment quantization intervals. The techniques further include modifying the packet to include at least the second number of SIDs and causing the packet to flow from the first node to the second node via the SR path.

Abstract: Techniques for efficient network probing are provided. Coherence data is received from a plurality of access points (APs), where the coherence data indicates, for each respective AP of the plurality of APs, coherence bandwidth for a plurality of subcarriers. A mapping is generated indicating, for each of the plurality of APs, sets of subcarriers that can be interchangeably sounded. Two or more APs of the plurality of APs that can jointly sound a first subcarrier of the plurality of subcarriers are then identified based on the mapping, and the first subcarrier is allocated to the identified two or more APs for future sounding.

Abstract: In one embodiment, a gateway to a zero trust network applies an access control policy to an endpoint device attempting to access a cloud-based application hosted by the zero trust network. The gateway acts as a reverse proxy between the endpoint device and the cloud-based application, based on the access control policy applied to the endpoint device. The gateway captures telemetry data regarding application traffic reverse proxied by the gateway between the endpoint device and the cloud-based application. The gateway detects an anomalous behavior of the application traffic by comparing the captured telemetry data to a machine learning-based behavioral model for the application. The gateway initiates a mitigation action for the detected anomalous behavior of the application traffic.

Abstract: Embodiments provide for a tunable driving circuit by monitoring a frequency of a ring oscillator of an electrical integrated circuit connected to an optical modulator to determine operational characteristics of the electrical integrated circuit; setting, based on the operational characteristics, a driving voltage for a plurality of tunable inverters and a plurality of fixed gain inverters that control the optical modulator, wherein each tunable inverter of the plurality of tunable inverters is connected in parallel with a corresponding fixed gain inverter of the plurality of fixed gain inverters on one of a first arm and a second arm connected to the optical modulator; and setting an amplification strength for the plurality of tunable inverters based on the operational characteristics.

Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.

Abstract: In one embodiment, a service receives software version data regarding versions of software executed by devices in a network. The service detects a version change in the version of software executed by one or more of the devices, based on the received software version data. The service makes a determination that a drop in data quality of input data for a machine learning model used to monitor the network is associated with the detected version change. The service reverts the one or more devices to a prior version of software, based on the determination that the drop in quality of the input data for the machine learning model used to monitor the network is associated with the detected version change.