Abstract: Systems, methods, and computer-readable media are provided for securely advertising autoconfigured prefixes in a cloud environment. In some examples, a method can include, receiving, by a first router, an indication of an available network address prefix. In some aspects, the method can also include selecting, by the first router, a first network address prefix that is within the available network address prefix, wherein the first network address prefix provides at least one route to one or more network elements associated with the first router. In some cases, the method may further include sending, to a second router, a message including a stub registration option that indicates the first network address prefix.

Abstract: The present disclosure is directed to systems and techniques for improved signaling of subscriber information and updates thereto for one or more location-based user plane services. In one examples, the systems and techniques can include determining the existence of a converged User Plane Function (UPF) comprising a Serving Gateway User Plane (SGW-U) session and a Packet Data Network (PDN) Gateway User Plane (PGW-U) session. In response to determining the existence of the converged UPF, User Equipment (UE) information can be transmitted from a Serving Gateway Control Plane (SGW-C) session to the SGW-U session of the converged UPF. The UE information received at the SGW-U session can be shared to the PGW-U session of the converged UPF, wherein the PGW-U session receives the UE information without communicating with a PDN Gateway Control Plane (PGW-C) session.

Abstract: According to one or more embodiments of the disclosure, a networking device receives a policy for an endpoint in a network. The policy specifies one or more component tags and one or more activity tags that were assigned to the endpoint based on deep packet inspection of traffic associated with the endpoint. The networking device identifies a set of tags for a particular traffic flow in the network associated with the endpoint. The set of tags comprises one or more component tags or activity tags associated with the particular traffic flow. The networking device makes a determination that the particular traffic flow violates the policy based on the set of tags comprising a tag that is not in the policy. The networking device initiates, based on the determination that the particular traffic flow violates the policy, a corrective measure with respect to the particular traffic flow.

Abstract: Disclosed herein are systems, methods, and computer-readable media for reporting QoE of a UE, as measured and determined from the perspective of the UE to one or more core components of the cellular network to which the UE is attached. The QoE may then be used by the one or more core components for managing and adjusting, if necessary, the cellular services provided to the UE. In one aspect, a method includes determining, at a user device, a quality of experience (QoE) of user device connected to a cellular network and transmitting, via a non-access stratum (NAS) signaling, a value of the QoE from the user device to a core network element of the cellular network, wherein the core network element utilizes the QoE value to manage network access and a quality of service (QoS) of the user device.

Abstract: A method of provisioning a network may include, with a network controller, identifying a first network intent of a computing network based at least in part on an execution of a user interface (UI) or API layer at a client device, and identifying a modification of at least one object within the first network intent within the UI or API layer at the client device as the first network intent is being modified. The modification defines a delta between the first network intent and a second network intent. The method may further include, with a provisioning service executed by the network controller, receiving the delta as a payload from the client device, and provisioning at least one computing device within the computing network based at least in part on the delta. The method further includes automatically modifying the at least one object based on the received delta, including a further modification of the second network intent.

Abstract: A status report frame may be provided. First, an Access Point (AP) may associate with a client device. Then the AP may send a status report to the client device in a status report frame comprising a protected management frame.

Abstract: A device receives a video stream, where one or more frames of the video stream include embedded metadata that is embedded directly into the one or more frames. The device extracts the embedded metadata from the one or more frames. The device makes an authentication determination regarding the video stream, based on whether the embedded metadata includes a digital signature associated with a sender of the video stream. The device controls, based on the authentication determination, presentation of the video stream to a recipient user.

Abstract: Techniques and architecture are described for inducing precise delays in a network device (network node) that has the capability to act on packets/traffic flows based on policy configurations of the network device and delays experienced by traffic in the network device. This capability may be used for testing and verification of the network device to verify that the network device meets the configured policies. Additionally, this capability may be utilized in an operational network to selectively induce delays and measure its impact for purposes such as, for example, planning, stress testing, resiliency, etc.

Abstract: Disclosed is a method to enable printing on legacy devices. The method includes discovering a legacy device that does not have a universal record that enables the legacy device to provide services to a mobile device through a network, appending the universal record for the legacy device, transmitting the universal record for the legacy device to a controller, receiving, at the controller and from the mobile device, a request for services which can be provided by the legacy device, transmitting, from the controller and based on the universal record for the legacy device, data associated with the legacy device to the mobile device to yield transmitted data and transmitting, based on an acceptance of the transmitted data by the mobile device, a service request from the mobile device to the legacy device for providing a service to the mobile device.

Abstract: This disclosure describes an integrated management method to manage a service mesh data plane over a network fabric. The method includes determining at least one service mesh data plane policy for a microservice of a service mesh. The method further includes sending, over the network fabric, the at least one service mesh data plane policy to a virtual router associated with the microservice based at least in part on connectivity information maintained by a network fabric control plane manager of a configuration manager.

Abstract: Improved Radio Frequency (RF) performance by optimizing temperature may be provided. A plurality of heatmaps may be created associating a plurality of component heat characteristics, of a plurality of components of a device, with a plurality of pre-defined performance trade-off states. Next, a shortest path through the plurality of pre-defined performance trade-off states may be determined. The device may then be placed in successive ones of the plurality of pre-defined performance trade-off states according to the determined shortest path until a Transmit (TX) performance target is met.

Abstract: A method may include bridging in, via a fabric, a multicast data packet from a source device to a first edge device of a plurality of edge devices and flooding the multicast data packet to the plurality of edge devices within a mutual subnetwork of the fabric. The method further includes bridging out the multicast data packet from a second edge device of the plurality of edge devices to a receiving device. The source device and the receiving device are located within the mutual subnetwork.

Abstract: An example method for identifying and reporting a space or individual that has been exposed to an infectious disease includes identifying sensor data related to one or more individuals in a space; determining, based on the sensor data, that a particular individual among the one or more individuals is infected with an infectious disease; generating a report requesting that the space be disinfected; and outputting the report to a computing device.

Abstract: This disclosure describes methods and systems to externally manage network-to-network interconnect configuration data in conjunction with a centralized database subsystem. An example of the methods includes receiving and storing, in the centralized database subsystem, data indicative of user intent to interconnect at least a first network and a second network. The example method further includes, based at least in part on the data indicative of user intent, determining and storing, in the centralized database subsystem, a network intent that corresponds to the user intent. The example method further includes providing data indicative of the network intent from the centralized database subsystem to a first data plane adaptor, associated with the first network, and a second data plane adaptor, associated with the second network.

Abstract: In one embodiment, an illustrative method herein may comprise: receiving, at a first edge device, a direct indication from a second edge device that a mobile device has moved from the first to the second edge device; determining, based on the direct indication, a first time at which the mobile device attached to the second edge device; receiving a network routing update message indicative of a routing update for the mobile device having moved to the second edge device; determining, based on the network routing update message, a second time at which convergence completed at the first edge device; and calculating a convergence time for the mobile device to be detected as having moved to the second edge device based on a difference between the first time and the second time.

Abstract: In one embodiment, an issue analysis service obtains telemetry data from a plurality of devices in a network across a plurality of time intervals. The service detects a failure event in which a device in the network is in a failure state. The service clusters the telemetry data obtained prior to the failure event into rounds according to time intervals in which the telemetry data was collected. Each round corresponds to a particular time interval. The service applies a machine learning-based classifier to each one of the rounds of clustered telemetry data to identify one or more common traits appearing in the telemetry data for each round. The service generates a trait change report indicating a change in the one or more common traits appearing in the telemetry data across the rounds leading up to the failure event.

Abstract: Techniques and architecture are described for providing a service, e.g., a security service such as a firewall, across different virtual networks/VRFs/VPN IDs. The techniques and architecture provide modifications in enterprise computing fabrics by modifying pull-based overlay protocols such as, for example, locator/identifier separation protocol (LISP), border gateway protocol ethernet virtual private network (BGP EVPN), etc. A map request carries additional information to instruct a map-server that even though mapping (destination prefix and firewall service RLOC for the destination) is known within the map-server's own virtual network/VRF for firewall service insertion, the map-server still should do a lookup across virtual networks/VRFs and discover the final destination's DGT (destination group tag) and include that in the map reply.

Abstract: This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

Abstract: Automated techniques for converting network devices from a Layer 2 (L2) network into a Layer 3 (L3) network in a hierarchical manner are described herein. The network devices may be configured to boot such that their ports are in an initialization mode in which the ports are unable to transmit locally generated DHCP packets. When a network device detects that a neighbor (or “peer”) device has acquired an IP address or has been configured by a network controller, then the port on which the neighbor device is detected can then be transitioned from the initialization mode into a forwarding mode. In the forwarding mode, the port can be used to transmit packets to obtain an IP address. Thus, the network devices are converted from an L2 device to an L3 device in a hierarchical order such that upstream devices are discovered and converted into L3 devices before downstream devices.