Abstract: In one embodiment, an interactivity agent provides display data from a plurality of devices to a touch screen display via a network for simultaneous presentation on the touch screen display. The interactivity agent receives touch information regarding a touch action performed via the touch screen display with respect to the display data from a particular one of the plurality of devices. The interactivity agent translates the received touch information from the touch screen display into translated touch information for the particular device. The interactivity agent sends, to a particular device via the network, the translated touch information. The translated touch information causes the particular device to replicate the touch action on a display of the particular device.

Abstract: Embodiments herein registers Asset Owners (AOs) and AO applications to a location, aggregation, and insight (LAI) service that are part of the same identity federation. When registering the AO with the LAI service, the AO selects which of a plurality of Identity Providers (IDPs) it has a relationship with, and the LAI service can then bind those IDPs to the AO application. This binding associates respective realms (e.g., domains) corresponding to the selected IDPs to the AO application. Later, when a device owned by the AO roams to a visited network (VN), the LAI service can then use a realm identified from a device ID provided by the device to identify the ID of the AO application. The LAI service then enables the VN to transmit a location of the device to the AO application. In one embodiment, the VN obtains consent from the AO before sharing location data.

Abstract: In one embodiment, a device receives, from a monitoring agent that monitors an application, an indication that the monitoring agent did not capture information regarding a particular event during execution of the application. The device determines that the particular event is of a relevant event type that should be tracked. The device generates a configuration for the monitoring agent that adjusts a monitoring scope of the monitoring agent so as to capture information regarding the particular event. The device causes the monitoring agent to be updated with the configuration, wherein the monitoring agent captures information regarding the particular event after being updated with the configuration.

Abstract: Techniques and apparatus for optimizing scheduling of uplink traffic are provided. One technique includes determining, based on evaluation of a pending interest table (PIT) at an apparatus, at least one portion of an uplink traffic flow from a client device that satisfies one or more conditions for periodicity. A resource for the at least one portion of the uplink traffic flow that satisfies the one or more conditions for periodicity. An indication of the resource allocation is transmitted to the client device.

Abstract: A system and method for optimizing access points (APs) within a network comprises receiving, at a first AP, parameters corresponding to a second AP, and determining that the first AP and the second AP are part a first and a second wireless local area network (WLAN), respectively. The first and second WLANs support client credential sharing allowing seamlessly transitioning of a client device between the first and second WLANs using common credentials. Further, co-channel interference between the first AP and the second AP is detected based on the parameters corresponding to the second AP and parameters of the first AP, and at least one of a channel and transmission power of one or more of the first AP and the second AP is changed in response to the detection of the interference.

Abstract: In one embodiment, resource availability reallocation is used in establishing one or more new designated multicast flow paths with guaranteed availability of resources currently allocated and/or used by one or more designated existing multicast flow path to allocate/use for the new designated flow path(s). These resources typically include allocated guaranteed bandwidth of a network path between two adjacent or non-adjacent nodes of the network, and possibly forwarding/processing/memory resources of a network node. One embodiment communicates multicast control messages between nodes identifying to establish a new multicast flow path with resource availability reallocation from a designated multicast flow path.

Abstract: Methods and systems for waveguide delay based equalization summing at single-ended to differential converters in optical communication are disclosed and may include: in an photonic circuit including a directional coupler, photodetectors, and a gain stage, receiving an input optical signal; splitting the input optical signal into first and second optical signals using the directional coupler; generating a first current from the first optical signal using a first photodetector; communicating the first voltage to a first input of the gain stage; generating a second current from the second optical signal using a second photodetector; communicating the second voltage to a second input of the gain stage; and generating a differential output voltage based on the first and second currents using the gain stage.

Abstract: Methods and architecture for load-correcting requests for serverless functions to reduce latency of serverless computing are provided. An example technique exploits knowledge that a given server node does not have a serverless function ready to run or is overloaded. Without further processing overhead or communication, the server node shifts the request to a predetermined alternate node without assessing a current state of the alternate node, an efficient decision based on probability that a higher chance of fulfillment exists at the alternate node than at the current server, even with no knowledge of the alternate node. In an implementation, the server node refers the request but also warms up the requested serverless function, due to likelihood of repeated requests or in case the request is directed back. An example device has a front-end redirecting server and a backend serverless system in a single component.

Abstract: One embodiment is a method and includes receiving at a termination element of a first network a bandwidth report (“BWR”), in which the BWR includes information regarding a data transmission opportunity over a second network for at least one endpoint data; scheduling a first network transmission opportunity for the at least one endpoint data using information derived from the received BWR; and receiving from a first network forwarding device the at least one endpoint data in accordance with the scheduled first network transmission opportunity.

Abstract: Relay functionality may be provided. A network device may receive a response packet and may determine that one of Option-82 and Option-18 information is not present in the received response packet. Next, in response to determining that one of Option-82 and Option-18 information is not present in the received response packet, a database may be queried for information associated with the response packet. Then, based on the information associated with the response packet, the response packet may be sent to a client device associated with the response packet.

Abstract: This disclosure describes techniques for diagnosing a presence or malfunction of a network node. In an example method, a first network node receives an indication of a diagnostic transmission originating from a second network node. The second network node further receives a forwarded transmission corresponding to the diagnostic transmission. The first network node diagnoses at least one of a presence or a malfunction of an intermediary node between the first network node and the second network node based on at least one of the indications of the diagnostic transmission or the forwarded transmission.

Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.

Abstract: In one embodiment, a traffic analysis service identifies a client in a network having an associated traffic flow that was blocked by a firewall. The traffic analysis service obtains traffic telemetry data regarding one or more subsequent traffic flows associated with the identified client that are subsequent to the blocked flow. The traffic analysis service uses a machine learning-based classifier to determine that the identified client is exhibiting evasive network behavior, based on the obtained traffic telemetry data. The traffic analysis service initiates a mitigation action in the network, based on the determination that the identified client is exhibiting evasive network behavior.

Abstract: In one embodiment, a first label-distribution-protocol (LDP) session is established between a first interface of a first computing device and a second computing device, while a second LDP session is established between a second interface and the second computing device. The method may further comprise receiving a request from a third computing device to subscribe to a multicast group, storing an association between a first label, the multicast group, and the first interface, and sending, to the second computing device via the first LDP session, an indication that the first label is associated with the multicast group. Further, the method may include receiving a request from a fourth computing device to subscribe to the multicast group, storing an association between a second label, the multicast group and, the second interface, and sending, via the second LDP session, an indication that the second label is associated with the multicast group.

Abstract: In one embodiment, a service tracks performance of a machine learning model over time. The machine learning model is used to monitor one or more computer networks based on data collected from the one or more computer networks. The service also tracks performance metrics associated with training of the machine learning model. The service determines that a degradation of the performance of the machine learning model is anomalous, based on the tracked performance of the machine learning model and performance metrics associated with training of the model. The service initiates a corrective measure for the degradation of the performance, in response to determining that the degradation of the performance is anomalous.

Abstract: Network controls for application access secured by transport layer security (TLS) using single sign on (SSO) flow may be provided. An application access request for authenticating a user may be received in response to the user requesting an access to an application. User credentials associated with the user may be validated. In response to validating the user credentials, user attributes associated with the user may be determined. Network controls for a user session associated with the application access request may be determined based on the user attributes. The application access request may be redirected to a plain text user session. The plain text user session may comprise the network controls for the user session.

Abstract: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

Abstract: Techniques for generating and enforcing whitelist security policies in a communication network are disclosed. A first plurality of whitelist policies are consolidated into a second plurality of whitelist policies based on populating a plurality of tables. The populated tables include a first table including pairs of endpoints and associating each pair of endpoints with a service identifier, and a second table associating the service identifiers with the policy identifiers. The second plurality of whitelist policies are programmed into a network device in the communication network, based on at least one of the plurality of tables. Rules governing traffic between the pair of endpoints are enforced, at the network device, using the programmed second plurality of whitelist policies.

Abstract: A network device receives a fragmented packet of an internet protocol (IP) packet. The fragmented packet is subsequently received relative to an initial fragmented packet of the IP packet and includes a first set of tuple information. The network device determines an entry of a hash table associated with the IP packet, based on the first set of tuple information and a fragment identifier (ID) within the fragmented packet. The network device retrieves a second set of tuple information associated with the fragmented packet from the hash table entry, and transmits an indication of the first and second sets of tuple information.

Abstract: Embodiments herein describe an upgrade system that provides suggestions for upgrades using a confidence metric. In one embodiment, the upgrade system tracks network elements in multiple network fabrics to determine whether an upgrade performed on a first network element was successful. The upgrade system can generate one or more vectors that store various data about the network elements such as enabled features, telemetry data, control plane faults, system settings, locations of the network elements in a fabric, and the like. By evaluating these vectors, the upgrade system can derive a reliability confidence metric regarding the upgrade. If the reliability confidence metric exceeds a threshold, this indicates the upgrade was successful. The upgrade system can then compare vectors for different network elements to determine whether to apply the same upgrade to similar network elements.