Abstract: In various embodiments, a device classification service clusters devices in a network into a device type cluster based on attributes associated with the devices. The device classification service tracks changes to the device type cluster over time. The device classification service detects an attack on the device classification service by one or more of the devices based on the tracked changes to the device type cluster. The device classification service initiates a mitigation action for the detected attack on the device classification service.

Abstract: This disclosure describes various methods, systems, and devices related to identifying an issue in a network using a probe packet. An example method includes identifying an expired data packet transmitted in a network and addressed to a destination; generating a probe packet addressed to the destination; and forwarding the probe packet. When the probe packet is received, a report indicating a routing loop in the network can be transmitted to an administrator.

Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.

Abstract: Dynamic automatic gain controller configuration in multiple input and multiple output receivers is provided by monitoring a given section of wireless spectrum for higher-priority signals using a first antenna set associated with a first Automatic Gain Controller (AGC) set while concurrently monitoring the given section of wireless spectrum for wireless packet-based traffic using a second antenna set associated with a second AGC set; in response to detecting a packet via the second antenna set: re-associating the first antenna set and the second antenna set to a third AGC set; receiving the packet via the first antenna set and the second antenna set using the third AGC set; and in response to the packet being received, re-associating the first antenna set to the first AGC set and the second antenna set to the second AGC set.

Abstract: In one embodiment, a process on a computer receives a callback in response to an intercepted outbound web service connection called by an application executing on the computer. The process extracts information from the callback, e.g., at least a URL for the outbound web service connection and a code location within the application from which the outbound web service connection was called. Additionally due to the callback, the process obtains access to a core TCP socket for the outbound web service connection. The process determines how to modify socket options of the core TCP socket based on selected criteria according to the extracted information from the callback, and may then modify the socket options of the core TCP socket according to the determining. The modified socket options thus cause downstream network devices to handle traffic on the outbound web service connection based on the modified socket options.

Abstract: Techniques and mechanisms for automatically identifying counters/features of a network component that are related to a state change (or event) for the network component or for the network itself. For example, using data obtained from the network component around a time of the state change, delta-averages for the counters/features around the time of the state change may be determined. The delta-averages may be utilized to determine which counters/features are most descriptive for a particular state change. Determining which counters/features are most descriptive may also include determining which counters/features are most relevant, i.e., counters/features that contribute most to preserving the manifold structure of the original data or counters/features with the highest or lowest correlation with the other counters/features in the data set.

Abstract: Techniques are described herein for generating and modifying formal network topology models, and deploying network topologies based on the formal models across multiple workload resource domains. A topology deployment system may receive modification data for a deployed network topology, and analyze the modification data to determine whether the associated formal network topology model is to be recomputed. In some examples, modifications to a deployed network topology that do not impact operational performance or compromise functional equivalence with the underlying logical model, need not trigger a recomputation of the network topology model immediately and could be delayed. Modifications to deployed network topologies that do not trigger recomputations of the formal network topology model may be stored and tracked, so that subsequent recomputations of the model may incorporate the pending modifications.

Abstract: A server that includes a graphics processing unit (GPU) may receive, from a first application that is remote from the server, a first request to reserve a first number of cores of the GPU for a first amount of time. The server may also receive, from a second application that is also remote from the server, a second request to reserve a second number of cores of the GPU for a second amount of time that at least partly overlaps the first amount of time. The server may determine that the first request is associated with a higher priority than the second request and, in response, may reserve the first number of cores for the first amount of time for the first application. The server may send, to the first application, an indication that the first number of cores have been reserved as requested by the first application.

Abstract: Systems, methods, and computer program products to provide direct external network access at an access point (AP) in a managed wide area network (WAN). The method may include establishing an application host interface (AHI) at an access point and receiving application data from one or more client devices connected to the access point. The method may also include determining that the application data is received from a permitted application as shown in a list of applications permitted to use the AHI and routing, using the AHI, the received application data to the data destination via the external network thereby bypassing the WLC.

Abstract: In dense Wireless Local Area Network (WLAN) deployments, Access Points (APs) in other Extended Service Sets (ESSs) can be hidden (a first AP does not receive signals from a third AP). However, these APs in other ESSs can still interfere with communications between the third AP and the devices communicating with the first AP. To improve service to that device in that situation, the first AP needs information about the third AP in the first AP's decision making processes. In these situations, a second AP, in contact with the third AP, can share information about the third AP with the first AP so that the first AP can avoid colliding with the third AP.

Abstract: In one embodiment, a device of an electric vehicle requests in-motion charging of the electric vehicle. The device receives an indication of a charging vehicle able to provide in-motion charging to the first electric vehicle. The device coordinates in-motion docking of the electric vehicle to the charging vehicle. The device supervises in-motion charging of the electric vehicle by the charging vehicle.

Abstract: A method of manufacturing an optical apparatus comprises forming an unfinished endface of a fiber array unit (FAU) that provides an arrangement of one or more optical fibers. The one or more optical fibers terminate at the unfinished endface. The method further comprises optically aligning the FAU with an external light-carrying medium. The one or more optical fibers are optically coupled with the external light-carrying medium through the unfinished endface.

Abstract: Systems and methods are described herein for logging system events within an electronic machine using an event log structured as a collection of tree-like cause and effect graphs. An event to be logged may be received. A new event node may be created within the event log for the received event. One or more existing event nodes within the event log may be identified as having possibly caused the received event. One or more causal links may be created within the event log between the new event node and the one or more identified existing event nodes. The new event node may be stored as an unattached root node in response to not identifying an existing event node that may have caused the received event.

Abstract: In one embodiment, a monitoring process identifies a set of counters maintained by a networking device by comparing a configuration of the networking device to an object relationship model. The monitoring process obtains counter values from the identified set of counters maintained by the networking device. The monitoring process detects an anomaly by using the obtained counter values as input to a machine learning-based anomaly detector. The monitoring process generates an anomaly detection alert for the detected anomaly.

Abstract: In one embodiment, a management entity monitors for a change in a convergence rate of spatio-temporal compressive sensing measurements from a plurality of sensors in a sensor network operating according to a measurement matrix up to a halting criterion, and if the change is below a given threshold, determines whether the change is due to impulse noise or due to continued sensed measurements. If continued sensed measurements, the management entity initiates a single-dimensional compressive sensing in a spatial domain at regular time intervals, and identifies and tracks gradient clusters. In response to a change in joint spatio-temporal sparsity of tracked nodes of the gradient clusters, the management entity can then determine an updated measurement matrix based on the joint spatio-temporal sparsity of tracked nodes while satisfying one or more operating parameters, and directs at least certain sensors of the plurality of sensors to operate according to the updated measurement matrix.

Abstract: Secure network segmentation using logical subnet segments is described. A single network segment or subnet provided by a third party is mapped into multiple layer-3 virtual or logical segments without requiring separate subnets. This mapping is accomplished by using virtual routing functions (VRFs) per logical subnet segment while retaining a single subnet across the segments. The logical subnet segments interact with the single network segment provided by the third party (ISP). The layer-3 VRF instances are created without the need for separate IP subnet pools per layer-3 segment. Each VRF instance for the various logical subnet segments is mapped to a Virtual Network Identifier (VNI) and Scalable Group Tag (SGT).

Abstract: In one embodiment, a device groups feature vectors representing network traffic flows into bags. The device forms a bag representation of a particular one of the bags by aggregating the feature vectors in the particular bag. The device extends one or more feature vectors in the particular bag with the bag representation. The extended one or more feature vectors are positive examples of a classification label for the network traffic. The device trains a network traffic classifier using training data that comprises the one or more feature vectors extended with the bag representation.

Abstract: Embodiments of the present disclosure are directed to protocol state transition and/or resource state transition tracker configured to monitor, e.g., via filters, for certain protocol state transitions/changes or host hardware resource transitions/changes when a host processor in the control plane that performs such monitoring functions is unavailable or overloaded. The filters, in some embodiments, are pre-computed/computed by the host processor and transmitted to the protocol state transition and/or resource state transition tracker. The protocol state transition and/or resource state transition tracker may be used to implement a fast upgrade operation as well as load sharing and or load balancing operation with control plane associated components.

Abstract: In one embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the flow without decrypting the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, creating a classification response, and using the classification response to modify processing of the flow. In another embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the first plurality of packets associated with the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, and using the output of the classifier to modify processing of the flow.

Abstract: Wireless infrastructure upgrading may be provided. An Access Point (AP) may be caused to decline new association requests received from client devices not associated with the AP. Next, the AP may be caused to instruct client devices associated with the AP that detect a signal level from the AP to be below their roaming margin to roam away from the AP. Then the power of the signal level from the AP may be decreased by a predetermined amount. Causing the AP to instruct client devices associated with the AP that detect the signal level from the AP to be below their roaming margin to roam away from the AP and decreasing the power of the signal level from the AP may be repeated until the power of the signal level from the AP is at a predetermined level.