Abstract: Disclosed herein are system, method, and computer program product embodiments for verifying the integrity of a boot process without relying on a boot aggregate value. An embodiment operates by cryptographically validating, by a hardware root of trust, a first code module associated with a digital signature. The embodiment determines that the first code module was cryptographically validated and cryptographically measures the first code module thereby generating a first measurement. The embodiment stores a representation of the first measurement in a first platform configuration register (PCR) of a trusted platform module. The embodiment configures a remote attestation agent to instruct a remote attestation server to attest the value stored in the first PCR. The embodiment transmits a TPM attestation quote to the remote attestation server.

Abstract: Techniques for enabling offline, intelligent load balancing of Stream Control Transmission Protocol (SCTP) traffic are provided. According to one embodiment, a load balancer can receive one or more SCTP packets that have been replicated from a network being monitored. The load balancer can further recover an SCTP message from the one or more SCTP packets and can map the SCTP message to an egress port based on one or more parameters decoded from the SCTP message and one or more rules. The load balancer can then transmit the SCTP message out of the egress port towards an analytic probe or tool for analysis.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an anomaly detection system. Some aspects of this disclosure include a method for detecting anomaly in a network device. The method includes determining one or more similarity values between a flow vector corresponding to a flow associated with the network device and one or more flow clusters associated with the network device. The method further includes determining a maximum similarity value as a maximum of the one or more similarity values and comparing the maximum similarity value to a threshold. The method also includes, in response to the maximum similarity value being equal to or greater than the threshold, updating a flow cluster associated with the maximum similarity value. The method also includes, in response to the maximum similarity measure being less than the threshold, detecting the anomaly in the network device.

Abstract: Provided herein are systems and methods for managing redistribution and remapping of multicast services between networks in a multi-area network. Multicast streams can be sent through networks from a source node towards a boundary node. The boundary node can receive the multicast stream, remap a source node identifier and service instance identifier, and forward the multicast stream into a second network. The boundary node can receive a route for the multicast stream. The route can be installed in a link-state database and can be used to send the multicast stream through the multi-area network from the source node to a destination node.

Abstract: Disclosed herein are system, method, and computer program product embodiments for generating a virtual replica of a physical network device and/or a physical network. An aspect operates by receiving, from a network management system (NMS), a request to generate a device digital twin (device-DT) instance corresponding to a physical network device, where the request includes at least a first plurality and a second plurality of device characteristics corresponding to the physical network device. A DT template is selected from a plurality of DT templates based on the first plurality of device characteristics. The DT template is customized based on the second plurality of device characteristics, and the device-DT instance of the physical network device is generated based on the customized DT template. Then a management channel is established between the device-DT instance and the NMS.

Abstract: A mounting device configured to be integrated with a network device to facilitate mounting of the network device is disclosed. In an embodiment, the mounting device is a twist-to-lock mounting device configured to be compatible with one or more standard types of ceiling rails, allowing network devices to be mounted in a non-destructive manner without requiring the use of tools.

Abstract: Provided herein are systems and methods for providing a MAC-based redistribution policy between networks in a multi-area network. A network can have a boundary node that communicates to neighboring networks. Boundary nodes can receive policy updates that identify which services are redistributable across network boundaries. Boundary nodes can receive a packet for a service, translate the packet's encapsulation, and forward the packet across the boundary towards a destination node. Boundary nodes can forward the packet such that it originates in the second network from a virtual node.

Abstract: Provided herein are systems and methods for managing redistribution and remapping of multicast services between networks in a multi-area network. Multicast streams can be sent through networks from a source node towards a boundary node. The boundary node can receive the multicast stream, remap a source node identifier and service instance identifier, and forward the multicast stream into a second network. The boundary node can receive a route for the multicast stream. The route can be installed in a link-state database and can be used to send the multicast stream through the multi-area network from the source node to a destination node.

Abstract: Provided herein are systems and methods for providing a MAC-based redistribution policy between networks in a multi-area network. A network can have a boundary node that communicates to neighboring networks. Boundary nodes can receive policy updates that identify which services are redistributable across network boundaries. Boundary nodes can receive a packet for a service, translate the packet's encapsulation, and forward the packet across the boundary towards a destination node. Boundary nodes can forward the packet such that it originates in the second network from a virtual node.

Abstract: Disclosed herein are system, method, and computer program product aspects for implementing a security group policy. Some aspects of this disclosure relate to a method for applying a security group policy. The method includes receiving a first frame from a source device and assigning a source security group identifier (ID) to the first frame. The method further includes generating a second frame based on the first frame and the source security group ID and identifying a target security group ID for the second frame. The method also includes applying one or more forwarding decisions to the second frame based on the source security group ID and the target security group ID.

Abstract: Disclosed herein are apparatuses and a method for improving wireless communication characteristics by matching transmitter antenna patterns to receiver antenna patterns. An embodiment operates by generating a station profile for each of a plurality of stations based on a structure of each of the plurality of stations and an antenna pattern group of each of the plurality of stations. The embodiment then identifies a station profile of a first station from among the plurality of stations based on information received from the first station. Finally, the embodiment searches for an antenna pattern for the first station using the antenna pattern group corresponding to the station profile.

Abstract: Systems and methods are disclosed herein for reducing storage space used in tracking behavior of a plurality of network endpoints by modeling the behavior with a behavior model. To this end, control circuitry may determine a respective network endpoint, of a plurality of network endpoints, to which each respective record of a plurality of received records corresponds. The control circuitry then may assign a dedicated queue for each respective network endpoint, and transmit, to each dedicated queue, each record that corresponds to the respective network endpoint to which the respective dedicated queue is assigned. The control circuitry may then determine, for each respective network endpoint, a respective behavior model, and may store each respective behavior model to memory.

Abstract: Systems and methods are disclosed herein for monitoring health of each switch of a plurality of switches on a network by selectively mirroring packets transmitted by each switch of the plurality of switches. In some embodiments, control circuitry generates a plurality of mirroring parameters, each mirroring parameter comprising an instruction to mirror a respective type of packet. The control circuitry transmits the plurality of mirroring parameters to each switch of the plurality of switches on the network, and receives, from a switch, a packet that was mirrored by the switch according to a mirroring parameter of the plurality of mirroring parameters. The control circuitry determines the respective type of the packet, executes an analysis of contents of the packet based on the respective type of the packet, and determines a health of the switch based on results of the analysis.

Abstract: A technique for improving wireless communication characteristics involving matching transmitter antenna patterns to receiver antenna patterns. In a specific implementation, the transmitter antenna pattern adapts to changing parameters, such as when a smartphone is initially held in a first orientation and is later held in a second orientation. Because the transmitter antenna pattern matches receiver antenna patterns, signal quality between stations improves. In some implementations, antennas are organized and mounted to maximize spatial diversity to cause peak gains in different directions.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing traffic visibility in a network. An embodiment operates by a third-party component receiving a copy of a first data packet during a first period of time. The third-party component extracts a first network parameter associated with the first period of time from the copy of the first data packet. The third-party component then predicts a baseline of normalcy for the first network parameter during a second period of time after the first period of time based on data associated with a copy of a second data packet and the first network parameter. Thereafter, the third-party component receives a copy of a third data packet during the second period of time, and extracts a second network parameter from the copy of the third data packet. The third-party component then determines that the second network parameter of the copy of the second data packet is an anomaly based on the baseline of normalcy for the first network parameter.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an anomaly detection system. Some aspects of this disclosure include a method for detecting anomaly in a network device. The method includes determining one or more similarity values between a flow vector corresponding to a flow associated with the network device and one or more flow clusters associated with the network device. The method further includes determining a maximum similarity value as a maximum of the one or more similarity values and comparing the maximum similarity value to a threshold. The method also includes, in response to the maximum similarity value being equal to or greater than the threshold, updating a flow cluster associated with the maximum similarity value. The method also includes, in response to the maximum similarity measure being less than the threshold, detecting the anomaly in the network device.

Abstract: Systems and methods are disclosed herein for monitoring health of each switch of a plurality of switches on a network by selectively mirroring packets transmitted by each switch of the plurality of switches. In some embodiments, control circuitry generates a plurality of mirroring parameters, each mirroring parameter comprising an instruction to mirror a respective type of packet. The control circuitry transmits the plurality of mirroring parameters to each switch of the plurality of switches on the network, and receives, from a switch, a packet that was mirrored by the switch according to a mirroring parameter of the plurality of mirroring parameters. The control circuitry determines the respective type of the packet, executes an analysis of contents of the packet based on the respective type of the packet, and determines a health of the switch based on results of the analysis.

Abstract: A mounting device configured to be integrated with a network device to facilitate mounting of the network device is disclosed. In an embodiment, the mounting device is a twist-to-lock mounting device configured to be compatible with one or more standard types of ceiling rails, allowing network devices to be mounted in a non-destructive manner without requiring the use of tools.

Abstract: A mounting device configured to be integrated with a network device to facilitate mounting of the network device is disclosed. In an embodiment, the mounting device is a twist-to-lock mounting device configured to be compatible with one or more standard types of ceiling rails, allowing network devices to be mounted in a non-destructive manner without requiring the use of tools.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing traffic visibility in a network. An embodiment operates by a third-party component in communication with a network component—each located at a network's edge—maintaining a rule table including a first rule comprising first identifiers and a first action for deriving a first packet characteristic. The third-party component receives a first packet copy including second identifiers from the network component. Upon the second identifiers matching the first identifiers, the third-party component determines the rule table's second rule includes a second action for deriving a second packet characteristic. Thereafter, the third-party component receives a second packet copy comprising third identifiers from the network component.