Abstract: Airtime usage may be used as a factor in controlling network traffic flow to and from client devices via a wireless network interface. Received packets or other data are assigned to a quality of service profile. Additionally, a cost value for communicating the received data is determined at least in part based on an actual or estimated airtime usage for the received packet. The cost value is used to allocate wireless network airtime to data. The allocation of wireless network airtime may be varied dynamically based on operating conditions. The cost value may be based on factors including the airtime used to communicate data; whether the data is a retransmission; and wireless network overhead. The cost value of data may also be different depending on whether the data is being sent from a client device or to a client device.

Abstract: A unique pre-shared key plug-in is installed on a Chromebook device. Identification data associated with the Chromebook device is received, from the unique pre-shared key plug-in through a Chromebook client management system API. A unique pre-shared key is assigned to the Chromebook device using the identification data. The unique pre-shared key is sent to the Chromebook device. The Chromebook device is configured to seamlessly authenticate for a wireless network using the unique pre-shared key.

Abstract: Disclosed herein are system, method, and computer program product embodiments for analyzing a network. An embodiment operates by a third-party component deriving network data based on a received data packet from a network component configured to perform a network function. The third-party component orders a transaction including second network data from a distributed ledger. The third-party component determines that the first and second network data meet or exceed a condition of a smart contract comprising the condition and an associated network action related to the network function. The third-party component sends the condition of the smart contract and the first and second network data to another third-party component. The third-party component receives a validation that the first and second network data meet or exceed the first condition of the first smart contract and performing the first network action on the network.

Abstract: Disclosed herein are system, method, and computer program product embodiments for representing a forwarding information base (FIB) in a database. An embodiment operates by organizing forwarding entries of the FIB in a trie data structure. The embodiment determines that a first routing prefix of a first forwarding entry in the trie data structure is a less specific routing prefix than a second routing prefix in a second forwarding entry in the trie data structure based on the first forwarding entry being a parent of the second forwarding entry. The embodiment determines that a first next hop of the first routing prefix is equal to a second next hop of the second routing prefix. The embodiment removes the second forwarding entry from the trie data structure. The embodiment then inserts the first forwarding entry into the database based on a prefix length of the first routing prefix.

Abstract: Aspects of the present disclosure enable a router controller to maintain a default rules table indicating allocation of internet protocol (IP) addresses (of general packet radio service (GPRS) tunneling protocol (GTP) packets) to respective output ports. In an embodiment, the router controller receives information indicating the respective tunnel endpoint IP addresses of a control session and a data session. The router controller is configured to determine whether such IP addresses of the control session and the data session(s) are allocated to the same output port. In response to the IP addresses of the control session and the data session not being allocated to the same output port, the router controller is configured to generate a dynamic rule to forward packets of both the control session and the data session to the same output port.

Abstract: Techniques for managing IoT devices through multi-protocol infrastructure network devices are disclosed. A system utilizing such techniques can include a multi-protocol infrastructure network device and a WAN based IoT device management system and various network device based engines. A method utilizing such techniques can include management according to WAN based IoT device policies and LAN based IoT device policies.

Abstract: A network device comprising, a first radio module configured to transmit and receive first radio signals in a first frequency band, a first antenna array configured to transmit and receive the first radio signals for the first radio module in the first frequency band, a second radio module configured to transmit and receive second radio signals in the first frequency band, a second antenna array configured to transmit and receive the second radio signals for the second radio module in the first frequency band, wherein, in operation, the first radio module and the second radio modules function concurrently using the first frequency band while at least 40 dB of antenna isolation is maintained between the first antenna array and the second antenna array.

Abstract: Maintaining layer 7 state as a client device roams between network devices during a session. Data packets used in executing a layer 7 application are received at a first network device that a client device is coupled to during a session. Data packets received by the first network device are stored in a layer 7 application buffer that is sent to a second network device that a client device roams to during a session. A layer 7 application buffer is used to classify a layer 7 application that is the subject of a session in order to maintain layer 7 state as a client device roams to a second network device during a session.

Abstract: A function is provided in a network system for the dynamic mirroring of network traffic for a variety of purposes including the identification of characteristics of the traffic. Multiple criteria are established for when, what and where to mirror the traffic. The criteria include what frames of traffic to mirror, what portions of the selected frames to mirror, one or more portals through which to minor the selected frames, a destination for the mirroring and the establishment of a mirror in a device to carry out the mirroring. The criteria may also include when to stop the mirroring. The mirroring instructions can be changed based on the detection of a triggering event, such as authentication, device type or status, ownership of an attached function attached to the device, flow status, but not limited to that. The function may be established in one or more devices of the network.

Abstract: Systems and methods for performing network-side Simultaneous Authentication of Equals (SAE) to allow an end user device to access a network. A passphrase is assigned to an end user device for use in authenticating the end user device for a network using SAE. An identification of the end user device is determined during an authentication process. The passphrase assigned to the end user device is determined at a network side using the identification of the end user device. A shared secret is generated using the passphrase. Whether the end user device has generated the shared secret is determined by comparing network side and user side confirmation values. The end user device is authenticated for the network, if it is determined that the end user device has generated the shared secret.

Abstract: Using a hash function, an L2/L3 switch can produce an FID for a data packet. The L2/L3 switch can select, from among potentially several stored VLAN flooding tables, a particular VLAN flooding table that is associated with a particular VLAN on which the data packet is to be carried. The rows of the particular VLAN flooding table can specify different combinations of the particular VLAN's egress ports. The L2/L3 switch can locate, in the particular VLAN flooding table, a particular row that specifies the FID. The L2/L3 switch can read, from the particular row, a specified subset of the egress ports that are associated with the particular VLAN. The L2/L3 switch can transmit copies of the data packet out each of the egress ports specified in the subset, toward analytic servers connected to those egress ports.

Abstract: A network device of a subnet determines predictive roaming information for a wireless client. Predictive roaming information can identify the wireless client and a home network subnet of the wireless client. The network device provides predictive roaming information associated with a wireless client to neighboring subnets. Neighboring subnets store received predictive roaming information, and use the predictive roaming information if the wireless client roams to them.

Abstract: A method of intelligently sorting packets/datagrams for sending through appropriate branches of a N-way split VPN tunnel according to embodiments of the present invention allow for efficient movement of network traffic to and from a remote network location. Intelligent sorting may be based on a wide range of criteria in order to implement different policies. For example, datagrams may be sorted for sending through the branches of a 3-way split tunnel so that all traffic from a remote network location ultimately destined to servers at a central location may be sent via a secure VPN tunnel, all traffic that matches a “white-list” of trusted external sites may be sent directly to and from these sites to the remote network location, and all other traffic may be redirected through a Web service that scrubs and filters the traffic to/from questionable sites.

Abstract: A network device comprising, a first radio module configured to transmit and receive first radio signals in a first frequency band, a first antenna array configured to transmit and receive the first radio signals for the first radio module in the first frequency band, a second radio module configured to transmit and receive second radio signals in the first frequency band, a second antenna array configured to transmit and receive the second radio signals for the second radio module in the first frequency band, wherein, in operation, the first radio module and the second radio modules function concurrently using the first frequency band while at least 40 dB of antenna isolation is maintained between the first antenna array and the second antenna array.

Abstract: A proximity beacon signal transmitted by a network device-coupled proximity beacon transmitter is received at a network device. A RSSI reporting message is generated at the network device based on the proximity beacon signal. A position of the network device-coupled proximity beacon transmitter with respect to the network device is determined using the RSSI reporting message. A location of the network device within a region is determined using the RSSI reporting message and network device map data for the region. The location of the network device-coupled proximity beacon transmitter in the region is determined based on the position of the network device-coupled proximity beacon transmitter with respect to the network device and the location of the network device within the region.

Abstract: Methods, systems and computer readable media for mDNS support in unified access networks are described.

Abstract: In a Shortest Path Bridge (SPB) network comprising a plurality of backbone edge bridges (BEBs), a gateway controller of the SPB network, establishes a link using Multicast Source Discovery Protocol (MSDP) with an external network domain; discovers via the link a source of a multicast stream originating outside of the SPB network; and determines a subset of the plurality of BEBs that are able to receive the multicast stream from the source. Once that occurs, the gateway controller selects a one of the subset of the plurality of BEBs to be a sole gateway BEB for the multicast stream; and then transmits to each of the subset of the plurality of BEBs an indication of the sole gateway BEB selected for the multicast stream.

Abstract: The subject matter described herein includes methods, systems, and computer readable media for advanced distribution in a link aggregation group (LAG). In some examples, a packet forwarding device includes physical ports for sending and receiving network traffic. The packet forwarding device includes one or more packet processors configured to perform LAG distribution by distributing incoming packets across active links of a first LAG formed between the packet forwarding device and one or more network devices. The incoming packets are in route to a destination device in communication with one of the network devices. The packet processors are configured, in an advanced distribution mode, to transmit a first packet of the plurality of incoming packets for the first LAG over a selected active link selected from a subset of the plurality of active links for the first LAG.

Abstract: Systems and methods are presented herewith for selecting a preferred route for routing a packet from a first network node to a second network node. A set of possible routes is maintained, with each route having am associated weight value. A random subset of routes is then selected based on the weight values. Each route of the subset is then probed to determine its gain value. The preferred route is selected based on the gain values (e.g., by selecting the highest gain value). Then, all weight values are updated based on the respective gain values. The steps are periodically repeated. Then, whenever a packet needs to be routed, the route currently designated as preferred is used.

Abstract: Disclosed herein are system, method, and computer program product embodiments for representing a forwarding information base (FIB) in a database. An embodiment operates by determining that a first routing prefix of a first forwarding entry in the FIB is a less specific routing prefix than a second routing prefix in a second forwarding entry in the FIB. The embodiment determines that a first next hop of the first routing prefix is equal to a second next hop of the second routing prefix. The embodiment removes the second forwarding entry from the FIB. The embodiment then inserts the first forwarding entry into a database (e.g., a longest exact match (LEM) database or a longest prefix match (LPM) database) based on a prefix length of the first routing prefix of the first forwarding entry.