Abstract: This disclosure describes techniques that include using an automatically trained machine learning system to generate a prediction. In one example, this disclosure describes a method comprising: based on a request for the prediction: training each respective machine learning (ML) model in a plurality of ML models to generate a respective training-phase prediction in a plurality of training-phase predictions; automatically determining a selected ML model in the plurality of ML models based on evaluation metrics for the plurality of ML; and applying the selected ML model to generate the prediction based on data collected from a network that includes a plurality of network devices.

Abstract: An Access Gateway Function (AGF) node can receive requests to join a multicast stream from a computing device. If the request is the first request to join the multicast stream, the AGF can forward the request to the UPF node. The multicast stream is then received via a tunnel between the AGF node and UPF node that is associated with the computing device. The tunnel associated with the first computing device to request joining the multicast stream can be a primary tunnel for the multicast stream. Subsequent requests to join the same multicast stream can cause the AGF node add tunnels associated with the requesting computing devices as secondary tunnels. The multicast stream is received via the primary tunnel and replicated to computing devices associated with the secondary tunnels. A secondary tunnel may be promoted to a primary tunnel in response to a failure or disconnection of the primary tunnel.

Abstract: In some implementations, a device may receive, via a universal serial bus (USB) interface, configuration information and a supply of power from a network device. The device may receive, via an antenna that is external to the device, a first signal indicating timing information. The device may generate, based on the first signal, a second signal and a third signal, wherein the second signal comprises a one pulse per second signal and the third signal comprises a ten-megahertz signal. The device may provide, to the network device, the second signal and the third signal. The device may receive, via an input port, a clock signal to provide an extended holdover functionality to the network device.

Abstract: A first network device may receive first traffic of a session that involves a service. The first network device may identify that the service is configured for distributed node processing. The first network device may identify a second network device that is configured for distributed node processing. The first network device may identify a state machine that is associated with the service. The first network device may determine, based on the state machine, a first function and a second function, wherein the first function is identified by a first label and the second function is identified by a second label. The first network device may process the first traffic based on the first function. The first network device may provide, to the second network device, the first traffic and the second label to permit the second network device to process second traffic in association with the second function.

Abstract: The disclosed embodiments provide for identification of a remedial action based on analysis of a system log file. In some example embodiments, messages from the system log file are used as input to generate vectors within a vector space. Portions of the log messages may generate vectors that cluster into a region in the vector space. The region of vector space is associated with one or more remedial actions. The disclosed embodiments are configured, in some example embodiments, to perform the one or more remedial actions when activity in the log file maps to the region of vector space associated with the one or more remedial actions. In some example embodiments, a remedial action can include submitting a problem report to a problem tracking database.

Abstract: In general, this disclosure describes techniques for a containerized router operating within a cloud native orchestration framework. In an example, a computing device comprises a containerized routing protocol process executing on processing circuitry of the computing device and configured to receive routing information; a containerized set of workloads; a data plane development kit (DPDK)-based virtual router executing on the processing circuitry and configured to forward traffic to and from the workloads based on the routing information from the containerized routing protocol; and a virtual router agent for the virtual router, the virtual router agent executing on the processing circuitry and configured to expose a generic data plane interface.

Abstract: A broadband network gateway (BNG) controller is described that includes a network subscriber database (NSDB) and one or more core applications. The NSDB is configured to store vBNG instance information for one or more subscriber devices. The vBNG instance information specifies vBNG instances operable by one or more edge routers. The vBNG instances are configured to receive requests to access service provider services from the one or more subscriber devices and to selectively authenticate the one or more subscriber devices for network services based on authentication information included in the requests to access services provider services. The one or more core applications include a network instance and configuration manager (NICM). The NICM is configured to modify the vBNG instance information at the NSDB to include an additional vBNG instance and to output, to an edge router, an instruction to generate the additional vBNG instance at the edge router.

Abstract: The disclosure describes techniques for detecting network measurement inaccuracies through the detection of sender delays or packet drops. For example, a sender device of a test packet may determine whether the sender device is experiencing any issues in sending the test packet to a receiver device and notify a controller of the issues such that the controller may generate an indication that one or more Key Performance Indicator (KPI) measurements based on the test packets from the sender device are inaccurate and/or untrustworthy, remove the inaccurate KPI measurements, and/or adjust the inaccurate KPI measurements.

Abstract: In an example, a method includes computing, by a computing device, for a segment routing policy that specifies a bandwidth constraint for the segment routing policy, first shortest paths through a network of network nodes, wherein each shortest path of the first shortest paths represents a different sequence of links connecting pairs of the network nodes from a source to a destination; in response to determining, by the computing device based on the bandwidth constraint for the segment routing policy, a link of one of the first shortest paths has insufficient bandwidth to meet a required bandwidth for the link, increasing a metric of the link; computing, by the computing device, for the segment routing policy that specifies the bandwidth constraint, based on the increased metric of the link, second shortest paths through the network of network nodes; and provisioning the second shortest paths in the network of nodes.

Abstract: In the present disclosure, systems and techniques for network device hardware containerization is described. In one example, a network device of a network having a topology of network devices includes processing circuitry of a routing component wherein the processing circuitry generates user space containers to operate forwarding engines in each of a plurality of forwarding components of the network device; stores information for directing communications involving the plurality of forwarding components and the network devices; and configures, by at least one user space container running on the processing circuitry of the routing component, one or more corresponding forwarding engines in a respective forwarding component using the information.

Abstract: An example egress network device includes at least one computer processor and a memory. The memory includes instructions that cause the at least one computer processor to receive messages from each of a plurality of ingress network devices. Each message specifies a multicast source as an anycast address that belongs to two or more sources, a multicast group, and a customer site identifier that uniquely identifies a customer network device via which the anycast address is reachable. The instructions cause the at least one computer processor to select, based on the customer site identifiers, one of the plurality of ingress network devices to which to send a multicast join message of a plurality of multicast join messages for the multicast source and multicast group. The instructions cause the at least one computer processor to send the multicast join message to the selected one of the plurality of ingress network devices.

Abstract: A secure IGP topology or other link state topology can be implemented by a network security unit that runs in a centralized environment on servers separate from a network associated with the IGP topology. The network security unit acquires the topology information, such as by participating in IGP or through border gateway protocol with link state (BGP-LS). The network security unit detects possible network problems, such as indicators of potential network attacks. Once an indicator of a potential network attack is detected, the network security unit identifies the node that is compromised. Once the compromised node is identified, the network security unit can report the node for manual or automated intervention. In some aspects, the network security unit can isolate the compromised node by shutting down links connected to the compromised node.

Abstract: A device may generate a display of a firewall policy management GUI. The device may generate a display in the firewall policy management GUI of a list of existing firewall policies and a firewall policy interface that is adjacent to the list of existing firewall policies in a same view of the firewall policy management GUI. The device may generate a display in the firewall policy management GUI of at least one of a plurality of candidate sources for a new firewall policy, a plurality of candidate destinations for the new firewall policy, or a plurality of candidate security configurations for the new firewall policy. The device may display, in the firewall policy interface, at least one of a first column that includes two or more sources, a second column that includes two or more destinations, or a third column that includes two or more security configurations.

Abstract: Methods and apparatus for automatically reconfiguring network parameters are described. Some embodiments identify communication channels that may interfere with higher priority equipment and deactivate communication channels that may cause harmful interference. Some APs are switched to 2.4 GHz communication channels. In some embodiments, AP operating parameters, such as transmission power are adjusted to reduce interference for higher priority receivers.

Abstract: A device may provide, to a network device, a subscribe request that includes a request for sensor data, and may receive sensor data packets that include the sensor data and header extensions identifying a group identifier for a group of sensor data and final packet information indicating whether the sensor data packet is a final one for the group. The device may store the sensor data packets until the final packet information of one of the sensor data packets indicates that the one of the sensor data packets is a final sensor data packet for the group, and may identify a complete set of the sensor data packets when the final packet information of the one of the sensor data packets indicates that the one of the sensor data packets is the final sensor data packet. The device may perform actions based on the complete set.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

Abstract: A device comprises processing circuitry configured to identify a telemetry packet indicating telemetry data for a plurality of packets output by a network device of a plurality of network devices and select a source identifier for the network device from a plurality of source identifiers. The processing circuitry is further configured to modify the telemetry packet to further indicate the selected source identifier and output the modified telemetry packet.

Abstract: A disclosed method may include (1) querying, in connection with a monitoring service, a network device for device-specific data that identifies features of the network device, (2) determining, based at least in part on the device-specific data, identities of a set of ports on the network device, (3) identifying, based at least in part on the device-specific data, one or more port-specific data objects corresponding to the set of ports, (4) dynamically creating, based at least in part on the device-specific data, a device-visualization interface of the network device by (A) generating a graphical chassis widget that illustrates a logical view of the set of ports and (B) generating a graphical table that illustrates the port-specific data objects, and then (5) providing, in connection with the monitoring service, the device-visualization interface for presentation on a computing device. Various other systems and methods are also disclosed.

Abstract: A network device may receive a request to access a network from a client device. The network device may determine that the client device is authenticated based on a set of authentication credentials obtained for the client device. The network device may determine, based on the client device being authenticated, that a quantity of devices currently accessing the network using the set of authentication credentials is equal to a maximum quantity of devices permitted to access the network using the set of authentication credentials. The network device may deny the client device access to the network based on the quantity of devices being equal to the maximum quantity of device.

Abstract: An example virtual router includes a plurality of logical cores (“lcores”), where each lcore comprises a CPU core or hardware thread. The virtual router is configured to determine a latency profile, select, based at least in part on the latency profile, a packet processing mode from the plurality of packet processing modes. In response to a determination that the packet processing mode comprises the run-to-completion mode, an lcore of the plurality of lcores is configured to: read a network packet from a device queue, process the network packet to determine a destination virtual device for the network packet, the destination virtual device having a plurality of interface queues, and insert the network packet into an interface queue of the plurality of interface queues.