Abstract: An example system includes access point (AP) devices configured to provide a wireless network at a site; and a network management system that stores network data received from the AP devices, the network data collected by the AP devices or client devices associated with the wireless network, and one or more processors configured to: receive a time series of SLE metrics based on the network data, determine, based on the time series, whether a network event has occurred, in response to a determination that a network event has occurred, determine a root cause for the network event, and in response to a determination that the root cause of the network event is associated with an AP device, determine a classification of the AP device, and determine a network management action for the AP device based on the network event and the classification of the AP device.

Abstract: Techniques are described for a router providing metric-based multi-hop path selection. For example, a first router of a plurality of routers receives a plurality of network performance metrics for a plurality of links interconnecting the plurality of routers. The plurality of links form a plurality of multi-hop paths through the plurality of routers to a service instance. The router determines, based on the plurality of network performance metrics for the plurality of links, an end-to-end performance of each of the plurality of multi-hop paths. The router selects a multi-hop path over which to forward traffic associated with the session based on the end-to-end performance of each of the plurality of multi-hop paths and one or more performance requirements for a service associated between a session between a client device and the service instance. The router forwards the traffic to the service instance along the selected multi-hop path.

Abstract: An example device includes multiple Bluetooth Low Energy (BLE) transceivers, wherein a first BLE transceiver is configured to receive a first BLE advertising signal on a first channel of a BLE frequency band, a second BLE transceiver is configured to receive a second BLE advertising signal on a second channel of the BLE frequency band, and a third BLE transceiver is configured to receive a third BLE advertising signal on a third BLE channel. The first BLE transceiver, the second BLE transceiver, and the third BLE transceiver currently listen for the BLE advertising signals. Processing logic coupled to the BLE transceivers determines data indicative of a distance from the device to a tag that is a source of BLE advertising signals and provides the data to one of a location server or an asset management system.

Abstract: A method includes subscribing, by an agent, to telemetry flow data from each network device of a plurality of network devices and receiving, by the agent, a plurality of streams of telemetry flow data from the plurality of the network devices. Each of the plurality of streams corresponds to a different one of the plurality of network devices. The method further includes aggregating, by the agent, data from at least one stream of the plurality of streams of the telemetry flow data received over a period of time and, at the end of the period of time and/or when the data from the at least one stream exceeds a data threshold, sending, by the agent, the aggregated telemetry flow data to a network analyzer device.

Abstract: Disclosed is a network management system that provides an interface to enable diagnostics and troubleshoot of a remotely managed multi-site network. Some embodiments provide a natural language interface, while other embodiments provide a chatbot type interface that communicates with a technician via traditional text information on a display screen. The diagnostic and troubleshooting capabilities search a central data store that receives device property information from each site of the multi-site network. Based on devices or users that match portions of the entity, queries to the data store are initiated to obtain additional data on the devices. A response to the query is then provided based on the properties of the devices.

Abstract: Disclosed is a modular teleconference system that provides the convenience of a wireless headset for teleconference participants and the determinism associated with a physical connection between the headset and teleconferencing system. Some embodiments include a teleconference adaptor or mini-hub-device that is able to maintain a wireless connection even when disconnected from a teleconference hub device. The hub-device provides one or more cradles, each of which provides a physical connection to a mini hub. When a mini hub is placed in a cradle of a hub-device, the audio channels of the wireless headset are connected to audio channels of the hub-device. The hub-device in turn is connected to a teleconferencing application running on a computing device, such as a personal computer. For each mini hub placed in a cradle of the hub-device, audio from the corresponding wireless headset is integrated with the teleconference audio channel.

Abstract: An example computing device is configured to receive an instance of a customer service model representative of a plurality of customer services. Each of the plurality of customer services associated with a corresponding at least one requirement and a corresponding at least one constraint. The computing device is configured to receive an instance of a resource model representative of a plurality of resources and map the instance of the customer service model and the instance of the resource model to an internal placement model. The computing device is configured to allocate the plurality of resources to the plurality of customer services such that the at least one requirement and the at least one constraint for each of the plurality of customer services are satisfied and inverse map data indicating how the plurality of resources are allocated to a format consumable by the customer device and output the inverse mapped data.

Abstract: A method of measuring (100) metrics of a computer network, comprising the steps of: from a data source collecting (110) sets of data points during a sampling time period, wherein the set of data points constitute a sample, and uploading (120) each sample to a server for further processing (130), wherein from each sample, a fractile information instance is produced (131), wherein the fractile information has a type and each data source is associated (110a) with a fractile information type.

Abstract: In some implementations, a network device may receive one or more packets via an incoming interface of the network device. The network device may forward, or refraining from forwarding, based on a destination address associated with the one or more packets and the incoming interface of the network device, the one or more packets. The network device may receive, prior to receiving the one or more packets, route information indicating the destination address, and at least one of a set of one or more authorized incoming interfaces of the network device or a set of one or more authorized identifiers that are associated with the destination address and may save the route information in an entry of a data structure. Forwarding, or refraining from forwarding, the one or more packets may further be based on the entry of the data structure.

Abstract: A network device may provide a request for blacklists specific to respective subscribers. The network device may receive a first blacklist of network addresses associated with a first subscriber and a second blacklist of network addresses associated with a second subscriber. The network device may receive first traffic associated with a first network address and destined for the first subscriber, and may determine whether the first network address is included in the first blacklist. The network device may prevent the first traffic from being provided to the first subscriber when the network address is included in the first blacklist, or may allow the first traffic to be provided to the first subscriber when the network address is not included in the first blacklist.

Abstract: A network device may receive RSVP path request messages from an upstream ingress network device, and may generate an RSVP path error message, with an overload error code and a timeout period, after the network device is online within the configured timeout period. The network device may provide the RSVP path error message to the ingress network devices to cause the ingress network devices to wait for expiration of the timeout period, after the network device is fully online, until resending the RSVP path request messages. The network device may receive new RSVP path request messages from the ingress network devices after expiration of the timeout period after the network device is fully online, and may establish, based on the new RSVP path request messages, label-switched paths from the ingress network devices.

Abstract: In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.

Abstract: A policy driven zero touch provisioning (ZTP) system implements techniques for policy driven ZTP of network devices. One or more ZTP policies, configurations and/or boot images associated with one or more network devices are stored in a database. Upon execution of a boot sequence, a network device automatically sends a DHCP request including network device identification information to the policy driven ZTP system. The policy driven ZTP system identifies a matching ZTP policy having conditions that match the network device identification information. The ZTP system generates a DHCP response including IP leasing information, a boot configuration information by which a boot configuration may be automatically obtained, and/or boot image information by which a boot image may be automatically obtained as defined by the matching ZTP policy. The techniques allow ZTP policies to be defined with device-level granularity for boot configuration and/or boot images.

Abstract: In some implementations, a network device may receive traffic via an interface of the network device. The network device may determine an Internet protocol (IP) address of the traffic. The network device may identify, based on determining the IP address of the traffic, the interface of the network device. The network device may identify a data structure associated with the interface. The network device may determine whether an entry of the data structure is associated with the IP address. The network device may selectively: forward the traffic, based on determining that an entry of the data structure is associated with the IP address, or refrain from forwarding the traffic, based on determining that no entry of the data structure is associated with the IP address.

Abstract: Techniques are disclosed for identifying sets of network devices to which to deploy a software upgrade based on an importance to the network of each network device. For example, a network system obtains information identifying a number of instances of an application associated with network traffic forwarded by each network device of a plurality of network devices. The instances of the application are executed by client devices serviced by each network device in forwarding the network traffic. The network system assigns each network device to different upgrade groups based on the number of instances of the application, each upgrade group associated with a different relative priority. The network system deploys a software upgrade to each network device according to a priority of the respective upgrade group relative to a priority of the other upgrade groups.

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.

Abstract: In general, techniques are described for a computing device including a virtual router, a pod comprising a container, and a network plugin. The virtual router includes a virtual router agent. The network plugin includes processing circuitry configured to receive, from the virtual router agent, an indication of an interface type for a virtual network for the pod and to configure, for the pod, a virtual network interface having the interface type, the virtual network interface for communicating on the virtual network.

Abstract: A performance monitoring system includes a metric collector configured to receive, via metric exporters, telemetry data comprising metrics related to a network of computing devices. A metric time series database stores related metrics. An alert rule evaluator service is configured to evaluate rules using stored metrics. The performance monitoring system may include a machine learning module and is configured to determine optimized metric collection sampling intervals and rule evaluation intervals, and to automatically determine recommended alert rules.