Abstract: Disclosed are methods and systems for determining combinations of system parameters that indicate a root cause of a system level experience deterioration (SLED). Some of the disclosed embodiments generate a decision tree from a first class of operational parameter datasets. Rules are derived from the decision tree. Filtered rule sets for feature parameters included in the system parameters are then determined. Pairs of features within a particular dataset that each satisfy their respective filtered rule sets are indicative of a root cause of the degradation, at least in some embodiments.

Abstract: In some implementations, a non-ingress node of one or more label-switched paths (LSPs) may identify a resource issue event. The non-ingress node may identify, based on identifying the resource issue event, one or more notification-requester stacks included in a data structure. The non-ingress node may generate one or more resource notification messages that each include a respective notification-requester stack of the one or more notification-requester stacks. The non-ingress node may send the one or more resource notification messages based on the one or more notification-requester stacks.

Abstract: A network device may receive an instruction to update a data structure implemented by the network device and update the data structure based on receiving the instruction. The data structure may include a routing instruction to direct the network device to provide a data flow to a server device for processing. The network device may receive the data flow destined for a destination device; determine the routing instruction based on at least a portion of an internet protocol (IP) address associated with the data flow and based on the data structure; execute the routing instruction to provide the data flow to the server device and to cause the data flow to be processed by the server device to form a processed data flow; and receive the processed data flow and provide the processed data flow towards the destination device.

Abstract: A network device can automatically select an execution plan from a set of possible execution plans that cause a first set of traffic assignments in a network to be changed to a second set of traffic assignments. A traffic assignment indicates assignments of the traffic to one or more tunnels, internal routes and/or peer links to be utilized for routing traffic received at provider edge routers through a network to prefixes. A traffic assignment can have various parameters such as bandwidth, transmission costs etc. Each execution plan has one or more steps, and each step has one or more traffic assignment changes progressing from the first set of traffic assignments to the second set of traffic assignments. The network device can automatically select an execution plan based on an evaluation metric determined for each execution plan. The evaluation metric can be a cost based metric or a quality based metric.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

Abstract: A network device may be configured to receive a file stream associated with an file. The network device may be configured to identify, based on receiving the file stream, an initial portion of the file. The network device may be configured to process the initial portion of the file to determine one or more features of the file. The network device may be configured to generate, based on the one or more features of the file, a determination as to whether the file is malicious. The network device may be configured to block or allow, based on the determination, the file stream.

Abstract: An edge services controller may use a service scheduling algorithm to deploy services on Network Interface Cards (NICs) of a NIC fabric while incrementally scheduling services. The edge services controller may assign services to specific nodes depending on their available resources on these nodes. Available resources may include CPU compute, DPU compute, node bandwidth, etc. The edge services controller may also consider the distance between the services that communicate with each other (i.e., hop count between nodes if two communicating services are placed on separate nodes) and the weight of communication between the services. Two services that communicate heavily with each other may consume more bandwidth, and putting them further apart is more detrimental than keeping them closer to each other, i.e., reducing the hop count between each other depending on the bandwidth consumption due to their inter-service communications.

Abstract: Methods of deriving location information of a wireless device include deriving, in the continuous domain, a location of a wireless device and at least one time and location varying path loss function parameter. The coordinates and parameter are derived based on signal strength measurements made at the wireless device, with the measured signals originating from a plurality of wireless transmitters, such as access points. The derived path loss function parameter can include one or more of a path loss exponent parameter, an intercept parameter, a receiver antenna gain parameter, transmitter antenna gain parameter, or a transmit power parameter.

Abstract: Techniques are disclosed for the detection of different states of a session comprising a bidirectional flow of network traffic between client devices so as to enable a network device to apply different network policies to different states of the session. In one example, a computing device identifies multiple states of a session and defines a plurality of network policies. Each network policy defines performance requirements for network traffic during each state of the session. A network device receives the plurality of network policies and determines a state of the session. The network device selects a path based on the performance requirements of the network policy associated with the determined state of the session. The network device forwards traffic associated with the session along the selected path while the session is in the determined state.

Abstract: A network management system (NMS) generates a hierarchical attribution graph representing different scopes at different hierarchical levels of a wide area network (WAN); obtains logical path down data indicative of operational behavior including failure events associated with logical paths of network devices over the WAN; obtains total path data indicative of a historical number of active logical paths between the network devices; and determines a scope of a logical path down issue by, for a time period of the logical path down issue, determining a score for each scope of the different scopes based on the logical path down data aggregated across the respective scope and the total path data, and determining the scope of the logical path down issue as a particular scope of the different scopes having a highest score. The NMS may identify the particular scope as a root cause of the logical path down issue.

Abstract: Techniques are described for monitoring network performance and managing network faults in a computer network. A cloud-based network management system stores path data received from a plurality of network devices operating as network gateways for an enterprise network, the path data collected by each network device of the plurality of network devices for one or more logical paths of a physical interface from the network device over a wide area network (WAN). The network management system determines, based on the path data, one or more WAN link health assessments, wherein the one or more WAN link health assessments include a success or failure state associated with one or more of service provider reachability, physical interface operation, or logical path performance; and in response to determining the at least one failure state, outputs a notification including identification of a root cause of the at least one failure state.

Abstract: In some implementations, a security device may identify a resource profile based on a value of a resource utilization metric associated with the security device. The security device may identify a security services profile to be applied to traffic that is to be processed by the security device. The security device may determine a set of security services to be performed by the security device, the set of security services being identified based on the resource profile and the security services profile. The security device may perform the set of security services according to the security services profile.

Abstract: Techniques are described that detect areas with insufficient radio frequency (RF) coverage in a wireless network. A network management system (NMS) determines one or more service level expectation (SLE) metrics for each client device in a wireless network. The SLE metrics are aggregated to each access point (AP) in the wireless network, and each AP is assigned an AP score based on the aggregated SLE metrics. To identify potential coverage holes, the NMS groups APs having poor AP scores. If a root cause of the poor AP scores cannot be automatically resolved and if the poor AP scores persist for a predetermined period of time, the group of APs is determined to represent a true coverage hole. The NMS may generate a notification regarding recommended corrective actions to the customer and/or IT personnel.

Abstract: Techniques are disclosed for overlaying logical switch fabrics upon a physical switch fabric comprising multiple physical switch devices. In one example, a network device determines an overlay network associated with a received packet. The network device determines a logical identifier that is associated with the overlay network. In some examples, the logical identifier corresponds to a color. The network device selects a logical switch fabric that is associated with the logical identifier from a plurality of other logical switch fabrics that are overlaid upon a physical switch fabric comprising a plurality of network switch devices. The network device forwards the received packet to the selected logical switch fabric for transport across the physical switch fabric.

Abstract: In general, techniques are described for deploying and managing a virtual router having Data Plane Development Kit (DPDK) functionality to a computing device. In an example, a method includes creating, by a container orchestration platform executing on a computing device, a virtual router custom resource instance of a virtual router custom resource definition, the virtual router custom resource instance for a virtual router to execute on the computing device; based on configuration data for the virtual router custom resource instance, by the container orchestration platform, modifying the virtual router custom resource instance with the configuration data and deploying a first virtual computing instance comprising a virtual router configured according to the modified virtual router custom resource instance; and executing, by the computing device, the virtual router to process a packet.

Abstract: An example method comprises determining, by an edge services controller, based on a respective predicted resource utilization value for each of a plurality of servers, a corresponding server weight for each of the plurality of servers; the plurality of servers comprising respective network interface cards (NICs), wherein each NIC of the plurality of NICs comprises an embedded switch and a processing unit coupled to the embedded switch; determining, by the edge services controller, based on a respective predicted resource utilization value for each of a plurality of services, a corresponding application weight for each of the plurality of services; and scheduling, by the edge services controller, based on the respective server weight for a server of the plurality of servers and the respective application weight for the service, a service of the plurality of services on the server.

Abstract: A mixed pitch method of placing pads in a ball grid array (BGA) package having a BGA substrate and a plurality of connectors arranged in an array and connected via the pads to the BGA substrate. Selected pairs of the pads are placed on the BGA substrate at a distance defined by a first pitch P1. Ground pads are placed on the BGA substrate at a distance from the selected pairs of pads defined by a second pitch P2, wherein P2=M*P1 and M is greater than one. The selected pairs of the pads on the BGA substrate are also placed at a distance from other selected pairs of the pads defined by the second pitch P2.

Abstract: A network device may determine that network traffic for a communication session between a first peer device and a second peer device is to be protected using a security protocol suite. The network device may establish, using one or more tunnels, multiple security associations that are to be used to securely provide the network traffic of the communication session over an unsecured medium. The network device may determine a rekey scheduling time for each security association, of the multiple security associations, based on a combination of configuration information and dynamic network device information. The network device may perform, at each rekey scheduling time, a rekeying procedure to rekey each security association of the multiple security associations.

Abstract: A customer edge device is connected, in a multi-homed configuration, to a device via a downlink of the device and to another device via another downlink of the other device. The device may determine that each of one or more uplinks of the device has an inactive interface status and may thereby cause the downlink of the device to be down. This may cause the customer edge device to communicate network traffic via the other downlink of the other device. The device may determine that at least one uplink, of the one or more uplinks, has an active interface status and may thereby cause the downlink to be up. This may cause the customer edge device to communicate network traffic via the downlink of the device.

Abstract: Methods and apparatus for identifying the root cause of deterioration of system level experience (SLE). Offending network components that caused the SLE deterioration are identified and corrective actions are taken.