Abstract: An example method comprises determining, by an edge services controller, based on a respective predicted resource utilization value for each of a plurality of servers, a corresponding server weight for each of the plurality of servers; the plurality of servers comprising respective network interface cards (NICs), wherein each NIC of the plurality of NICs comprises an embedded switch and a processing unit coupled to the embedded switch; determining, by the edge services controller, based on a respective predicted resource utilization value for each of a plurality of services, a corresponding application weight for each of the plurality of services; and scheduling, by the edge services controller, based on the respective server weight for a server of the plurality of servers and the respective application weight for the service, a service of the plurality of services on the server.

Abstract: In some implementations, a first endpoint device may assign a first metric to a first Internet Protocol security (IPsec) tunnel and a second metric to a second IPsec tunnel. The first IPsec tunnel may be a first communication channel for transmitting data between the first endpoint device and a second endpoint device, and the second IPsec tunnel may be a second communication channel for transmitting the data between the first endpoint device and the second endpoint device. The first endpoint device may select, based on the first metric and the second metric, the first IPsec tunnel or the second IPsec tunnel as a selected IPsec tunnel for transmitting the data toward the second endpoint device. The first endpoint device may transmit the data toward the second endpoint device via the selected IPsec tunnel.

Abstract: In general, the disclosure describes techniques for measuring edge-based quality of experience (QoE) metrics. For instance, a network device may construct a topological representation of a network, including indications of nodes and links connecting the nodes within the network. For each of the links, the network device may select a node device of the two node devices connected by the respective link to measure one or more QoE metrics for the respective link, with the non-selected node device not measuring the QoE metrics. In response to selecting the selected node device, the network device may receive a set of one or more QoE metrics for the respective link for data flows flowing from the selected node device to the non-selected node device. The network device may store the QoE metrics and determine counter QoE metrics for data flows flowing from the non-selected node device to the selected node device.

Abstract: A device may receive a first telemetry data entry associated with an attribute and store a record associated with the first telemetry data entry, wherein the record identifies a first context value associated with the attribute. The device may log a first timestamp of the first telemetry data entry in a lookup table, wherein the lookup table includes a mapping of the attribute to the first context value and to the first timestamp. The device may receive a second telemetry data entry associated with the attribute and may determine, from the mapping, that the second telemetry data entry is associated with a second context value that is different from the first context value. The device may determine whether a second timestamp, of the second telemetry data entry, is before the first timestamp. The device may perform an action based on whether the second timestamp is before the first timestamp.

Abstract: In some implementations, a network device may determine, based on a routing table, a plurality of routing paths from the network device to another network device, wherein the plurality of routing paths are respectively associated with a plurality of security classifications. The network device may receive network traffic that is destined for the other network device and that is associated with a particular security classification of the plurality of security classifications. The network device may forward the network traffic based on a particular routing path, of the plurality of routing paths, that is associated with the other network device and the particular security classification.

Abstract: A network management system (NMS) is described that provides a granular troubleshooting workflow at an application session level using an application session-specific topology from a client device to a cloud-based application server. During an application session of a cloud-based application, a client device running the application exchanges data through one or more access point (AP) devices, one or more switches at a wired network edge, and one or more network nodes, e.g., switches, routers, and/or gateway devices, to reach a cloud-based application server. For a particular application session, the NMS generates a topology based on network data received from a subset of network devices, e.g., client devices, AP devices, switches, routers, and/or gateways, that were involved in the particular application session over a duration of the particular application session. In this way, the NMS enables backward-looking troubleshooting of the particular application session.

Abstract: A disclosed Thermal Test Vehicle (TTV) for simulating the thermal characteristics of a certain integrated circuit may include (1) a substrate that serves as both (A) an electrical insulator that resists electrical energy and (B) a thermal conductor that conducts thermal energy and (2) one or more resistive elements coupled to the substrate, wherein the resistive elements extend across a majority of at least one dimension of the substrate. Various other apparatuses, systems, and methods are also disclosed.

Abstract: The disclosure describes techniques that enable detection of memory leaks of software executing on devices within a computer network. An example network device includes memory and processing circuitry. The processing circuitry monitors a usage of the memory by a software component operating within the network device. The processing circuitry periodically determines a memory growth pattern score for the software component based on the usage of the memory. The processing circuitry also predicts whether the user-level process is experiencing a memory leak based on the memory growth pattern score. The processing circuitry applies confirmation criteria to current memory usage of the software component to confirm that the software component is experiencing the memory leak. When the software component is experiencing the memory leak, the processing circuitry generates an alert.

Abstract: A secondary routing device is configured as a backup routing device for a primary routing device. The primary routing device performs asynchronous socket replication with the secondary routing device. The secondary routing device includes a transmission buffer, in memory, for storing replicated socket data transmitted between the primary routing device and the standby routing device and one or more processors implemented in circuitry and configured to execute a replication driver to: determine a threshold value; determine that an amount of data equaling or exceeding the threshold value has been read from the transmission buffer; in response to determining that the amount of data equaling or exceeding the threshold value has been read from the transmission buffer, schedule a window update for the transmission buffer at a scheduled time; and send the window update at the scheduled time.

Abstract: Methods and apparatus for processing and using signals transmitted by a device, e.g., a low cost beacon transmitter device, to facilitate making location determinations with regard to the transmitting device and/or making a decision of when or how to use location information generated based on received signals are described. In accordance with some features the processing performed on the received signal strength measurements is based on whether or not the device from which the signals are received is in motion. The size of a sample period used as a processing window when determining device location is based, in some embodiments, on the rate of motion. When and/or how to use location determinations are performed is also based on motion in some embodiments. Machine learning updates of location determination parameters, based on received signals, are disabled when the signals are from devices determined to be in motion.

Abstract: Some implementations described herein relate to a system that is configured to obtain one or more event logs associated with a tenant of the system. The system may be configured to determine, based on the one or more event logs, an event rate associated with the tenant and thereby determine, based on the event rate, a rotation interval. The system may be configured to cause, based on the rotation interval, a data structure to be generated for storing event logs associated with the tenant that are obtained during a time window. The system may be configured to obtain, within the time window, one or more additional event logs associated with the tenant and to cause, based on obtaining the one or more additional event logs within the time window, the one or more additional event logs to be stored in the data structure.

Abstract: Techniques are described in which a centralized controller, such as a software defined networking (SDN) controller, constructs a service chain that includes a physical network function (PNF) between a bare metal server (BMS) and a virtual execution element (e.g., virtual machine or container), or in some instances a remote BMS, or vice-versa. In accordance with the techniques disclosed herein, the controller may construct an inter-network service chain that includes PNFs, or a combination of PNFs and virtualized network functions (VNFs). The controller may construct an inter-network service chain to steer traffic between a BMS and a virtual execution element or remote BMS through an inter-network service chain using Virtual Extensible Local Area Network (VXLAN) as an underlying transport technology through the service chain.

Abstract: In some implementations, a user plane (UP) device may receive a control packet indicating a logout associated with a subscriber session. The UP device may store an indication of the logout associated with the subscriber session. The UP device may determine, after storing the indication, that the logout associated with the subscriber session has not been completed within a subscriber logout period. The UP device may transmit an error indication indicating that the logout has not been completed within the subscriber logout period. In some implementations, a control plane (CP) device may receive the error indication indicating that the logout associated with the subscriber session has not been completed. The CP device may process the logout based at least in part on receiving the error indication. The CP device may transmit, based on processing the logout, a logout notification associated with the logout.

Abstract: Network management techniques are described. A controller device of this disclosure manages a device group of a network. The controller device includes processing circuitry in communication with the memory, the processing circuitry being configured to receive, using a programmable diagnosis service executed by the processing circuitry, a programming input, to form, using the programmable diagnosis service, based on the programming input, a resource definition graph that models interdependencies between a plurality of resources supported by the device group, to detect, using the programmable diagnosis service, an event affecting a first resource of the plurality of resources, and to identify, using the programmable diagnosis service, based on the interdependencies modeled in the resource definition graph formed based on the programming input, a root cause event that caused the event affecting the first resource, the root cause event occurring at a second resource of the plurality of resources.

Abstract: Techniques are disclosed for maintaining processing unit core affinity for fragmented packets. In one example, a service physical interface card (PIC) implementing a service plane of a network device receives fragmented and/or non-fragmented packet data for a traffic flow. The service PIC comprises at least one processing unit comprising multiple cores. A routing engine operating in a control plane of the network device defines one or more core groups comprising a subset of the cores. The routing engine assigns the traffic flow to a core group and a forwarding engine operating in a forwarding plane of the network device forwards the packet data for the traffic flow to the assigned core group. A core of the assigned core group applies a network service to the fragmented and/or non-fragmented packet data for the traffic flow, and the forwarding engine forwards the packet data for the traffic flow toward a destination.

Abstract: A ternary phase shift keying transmitter and receiver can efficiently communicate using ternary encoded data that avoids indistinguishable transition curves for each of the three modulated states in the ternary encoded data. The transmitter is interoperable and can function with different types of receivers including direct detection-based receivers and coherent detection-based receivers.

Abstract: A wireless access point comprises a memory; and one or more processors operably coupled to the memory configured to: receive a first packet for an application; configure an initial packet flow for the application including a first forwarding action to send traffic for the application via a tunnel path; learn the application of the first packet; generate, based on a policy of the application, an entry in an application server address cache specifying an address of the application server and a second forwarding action to send traffic for the application via a local breakout path; receive a second packet for the application; and configure, in response to determining that a destination address of the second packet matches the entry in the application server address cache, a subsequent packet flow for the application including the second forwarding action to send traffic for the application via the local breakout path.

Abstract: An ingress network device may receive a core domain network segment identifier associated with a core domain network of the multi-domain network. The ingress network device may receive location data of an egress network device associated with a second leaf domain network of the multi-domain network, wherein the location data may include data identifying the core domain network segment identifier, a second leaf domain network segment identifier associated with the second leaf domain network, and an egress network device segment identifier associated with the egress network device. The ingress network device may store the core domain network segment identifier and the location data, and may utilize the core domain segment identifier and the location data to route traffic to the egress network device.

Abstract: In an example, a method includes obtaining, for a software-defined wide area network (SD-WAN) system having a plurality of a wide area network (WAN) links for an SD-WAN service, a first service level agreement (SLA) rule that matches a first application, the first SLA rule having a first priority that indicates a priority of the first application; obtaining, for the SD-WAN system, a second SLA rule that matches a second application, the second SLA rule having a second priority that indicates a priority of the second application; assigning, for the SD-WAN system, the first application and the second application to a first WAN link of the plurality of WAN links; and in response to determining that the first WAN link has violated the first SLA rule that matches the first application, assigning, by the SD-WAN system, the second application to a second WAN link of the plurality of WAN links.

Abstract: A network device may receive a border gateway protocol (BGP) flow specification route associated with creation of an overlay network slice in a network, and may create a new routing instance based on the BGP flow specification route. The network device may associate interfaces defined by the BGP flow specification route with virtual private network (VPN) members, and may determine VPN parameters based on the BGP flow specification route. The network device may advertise the VPN parameters within the network to cause the network to generate the overlay network slice.