Abstract: Disclosed are methods and systems for determining combinations of system parameters that indicate a root cause of a system level experience deterioration (SLED). Some of the disclosed embodiments generate a decision tree from a first class of operational parameter datasets. Rules are derived from the decision tree. Filtered rule sets for feature parameters included in the system parameters are then determined. Pairs of features within a particular dataset that each satisfy their respective filtered rule sets are indicative of a root cause of the degradation, at least in some embodiments.

Abstract: A network device can automatically select an execution plan from a set of possible execution plans that cause a first set of traffic assignments in a network to be changed to a second set of traffic assignments. A traffic assignment indicates assignments of the traffic to one or more tunnels, internal routes and/or peer links to be utilized for routing traffic received at provider edge routers through a network to prefixes. A traffic assignment can have various parameters such as bandwidth, transmission costs etc. Each execution plan has one or more steps, and each step has one or more traffic assignment changes progressing from the first set of traffic assignments to the second set of traffic assignments. The network device can automatically select an execution plan based on an evaluation metric determined for each execution plan. The evaluation metric can be a cost based metric or a quality based metric.

Abstract: A network device may receive an instruction to update a data structure implemented by the network device and update the data structure based on receiving the instruction. The data structure may include a routing instruction to direct the network device to provide a data flow to a server device for processing. The network device may receive the data flow destined for a destination device; determine the routing instruction based on at least a portion of an internet protocol (IP) address associated with the data flow and based on the data structure; execute the routing instruction to provide the data flow to the server device and to cause the data flow to be processed by the server device to form a processed data flow; and receive the processed data flow and provide the processed data flow towards the destination device.

Abstract: In some implementations, a non-ingress node of one or more label-switched paths (LSPs) may identify a resource issue event. The non-ingress node may identify, based on identifying the resource issue event, one or more notification-requester stacks included in a data structure. The non-ingress node may generate one or more resource notification messages that each include a respective notification-requester stack of the one or more notification-requester stacks. The non-ingress node may send the one or more resource notification messages based on the one or more notification-requester stacks.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

Abstract: A network device may be configured to receive a file stream associated with an file. The network device may be configured to identify, based on receiving the file stream, an initial portion of the file. The network device may be configured to process the initial portion of the file to determine one or more features of the file. The network device may be configured to generate, based on the one or more features of the file, a determination as to whether the file is malicious. The network device may be configured to block or allow, based on the determination, the file stream.

Abstract: In general, techniques are described for deploying virtualized cell site routers (vCSRs). In an example, a method comprises receiving, at a forwarding plane of a virtualized cell site router (vCSR) of a first Distributed Unit (DU) of a plurality of DU servers of a cell site for a 5G radio access network, the vCSR having a containerized routing protocol process and a forwarding plane configured to perform Layer 2 (L2) switching, L2 packets on a second interface for a second physical link connecting the first DU server to an L2 switch; and switching, by the forwarding plane of the vCSR of the first DU, the L2 packets on a first interface for a first physical link connecting the first DU server to a second DU server of the plurality of DU servers.

Abstract: Methods of deriving location information of a wireless device include deriving, in the continuous domain, a location of a wireless device and at least one time and location varying path loss function parameter. The coordinates and parameter are derived based on signal strength measurements made at the wireless device, with the measured signals originating from a plurality of wireless transmitters, such as access points. The derived path loss function parameter can include one or more of a path loss exponent parameter, an intercept parameter, a receiver antenna gain parameter, transmitter antenna gain parameter, or a transmit power parameter.

Abstract: Techniques are described that detect areas with insufficient radio frequency (RF) coverage in a wireless network. A network management system (NMS) determines one or more service level expectation (SLE) metrics for each client device in a wireless network. The SLE metrics are aggregated to each access point (AP) in the wireless network, and each AP is assigned an AP score based on the aggregated SLE metrics. To identify potential coverage holes, the NMS groups APs having poor AP scores. If a root cause of the poor AP scores cannot be automatically resolved and if the poor AP scores persist for a predetermined period of time, the group of APs is determined to represent a true coverage hole. The NMS may generate a notification regarding recommended corrective actions to the customer and/or IT personnel.

Abstract: A network management system (NMS) generates a hierarchical attribution graph representing different scopes at different hierarchical levels of a wide area network (WAN); obtains logical path down data indicative of operational behavior including failure events associated with logical paths of network devices over the WAN; obtains total path data indicative of a historical number of active logical paths between the network devices; and determines a scope of a logical path down issue by, for a time period of the logical path down issue, determining a score for each scope of the different scopes based on the logical path down data aggregated across the respective scope and the total path data, and determining the scope of the logical path down issue as a particular scope of the different scopes having a highest score. The NMS may identify the particular scope as a root cause of the logical path down issue.

Abstract: In some examples, a computing device comprises a first service function instance to apply a service function and a service function forwarder to: receive a first layer 3 routing protocol route advertisement that includes service function instance data for a second service function instance, the service function instance data indicating a service function type and a service identifier for the service function instance; receive a second layer 3 routing protocol route advertisement that includes service function chain data for a service function chain, the service function chain data indicating a service path identifier and one or more service function items; and send, to the second service function instance and based at least on determining a service function item of the one or more service function items indicates the second service function instance, a packet classified to the service function chain.

Abstract: In some implementations, a security device may identify a resource profile based on a value of a resource utilization metric associated with the security device. The security device may identify a security services profile to be applied to traffic that is to be processed by the security device. The security device may determine a set of security services to be performed by the security device, the set of security services being identified based on the resource profile and the security services profile. The security device may perform the set of security services according to the security services profile.

Abstract: An edge services controller may use a service scheduling algorithm to deploy services on Network Interface Cards (NICs) of a NIC fabric while incrementally scheduling services. The edge services controller may assign services to specific nodes depending on their available resources on these nodes. Available resources may include CPU compute, DPU compute, node bandwidth, etc. The edge services controller may also consider the distance between the services that communicate with each other (i.e., hop count between nodes if two communicating services are placed on separate nodes) and the weight of communication between the services. Two services that communicate heavily with each other may consume more bandwidth, and putting them further apart is more detrimental than keeping them closer to each other, i.e., reducing the hop count between each other depending on the bandwidth consumption due to their inter-service communications.

Abstract: A controller device includes one or more processors and a memory for storing instructions that, when executed, cause the one or more processors to receive, from a set of network devices in a network, a time series of telemetry data; determine, using telemetry data, a threshold for a parameter of a network device of the set of network devices; in response to reception of an indication that an instant value for the parameter does not satisfy the determined threshold for the parameter, determine that an anomaly has occurred at the network device; in response to the determination, generate a user interface having first data for a first time period that occurs before the anomaly, second data for a second time period corresponding to when the anomaly occurs in the network, and third data for a third time period that occurs after the anomaly.

Abstract: Techniques are described for monitoring network performance and managing network faults in a computer network. A cloud-based network management system stores path data received from a plurality of network devices operating as network gateways for an enterprise network, the path data collected by each network device of the plurality of network devices for one or more logical paths of a physical interface from the network device over a wide area network (WAN). The network management system determines, based on the path data, one or more WAN link health assessments, wherein the one or more WAN link health assessments include a success or failure state associated with one or more of service provider reachability, physical interface operation, or logical path performance; and in response to determining the at least one failure state, outputs a notification including identification of a root cause of the at least one failure state.

Abstract: This disclosure describes techniques are described for proactively computing configuration information for policy-driven on-demand tunnel creation and deletion between sites in a software-defined networking in wide area network (SD-WAN) environment. In some examples, a controller device is configured to precompute configuration data for an overlay tunnel through the wide area network to connect a first site and a second site of a plurality of sites in the SD-WAN environment. The controller device is further configured to obtain, after precomputing the configuration data, an indication to configure the overlay tunnel. The controller device is also configured to send, in response to receiving the indication to configure the overlay tunnel, at least some of the configuration data to the first site to configure the first site with the overlay tunnel.

Abstract: Techniques are disclosed for the detection of different states of a session comprising a bidirectional flow of network traffic between client devices so as to enable a network device to apply different network policies to different states of the session. In one example, a computing device identifies multiple states of a session and defines a plurality of network policies. Each network policy defines performance requirements for network traffic during each state of the session. A network device receives the plurality of network policies and determines a state of the session. The network device selects a path based on the performance requirements of the network policy associated with the determined state of the session. The network device forwards traffic associated with the session along the selected path while the session is in the determined state.

Abstract: Methods and apparatus for identifying the root cause of deterioration of system level experience (SLE). Offending network components that caused the SLE deterioration are identified and corrective actions are taken.

Abstract: A mixed pitch method of placing pads in a ball grid array (BGA) package having a BGA substrate and a plurality of connectors arranged in an array and connected via the pads to the BGA substrate. Selected pairs of the pads are placed on the BGA substrate at a distance defined by a first pitch P1. Ground pads are placed on the BGA substrate at a distance from the selected pairs of pads defined by a second pitch P2, wherein P2=M*P1 and M is greater than one. The selected pairs of the pads on the BGA substrate are also placed at a distance from other selected pairs of the pads defined by the second pitch P2.

Abstract: In some examples, a method includes receiving, by an egress network device for a network, messages from each of a plurality of ingress network devices for the network, wherein each of the messages specifies a multicast source, a multicast group, and an upstream multicast hop weight value for multicast traffic for the multicast source and the multicast group; selecting, by the egress network device and based on the upstream multicast hop weight values specified by the received messages, one of the plurality of ingress network devices to which to send a multicast join message of a plurality of multicast join messages for the multicast source and multicast group; and sending, by the egress network device, the multicast join message to the selected one of the plurality of ingress network devices.