Abstract: Techniques are described by which a network management system (NMS) is configured determine a specific wireless channel assigned to a first AP device. The NMS is further configured to determine one or more neighboring AP devices that are within a certain proximity of the first AP device and generate a packetized scan command for each of the one or more neighboring AP devices. The NMS is further configured to send the packetized scan command to each of the one or more neighboring AP devices and receive, from the first AP device and each of the one or more neighboring AP devices, signal samples of a client device connected to the first AP device on the specific wireless channel assigned to the first AP device. The NMS is further configured to, based on the received signal samples, determine a location within the site of the client device.

Abstract: A network device may poll data for counters of the network device, and may store, for a first time interval, the data polled for the counters in a data structure. The network device may maintain the data polled for the counters in the data structure for a second time interval that is longer than the first time interval, and may receive, from a network management system (NMS), a request for data polled for the counters with the second time interval. The network device may determine, based on the request, whether the NMS is authorized to receive the data polled for the counter, and may provide, to the NMS, the data polled for the counters, with the second time interval, when on the NMS is authorized to receive the data polled for the counters.

Abstract: A system may identify a security intent policy model associated with an initial time. The system may generate one or more delta snapshots that respectively indicate one or more incremental changes to the security intent policy model at times subsequent to the initial time. The system may determine that the system is to deploy an updated version of the security intent policy model to a device and may thereby determine a previous deployment time at which the system deployed a previous version of the security intent policy model to the device. The system may generate, based on the one or more delta snapshots and the previous deployment time, a cumulative delta snapshot, and may thereby update a low-level security intent policy model associated with the device. The system may generate, based on the low-level security intent policy model, device-level security configuration information for the device.

Abstract: A device may receive network traffic data that includes network traffic packet sizes, and may transform the network traffic data into transformed data. The device may process the transformed data, with a machine learning model, to generate an embedding, and may obtain a similarity metric for the embedding. The device may create a graph with nodes and edges based on the embedding and the similarity metric, and may process the graph, with a community detection model, to identify network traffic categories for the network traffic data. The device may perform one or more actions based on the network traffic categories.

Abstract: A controller device receives, from a plurality of assisted replication network devices, respective utilization information associated with the plurality of assisted replication network devices. The controller device generates, based on the respective utilization information associated with the plurality of assisted replication network devices, load balancing information for a network device associated with two or more assisted replication network devices of the plurality of assisted replication network devices, and sends, to the network device, the load balancing information. The network selects, based on the load balancing information, a particular assisted replication network device of the two or more assisted replication network devices.

Abstract: Techniques are disclosed for a network management system (NMS) that performs quality of service (QoS) monitoring and troubleshooting of user experience issues occurring outside of a network managed by the NMS using data obtained from third-party sources. For example, an NMS obtains third-party data of a third-party application server or third-party service provider server from a third-party monitoring vendor. The NMS identifies a user experience issue indicated by the third-party data and stitches the third-party data to network data received from network devices. The NMS determines a root cause or a remedial action of the user experience issue based at least on the network data received from the one or more network devices. The NMS generates a notification for presentation to an administrator device which identifies the root cause or the remedial action of the user experience issue.

Abstract: A method is described for measuring a communication latency between a first device with a first local clock and a second device with a second local clock, the devices interconnected for digital communication to a network, comprising sending an upstream communication and a downstream communication between the devices, and measuring using said local clocks an upstream send time (?1), an upstream receive time (?2), a downstream send time (?3) and a downstream receive time (?4); calculating a first measured delay (y1) as ?2-?1 and calculating a second measured delay (y2) as ?4-?3; providing said measured delays (y1, y2) to a recursive filter function arranged to estimate a first latency (d1) and a second latency (d2) based on said measured delays (y1, y2) and on values for the first and second latencies (d1, d2) previously estimated by said recursive filter function, and iterating. The invention also relates to a system and computer software product.

Abstract: A network device may receive a redundant identifier certificate associated with a redundant routing module, and may provide, to a bootstrap device, a primary identifier certificate associated with a primary routing module associated with the network device. The network device may establish a secure connection with the bootstrap device based on the bootstrap device verifying an authenticity of the primary routing module via the primary identifier certificate. The network device may provide, to the bootstrap device via the secure connection, a redundant routing module identifier associated with the redundant routing module and may receive, from the bootstrap device via the secure connection, a signed certificate chain associated with the redundant routing module. The network device may verify the signed certificate chain and may verify the redundant identifier certificate, associated with the redundant routing module, based on verifying the signed certificate chain.

Abstract: A network device may identify a link aggregation group (LAG) of a plurality of links between the network device and another network device. The network device may identify link aggregation control protocol (LACP) parameters that were communicated by the network device and the other network device in association with the LAG. The network device may determine, based on the LACP parameters, a priority order of the plurality of links in the LAG. The network device may communicate with the other network device, and based on the priority order of the plurality of links of the LAG, one or more precision time protocol (PTP) messages via the LAG. For example, the network device may determine that a first link and a second link in the priority order are not available, and therefore may communicate the one or more PTP messages via a third link in the priority order.

Abstract: Techniques are disclosed for maintaining processing unit core affinity for fragmented packets. In one example, a service physical interface card (PIC) implementing a service plane of a network device receives fragmented and/or non-fragmented packet data for a traffic flow. The service PIC comprises at least one processing unit comprising multiple cores. A routing engine operating in a control plane of the network device defines one or more core groups comprising a subset of the cores. The routing engine assigns the traffic flow to a core group and a forwarding engine operating in a forwarding plane of the network device forwards the packet data for the traffic flow to the assigned core group. A core of the assigned core group applies a network service to the fragmented and/or non-fragmented packet data for the traffic flow, and the forwarding engine forwards the packet data for the traffic flow toward a destination.

Abstract: In some implementations, a broadband network gateway (BNG) may receive, from a customer premises equipment, a dynamic host configuration protocol (DHCP) discover request, wherein the BNG is connected to the customer premises equipment and a fixed mobile interworking function (FMIF). The BNG may communicate with, based on the DHCP discover request, the FMIF. The BNG may provide to the customer premises equipment, and based on communicating with the FMIF, a DHCP offer that offers utilization of the BNG as a DHCP server. The BNG may receive from the customer premises equipment, and based on providing the DHCP offer, a DHCP request to request utilization of the BNG as the DHCP server. The BNG may provide to the customer premises equipment, and based on the DHCP request, a DHCP acknowledgment that acknowledges utilization of the BNG as the DHCP server.

Abstract: A device may cause a Media Access Control Security (MACsec) session to be established on a first link of a link aggregation group (LAG) that includes a plurality of links with a different device. The device may cause a data structure to be updated to identify the first link as a MACsec enabled LAG link and may send traffic via the first link. The device may cause a MACsec session to be established on at least one additional link of the LAG and may cause the data structure to be updated to identify the at least one additional link as a MACsec enabled LAG link. The device may send, after causing the data structure to be updated to identify the at least one additional link as a MACsec enabled LAG link, additional traffic via the first link and the at least one additional link.

Abstract: In general, a device comprising a processor and a memory may be configured to perform various aspects of the techniques described in this disclosure. The memory may store source configuration data of a source environment descriptor associated with a source operating environment and target configuration data of a target environment descriptor associated with a target operating environment. The processor may compare the source configuration data to the target configuration data, and generate, based on the comparison, update data including software component versions. The processor may generate, based on the update data, a unified release including a new application release version, the new application release version including release propagation data.

Abstract: An example network system includes processing circuitry and one or more memories coupled to the processing circuitry. The one or more memories are configured to store instructions which cause the system to obtain telemetry data, the telemetry data being associated with a plurality of applications running on a plurality of hosts. The instructions cause the system to, based on the telemetry data, determine a subset of applications of the plurality of applications that run on a first host of the plurality of hosts. The instructions cause the system to determine a subset of firewall policies of a plurality of firewall polices, each of the subset of firewall policies applying to at least one respective application of the subset of applications. The instructions cause the system to generate an indication of the subset of firewall policies and send the indication to a management plane of a distributed firewall.

Abstract: A co-packaged optical-electrical chip can include an application-specific integrated circuit (ASIC) and a plurality of optical modules, such as optical transceivers. The ASIC and each of the optical modules can exchange electrical signaling via integrated electrical paths. The ASIC can include Ethernet switch, error correction, bit-to-symbol mapping/demapping, and digital signal processing circuits to pre-compensate and post-compensate channel impairments (e.g., inter-channel/intra-channel impairments) in electrical and optical domains. The co-packaged inter-chip interface can be scaled to handle different data rates using spectral efficient signaling formats (e.g., QAM-64, PAM-8) without adding additional data lines to a given design and without significantly increasing the power consumption of the design.

Abstract: In an example, a method includes processing, by an application programming interface (API) server implemented by a configuration node of a network controller for a software-defined networking (SDN) architecture system, requests for operations on native resources of a container orchestration system; processing, by a custom API server implemented by the configuration node, requests for operations on custom resources for SDN architecture configuration, wherein each of the custom resources for SDN architecture configuration corresponds to a type of configuration object in the SDN architecture system; detecting, by a control node of the network controller, an event on an instance of a first custom resource of the custom resources; and by the control node, in response to detecting the event on the instance of the first custom resource, obtaining configuration data for the instance of the first custom resource and configuring a corresponding instance of a configuration object in the SDN architecture.

Abstract: A system includes computer-readable media configured to store a plurality of objects representing intent graph models of a network, and processing circuitry coupled to the computer-readable media. The processing circuitry is configured to receive a request indicating a requested time, determine one or more first objects of the plurality of objects, the first objects storing an intent graph model associated with a first time, the first time different from the requested time, determine one or more second objects of the plurality of objects, the second objects storing difference information indicating one or more changes to the intent graph model associated with the first time that occurred after the first time, apply the changes to the intent graph model associated with the first time to generate an intent graph model associated with the requested time, and output an indication of the intent graph model associated with the requested time.

Abstract: An example application programming interface (API) server device that distributes configuration data to managed network devices includes one or more processing units implemented in circuitry and configured to receive configuration data to be deployed to at least one of the managed network devices; store the configuration data to a configuration database; and send the configuration data to the at least one of the managed network devices. In this manner, the configuration data can be archived for later retrieval and analysis, e.g., to perform root cause analysis in the event of an error.

Abstract: Network elements are managed with a server to support client data models from heterogeneous data sources. A server receives a first query for configuration data of a network element to be returned in a first model. The server determines a model type for the configuration data of the network element. When the model type is a second model that is not the first model, the server sends a second query to the network element for the configuration data to be returned in the second model and transforms the configuration data received from the network element into the first model. Additionally, the server returns the configuration data in the first model as a response to the first query.