Abstract: An example method includes receiving, by an SD-WAN system, WAN link characterization data for a plurality of WAN links of the SD-WAN system over a time period; and for each site of a plurality of sites of the SD-WAN system, generating, by the SD-WAN system, a local policy for the site, wherein generating the local policy is based on a machine learning model trained with the WAN link characterization data for the plurality of WAN links, and providing the local policy to an SD-WAN edge device of the site.

Abstract: A network device may receive a border gateway protocol (BGP) flow specification route associated with creation of an overlay network slice in a network, and may create a new routing instance based on the BGP flow specification route. The network device may associate interfaces defined by the BGP flow specification route with virtual private network (VPN) members, and may determine VPN parameters based on the BGP flow specification route. The network device may advertise the VPN parameters within the network to cause the network to generate the overlay network slice.

Abstract: Example systems, methods, and storage media are described. An example network system includes processing circuitry and one or more memories coupled to the processing circuitry. The one or more memories are configured to store instructions which, when executed by the processing circuitry, cause the network system to obtain telemetry data. The instructions cause the network system to determine, based on the telemetry data, that an application running on server processing circuitry does not meet at least one service level agreement (SLA) requirement, the server processing circuitry not including processing circuitry resident on a network interface card (NIC). The instructions cause the network system to, based on the application not meeting the at least one SLA requirement, determine to offload at least one component of the application from the server processing circuitry to the processing circuitry resident on the NIC.

Abstract: In some implementations, a network device may identify a triggering event associated with a logical port. The logical port may be associated with a subscriber group that is associated with a user plane subscriber access device. The network device may assign, based at least in part on the triggering event, a logical port administrative state to the logical port.

Abstract: A plurality of access point (AP) devices configured to provide a wireless network at a site within a geographic region and a management system (NMS) configured to manage the plurality of APs are described. An AP device sends, to the NMS, a message including version information of hardware compliance data currently stored at the AP device. The NMS determines, based on the version information, whether the first version of the hardware compliance data stored at the AP device is in compliance with applicable regulations of the geographic region. When the first version is not in compliance, the AP device receives, from the NMS, a second version of the hardware compliance data that is in compliance with the applicable regulations of the geographic region. The AP device enables operation of one or more hardware components of the AP device in accordance with the second version of the hardware compliance data.

Abstract: A mounting bracket for mounting an electronic device to the T-bar of a drop ceiling provides for self-locking snap-action securing of the mounting bracket to a flange of the T-bar, suspending the mounting bracket from the T-bar. The mounting bracket also provides for self-locking snap-action attachment of the mounted device to the bracket, suspending the device from the suspended mounting bracket. A split adapter allows vertical offsetting of the device from the ceiling, reducing vertical displacement of ceiling tiles resting on the T-bar. The split adapter has two halves the are laterally slid on to the T-bar flange and are then longitudinally slid together to be joined against lateral separation. The composite adapter thus formed presents an adapter flange to which the mounting bracket snap-secures, the mounting bracket locking the adapter halves against longitudinal separation.

Abstract: An example network system includes In one example, a network system includes a service orchestrator for managing a mobile network. The service orchestrator is configured to: receive, from a centralized network controller (CNC) for a time sensitive networking (TSN) application, TSN configuration data for a TSN flow between two end station devices for the TSN application; generate, based on the TSN configuration data, an intent to create a network slice in the mobile network to transport packets for the TSN flow; provision the network with the network slice based on the intent, wherein the network slice is associated with slice identification data; and output the slice identification data to cause a user equipment (UE) device attached to the mobile network to map packets for the TSN flow, received from one of the two end station devices, to the network slice.

Abstract: A method includes receiving a plurality of configurations comprising a first configuration for provisioning a first set of network services at a first resource of an edge device and a second configuration for provisioning a second set of network services at the first resource, a first configuration group identifier identifying a configuration group for the first configuration, and a first network performance parameter for the configuration group. The method further includes determining a performance factor for the first resource providing the first set of network services to one or more client devices. The method further includes, in response to determining that the performance factor does not satisfy the first network performance parameter for the configuration group and that the first configuration group identifier identifies the configuration group for the first configuration, moving the first configuration from the first resource to a second resource of the edge device.

Abstract: A network management system includes a memory storing a set of access point (AP) data, wherein the set of AP data corresponds to a communication between a client device and an AP device. Additionally, the network management system includes processing circuitry configured to: receive the set of AP data corresponding to the client device; and receive a set of remote server data, wherein the set of remote server data comprises information corresponding to a communication between the client device and a remote server separate from the network management system. Additionally, the processing circuitry is configured to: determine an association between the set of AP data and the set of remote server data based one or more matching criteria; store data indicative of the association between the set of AP data and the set of remote server data; and perform an action based on the association.

Abstract: Systems, devices and techniques for an adaptive application-specific probing scheme are disclosed. An example network device includes memory configured to store a network address and probe protocol usable for probing a first network device associated with a source of an application, and one or more processors configured to determine a network address and probe protocol usable for probing the first network device, wherein the first network device comprises a server that is responsive to the probing, the server executing the application for the data flow, or a closest network device, to the server, that is responsive to the probing. The one or more processors are also configured to send to a second network device at a location serviced by the application, a message specifying the network address and probe protocol usable for probing the first network device.

Abstract: In some implementations, a first access gateway function (AGF) may receive, from a second AGF, a communication indicating at least one of a subscriber identity, session information, subscriber context, or session transport information associated with an active session between the second AGF and a client device. The first AGF device may detect that the second AGF device is associated with a failure. The first AGF device may transmit, to a first core network device, a request to switch a first path associated with the active session from the second AGF device to the first AGF device, wherein the request indicates at least one of the subscriber identity, the session information, the subscriber context, or the session transport information. The first AGF device may forward one or more data communications between a second core network device and the DHCP client device associated with the active session via a second path.

Abstract: A device comprises processing circuitry configured to configure an edge device to collect telemetry flow data output by a plurality of network devices and to generate processed telemetry flow data based on the collected telemetry flow data. The processing circuitry is further configured to receive the processed telemetry flow data from the edge device and store an indication of the processed telemetry flow data.

Abstract: A system identifies a source intent policy model that is associated with a graph having a plurality of source nodes connected by a plurality of source edges, identifies a set of source nodes of the plurality of source nodes, and translates the set of source nodes to generate a set of target nodes. The system identifies a subset of target nodes, of the set of target nodes, that are not included in a target intent policy model that is associated with a graph having a plurality of target nodes connected by a plurality of target edges. The system determines a hierarchical order associated with the subset of target nodes and the plurality of target node, and causes the target intent policy model to be updated to include the subset of target nodes and the plurality of target nodes, such that the graph is ordered according to the hierarchical order.

Abstract: A network device may receive transport layer messages from an ingress network device, and may determine whether a quantity of resources required for processing the transport layer messages exceeds a threshold level of available resources of the network device. The network device may generate a transport layer path error message based on the quantity of resources required for processing the transport layer messages exceeding the threshold level of available resources. The network device may provide the transport layer path error message to the ingress network device to prevent the ingress network device from providing additional transport layer messages to the network device.

Abstract: In some implementations, a first packet forwarding device (PFD) may obtain a probe packet. The first PFD may replicate the probe packet forming multiple copies of the probe packet. The first PFD may transmit, to the first PFD and to multiple other PFDs, the multiple copies of the probe packet. The first PFD may receive a first copy of the probe packet and multiple response packets, with the first copy of the probe packet originating at the first PFD, and with each of the multiple response packets originating at a respective one of the multiple other PFDs based on the respective one of the multiple other PFDs receiving one of the multiple copies of the probe packet. The first PFD may determine, based on the first copy of the probe packet and the multiple response packets, a status of multiple links associated with the first PFD.

Abstract: In general, this disclosure describes techniques for leveraging a containerized routing protocol process to implement virtual private networks using routing protocols. In an example, a system comprises a container orchestration system for a cluster of computing devices, the cluster of computing devices including a computing device, wherein the container orchestration system is configured to: deploy a containerized application to a compute node; and in response to deploying the containerized application to the compute node, configure in the compute node a virtual routing and forwarding (VRF) instance to implement a virtual private network (VPN) for the containerized application.

Abstract: Techniques are disclosed for session-based load-balancing of network traffic to network service instances. In one example, a network device receives a first packet of a forward packet flow from a network service instance of a plurality of network service instances after application of a network service. The first packet specifies a Media Access Control (MAC) address of the network service instance as a source MAC address. The network device defines a session comprising the forward packet flow and a reverse packet flow and stores an association between the session and the MAC address of the network service instance. The network device determines that a second packet received from a destination device is associated with the reverse packet flow of the session. The network device forwards the second packet to the same network service instance based on the association between the session and the MAC address of the network service instance.

Abstract: Techniques are described by which a routing protocol, such as border gateway protocol (BGP), is extended to control propagation and importation of information using route targets (RTs) specified as bitmasks that encode link administrative group information. For example, a network control device (e.g., controller) is configured to allocate one or more subset of resources (e.g., nodes or links) of an underlay network to each of one or more virtual networks established over the underlay network. The controller generates a bitmask encoded with link administrative group information of the one or more links. The controller then outputs, to a plurality of provider edge (PE) routers that are participating in a respective virtual network, a routing protocol message to advertise the one or more subset of resources, wherein the routing protocol message includes a route target specified as the bitmask.

Abstract: A device may receive an input associated with deploying a virtual firewall on a computing device. The device may determine a first set of characteristics associated with the virtual firewall and a second set of characteristics associated with a hypervisor associated with the computing device. The device may automatically tune the virtual firewall based on the first set of characteristics and the second set of characteristics. The device may deploy the virtual firewall after tuning the virtual firewall.

Abstract: In some implementations, a head Level 2 (L2) node of an intermediate system-intermediate system (IS-IS) flood reflection (FR) network may determine an end-to-end path from the head L2 node to a tail L2 node of the IS-IS FR network. The IS-IS FR network includes a plurality of L2 nodes and a plurality of FR clusters that each comprise a plurality of Level 1 (L1) nodes and a plurality of L1 and L2 (L1/L2) nodes connected by a plurality of L1 links. The head L2 node may send information associated with the end-to-end path to another node identified in the end-to-end path to cause a label switched path (LSP) to be established from the head L2 node to the tail L2 node, wherein the LSP traverses one or more L1 links within an FR cluster of the IS-IS FR network.