Abstract: A system for configuring a data center includes a fabric management server coupled to a management switch. A provisional Software Defined Networking (SDN) controller executing on the fabric management server can discover physical servers coupled to the management switch, receive network interface configuration information from the physical servers, and use the discovered network interface configuration information to determine a configuration for switches and servers coupled to an IP fabric. The configuration can be migrated to a full functionality SDN controller.

Abstract: A disclosed method may include (1) identifying a route installed in a Forwarding Information Base (FIB) of a network device included in a network, (2) identifying a plurality of active paths that lead from the network device to a destination device of the route installed in the FIB, (3) determining a load distribution of the plurality of active paths by calculating a plurality of traffic loads that represent amounts of traffic that traverse from the network device to the destination device via the plurality of active paths, and (4) making a trafficking decision in connection with the plurality of active paths based at least in part on the load distribution of the plurality of active paths. Various other apparatuses, systems, and methods are also disclosed.

Abstract: Methods and apparatus relating to use of actual and/or virtual beacons are described. Virtual beacons are virtual in that an actual beacon need not be transmitted but a rather a virtual beacon transmitter at a desired location maybe considered to transmit virtual beacons. In some embodiments a set of beacon transmitter information for one or more beacons is supplied to devices in a communications system. The beacon transmitter information indicates transmission power and location of actual and virtual beacon transmitters as well as information to be communicated by virtual beacons. Devices with access to beacon information can determine based on the location of a wireless terminal whether the wireless terminal is within coverage area of a virtual beacon and report reception of the virtual beacon to the wireless terminal or a component of the wireless terminal which acts upon receiving an indication of beacon reception.

Abstract: In some implementations, a security device may receive a traffic flow. The security device may determine an amount of a padding included in the traffic flow. The security device may determine whether the amount of the padding included in the traffic flow satisfies a padding threshold. The security device may perform, based on the amount of the padding satisfying the padding threshold, offloading for the traffic flow. The security device may inspect, based on the amount of the padding failing to satisfy the padding threshold, an entire portion of the traffic flow.

Abstract: A network device may communicate with another network device via a media access control security (MACsec) key agreement (MKA) communication link, wherein an MKA session has been established between the network device and the other network device. The network device may determine that the other network device is unavailable. The network device may cause, based on determining that the other network device is unavailable, an MKA state of the network device to be placed in a paused state. The network device may receive, after causing the MKA state of the network device to be placed in the paused state, a packet from the other network device via the MKA communication link. The network device may determine, based on the packet, that the MKA session has not ended. The network device may continue, based on the MKA session having not ended, the MKA session by reactivating the MKA state.

Abstract: This disclosure describes a system including a plurality of access point (AP) devices configured to provide a wireless network at a site; and a network management system (NMS) including a memory storing client-side data collected by a plurality of client devices associated with the wireless network and storing location data associated with each of the plurality of client devices generated by a location engine in response to location requests issued by each of the plurality of client devices, and one or more processors coupled to the memory and configured to determine, based on at least one of the client-side data and the location data, one or more location metrics associated with the location requests issued by the plurality of client devices.

Abstract: Techniques are disclosed for inline security key exchanges between network devices. An example network device includes one or more processors and memory coupled to the one or more processors. The memory stores instructions that, upon execution, cause one or more processors to obtain a first payload key and obtain a path key. The instructions cause the one or more processors to encrypt a first payload of a first packet using the first payload key and insert the first payload key into first metadata of the first packet. The instructions cause the one or more processors to encrypt the first metadata using the path key and send the first packet to another network device.

Abstract: This disclosure describes a network management system (NMS) configured to determine a particular network device of a plurality of network devices based on a first user input in a conversational assistant. The one or more processors are further configured to identify a set of actionable insights for the particular network device based on network data received from the plurality of network devices and determine a set of views of a dashboard based at least on the set of actionable insights, wherein each view of the set of views displays a portion of the network data received from the plurality of network devices. The one or more processors are further configured to select a view of the set of views of the dashboard based on a second user input in the conversational assistant and cause the dashboard to display the selected view.

Abstract: A telemetry service can receive telemetry collection requirements that are expressed as an “intent” that defines how telemetry is to be collected. A telemetry intent compiler can receive the telemetry intent and translate the high level intent into abstract telemetry configuration parameters that provide a generic description of desired telemetry data. The telemetry service can determine, from the telemetry intent, a set of devices from which to collect telemetry data. For each device, the telemetry service can determine capabilities of the device with respect to telemetry data collection. The capabilities may include a telemetry protocol supported by the device. The telemetry service can create a protocol specific device configuration based on the abstract telemetry configuration parameters and the telemetry protocol supported by the device. Devices in a network system that support a particular telemetry protocol can be allocated to instances of a telemetry collector that supports the telemetry protocol.

Abstract: A first packet forwarding plane (PFE) of a network device may receive a packet and may perform a first lookup for the packet. The first PFE may provide the packet to a service plane based on the first lookup. The service plane may apply a service to the packet and may provide the packet to the first PFE. The first PFE may perform a second lookup. The first PFE may provide the packet to a second PFE of the network device based on the second lookup and may store flow information associated with the packet and second PFE information in a table. The network device may provide the flow information and the second PFE information from the table to the service plane to cause the service plane to send subsequent packets directly to the second PFE thereby saving fabric, memory, and processing bandwidth and improving overall network performance.

Abstract: The same prefix segment identifier (SID) may be configured and/or used for either (A) more than one prefix within an interior gateway protocol (IGP) domain, or (B) one prefix with more than one path computation algorithm within the IGP domain by: (a) receiving, by a node in the IGP domain, an IGP advertisement including both (1) a prefix SID and a segment routing global block (SRGB) slice identifier; (b) determining whether or not the SRGB slice identified by the SRGB slice identifier is provisioned on the node; and (c) responsive to a determination that the SRGB slice identified by the SRGB slice identifier is not provisioned on the node, not processing the prefix SID included in the received IGP advertisement, and otherwise responsive to a determination that the SRGB slice identified by the SRGB slice identifier is provisioned on the node, (1) processing the prefix SID and SRGB slice to generate a unique, per SRGB slice, MPLS label for the prefix, and (2) updating a label forwarding information base (LFIB)

Abstract: A network management system (NMS) is configured to control roaming in a wireless network using a variable mobility threshold. For a first wireless device associated with a current location, the NMS obtains at least one performance metric of a first wireless signal received by the first wireless device at the current location from a first AP of a plurality of APs, compares the at least one parameter of the first wireless signal to at least one performance metric of a second wireless signal received by at least one other wireless device at the current location from a second AP of the plurality of APs, and triggers a roaming operation of the first wireless device from the first AP to the second AP if the comparison satisfies a mobility threshold that varies based on the at least one performance metric of the first wireless signal.

Abstract: A computing system includes a storage device and processing circuitry having access to the storage device. The processing circuitry is configured to receive a sequence of channel state information (CSI) samples, and calculate, based on the sequence of CSI samples, frequency domain information including a set of frequency domain values for each frequency band of a plurality of frequency bands. The processing circuitry is further configured to select a set of frequency bands of the plurality of frequency bands; and calculate, based on the set of frequency domain values for each frequency band of the set of frequency bands, a set of similarity values. Additionally, the processing circuitry is configured to determine, based on the set of similarity values, information indicative of one or more characteristics of a space between a first computing device and a second computing device, and perform an action based on the information.

Abstract: Disclosed embodiments utilize a layer three and/or layer four protocol to collect physical layer properties along a multi-hop network path between a source node and a destination node. The use of a layer three or layer four protocol provides an ability to span multiple links or networks between the source node and destination node, while also collecting the physical layer properties. Once physical layer properties along a network path can be understood, decisions relating to the configuration of the network path and/or whether to communicate via the network path are improved.

Abstract: A device may receive license data identifying device licenses and organization licenses associated with an organization of users of a multi-tenant system, and may identify, in the license data, entitlements for licenses associated with the organization. The device may combine the entitlements to generate combined entitlements, and may determine an entitlement count of the combined entitlements. The device may add quantities of new entitlements to the entitlement count, and may identify, in the license data, roles of the users and capabilities associated with each of the roles. The device may map the entitlements and the capabilities to generate a mapping, and may authorize a particular user based on the mapping. The device may process usage of the entitlements, with a machine learning model, to predict future usage of the entitlements, and may determine entitlement recommendations based on the future usage. The device may provide the entitlement recommendations for display.

Abstract: In general, techniques are described for a creating a virtual network router within a software defined network (SDN) architecture. A network controller for the SDN architecture system may include processing circuitry that is configured to execute a configuration node and a control node. The configuration node may process a request by which to create a virtual network router (VNR), where the virtual network router may cause the network controller to interconnect a first virtual network (VN) and a second VN. The VNR may represent a logical abstraction of one or more policies that cause import and/or export of routing information between the first VN and the second VN. The control node configures the first VN and the second VN according to the one or more policies to enable the import and/or the export of routing information between the first VN and the second VN via the VNR.

Abstract: Techniques are disclosed for reporting diagnostics data by a first network device to a cloud-based Wide Area Network (WAN) assurance system, responsive to the first network device detecting a communication issue with the cloud-based WAN assurance system. For example, the first network device detects an issue with sending telemetry data to the cloud-based WAN assurance system via a first communication path. In response, the first network device determines a second network device that has connectivity to the WAN assurance system. The first network device sends diagnostics data to the second network device along a second communication path for forwarding to the cloud-based WAN assurance system. The cloud-based WAN assurance system receives the diagnostics data from the second network device. The cloud-based WAN assurance system controls the second network device to remediate the first network device based on the diagnostics data.

Abstract: In general, techniques are described for retrieving operational command response text from network devices. A collector network device comprising an interface and a processor may be configured to perform the techniques. The interface may receive, via a messaging bus between the network management system and a webserver, a first command to request management data stored by a managed network device, and send, in response to the first command, a second command to direct the managed network device to output the management data. The interface may also receive, from the managed network device, the management data. The processor may generate, from the management data, a plurality of partial responses that each includes a portion of the management data, where the interface may next send, via the messaging bus and to the webserver, each of the plurality of partial responses as a separate message.

Abstract: BIER architecture currently does not support anycast, in that each BIER Forwarding Router (BFR) has its own unique BFR-prefix and BFR-ID. BIER signaling protocols also check if there are duplicate BFR-IDs advertised. Anycast support with BIER is described. The description updates (e.g., relaxes and/or removes some requirements of) RFC 8279, RFC 8401, and RFC 8444.

Abstract: The present invention addresses the need for improved virtualized cloud infrastructure policy implementation and management in order allow real-time monitoring and optimization of virtualized resources. It provides systems and methods for real-time cloud infrastructure policy implementation and management that include a plurality of host devices, a plurality of real-time probe agents associated with the plurality of host devices operating on each of the plurality of host devices, and a policy engine communicatively coupled to the plurality of host devices and containing a policy associated with an application program deployed in at least one of the plurality of host devices. The policy engine is programmed to monitor in real time changes in deployment of the application program across the plurality of host devices and to push the policy to the real-time probe agent operating on each host device on which the application program is deployed.