Abstract: Novel tools and techniques are provided for implementing software-based network probes for monitoring network devices for fault management. In various embodiments, a computing system may receive, from at least one software-based network probe, a first alert associated with a first device among layer 4 devices disposed in a plurality of networks; may parse and store first alert data from the received first alert in a database, in a standardized format; may perform, using an enrichment system, enrichment of the first alert data, by retrieving first enrichment data from one or more second databases and adding the first enrichment data to the parsed and formatted first alert data in the first database to form first consolidated alert data; and may send the first consolidated alert data to a fault management system for display to a user to facilitate addressing of the first alert by the user.

Abstract: A traffic controller device for distributing or otherwise controlling the distribution of routing information may be included in a telecommunications network. The traffic controller may receive routing tables from a plurality of network devices, such as one or more provider edge devices of the network. The traffic controller, upon receiving the routing information from the provider edge devices, may generate a routing table associated with each device providing the routing information. The traffic controller may also provide updates to one or more of the networking devices associated with the controller. The traffic controller may alter or update, at the traffic controller, the routing table associated with the target provider edge device based on the network policy. The routing information in the routing table for that device and maintained by the traffic controller may be updated with a new route or new local preferred parameter value.

Abstract: Dynamic and self-healing optimized traffic rerouting is provided. A system and method are described for determining and implementing optimized traffic routing decision. A route orchestration system monitors network resource performance characteristics information for identifying a traffic redirection triggering event and for determining an optimized traffic control decision based on the network resource performance characteristics information. The decision may include software defined networking (SDN) instructions that may be communicated to one or more network resources (e.g., PE devices, P devices, and/or routers) that may cause traffic to be rerouted the one or more targeted servers. For example, the optimized traffic control decision may be determined to improve load balancing amongst performing servers and other network resources in the network while reducing or minimizing administrative costs.

Abstract: Novel tools and techniques are provided for implementing predictive or preemptive machine learning (“ML”)-driven optimization of Internet protocol (“IP”)-based communications services. In various embodiments, a computing system may predict future provisioning demands for an IP-based communications system based on at least one of analysis of past IP-based communications patterns, analysis of current network condition data and current event data, and/or one or more trigger events, in some cases using a first ML model. The computing system may identify first (e.g., optimized) resource allocation based on the predicted future provisioning demands for the IP-based communications system, in some cases using a second ML model.

Abstract: Systems and methods for improved intelligent manipulation of distributed-denial-of-service (DDoS) attack traffic are provided. In implementations, a method may include receiving, at a traffic management system, a mirrored first stream of packets from a router on a first link and a mirrored second stream of packets from the router on a second link. The method may further include determining flow information about the first stream. In examples, the flow information may indicate that a challenge to a particular source IP address has been issued to test the legitimacy of the source IP address. The method may further include sending, by the traffic management system, a routing policy update based on the flow information.

Abstract: An identity and access management system including: a processor; and memory including instructions that, when executed by the processor, cause the processor to: receive an API token request for an authorization token to authorize an application function associated with a target API of an application; determine identity information from the API token request; retrieve attributes associated with the identity information; identify the target API and an API function profile associated with the target API for the application function; filter the attributes associated with the identity information based on the API function profile; generate the authorization token according to the filtered attributes; and transmit the authorization token in response to the API token request.

Abstract: Novel tools and techniques are provided for implementing optical frequency spectral optimization in dense wavelength division multiplexing (“DWDM”) flex grid systems. In various embodiments, based on a determination that one or more gaps of optical spectrum exist in a range of optical spectrum that contains one or more media channels that support transmission of corresponding one or more first signals, a computing system may determine a network wavelength service frequency assignment for shifting frequency of at least one media channel among the one or more media channels to optimize one or more spacings among the one or more media channels in the range of optical spectrum for supporting transmission of one or more second signals; and may cause one or more optical signal devices to shift a center frequency of each of the at least one media channel, based on the determined network wavelength service frequency assignment.

Abstract: This disclosure describes systems, methods, and devices related to estimating a provisioning of resources in a telecommunications network. A method may include receiving, at a first time, a user request for a service facilitated by a telecommunications network; identifying, based on the service, a device or port to which the user connects to access the telecommunications network; retrieving, using discovery commands, information from one or more additional devices in the telecommunications network; identifying, based on the information, a second device to which the device or port may connect to generate a path to an endpoint of the telecommunications network; identifying, based on the device or port and the second device, a path from the location of the user to the endpoint in the telecommunications network; generating an estimated time to provision the service using the path; and presenting, at the first time, the estimated time to provision the service.

Abstract: Novel tools and techniques are provided for implementing fraud or distributed denial of service (“DDoS”) protection for session initiation protocol (“SIP”)-based communication. In various embodiments, a computing system may receive, from a first router, first SIP data indicating a request to initiate a SIP-based media communication session between a calling party at a source address and a called party at a destination address. The computing system may analyze the received first SIP data to determine whether the received first SIP data comprises any abnormalities indicative of potential fraudulent or malicious actions. If so, the computing system may reroute the first SIP data to a security deep packet inspection (“DPI”) engine, which may perform a deep scan of the received first SIP data to identify any known fraudulent or malicious attack vectors contained within the received first SIP data. If so, the security DPI engine may initiate mitigation actions.

Abstract: Systems and methods for blocking spoofed traffic within communications networks include obtaining, at a computing system, routing information for an autonomous system of a communications network, the routing information identifying Internet Protocol (IP) addresses associated with the autonomous system. In response to receiving the routing information, the computing system generates a prefix list based on the routing information, the prefix list including one or more prefixes encompassing the IP addresses identified by the routing information. The computing system then transmits instructions to a network device of the communications network configured to cause the network device to update a filter function of the network device based on the prefix list such that the network device permits network traffic that originates from IP addresses within the prefixes of the prefix list.

Abstract: Examples of the present disclosure describe systems and methods for providing enhanced security in edge computing environments. A first aspect describes a method for moving security features dynamically applied to an application at a first deployment location to an application at a second deployment location. A second aspect describes a method for locally expanding/contracting an instance of a deployed application. A third aspect describes a method for redirected network traffic associated with detected malicious conduct from a first application deployment environment to a secured second application deployment environment. A fourth aspect describes a method for performing multi-stage network traffic filtering.

Abstract: Systems and methods for conference security based on user groups are disclosed. In examples, a set of attendees (e.g., in a collaboration group) may be allowed access to a meeting by a host user with a specified access permission. The collaboration group may be in the network hosting the meeting or outside of the network. An attendee requesting access to the meeting may be verified based on the attendee's identity and membership status of the collaboration group. If an attendee's identity is not identified or if the attendee is not a member of the collaboration group, the requesting attendee may be denied access to the meeting. If the requesting attendee's identity is verified and the attendee is a member of the collaboration group, the attendee is allowed access to the meeting with their specified access permission.

Abstract: The present disclosure describes a system and method for providing automated policy enforcement. The system and method may be implemented by a service provider to enforce a policy related to copyright infringement activities. According to an example, the policy may define a system of penalty (strike) levels for violations of the policy up to a maximum number of strikes. When a notification of a policy violation is received, the system may operate to determine whether to issue a strike in association with the notification. When a determination is made to issue a strike in association with a received notification a set of enforcement actions to perform in association with the issued strike may be selected and executed. The set of enforcement actions may terminate detected copyright infringement activities and reduce or otherwise limit the service provider's liabilities when such copyright infringement activities may occur.

Abstract: Novel tools and techniques are provided for implementing dynamic border gateway protocol (“BGP”) host route generation based on domain name system (“DNS”) resolution. In various embodiments, a computing system may receive, from a user device via a first network, a request to establish a communications link with an external device via a second network that is separate from the first network, based on a first uniform resource identifier (“URI”) indicative of a network location of the external device. The computing system may query a DNS resolver for an Internet Protocol (“IP”) address corresponding to a valid current IP address, based on the first URI, and may advertise the IP address and/or a route based on the IP address. A communications link may be established between the user device and the external device based on the IP address and/or the route.

Abstract: A data system is provided for analyzing and maintaining data obtained from one or more data sources on which the data system depends. The system includes a primary database including current values used by the system and a collection of executable algorithms used to generate the data maintained in the primary database. In response to receiving a notification regarding a change in one of the data sources, a dependency database is used to establish an execution order for algorithms of the algorithm collection that are directly or indirectly dependent on the changed data. The algorithms identified in the execution order are then executed in accordance with the execution order and the corresponding result is stored in the primary database. The system may include data harvesters adapted to recognize changes in the data sources and to generate and transmit corresponding change notifications when such changes occur.

Abstract: A security platform of a data network is provided that includes security services for computing devices in communication with the data network. The security platform may apply a security policy to the computing devices when accessing the Internet via a home network (or other customer network) and when accessing the Internet via a public or third party network. To provide security services to computing devices via the home network, the security platform may communicate with a security agent application executed on the router (or other gateway device) of the home network. In addition, each of the devices identified by the security profile for the home network may be instructed or otherwise be provided a security agent application for execution on the computing devices. The security agent application may communicate with the security platform when the computing device connects to the Internet over a third party or public access point.

Abstract: A method is disclosed for testing network devices for networks with a large traffic load utilizing one or more traffic load amplifiers to amplify the traffic load. The load amplifiers connected to the device may receive packets of an initial traffic load, multiply or copy the received packet, alter the destination address information in the header of the copied packets to generate packets with different destination addresses, and transmit the altered packets back to the device for further routing. The altered or copied packets may then be routed via the device back to the load amplifier for further amplification. Through this amplification process, a small initial load of packets may be amplified over and over by the load amplifiers until a target traffic load is achieved at the device to test the device performance at a large traffic load.

Abstract: A dynamic SRMS (DSRMS) in a MPLS network generates unique segment identifiers for nodes of the network lacking segment identifiers (SIDs). The DSRMS receives network information from other nodes of the network that may include, for example, Internal Gateway Protocol (IGP) routing information, advertised prefix values for the nodes, and label values used in MPLS routing. The DSRMS analyzes the information and identifies nodes of the network that are not associated with a SID. For each identified node, the DSRMS generates a unique SID and then announces the SID to other nodes within the network. Generating the unique SID may include executing a hashing function using the IP address of the identified node as an input.

Abstract: Novel tools and techniques are provided for implementing application programming interface (“API”)-based concurrent call path (“CCP”) provisioning. In various embodiments, in response to receiving a CCP provisioning request, a computing system may determine whether such a request would affect a set of trunk groups assigned to a customer based at least in part on network utilization data. If not, the computing system may cause the nodes in the network to increase or decrease, in near-real-time, the number of CCPs in at least one trunk group assigned to the customer based on the CCP provisioning request. If so, the computing system may cause the nodes in the network to increase or decrease, in near-real-time, the number of trunk groups assigned to the customer and may cause the nodes in the network to increase or decrease, in near-real-time, the number of CCPs in the updated number of trunk groups.

Abstract: A field device, including: a processor; and memory including instructions that, when executed by the processor, cause the processor to: login to a local node device physically connected to the field device; enable a common command protocol on the local node device; solicit information to configure the local node device; generate a command set in the enabled common command protocol according to the solicited information; and execute the command set to automatically commission the local node device to communicate with one or more other node devices commissioned in a first network.