Abstract: The present application describes systems and methods for secured network information transmission. A network tunnel may be established from a customer premises equipment (CPE) to a routing device at a provider site. The network tunnel may traverse over one or more networks while maintaining a secure path for data. A customer may indicate a chosen configuration for a CPE, and a device at a provider site, a customer device, and/or the CPE itself may automatically, or manually, configure the CPE based on the chosen configuration to allow and/or disallow certain customer network information from being received and/or transmitted through the network tunnel.

Abstract: A network filter request arbiter is provided. An interface (e.g., user interface and/or programmatic interface, such as an application programming interface (API)), is for configuring and automatically implementing one or more filters in an internal and/or external network. The filters may be used to stop distributed denial of service (DDOS) attacks and/or prevent malicious network traffic from reaching a target network or target device(s) within the target network. Filters implemented in a target network may also be distributed to other (e.g., upstream) networks. The distributed filters may similarly be used to stop DDOS attacks and/or prevent malicious network traffic from being carried by the networks and from reaching a target network or target device(s) within the target network.

Abstract: The present application describes systems and methods for filtering of malicious domain name system (DNS) queries. A DNS filter inspects a DNS query and drops the DNS query if the DNS query is deemed invalid. The DNS filter allows or drops the DNS query based on a set of rules. The set of rules includes one or more criteria for the validity or invalidity one or more DNS query attributes. The DNS filter logs the dropped DNS queries and provides them to the security analysis service for further investigation. In some examples, the DNS filter runs in a container or a virtual machine (VM) on the same system as the DNS server, or on a separate system in-line with the DNS servers.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.

Abstract: This disclosure describes systems, methods, and devices related to managing network capacity using cloud edge providers. A method may include identifying, by an edge device of a network, a request for network capacity received via an application programming interface (API), from a user of the network; identifying offers received via the API by cloud edge providers; determining that the network capacity is available at at least one of the cloud edge providers based on the offers; deploying an edge server at the at least one of the cloud edge providers based on the network capacity being available at the at least one of the cloud edge providers; and directing traffic between the user and the edge server based on the deployment.

Abstract: The present application describes systems and methods for network-based blocking threat intelligence. An access control list (ACL) generator may modify ACLs and provide modified ACLs to provider edge routers based on the capabilities of the provider edge routers. In some cases, an additional provider edge router that is more capable of implementing longer ACLs may be used. In some cases, a collector may identify when threat communications are bypassing provider edge routers with limited ACL lengths and provide the customer an opportunity to buy a better router or access to an additional router that supports longer or additional ACLs. A threat intelligence system may update (e.g., continuously update) the ACL provided to the ACL generator, and the ACL generator may accordingly update the modified ACLs provided to the provider edge routers.

Abstract: This disclosure describes systems, methods, and devices related to managing egress traffic from a network to one or more peer networks. A method may include generating, using a load balancer of a network, a dynamic logical egress traffic threshold for a peer network; determining, using the load balancer, that first traffic from the network to the peer network is below the logical egress traffic threshold; directing second traffic from the network to the peer network based on the determination that the first traffic is below the logical egress traffic threshold; determining, using the load balancer, that the second traffic from the network to the peer network has reached the logical egress traffic threshold; and directing third traffic from the network away from the peer network based on the determination that the second traffic has reached the logical egress traffic threshold.

Abstract: A route viewing system includes a computing system that receives information associated with one or more routes through a network, and identifies the routes that are associated with at least one illicit user computer used by an illicit user. The computing system then obtains a source location of a source address of the routes and a destination location of a destination address of the routes, and displays the routes on a geographical display at the source location of the source address and the destination location of the destination address of each of the routes.

Abstract: Novel tools and techniques are provided for implementing cloud-based voice calling service, video calling service, and/or over-the-top (“OTT”) services. In various embodiments, with a unified communications and collaboration interconnection (“UCCI”) interconnection established between separate hyperscalers or communication service providers that have separate administrative domains, Internet Protocol (“IP”) based communications services may be instantiated between a first user device or a first telephone number (or call identifier (“ID”)) via a first hyperscaler and a second user device or a second telephone number (or call ID) via a second hyperscaler, without touching or traversing the public switched telephone network (“PSTN”).

Abstract: Implementations described and claimed herein provide systems and methods for custom-defined network routing. In one implementation, a set of custom defined network flow rules is received at an edge router of a primary network, which is in communication with a customer network. The set of custom defined network flow rules correspond to network traffic associated with the customer network. The set of custom defined network flow rules is stored in a forwarding table on the edge router. A packet of data is received at the edge router. The packet of data is attributed to the customer network. The set of custom defined network flow rules is applied to the pack of data using the forwarding table.

Abstract: Embodiments provide system and methods for a DDoS service using a mix of mitigation systems (also called scrubbing centers) and non-mitigation systems. The non-mitigation systems are less expensive and thus can be placed at or near a customer's network resource (e.g., a computer, cluster of computers, or entire network). Under normal conditions, traffic for a customer's resource can go through a mitigation system or a non-mitigation system. When an attack is detected, traffic that would have otherwise gone through a non-mitigation system is re-routed to a mitigation system. Thus, the non-mitigation systems can be used to reduce latency and provide more efficient access to the customer's network resource during normal conditions. Since the non-mitigation servers are not equipped to respond to an attack, the non-mitigation systems are not used during an attack, thereby still providing protection to the customer network resource using the mitigation systems.

Abstract: Novel tools and techniques are provided for implementing emergency call record and address validation. In various embodiments, a computing system may simultaneously initiate two or more test calls among a plurality of test calls to an emergency service provider system. Each test call may simulate an emergency services validation call initiated from a telephone number among a plurality of telephone numbers associated with a corresponding plurality of users to request a determination as to whether a 911 or enhanced 911 (“E911”) address associated with the telephone number is an accurate 911 or E911 address. In response to receiving a corresponding plurality of call responses from the emergency service provider system, the computing system may analyze each call response to determine a result of each corresponding simulated emergency services validation call; and may send each determined result to a corresponding requesting party.

Abstract: A data network analysis system includes a computer-executable set of instructions that obtain service account information associated with a route provided to a customer through a data communication network having network elements. Using the service account information, the instructions identify a termination port that terminates the route to a customer premises equipment of the customer, and at least one target port of the route and those network elements that are assigned to convey the route through one or more of the network elements. The instructions then obtain the routing information for the route from each of the network elements that are assigned to convey the route.

Abstract: Direct to systems and methods for a service activation system in a telecommunications network that utilizes one or more generic container files for building the configuration file to instantiate the service on the network. A request for service from a network may be received from an order entry system that includes specific information about the requested service. A collection of generic configuration files may be selected based on the information included in the service order and arranged to build a configuration file to be executed on the network. The service activation system may also include a component or group of components to verify a received service order and alter the service order with default information or data where applicable. The configuration file may also be executed on the network through one or more drivers communicating with the affected devices to configure the one or more network devices.

Abstract: Aspects of the present disclosure involve systems and methods for a collaboration conferencing system to track a total number of concurrently utilized ports across any number of conferencing bridges of the network for a particular customer and one or more billing actions may occur based on this tracking. This may result in an alternate billing option for the customer's use of the system. Further, a telecommunications network administrator may provide access to the collaboration conferencing system based on a total number of concurrently utilized ports rather than on a per conference or per minute basis. With the information of the number of purchased ports by the customer, the administrator may more accurately predict an available capacity for the collaboration conferencing system needed to support all of the users of the system and the potential collaboration conferences.

Abstract: Novel tools and techniques are provided for implementing software-based network probes for monitoring network devices for fault management. In various embodiments, a computing system may receive, from at least one software-based network probe, a first alert associated with a first device among layer 4 devices disposed in a plurality of networks; may parse and store first alert data from the received first alert in a database, in a standardized format; may perform, using an enrichment system, enrichment of the first alert data, by retrieving first enrichment data from one or more second databases and adding the first enrichment data to the parsed and formatted first alert data in the first database to form first consolidated alert data; and may send the first consolidated alert data to a fault management system for display to a user to facilitate addressing of the first alert by the user.

Abstract: Novel tools and techniques are provided for implementing fraud or distributed denial of service (“DDoS”) protection for session initiation protocol (“SIP”)-based communication. In various embodiments, a computing system may receive, from a first router, first SIP data indicating a request to initiate a SIP-based media communication session between a calling party at a source address and a called party at a destination address. The computing system may analyze the received first SIP data to determine whether the received first SIP data comprises any abnormalities indicative of potential fraudulent or malicious actions. If so, the computing system may reroute the first SIP data to a security deep packet inspection (“DPI”) engine, which may perform a deep scan of the received first SIP data to identify any known fraudulent or malicious attack vectors contained within the received first SIP data. If so, the security DPI engine may initiate mitigation actions.

Abstract: FlowSpec is a mechanism for distributing rules to routers in a network. Such rules may be used, for example, to drop traffic associated with a distributed denial of service attack. However, a malformed or incorrect FlowSpec announcement may, if distributed in the network, cause legitimate traffic to be dropped, degrading the service experienced by legitimate users. As such, systems and methods for avoiding the distribution of malformed FlowSpec announcements are provided.

Abstract: A system and method for providing on-demand edge compute. The system may include an orchestrator that provides a UI and controls an abstraction layer for implementing a workflow for providing on-demand edge compute. The abstraction layer may include a network configuration orchestration (NCO) system (e.g., a Network-as-a-Service (NaaS) system) and an API that may provide an interface between the orchestrator and the NCO. The API may enable the orchestrator to communicate with the NCO for receiving requests that enable the NCO to integrate with existing network controllers, orchestrators, and other systems and perform various network provisioning tasks (e.g., to build and provision a communication path between server instances). The various tasks, when executed, may provide end-to-end automated network provisioning services as part of providing on-demand edge compute service to users. The API may further enable the ECS orchestrator to receive information from the NCO, (e.g.

Abstract: The present application describes providing an attestation level to a received communication. The attestation level may be used to communicate a level of security to a network or a called party that receives the communication. The attestation level associated with the communication may indicate to a destination network and/or recipient that the phone number associated with the communication is secure and/or the telephone number has not been spoofed.