Abstract: Aspects of the present disclosure involve systems and methods for a collaboration conferencing system to track a total number of concurrently utilized ports across any number of conferencing bridges of the network for a particular customer and one or more billing actions may occur based on this tracking. This may result in an alternate billing option for the customer's use of the system. Further, a telecommunications network administrator may provide access to the collaboration conferencing system based on a total number of concurrently utilized ports rather than on a per conference or per minute basis. With the information of the number of purchased ports by the customer, the administrator may more accurately predict an available capacity for the collaboration conferencing system needed to support all of the users of the system and the potential collaboration conferences.

Abstract: Novel tools and techniques are provided for implementing fraud or distributed denial of service (“DDoS”) protection for session initiation protocol (“SIP”)-based communication. In various embodiments, a computing system may receive, from a first router, first SIP data indicating a request to initiate a SIP-based media communication session between a calling party at a source address and a called party at a destination address. The computing system may analyze the received first SIP data to determine whether the received first SIP data comprises any abnormalities indicative of potential fraudulent or malicious actions. If so, the computing system may reroute the first SIP data to a security deep packet inspection (“DPI”) engine, which may perform a deep scan of the received first SIP data to identify any known fraudulent or malicious attack vectors contained within the received first SIP data. If so, the security DPI engine may initiate mitigation actions.

Abstract: Novel tools and techniques are provided for implementing software-based network probes for monitoring network devices for fault management. In various embodiments, a computing system may receive, from at least one software-based network probe, a first alert associated with a first device among layer 4 devices disposed in a plurality of networks; may parse and store first alert data from the received first alert in a database, in a standardized format; may perform, using an enrichment system, enrichment of the first alert data, by retrieving first enrichment data from one or more second databases and adding the first enrichment data to the parsed and formatted first alert data in the first database to form first consolidated alert data; and may send the first consolidated alert data to a fault management system for display to a user to facilitate addressing of the first alert by the user.

Abstract: FlowSpec is a mechanism for distributing rules to routers in a network. Such rules may be used, for example, to drop traffic associated with a distributed denial of service attack. However, a malformed or incorrect FlowSpec announcement may, if distributed in the network, cause legitimate traffic to be dropped, degrading the service experienced by legitimate users. As such, systems and methods for avoiding the distribution of malformed FlowSpec announcements are provided.

Abstract: A system and method for providing on-demand edge compute. The system may include an orchestrator that provides a UI and controls an abstraction layer for implementing a workflow for providing on-demand edge compute. The abstraction layer may include a network configuration orchestration (NCO) system (e.g., a Network-as-a-Service (NaaS) system) and an API that may provide an interface between the orchestrator and the NCO. The API may enable the orchestrator to communicate with the NCO for receiving requests that enable the NCO to integrate with existing network controllers, orchestrators, and other systems and perform various network provisioning tasks (e.g., to build and provision a communication path between server instances). The various tasks, when executed, may provide end-to-end automated network provisioning services as part of providing on-demand edge compute service to users. The API may further enable the ECS orchestrator to receive information from the NCO, (e.g.

Abstract: The present application describes providing an attestation level to a received communication. The attestation level may be used to communicate a level of security to a network or a called party that receives the communication. The attestation level associated with the communication may indicate to a destination network and/or recipient that the phone number associated with the communication is secure and/or the telephone number has not been spoofed.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.

Abstract: A method is disclosed for testing network devices for networks with a large traffic load utilizing one or more traffic load amplifiers to amplify the traffic load. The load amplifiers connected to the device may receive packets of an initial traffic load, multiply or copy the received packet, alter the destination address information in the header of the copied packets to generate packets with different destination addresses, and transmit the altered packets back to the device for further routing. The altered or copied packets may then be routed via the device back to the load amplifier for further amplification. Through this amplification process, a small initial load of packets may be amplified over and over by the load amplifiers until a target traffic load is achieved at the device to test the device performance at a large traffic load.

Abstract: A security platform of a data network is provided that includes security services for computing devices in communication with the data network. The security platform may apply a security policy to the computing devices when accessing the Internet via a home network (or other customer network) and when accessing the Internet via a public or third party network. To provide security services to computing devices via the home network, the security platform may communicate with a security agent application executed on the router (or other gateway device) of the home network. In addition, each of the devices identified by the security profile for the home network may be instructed or otherwise be provided a security agent application for execution on the computing devices. The security agent application may communicate with the security platform when the computing device connects to the Internet over a third party or public access point.

Abstract: The present application describes a system that uses endpoint data and network data to detect an anomaly. Once an anomaly is detected, the system may determine a severity of the anomaly by comparing the anomaly to a global database of known anomalies. The system may then initiate preventative measures to address the anomaly.

Abstract: This disclosure describes systems, methods, and devices related to analyzing data stored in a relational database. A method may include installing a structured query language (SQL) server on a host server; installing statistical analysis modules on the host server; executing the statistical analysis modules within a relational database of the SQL server to analyze data stored in the relational database; and generating outputs based on the execution of the statistical analysis modules within the relational database.

Abstract: A dynamic SRMS (DSRMS) in a MPLS network generates unique segment identifiers for nodes of the network lacking segment identifiers (SIDs). The DSRMS receives network information from other nodes of the network that may include, for example, Internal Gateway Protocol (IGP) routing information, advertised prefix values for the nodes, and label values used in MPLS routing. The DSRMS analyzes the information and identifies nodes of the network that are not associated with a SID. For each identified node, the DSRMS generates a unique SID and then announces the SID to other nodes within the network. Generating the unique SID may include executing a hashing function using the IP address of the identified node as an input.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for utilizing a CIC value field in signaling information of a communication to provide an identification of the ingress network to an egress or receiving network of a long distance telecommunications network. The system and method provides for the provisioning of a signaling CIC for an ingress trunkgroup or network to a telecommunications network for downstream signaling purposes by overriding a received CIC value with a provisioned CIC value specific to the ingress network. This provisioned CIC value identifies the ingress network to the long distance network to the egress network for use by the egress network.

Abstract: Novel tools and techniques are provided for implementing programmatical public switched telephone network (“PSTN”) trunking for cloud hosted applications. In various embodiments, a computing system may determine one or more first network interconnection characteristics associated with a first entity service provider within a call service network operated by a call network service provider. Based on the determined one or more first network interconnection characteristics associated with the first entity service provider, the computing system may cause a network provisioning application layer to establish one or more network interconnections between a first network associated with the first entity service provider and the call service network, in some cases, by establishing shared peering connections between the first network and the call service network.

Abstract: Implementations described and claimed herein provide systems and methods for intelligent node type selection in a telecommunications network. In one implementation, a customer set is obtained for a communications node in the telecommunications network. The customer set includes an existing customer set and a new customer set. A set of customer events is generated for a node type of the communications node using a simulator. The set of customer events is generated by simulating the customer set over time through a discrete event simulation. An impact of the customer events is modeled for the node type of the communications node. The node type is identified from a plurality of node types for a telecommunications build based on the impact of the customer events for the node type.

Abstract: A routing system can provide a Dynamic-Hybrid Forwarding Information Base (DHFIB). A control component of the routing system can build a routing table that includes routing information (e.g., prefixes, addresses, etc.) for use by a first routing component. The routing table can be ordered or ranked based on traffic information from the first routing component. Then, the control component can create the DHFIB from the routing table, wherein the DHFIB is a portion of the routing table and related to the first routing component. As such, the portion of the routing table selected for the DHFIB can be the set of prefixes in the routing table that represent the most frequently routed or most important prefixes in the routing table. Finally, the control component can forward the DHFIB to the first routing component to allow the routing component to route communications.

Abstract: Systems and methods for receiving information on network firewall policy configurations are disclosed. Based on the received firewall configuration information, a configuration of a firewall and/or subnet of network devices is automatically provisioned and/or configured to control network traffic to and from the subnet.

Abstract: This disclosure describes systems, methods, and devices related to automating and testing communication network topologies.

Abstract: Examples of the present disclosure relate to an AI-supported CDN. In examples, a data processing engine processes log data of a CDN node according to a model to identify an issue. An issue indication is provided to a solution generation engine, which generates a set of solutions to automatically resolve the issue. The set of solutions is provided to a solution implementation engine, which iteratively implements solutions to resolve the issue using solution implementation information associated with a given solution. Thus, the data processing engine need not have knowledge regarding the specific hardware and/or software used within the CDN. Similarly, the solution generation engine need not have knowledge of the structure of the CDN and/or configuration of devices associated with the identified issue, such that the solution implementation engine provides a layer of abstraction between a solution and the implementation-specific details used to implement the solution within the CDN.

Abstract: Aspects of the present disclosure involve systems, methods, for encoding a firewall ruleset into one or more bit arrays for fast determination of processing of a received communication packet by a firewall device associated with a network. Through this bitmap, a number of computation operations needed to determine a processing rule for a received packet is significantly reduced compared to the traditional approach of using a hash or a longest prefix match technique. Rather, determining a processing rule for a received packet may include determining a bit value within one or more arrays. In one implementation, a firewall rule may be encoded into a 64-bit array of bit values in which each bit of the array corresponds to a particular processing rule for a particular network address. The firewall rule may be encoded into a bitmap array of bit values by asserting a particular bit within the array.