Abstract: In one example embodiment, at least one processor determines an impact of an event on a network to a network application based on network data and telemetry information of the network application. The telemetry information of the network application is obtained from the network application placed under conditions corresponding to the event. The at least one processor adjusts operation of the network application based on the impact.

Abstract: Techniques are described for generating an end-to-end distributed trace in connection with a cloud or datacenter environment. In one example, a server obtains target application telemetry data and external telemetry data associated with one or more correlation identifiers included in one or more network communications provided to a target application in the cloud or datacenter environment. The server aggregates the target application telemetry data and the external telemetry data based on the one or more correlation identifiers to generate an end-to-end distributed trace associated with the one or more network communications.

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.

Abstract: Techniques for ultra-short-term resource forecasting for a network device are described. A selection of a time series algorithm from a set of time series algorithms for determining capacity right-sizing of a local resource is received, the is selection based at least in part on current local traffic conditions. Based on current local traffic conditions, parameter values to be used in the algorithm are determined, the parameters are associated with the time series algorithm selection. A number of data points for input to the time series algorithm are determined, the data points are a sequence of values representing an amount of the local resource used by the network device at a point in time and are collected at predetermined time intervals. Based on a calculation of the time series algorithm using the number of data points and parameter values, the right-size capacity of the local resource for the network device is determined and provided.

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical proximity of the device to one or more other authenticated devices. An example method includes performing a first authentication of a first device or a first user and connecting the first device to a protected resource. Based on determining that the first device is within a threshold distance of a second, authenticated, device, a reauthentication interval is selected. Based on determining that the reauthentication interval has expired, a second authentication is initiated by transmitting, to the first device or a third device associated with the first user, a request for an authentication factor.

Abstract: This disclosure describes techniques for implementing centralized path computation for routing in hybrid information-centric networking protocols implemented as a virtual network overlay. A method includes receiving an interest packet header from a forwarding router node of a network overlay. The method further includes determining an interest path of the interest packet and one or more destination router nodes of the network overlay. The method further includes computing one or more paths over the network overlay. The method further includes determining an addressing method for the one or more computed paths over the network overlay. The method further includes performing at least one of encoding each computed path in a data packet header, and encoding each computed path as state entries of each router node of the network overlay on each respective path. The method further includes returning the computed path information to the forwarding router node.

Abstract: In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.

Abstract: In one embodiment, a method includes generating a security policy and converting the security policy into a chaos hypothesis. The method also includes initiating execution of the chaos hypothesis across a plurality of microservices within a technology stack. The method further includes receiving metrics associated with the execution of the chaos hypothesis across the plurality of microservices within the technology stack.

Abstract: Techniques to add environmental-impact and energy sustainability criteria and support to service function chains (SFCs). These techniques enabling steering of network traffic that carries energy sustainability related metadata within in an SFC based on energy sustainability or “green criteria.” This allows for achieving, for example, so-called “green Operations, Administration and Maintenance (OAM)”, whether realized with Network Service Header (NSH), Segment Routing, Multi-protocol Label Switching (MPLS), etc. In other words, these techniques enhance service functions (SFs) and SFCs to allow for finding an energy sustainable or green path in an SFC, and to allow for conveying environmental information as in-line metadata.

Abstract: Techniques for determining an optimal connection path by a NHNaaS are described. The techniques may include receiving a registration from an IPS that includes service ISP service parameters, and storing the registration in a NaaS database. A request to connect to a remote service from a user device, including user parameters required is received. ISPs having respective service parameters compatible with the user parameters are identified in the NaaS database. Multiple paths offered by the service providers between the user device and the remote service are determined. Network performance data for each path is received from a network monitoring service. Using the network performance data, an optimal path for establishing the connection is identified. A request to instantiate a tunnel between the user device and remote service is transmitted to the service providers along the optimal path and the tunnel information is transmitted to the user device.

Abstract: A method includes associating anomalous first text, from a first unstructured data set, with a first classification; processing the first unstructured data set using at least one of ML or AI to identify a second text that is in close context to the first text, and adding the second text to a text list associated with the first classification; enriching the text list by processing the second text to generate a third text, and adding the third text to the text list to produce an enriched text list and such that the third text is also associated with the first classification; matching the text in the enriched text list to text in a second unstructured data set; and classifying the text in the second unstructured data set as having the first classification when the text in the second unstructured data set matches text in the enriched text list.

Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.

Abstract: This disclosure describes techniques for enabling selective connections between user devices and trusted network devices. An example method includes receiving a beacon from a network device. The beacon includes a trust level of the network device. The method further includes determining that the trust level of the network device satisfies a predetermined trust criterion. Based on determining that the trust level of the network device satisfies the predetermined trust criterion, the method includes transmitting a connection request to the network device. Further, user data is received from the network device.

Abstract: Systems, methods, and computer-readable for cognitive sensor fusion management include obtaining one or more data streams from one or more sensors. Learning algorithms are used for determining whether a combination of the one or more data streams includes sufficient information for achieving a desired outcome, based on context, business verticals, or other considerations. One or more modifications are determined to at least the one or more data streams or one or more sensors based on whether the combination of the one or more data streams includes sufficient information for achieving the desired outcome. In a closed-loop system, feedback from implementing the one or more modifications can be used to update the desired outcome.

Abstract: Failure prediction signaling and cognitive user migration may be provided. A client device may receive at least a portion of failure prediction data. The client device may then analyze the at least the portion of the failure prediction data. The client device may then roam from a first computing device to a second computing device in response to analyzing the at least the portion of the failure prediction data.

Abstract: Techniques for identifying nodes in a data center fabric that are affected by a failure in the fabric, and selectively sending disaggregation advertisements to the nodes affected by the failure. The techniques include a process where a component monitors the network fabric to identify communication paths between leaf nodes, and determines what leaf nodes would be affected by a failure in those communication paths. The component may detect a failure in the network and determine which communication paths, and thus which leaf nodes, are affected by the failure and send disaggregation advertisements to the affected leaf nodes. In some examples, ingress leaf nodes send data through the fabric that indicate egress nodes for the communication paths. Intermediate nodes along may receive the data from the leaf nodes to identify communication paths, and the notify only affected nodes upon detecting a failure in the network.

Abstract: In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.

Abstract: Techniques for policy-based failure handling of data that is received for processing by failed edge services are described herein. The techniques may include receiving, at an edge node of a network, a data handling policy for a service hosted on the edge node. The service may be configured to process traffic on behalf of an application hosted by a cloud-based platform. In some examples, the data handling policy may be stored in a memory that is accessible to the edge node. The techniques may also include receiving traffic at the edge node that is to be processed at least partially by the service. At least partially responsive to detecting an error associated with the service, the edge node may cause the traffic to be handled according to the data handling policy while the service is experiencing the error.

Abstract: This disclosure describes techniques for enabling selective connections between user devices and trusted network devices. An example method includes receiving a beacon from a network device. The beacon includes a trust level of the network device. The method further includes determining that the trust level of the network device satisfies a predetermined trust criterion. Based on determining that the trust level of the network device satisfies the predetermined trust criterion, the method includes transmitting a connection request to the network device. Further, user data is received from the network device.

Abstract: Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.