Abstract: In one embodiment, a method comprises detecting, by an apparatus, establishment of a stateful application session between a mobile endpoint device and a stateful virtualized application executed by a first virtualization host in a data network, the mobile endpoint device establishing a network connection with the stateful virtualized application via a first wireless connection with a first network access point; generating, by the apparatus, a connection container comprising a connection identifier uniquely identifying the network connection, connection metadata describing the network connection, and application state metadata describing execution of the stateful virtualized application for the mobile endpoint device; and outputting, by the apparatus, the application state metadata for continuous execution of the stateful virtualized application by a second virtualization host associated with a second network access point, based on determining the mobile endpoint device connecting with the second network acces

Abstract: Systems and methods provide for generating traffic class-specific congestion signatures and other machine learning models for improving network performance. In some embodiments, a network controller can receive historical traffic data captured by a plurality of network devices within a first period of time that the network devices apply one or more traffic shaping policies for a predetermined traffic class and a predetermined congestion state. The controller can generate training data sets including flows of the historical traffic data labeled as corresponding to the predetermined traffic class and predetermined congestion state. The controller can generate, based on the training data sets, traffic class-specific congestion signatures that receive input traffic data determined to correspond to the predetermined traffic class and output an indication whether the input traffic data corresponds to the predetermined congestion state.

Abstract: In one embodiment, a system includes a central hub comprising a power source, a data switch, a coolant system, and a management module, a plurality of network devices located within an interconnect domain of the central hub, and at least one combined cable connecting the central hub to the network devices and comprising a power conductor, a data link, a coolant tube, and a management communications link contained within an outer cable jacket.

Abstract: In one embodiment, a device including a processor, and a memory to store data used by the processor, wherein the processor is operative to run a manufacturer usage description (MUD) controller operative to obtain a MUD profile of an Internet of Things (IoT) device from a MUD server, the MUD profile of the IoT device including: access rights of the IoT device, and any one or more of the following a default device username and/or a default device password of the IoT device, a recommended/required device password complexity of the IoT device, at least one service that should be enabled/disabled on the IoT device, and/or allowed security protocols and/or ciphers for communication to and/or from the IoT device, enforce security of the IoT device according to the MUD profile of the IoT device. Related apparatus and methods are also described.

Abstract: In one embodiment, a classification device in a computer network analyzes data from a given device in the computer network, and classifies the given device as a particular type of device based on the data. The classification device may then determine whether a manufacturer usage description (MUD) policy exists for the particular type of device. In response to there being no existing MUD policy for the particular type of device, the classification device may then determine patterns of the analyzed data, classify the patterns into context-based policies, and generate a derived MUD policy for the particular type of device based on the context-based policies. The classification device may then apply one of either the existing or derived MUD policy for the given device within the computer network.

Abstract: In one embodiment, an Internet of Things (IoT) device in a network establishes connections with a plurality of peers. The device identifies an event involving the IoT device. The device generates a GOAWAY message that includes metadata regarding the event within a metadata field of the message. The GOAWAY message indicates that the IoT device is not accepting new connections. The device sends the GOAWAY message to one or more of the peers.

Abstract: In one embodiment, a method comprises detecting, by an apparatus, establishment of a stateful application session between a mobile endpoint device and a stateful virtualized application executed by a first virtualization host in a data network, the mobile endpoint device establishing a network connection with the stateful virtualized application via a first wireless connection with a first network access point; generating, by the apparatus, a connection container comprising a connection identifier uniquely identifying the network connection, connection metadata describing the network connection, and application state metadata describing execution of the stateful virtualized application for the mobile endpoint device; and outputting, by the apparatus, the application state metadata for continuous execution of the stateful virtualized application by a second virtualization host associated with a second network access point, based on determining the mobile endpoint device connecting with the second network acces

Abstract: In one embodiment, a system includes a central hub comprising a power source, a data switch, a coolant system, and a management module, a plurality of network devices located within an interconnect domain of the central hub, and at least one combined cable connecting the central hub to the network devices and comprising a power conductor, a data link, a coolant tube, and a management communications link contained within an outer cable jacket.

Abstract: In one example embodiment, a proxy for a network obtains a traffic flow. The proxy determines whether a security policy in a whitelist for the traffic flow is active. If it is determined that the security policy for the traffic flow is active, the proxy selectively decrypts the traffic flow to produce one or more traffic flow attributes and, based on the one or more traffic flow attributes, determines whether the traffic flow is potentially malicious.

Abstract: Systems, methods, and computer-readable mediums for distributing machine learning model training to network edge devices, while centrally monitoring training of the models and controlling deployment of the models. A machine learning model architecture can be generated at a machine learning structure controller. The machine learning model architecture can be deployed to network edge devices in a network environment to instantiate and train a machine learning model at the network edge devices. Performance reports indicating performance of the machine learning model at the network edge devices can be received by the machine learning structure controller from the network edge devices.

Abstract: Presented herein are methodologies to on-board and monitor Internet of Things (IoT) devices on a network. The methodology includes receiving at a server, from a plurality of IoT devices communicating over a network, data representative of external environmental factors being experienced by individual ones of the plurality of IoT devices at a predetermined location; generating, using machine learning, an aggregated model of the external environmental factors at the predetermined location; receiving, at the server, a communication indicative that a new IoT device seeks to join the network at the predetermined location; receiving, from the new IoT device, data representative of external environmental factors being experienced by the new IoT device; determining whether there is a discrepancy between the external environmental factors of the new IoT device and the aggregated model; and when there is such a discrepancy, prohibiting the new IoT device from joining the network.

Abstract: Techniques for establishing network policy parameters for an internet of things (IoT) device. A first network message is received from the IoT device using a cellular communication network. The first network message includes a protocol configuration options (PCO) element including a network policy identifier relating to the IoT device. A packet data network gateway (PGW) in the cellular communication network determines network policy parameters relating to the IoT device and the cellular communication network, based on the policy identifier. The network policy parameters for the IoT device are established in the cellular communication network.

Abstract: Automatic, adaptive stimulus generation includes receiving, at a network device that is associated with a network or system, analytics data that provides an indication of how the network or system is responding to a set of test stimuli introduced into the network or system to facilitate an analysis operation. The network device analyzes the analytics data based on an intended objective for the analysis operation and generates control settings based on the analyzing. The control settings control creation of a subsequent stimulus to be introduced into the network or system during subsequent execution of the analysis operation.

Abstract: Techniques for orchestrating a machine learning (ML) system on a distributed network. Determined performance levels for a ML system, determined from performance data received from the distributed network, are compared to performance requirements from the ML system. An orchestration module for the ML system then determines adjustments for the ML system that will improve the performance of the ML system and executes the adjustments for the ML system.

Abstract: In one embodiment, a server determines a particular computer network outside of a lab environment to recreate, and also determines, for the particular computer network, hardware components and their interconnectivity, as well as installed software components and their configuration. The server then controls interconnection of lab hardware components within the lab environment according to the interconnectivity of the hardware components of the particular computer network. The server also installs and configures lab software components on the lab hardware components according to the configuration of the particular computer network. Accordingly, the server operates the installed lab software components on the interconnected lab hardware components within the lab environment to recreate operation of the particular computer network within the lab environment, and provides information about the recreated operation of the particular computer network.

Abstract: Techniques for establishing network quality of service for an internet of things device are described. A manufacturer usage description identifier relating to the internet of things device is received. The internet of things device is coupled to a communication network. Quality of service parameters relating to the internet of things device and the communication network are determined based on the manufacturer usage description identifier. The quality of service parameters are provided to a network policy controller.

Abstract: In one embodiment, an apparatus includes a multi-socket motherboard, a processor connected to a first socket on the multi-socket motherboard, and an RDMA (Remote Direct Memory Access) interface module connected to a second socket on the multi-socket motherboard and in communication with the processor over a coherency interface. The RDMA interface module provides an inter-server interface between servers in an RDMA domain. A method for transferring data between servers with RDMA interface modules is also disclosed herein.

Abstract: In one embodiment, an apparatus comprising at least one memory, and processing circuitry, the processing circuitry adapted to obtain combined data, the combined data including policy data, or a pointer to the policy data, the policy data relating to general access for an Internet of Things (IoT) device, and update metadata, or a pointer to the update metadata, the update metadata relating to at least one update that is relevant to the IoT device in accordance with at least one criterion, and cause access of the IoT device to the at least one update to be in accordance with an update specific policy that is based on the combined data.

Abstract: In one embodiment, a first wireless unmanned aerial vehicle (UAV)-locating signal is transmitted by a wireless network access point in a network based on a first UAV-locating mode selected from a plurality of UAV-locating modes. The wireless network access point receives a wireless signal in response to the first transmitted UAV-locating signal, the wireless signal indicative of a location of an airborne UAV, and causes the determination of the location of the airborne UAV based on the received wireless signal. The wireless network access point transmits a second wireless UAV-locating signal based on a second UAV-locating mode selected from the plurality of UAV-locating modes. The selected UAV-locating modes control an emission pattern of an antenna of the wireless network access point.

Abstract: In one example embodiment, a proxy for a network obtains a traffic flow. The proxy determines whether a security policy in a whitelist for the traffic flow is active. If it is determined that the security policy for the traffic flow is active, the proxy selectively decrypts the traffic flow to produce one or more traffic flow attributes and, based on the one or more traffic flow attributes, determines whether the traffic flow is potentially malicious.