Abstract: A node may receive, from a quantum key-distribution (QKD) device, a first message that includes an identifier associated with a key. The node may send, to another node, a second message that includes the identifier and a request to perform at least one task. A node may receive, from the other node, a third message that includes information associated with performance of the at least one task by the other node and information indicating a time of performance. The node may receive, from the QKD device, a fourth message that includes the key and information indicating a time window associated with the quantum key; wherein the fourth message is received after expiration of the time window. The node may process, based on the fourth message, the third message to determine whether the third message is valid and thereby cause one or more actions to be performed.

Abstract: An example method includes obtaining, by one or more processors, data indicating resource dependencies between a plurality of resources in a network and event dependencies between a plurality of network events and one or more of the plurality of resources; generating a Bayesian model based on resource types of the plurality of resources and event types of the plurality of network events; receiving an indication of a fault in the network; collecting fault data and generating, based on the Bayesian model and the fault data, a plurality of root cause hypotheses for the fault; ordering the plurality of root cause hypotheses based on respective root cause probabilities associated with the plurality of root cause hypotheses; and outputting the ordered plurality of root cause hypotheses.

Abstract: A node may receive, from a quantum key-distribution (QKD) device, a first message that includes an identifier associated with a key. The node may send, to another node, a second message that includes the identifier and a request to perform at least one task. A node may receive, from the other node, a third message that includes information associated with performance of the at least one task by the other node and information indicating a time of performance. The node may receive, from the QKD device, a fourth message that includes the key and information indicating a time window associated with the quantum key; wherein the fourth message is received after expiration of the time window. The node may process, based on the fourth message, the third message to determine whether the third message is valid and thereby cause one or more actions to be performed.

Abstract: An example method includes obtaining, by one or more processors, data indicating resource dependencies between a plurality of resources in a network and event dependencies between a plurality of network events and one or more of the plurality of resources; generating a Bayesian model based on resource types of the plurality of resources and event types of the plurality of network events; receiving an indication of a fault in the network; collecting fault data and generating, based on the Bayesian model and the fault data, a plurality of root cause hypotheses for the fault; ordering the plurality of root cause hypotheses based on respective root cause probabilities associated with the plurality of root cause hypotheses; and outputting the ordered plurality of root cause hypotheses.

Abstract: A removable quantum random number generator (QRNG) of a network device may generate one or more packets with random payloads, and may provide the one or more packets with the random payloads to a component of the network device. The component of the network device may cause the one or more packets with the random payloads to be forwarded to a destination address.

Abstract: A method to determine, by a computing system, a trust score for a network entity in a computer network, the trust score for the network entity indicating a level of trust in the network entity; and modifying, by the computing system, a traffic pattern of the computer network based on the trust score for the network entity.

Abstract: A node may receive, from a quantum key-distribution (QKD) device, a first message that includes an identifier associated with a key. The node may send, to another node, a second message that includes the identifier and a request to perform at least one task. A node may receive, from the other node, a third message that includes information associated with performance of the at least one task by the other node and information indicating a time of performance. The node may receive, from the QKD device, a fourth message that includes the key and information indicating a time window associated with the quantum key; wherein the fourth message is received after expiration of the time window. The node may process, based on the fourth message, the third message to determine whether the third message is valid and thereby cause one or more actions to be performed.

Abstract: An apparatus includes a first communication interface configured to be communicatively coupled, via an optical line, to a network device that is disposed in an optical network using wavelength division multiplexing (WDM). The apparatus also includes a second communication interface configured to be communicatively coupled to a router via an Ethernet connection. The apparatus also includes a signal generator operatively coupled to the first communication interface and the second communication interface. The signal generator is configured to generate an Ethernet signal representing at least one attribute of the optical line between the first communication interface and the network device. The second communication interface is configured to transmit the Ethernet signal to the router.

Abstract: In some examples, a system includes a router device and a first adapter device in communication with the router device. The first adapter device includes processing circuitry configured to: communicate with the router device, wherein the router device is incapable of communicating in accordance with the MACsec protocol. The processing circuitry is further configured to establish an encrypted connection in accordance with the MACsec protocol between the first adapter device and a remote device, determine that the encrypted connection is offline, and output a message to the router device that the encrypted connection is offline. The router device is configured to communicate with the remote device via a second adapter device configured to communicate in accordance with the MACsec protocol and bypass the first adapter device.

Abstract: An apparatus includes a reconfigurable optical add/drop multiplexer (ROADM) having an input port to receive a first optical signal from a second device. The ROADM also includes a first wavelength selective switch (WSS), in optical communication with the input port, to convert the first optical signal into a second optical signal, a loopback, in optical communication with the first WSS, to transmit the second optical signal, and a second WSS, in optical communication with the loopback, to convert the second optical signal to a third optical signal and direct the third optical signal back to the second device via the input port.

Abstract: Disclosed embodiments utilize a layer three and/or layer four protocol to collect physical layer properties along a multi-hop network path between a source node and a destination node. The use of a layer three or layer four protocol provides an ability to span multiple links or networks between the source node and destination node, while also collecting the physical layer properties. Once physical layer properties along a network path can be understood, decisions relating to the configuration of the network path and/or whether to communicate via the network path are improved.

Abstract: An apparatus includes a reconfigurable optical add/drop multiplexer (ROADM) having an input port to receive a first optical signal from a second device. The ROADM also includes a first wavelength selective switch (WSS), in optical communication with the input port, to convert the first optical signal into a second optical signal, a loopback, in optical communication with the first WSS, to transmit the second optical signal, and a second WSS, in optical communication with the loopback, to convert the second optical signal to a third optical signal and direct the third optical signal back to the second device via the input port.

Abstract: Disclosed embodiments utilize a layer three and/or layer four protocol to collect physical layer properties along a multi-hop network path between a source node and a destination node. The use of a layer three or layer four protocol provides an ability to span multiple links or networks between the source node and destination node, while also collecting the physical layer properties. Once physical layer properties along a network path can be understood, decisions relating to the configuration of the network path and/or whether to communicate via the network path are improved.

Abstract: An apparatus includes a reconfigurable optical add/drop multiplexer (ROADM) having an input port to receive a first optical signal from a second device. The ROADM also includes a first wavelength selective switch (WSS), in optical communication with the input port, to convert the first optical signal into a second optical signal, a loopback, in optical communication with the first WSS, to transmit the second optical signal, and a second WSS, in optical communication with the loopback, to convert the second optical signal to a third optical signal and direct the third optical signal back to the second device via the input port.

Abstract: A method to determine, by a computing system, a trust score for a network entity in a computer network, the trust score for the network entity indicating a level of trust in the network entity; and modifying, by the computing system, a traffic pattern of the computer network based on the trust score for the network entity.

Abstract: Embodiments improve error detection and recovery in media access control security sessions. A MACsec session is torn down after three liveness time intervals elapse without receiving a MACsec key exchange protocol data unit (MKPDU) from a remote peer. This delay between a cessation of effective network communication over the MACsec session and the expiration of the three “liveness” intervals results in increased packet loss and an increased network convergence time as a network continues to route/forward data over the MACsec session for a period of time after the MACsec session has entered secure block mode. To solve this problem, embodiments define a new alarm, called a MACsec link alert, which is raised earlier than a MACsec session timeout generated by traditional embodiments. The MACsec link alert is raised, by at least some embodiments, after a failure to successfully receive an MKPDU from the remote peer after a single MACsec “liveness” timeout interval elapses.

Abstract: An apparatus includes a first communication interface configured to be communicatively coupled, via an optical line, to a network device that is disposed in an optical network using wavelength division multiplexing (WDM). The apparatus also includes a second communication interface configured to be communicatively coupled to a router via an Ethernet connection. The apparatus also includes a signal generator operatively coupled to the first communication interface and the second communication interface. The signal generator is configured to generate an Ethernet signal representing at least one attribute of the optical line between the first communication interface and the network device. The second communication interface is configured to transmit the Ethernet signal to the router.

Abstract: Embodiments improve error detection and recovery in media access control security sessions. A MACsec session is torn down after three liveness time intervals elapse without receiving a MACsec key exchange protocol data unit (MKPDU) from a remote peer. This delay between a cessation of effective network communication over the MACsec session and the expiration of the three “liveness” intervals results in increased packet loss and an increased network convergence time as a network continues to route/forward data over the MACsec session for a period of time after the MACsec session has entered secure block mode. To solve this problem, embodiments define a new alarm, called a MACsec link alert, which is raised earlier than a MACsec session timeout generated by traditional embodiments. The MACsec link alert is raised, by at least some embodiments, after a failure to successfully receive an MKPDU from the remote peer after a single MACsec “liveness” timeout interval elapses.

Abstract: An example method includes obtaining, by one or more processors, data indicating resource dependencies between a plurality of resources in a network and event dependencies between a plurality of network events and one or more of the plurality of resources; generating a Bayesian model based on resource types of the plurality of resources and event types of the plurality of network events; receiving an indication of a fault in the network; collecting fault data and generating, based on the Bayesian model and the fault data, a plurality of root cause hypotheses for the fault; ordering the plurality of root cause hypotheses based on respective root cause probabilities associated with the plurality of root cause hypotheses; and outputting the ordered plurality of root cause hypotheses.

Abstract: Disclosed embodiments utilize a layer three and/or layer four protocol to collect physical layer properties along a multi-hop network path between a source node and a destination node. The use of a layer three or layer four protocol provides an ability to span multiple links or networks between the source node and destination node, while also collecting the physical layer properties. Once physical layer properties along a network path can be understood, decisions relating to the configuration of the network path and/or whether to communicate via the network path are improved.