Abstract: Disclosed is a system and method of providing a segment routing as a service application. The method includes receiving a configuration of an internet protocol environment. The configuration can be a layer 3 configuration of a single cloud environment or even across multiple cloud environments. The configuration defines routing, forwarding, and paths in the environment between different entities such as virtual machines. The method includes receiving a parameter associated with a workload of a tenant. The parameter can be a service level agreement (i.e., a best bandwidth available), a pathway requirement, a parameter associated with specific workload, and so forth. Based on the configuration and the parameter, the method includes generating tenant-defined layer 3 overlay segment routing rules that define how the workload of the tenant will route data in the internet protocol environment using segment routing.

Abstract: Systems, methods, and computer-readable media for orchestrating data center resources and user access to data. In some examples, a system can determine, at a first time, that a user will need, at a second time, access to data stored at a first location, from a second location. The system can identify a node which is capable of storing the data and accessible by a device from the second location. The system can also determine a first service parameter associated with a network connection between the device and the first location and a second service parameter associated with a network connection between the device and the node. When the second service parameter has a higher quality than the first service parameter, the system can migrate the data from the first location to the node so the device has access to the data from the second location through the node.

Abstract: In an embodiment, a data processing method comprises receiving, at a BIER replicator node that is programmed to implement Bit Index Explicit Replication (BIER) protocol, from a data source, a multicast stream packet identifying a service-level multicast group address; using the BIER replicator node, replicating the multicast stream packet according to BIER protocol and transmitting two or more replicated packet streams to two or more BIER receiver nodes that are programmed to implement BIER; using the two or more BIER receiver nodes, transmitting the two or more replicated packet streams to two or more receivers. Other embodiments may use modified iOAM (In-situ Operations, Administration, and Maintenance) techniques.

Abstract: In one embodiment, a device including a processor, and a memory to store data used by the processor, wherein the processor is operative to run a manufacturer usage description (MUD) controller operative to obtain a MUD profile of an Internet of Things (IoT) device from a MUD server, the MUD profile of the IoT device including: access rights of the IoT device, and any one or more of the following a default device username and/or a default device password of the IoT device, a recommended/required device password complexity of the IoT device, at least one service that should be enabled/disabled on the IoT device, and/or allowed security protocols and/or ciphers for communication to and/or from the IoT device, enforce security of the IoT device according to the MUD profile of the IoT device. Related apparatus and methods are also described.

Abstract: In one embodiment, a device obtains audio data from one or more past conferences. A prediction model that predicts when participants of a conference will speak is generated based on the audio data from the one or more past conferences. The device uses the prediction model to predict a speech distribution for participants of a particular conference. Then, the device proactively optimizes audio parameters of the particular conference based on its predicted speech distribution.

Abstract: Aggregated health information for a managed network may be retrieved and processed in response to changes to the managed network topology, configuration, or software. In response to receiving notification that a change to a component of the managed network has occurred, a change audit analysis engine can retrieve performance indicator information from components along a traceroute including the component which underwent the change. The retrieved performance indicator information can be processed by a memory based neural network to predict an impact of the change on the aggregated health of the managed network. The predicted impact can be compared to network health information retrieved through an ongoing basis and issues can be determined based on a comparison of the predict impact and the retrieved health information.

Abstract: Techniques are described herein for generating and deploying network topologies to implement machine learning systems. A topology deployment system may receive data representing a logical model corresponding to a machine learning system, and may analyze the machine learning system to determine various components and attributes of the machine learning system to be deployed. Based on the components and attributes of the machine learning system, the topology deployment system may select target resources and determine constraints for the deployment of the machine learning system. A corresponding network topology may be generated and deployed across one or a combination of workload resource domains. The topology deployment system also may monitor and update the deployed network topology, based on performance metrics of the machine learning system and/or the current status of the system in a machine learning pipeline.

Abstract: In one embodiment, a device including a processor, and a memory to store data used by the processor, wherein the processor is operative to run a manufacturer usage description (MUD) controller operative to obtain a MUD profile of an Internet of Things (IoT) device from a MUD server, the MUD profile of the IoT device including: access rights of the IoT device, and any one or more of the following a default device username and/or a default device password of the IoT device, a recommended/required device password complexity of the IoT device, at least one service that should be enabled/disabled on the IoT device, and/or allowed security protocols and/or ciphers for communication to and/or from the IoT device, enforce security of the IoT device according to the MUD profile of the IoT device. Related apparatus and methods are also described.

Abstract: In an embodiment, a computer implemented method comprises receiving, at a first computing device associated with a managing entity, a request to perform an operation of a managed service; publishing to a first block of a distributed ledger system, by the first computing device associated with the managing entity, identification information of the managing entity; identifying, by a second computing device associated with the managed service, the identification information published to the first block of the distributed ledger system; publishing to a second block of the distributed ledger system, by the second computing device associated with the managed service, acknowledgement information comprising an indication that the identification information of the managing entity published to the first block was received and verified; publishing to a third block of the distributed ledger system, by the second computing device associated with the managed service, management request information comprising an operation r

Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.

Abstract: In one embodiment, a device maintains a buffer of historical telemetry data of a particular type of telemetry. The device obtains new telemetry data of the particular type of telemetry. The device makes a state evaluation by comparing the new telemetry data to the buffer, to determine whether the new telemetry data is an outlier. The device sends a message indicative of the new telemetry data to a message bus for delivery to a recipient that is not subscribed to receive telemetry data of the particular type of telemetry, when the device determines that the new telemetry data is an outlier.

Abstract: Techniques for a network controller associated with a firewall service to determine a network policy based on operational tolerances associated with a device, and cause the network policy to be provisioned at the firewall service where control commands, such as, for example, supervisory control and data acquisition (SCADA) commands, may be allowed or denied transmission to the device based on the operational tolerance(s) associated with the device. In some examples, the network controller may be configured as a manufacturer usage description (MUD) controller configured to transmit a MUD uniform resource identifier (URI), emitted by the device, to a MUD file server associated with the manufacturer of the device. The MUD file may be enhanced to include the operational tolerances associated with the device and transmitted back to the MUD controller where it may be parsed to determine a corresponding network policy.

Abstract: Systems, methods, and computer-readable media are provided for dynamic allocation of network security resources and measures to network traffic between end terminals on a network and a network destination, based in part on an independently sourced reputation score of the network destination. In one aspect, a method includes receiving, at a cloud network controller, a request from an end terminal for information on a network destination; determining, at the cloud network controller, a reputation score for the network destination; determining, at the cloud network controller, one or more security measures to be applied when accessing the network destination, based on the reputation score; and communicating, by the cloud network controller, the one or more security measures to the end terminal, wherein the end terminal communicates the one or more security measures to a third-party security service provider for applying to communications between the end terminal and the network destination.

Abstract: Techniques are described herein for generating and deploying network topologies to implement machine learning systems. A topology deployment system may receive data representing a logical model corresponding to a machine learning system, and may analyze the machine learning system to determine various components and attributes of the machine learning system to be deployed. Based on the components and attributes of the machine learning system, the topology deployment system may select target resources and determine constraints for the deployment of the machine learning system. A corresponding network topology may be generated and deployed across one or a combination of workload resource domains. The topology deployment system also may monitor and update the deployed network topology, based on performance metrics of the machine learning system and/or the current status of the system in a machine learning pipeline.

Abstract: In one embodiment, a device inserts a watcher module between a first module and a second module in a low-code workflow. The device intercepts, via the watcher module, output data being passed by the first module to the second module. The device determines whether the output data represents a policy violation. The device blocks, via the watcher module, the output data from being input to the second module, when the output data represents a policy violation.

Abstract: In one embodiment, a device maintains a buffer of historical telemetry data of a particular type of telemetry. The device obtains new telemetry data of the particular type of telemetry. The device makes a state evaluation by comparing the new telemetry data to the buffer, to determine whether the new telemetry data is an outlier. The device sends a message indicative of the new telemetry data to a message bus for delivery to a recipient that is not subscribed to receive telemetry data of the particular type of telemetry, when the device determines that the new telemetry data is an outlier.

Abstract: Systems, methods, and computer-readable mediums for distributing machine learning model training to network edge devices, while centrally monitoring training of the models and controlling deployment of the models. A machine learning model architecture can be generated at a machine learning structure controller. The machine learning model architecture can be deployed to network edge devices in a network environment to instantiate and train a machine learning model at the network edge devices. Performance reports indicating performance of the machine learning model at the network edge devices can be received by the machine learning structure controller from the network edge devices.

Abstract: This disclosure describes techniques for authenticating a user. For instance, a system may initially generate and then store authentication data for later authenticating the user. The authentication data may include biometrics data (e.g., facial recognition data), credentials data (e.g., a username, password, etc.), and/or environmental data (e.g., object(s) located within an environment). Later, the system may receive image data generated by a user device of the user. In some examples, the system may then analyze the image data using one or more facial recognition techniques in order to identify the user. The system may then use the authentication data, such as the environmental data, to determine that the image data further represents the object(s). Based on determining that the image data further represents the object(s), the system may then verify the user for access to a resource.

Abstract: In one embodiment, a supervisory service for a wireless network obtains frequency-time Doppler profile information for an endpoint node attached to a first access point in the wireless network. The supervisory service uses the frequency-time Doppler profile information for the endpoint node as input to a machine learning model. The machine learning model is trained to output an action for the endpoint node with respect to the wireless network. The supervisory service causes the action for the endpoint node with respect to the wireless network to be performed.

Abstract: Systems and methods provide for Selective Tracking of Acknowledgments (STACKing) to improve buffer utilization and traffic shaping for one or more network devices. A network device can identify a first flow that corresponds to a predetermined traffic class and a predetermined congestion state. The device can determine a current window size and congestion threshold of the first flow. In response to a determination to selectively track a portion of acknowledgments of the first flow, the device can track, in main memory, information of a first portion of acknowledgments of the first flow. The device can exclude, from one or more buffers, a second portion of acknowledgments of the first flow. The device can re-generate and transmit segments corresponding to the second portion of acknowledgments at a target transmission rate based on traffic shaping policies for the predetermined traffic class and congestion state.