Abstract: In one embodiment, a device obtains testing parameters used by a plurality of agents in a network to perform testing with respect to an online application. The device identifies overlapping parameters among the testing parameters and generates a consolidated set of testing parameters for the overlapping parameters. The device configures the plurality of agents such that a singular testing agent performs testing with respect to the online application using the consolidated set of testing parameters instead of multiple testing agents performing testing with respect to the online application using the overlapping parameters.

Abstract: Methods are provided in which a network device hosts distinct network access resources that are managed by different entities. The method includes obtaining a request for partitioning one or more network resources of an on-premise network device for connecting one or more endpoints to a first network managed by a first entity. The on-premise network device connects one or more endpoints to a second network managed by a different entity. The method further involves partitioning, based on the request, the one or more network resources and connecting the one or more endpoints to the first network using the one or more network resources. The one or more network resources are managed by the first entity while at least one other network resource of the on-premise network device is managed by the different entity and is associated with connecting the one or more endpoints to the second network.

Abstract: Techniques for a proxy to replicate traffic being communicated between a client device and a destination device based on determining an outage or impairment in a LEO satellite network. The proxy may be communicating a traffic stream between a source device and a destination device using a primary WAN that includes the LEO satellite network. However, the proxy may determine that the primary WAN has experienced or will experience an outage or other impairment. In such examples, the proxy may then replicate the traffic stream and send the replicated traffic stream over a backup communication link. The backup communication link may a different path through the primary WAN, and/or may be a communication path through a secondary WAN. Once the outage or impairment has cleared, the proxy may stop replicating the traffic and again use the primary WAN to communicate traffic.

Abstract: Methods are provided to perform a name resolution triggered monitoring agent selection for full stack observability. The methods involve obtaining a name resolution request for an enterprise service to be accessed by an endpoint device. A plurality of service instances are configured to provide the enterprise service. The methods further involve determining, based on the name resolution request, a monitoring agent from a plurality of monitoring agents of a monitoring service that monitors performance of the enterprise service and selecting a service instance, from the plurality of service instances, that is associated with the monitoring agent in a name resolution record. The methods further involve providing, to the endpoint device, location information for accessing the service instance and provisioning the monitoring agent to monitor the performance of the enterprise service executed by the service instance for the endpoint device.

Abstract: A method to manage access points in a wireless network to save power during off-peak hours. The method includes operating a wireless local area network including access points with the access points powered on, receiving information indicative of channel utilization levels for each of the access points over a predetermined period of time, receiving respective indications of occupancy levels of a space that is covered by the access points during the predetermined period of time, predicting a low occupancy period of the space based on the channel utilization levels and the respective indications of occupancy levels, and during the low occupancy period, causing a first group of the access points to be powered off, and causing a second group of the access points to remain powered on.

Abstract: Techniques for expressing, communicating, de-conflicting, and enforcing consistent access policies between an IBN architecture and a Cloud-Native architecture. Generally, network administrators and/or users of a Cloud-Native architecture and an IBN architecture express access policies independently for the two different domains or architectures. According to the techniques described herein, a Network Service Endpoint (NSE) of the Cloud-Native architecture may exchange access policies with a network device of the IBN architecture. After exchanging access policies, conflicts between the sets of access policies may be identified, such as differences between allowing or denying communications between microservices and/or applications. The conflicts may be de-conflicted using various types of heuristics or rules, such as always selecting an access policy of the IBN architecture when conflicts arise.

Abstract: In one embodiment, a device instruments an application to generate OpenTelemetry trace data during execution of the application. The device identifies, based on where the application was instrumented, a particular method of the application. The device determines that a circuit breaker is to be inserted for the particular method of the application. The device inserts a circuit breaker for the particular method.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for utilizes a collaboration application to provide data beneficial to the authentication of the user. The present application discloses receiving at least one item of personal identifying information for a user from a primary multi-factor authentication device. The present application further discloses receiving at least one item of personal identifying information for a user from a conferencing service in which the user is engaged in a conference. The present application also discloses determining whether to authenticate the user based on the items of personal identifying information from the primary multi-factor authentication device and from the conferencing service.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for utilizes a collaboration application to provide data beneficial to the authentication of the user. The present application discloses receiving at least one item of personal identifying information for a user from a primary multi-factor authentication device. The present application further discloses receiving at least one item of personal identifying information for a user from a conferencing service in which the user is engaged in a conference. The present application also discloses determining whether to authenticate the user based on the items of personal identifying information from the primary multi-factor authentication device and from the conferencing service.

Abstract: In one embodiment, a device identifies an application programming interface call within new code for an application. The device conducts testing of a plurality of endpoints associated with the application programming interface call. The device selects, based on results of the testing, a particular endpoint from among the plurality of endpoints. The device steers the application programming interface call made by the application towards the particular endpoint.

Abstract: Provided herein are techniques to facilitate multi-level performance tracing for a mobile network environment. In one instance, a method may include obtaining, by a mobile network, a trigger from an enterprise to initiate an underlay-level trace for a wireless device of the enterprise, wherein the trigger includes a correlation identifier that correlates the underlay-level trace with an enterprise-level trace for the wireless device and providing the underlay-level trace for a session of the wireless device by including a first trace flag for IP packets for the session and including a second trace flag for encapsulations of the IP packets for the session in which the first and second trace flag are unique to the session of the wireless device and enable elements of the mobile network to provide underlay trace information for the underlay-level trace for the session of the wireless device to a trace.

Abstract: In one embodiment, a method herein comprises: receiving, at a device, a registration request from a telemetry exporter that transmits telemetry data; generating, by the device, a telemetry configuration file for the telemetry exporter, the telemetry configuration file defining a policy for transmission of telemetry data from the telemetry exporter and an authentication token for the telemetry exporter; sharing, by the device, the policy with a security enforcer; and sending, by the device, the telemetry configuration file to the telemetry exporter, wherein the telemetry exporter is caused to connect with the security enforcer using the authentication token, send the telemetry configuration file to the security enforcer, and transmit collected telemetry data to the security enforcer, and wherein the security enforcer is caused to create a dynamic publish-subscribe stream for publishing the collected telemetry data received from the telemetry exporter based on the telemetry configuration file and the policy.

Abstract: In some embodiments, operational characteristics-based container management may include receiving, by a device and from a container agent executing in a container environment, operational characteristics of an application instance executing in the container environment; determining, by the device and based on the operational characteristics, whether the application instance executing in the container environment is associated with a policy violation for application instances; generating, by the device, a notification of the policy violation when the device determines that the application instance is associated with the policy violation; and causing, by the device, the container environment to perform a mitigation action of the policy violation by the application instance.

Abstract: Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.

Abstract: In one embodiment, a method includes generating a security policy and converting the security policy into a chaos hypothesis. The method also includes initiating execution of the chaos hypothesis across a plurality of microservices within a technology stack. The method further includes receiving metrics associated with the execution of the chaos hypothesis across the plurality of microservices within the technology stack.

Abstract: A method to achieve fast session transfer between radio access technologies. The method includes monitoring radio performance between an access point of a wireless local area network and a user equipment in a wireless local area network, and in response to detecting that the radio performance is below a predetermined threshold, the access point signaling the user equipment to scan for and access a cellular radio service.

Abstract: Techniques for mitigating network failures (e.g., SLA violations, service degradations, network outages, etc.) based on output(s) from a predictive network system. The techniques may include determining that a failure is predicted to occur in a network and determining a correlation between the failure and a previous failure that occurred in the network. In examples, the correlation may be determined using a machine-learned model. The techniques may also include determining, based at least in part on the correlation, a condition contributing to the failure. In this way, prior to occurrence of the failure, a parameter associated with the network may be altered based at least in part on the condition to mitigate or otherwise prevent the failure.

Abstract: Techniques for, among other things, embedding metadata in network traffic without having to implement an overlay network. By way of example, and not limitation, the techniques described herein may include receiving an Ethernet packet at a network node and determining that a preamble of the Ethernet packet includes metadata. The metadata may, in some examples, be associated with the Ethernet packet itself, a flow that the Ethernet packet belongs to, etc. Based at least in part on the metadata, a policy decision may be made for handling the Ethernet packet, and the Ethernet packet may be handled in accordance with the policy decision.

Abstract: A method of application program interface (API) endpoint host redirection may include with an intelligent domain name system (DNS) engine (IDE) associated with a containerized service within a pod of a mesh network, snooping a DNS query from the containerized service, identifying within the DNS query, an API endpoint name, snooping a DNS response associated with the DNS query, identifying an Internet protocol (IP) address associated with the API endpoint name, transmitting the API endpoint name and the IP address to a controller, receiving, from the controller, a list of safe API endpoint hosts with no known security vulnerabilities based on security data obtained from at least one security service, caching, at the IDE, the list of safe API endpoint hosts including safe IP addresses, and transmitting to the containerized service, via the IDE, IP addresses of safe API endpoint hosts within the list of safe API endpoint hosts.

Abstract: Provided herein are techniques to facilitate multi-level performance tracing for a mobile network environment. In one instance, a method may include obtaining, by a mobile network, a trigger from an enterprise to initiate an underlay-level trace for a wireless device of the enterprise, wherein the trigger includes a correlation identifier that correlates the underlay-level trace with an enterprise-level trace for the wireless device and providing the underlay-level trace for a session of the wireless device by including a first trace flag for IP packets for the session and including a second trace flag for encapsulations of the IP packets for the session in which the first and second trace flag are unique to the session of the wireless device and enable elements of the mobile network to provide underlay trace information for the underlay-level trace for the session of the wireless device to a trace.