Abstract: Techniques are disclosed for reporting diagnostics data by a first network device to a cloud-based Wide Area Network (WAN) assurance system, responsive to the first network device detecting a communication issue with the cloud-based WAN assurance system. For example, the first network device detects an issue with sending telemetry data to the cloud-based WAN assurance system via a first communication path. In response, the first network device determines a second network device that has connectivity to the WAN assurance system. The first network device sends diagnostics data to the second network device along a second communication path for forwarding to the cloud-based WAN assurance system. The cloud-based WAN assurance system receives the diagnostics data from the second network device. The cloud-based WAN assurance system controls the second network device to remediate the first network device based on the diagnostics data.

Abstract: Techniques are disclosed for reporting diagnostics data by a first network device to a cloud-based Wide Area Network (WAN) assurance system, responsive to the first network device detecting a communication issue with the cloud-based WAN assurance system. For example, the first network device detects an issue with sending telemetry data to the cloud-based WAN assurance system via a first communication path. In response, the first network device determines a second network device that has connectivity to the WAN assurance system. The first network device sends diagnostics data to the second network device along a second communication path for forwarding to the cloud-based WAN assurance system. The cloud-based WAN assurance system receives the diagnostics data from the second network device. The cloud-based WAN assurance system controls the second network device to remediate the first network device based on the diagnostics data.

Abstract: Techniques are disclosed for reporting diagnostics data by a first network device to a cloud-based Wide Area Network (WAN) assurance system, responsive to the first network device detecting a communication issue with the cloud-based WAN assurance system. For example, the first network device detects an issue with sending telemetry data to the cloud-based WAN assurance system via a first communication path. In response, the first network device determines a second network device that has connectivity to the WAN assurance system. The first network device sends diagnostics data to the second network device along a second communication path for forwarding to the cloud-based WAN assurance system. The cloud-based WAN assurance system receives the diagnostics data from the second network device. The cloud-based WAN assurance system controls the second network device to remediate the first network device based on the diagnostics data.

Abstract: A plurality of digital data packets may be received via a wireless data interface, wired data interface, or data path. Code may be executed for a data communications protocol in which one or more of the filtered digital data packets causes the code to transition to different states of the protocol. A protocol state machine may be executed comprising a plurality of states and a plurality of transitions between the states to simulate correct execution of a particular data communication protocol. An anomaly may be detected between a first particular state of the protocol during the execution of the code and a second particular state of the protocol state machine, and in response, an anomaly event may be generated comprising digital data indicating that the anomaly has occurred. An anomaly event log based on the anomaly event and the filtered digital data packets may be transmitted to a computing device.

Abstract: In an embodiment, a computer implemented method comprises receiving, at an edge node in a data communications network, a plurality of digital data packets that have been received via a wireless data interface, wired data interface or data path; filtering, by the edge node, the plurality of digital data packets to produce filtered digital data packets; in the edge node, executing code for a data communications protocol in which one or more of the filtered digital data packets causes the code to transition to different states of the protocol; in the edge node, in parallel with executing the code, executing a protocol state machine comprising a plurality of states and a plurality of transitions between the states to simulate correct execution of a particular data communication protocol; detecting, by the edge node, an anomaly between a first particular state of the protocol during the execution of the code and a second particular state of the protocol state machine, and in response, generating an anomaly event c

Abstract: A method includes determining a subset, of a set of access points, that a client device is likely to roam to from a first access point in the set of access points; transmitting to each of the subset of access points, without transmitting to a second access point in the set of access points that is not included in the subset, information associated with the client device; wherein the information associated with the client device is used by the client device or by the third access point during (a) an association process for the client device associating with the third access point or (b) an authentication process for the authentication of the client device by the third access point.

Abstract: A method includes determining a subset, of a set of access points, that a client device is likely to roam to from a first access point in the set of access points; transmitting to each of the subset of access points, without transmitting to a second access point in the set of access points that is not included in the subset, information associated with the client device; wherein the information associated with the client device is used by the client device or by the third access point during (a) an association process for the client device associating with the third access point or (b) an authentication process for the authentication of the client device by the third access point.

Abstract: The present disclosure discloses a network device and/or method for determination of leveled security key holders for a wireless client in a wireless network. The network device detects a roaming or connection pattern of one or more wireless clients in the wireless network based on requests received from the wireless clients. Furthermore, the network device determines one or more selecting rules for selecting an appropriate key holder for the wireless client among a plurality of network devices. Next, the network device prioritizes the one or more selecting rules, and selects the appropriate key holder based on the determined rules and their corresponding prioritization. Through selection of appropriate key holders, the disclosed method provides for better load balancing among possible leveled key holders, and shortens the latencies experienced by wireless clients during fast basic service set transition.

Abstract: A method includes determining a subset, of a set of access points, that a client device is likely to roam to from a first access point in the set of access points; transmitting to each of the subset of access points, without transmitting to a second access point in the set of access points that is not included in the subset, information associated with the client device; wherein the information associated with the client device is used by the client device or by the third access point during (a) an association process for the client device associating with the third access point or (b) an authentication process for the authentication of the client device by the third access point.

Abstract: The present disclosure discloses a network device and/or method for providing data link layer (L2) and network layer (L3) mobility using level security keys. A first network device acting as a first level security key holder in a first network receives a first level security key holder identifier corresponding to a second network device in a second network. The first level security key holder identifier is originated from a client that roams from the second network to the first network. Moreover, the first network and the second network belong to a single roaming domain. Also, the network device transmits the first level security key holder identifier to the second network device and requests for corresponding first level security key. The network device then derives a second level security key and transmits a second level security key identifier the second level key holder in the first network.

Abstract: The present disclosure discloses a network device and/or method for determination of leveled security key holders for a wireless client in a wireless network. The network device detects a roaming or connection pattern of one or more wireless clients in the wireless network based on requests received from the wireless clients. Furthermore, the network device determines one or more selecting rules for selecting an appropriate key holder for the wireless client among a plurality of network devices. Next, the network device prioritizes the one or more selecting rules, and selects the appropriate key holder based on the determined rules and their corresponding prioritization. Through selection of appropriate key holders, the disclosed method provides for better load balancing among possible leveled key holders, and shortens the latencies experienced by wireless clients during fast basic service set transition.

Abstract: The present disclosure discloses a network device and/or method for pro-active propagation of second level security keys (e.g., PMK-R1) to a wireless client's neighboring wireless network devices. The wireless network device derives a first level security key (e.g., PMK-R0) and one or more second level security keys (e.g., PMK-R1) during an initial mobility domain association initiated by the wireless client. Then, the wireless network device determines a subset of wireless network devices in the neighborhood of the wireless client to which it may pro-actively propagate one or more second level security keys corresponding to the wireless client prior to the wireless client initiating a Fast BSS Transition (FT) to any network device in the subset. This would reduce the duration of time that data connectivity is lost between the wireless client and the network during the FT process.