Abstract: A method is implemented by a network device to classify encrypted data traffic. The method identifies characteristics of the encrypted data traffic that have been modeled where network anomalies have been injected into the encrypted data traffic to provide additional traffic characteristics that enable categorization. The method receives the encrypted data traffic, applies an encrypted traffic categorization model to the received encrypted data traffic to determine a first categorization identification, injects an anomaly into the encrypted data traffic where the first categorization identification is not within a precision threshold, applies the encrypted traffic categorization model to monitored encrypted traffic after injection of the anomaly to determine a second categorization identification, and applies the second categorization identification where the second categorization identification is within the precision threshold.

Abstract: Exemplary methods for marking packets include in response to receiving a packet, determining whether the packet has been classified, and in response to determining the packet has not been classified, classifying the packet to determine a class to which the packet belongs, wherein the class identifies a set of zero or more markers that are to be included as part of packets belonging to the class. The methods include marking the packet with a first marker selected from the set of one or more markers, and forwarding the marked packet. Exemplary methods for processing markers include in response to receiving a packet, determining whether the packet has been marked with a marker, and in response to determining the packet has been marked with the first marker, performing a set of one or more operations required by the first marker.

Abstract: According to one embodiment, a method in a cloud infrastructure for multi-level threshold service level agreement (SLA) violation mitigation. The method includes generating a model for an engineered feature (eF); determining thresholds T1, T2, and a maximum threshold T? for the eF based on the model; estimating a value of the eF based on metrics; responsive to determining that the value of the eF exceeds T?, modifying the values of T1 and T2 and modifying the estimation frequency and sending to a cloud orchestrator a message indicating that an SLA violation of type T? has occurred.

Abstract: Exemplary methods for marking packets include in response to receiving a packet, determining whether the packet has been classified, and in response to determining the packet has not been classified, classifying the packet to determine a class to which the packet belongs, wherein the class identifies a set of zero or more markers that are to be included as part of packets belonging to the class. The methods include marking the packet with a first marker selected from the set of one or more markers, and forwarding the marked packet. Exemplary methods for processing markers include in response to receiving a packet, determining whether the packet has been marked with a marker, and in response to determining the packet has been marked with the first marker, performing a set of one or more operations required by the first marker.

Abstract: A method and apparatus for an enhanced proxy device are described. Upon receipt of a first packet with a header including a set of header fields, a proxy device stores a subset from the set of header fields with an identification of the first packet, wherein the identification of the first packet is based on a portion of the packet; and transmits the packet without the subset of the header fields to be processed at the processing device.

Abstract: A method is implemented by a computing device to determine a root cause of a performance issue in a software defined networking (SDN) network using flow statistics maintained by hosts in the network. The method includes receiving a request to perform a root cause analysis (RCA) for a first flow in the network that is experiencing a performance issue, obtaining flow path information for flows in the network, and obtaining flow statistics for the flows in the network, where the flow statistics are end-to-end flow statistics maintained by one or more hosts in the network. The method further includes executing an RCA algorithm for the first flow, where the RCA algorithm determines a root cause of a performance issue experienced by the first flow based on the flow path information and the flow statistics.

Abstract: A method implemented by a computing device to optimize resource usage of service function chains (SFCs) in a network using machine learning. The method includes obtaining, from an autoscale machine learning (ML) system associated with a virtual network function (vNF), a suggested adjustment to an amount of resources provisioned for the vNF. The autoscale ML system is trained online using machine learning to predict an amount of resources to be utilized by the vNF. The autoscale ML system is configured to receive as input an amount of resources currently utilized by the vNF and an amount of resources currently available to the vNF, determine using machine learning the suggested adjustment to the amount of resources provisioned for the vNF based on the input, and output the suggested adjustment. The method further includes providing the suggested adjustment to a resource re-allocator component.

Abstract: In one embodiment, a request is received to route a network function chain. For each contained network function, a subgraph is generated, where each of a plurality of network elements in a network is split into two vertexes, and one edge is added between the split two vertexes for each network element that hosts that network function of the subgraph. The subgraphs are ordered and connected through connecting each vertex with one edge to another vertex with one edge in a subsequent subgraph to form a graph, where the connection is included in a representation of the network. Each edge includes a cost measure. The method selects a path from the vertex representing the source network element to the vertex representing the destination network element in the graph to route the network function chain, where each edge of the path is selected based on at least its cost measure.

Abstract: A method is implemented by a network device in a network for monitoring a segment of the network without direct access to an internal configuration or state of the segment. The method includes receiving a request to perform a monitoring task on a monitoring zone within the network. The monitoring zone includes a subset of network devices of the network. The monitoring zone has an ingress data path that carries ingress traffic into the monitoring zone and an egress data path that carries egress traffic out of the monitoring zone. The method further includes configuring the network to mirror the ingress traffic or the egress traffic to a configurable probe in the network and configuring the configurable probe to perform the monitoring task on the monitoring zone, where the configurable probe is configured to perform the monitoring task based on analysis of the mirrored ingress traffic or the mirrored egress traffic.

Abstract: A system implementing an optical steering domain that steers traffic flows through a plurality of processing nodes is described. The system includes a first, second, and third wavelength selective switch (WSS). The first WSS receives the traffic flows, and transmits traffic flows out a plurality of tributary ports toward the processing nodes. The second WSS receives the processed traffic from the processing nodes, and sends it to a third WSS. The third WSS receives the processed traffic from the second WSS, and causes the processed traffic requiring further processing to be transmitted out its third plurality of tributary ports to be looped back toward the plurality of processing nodes, and causes the processed traffic that does not require further processing to be transmitted by a different tributary port of the third WSS that is an exit port leading out of the optical steering domain.

Abstract: A method implemented for network function placement is disclosed. The method optimizes network function placement for each traffic flow, to minimize the overall inter-pod traffic volume. For each traffic flow going through a data center, the method initiates a pod list. The network functions of the traffic flow is sorted in a descending order by resource demanded. Then one network function is selected one at a time according to the descending order. For each network function, the pods in the pod list is sorted in an ascending order by resource available in each pod. The method selects a first pod for the network function when possible. When no pod in the pod list has enough resource for the network function, the method adds a pod with the most available resource from a pod pool to the pod list, and selects the added pod for the network function.

Abstract: Exemplary methods for marking packets include in response to receiving a packet, determining whether the packet has been classified, and in response to determining the packet has not been classified, classifying the packet to determine a class to which the packet belongs, wherein the class identifies a set of zero or more markers that are to be included as part of packets belonging to the class. The methods include marking the packet with a first marker selected from the set of one or more markers, and forwarding the marked packet. Exemplary methods for processing markers include in response to receiving a packet, determining whether the packet has been marked with a marker, and in response to determining the packet has been marked with the first marker, performing a set of one or more operations required by the first marker.

Abstract: According to one embodiment, a method in a cloud infrastructure for multi-level threshold service level agreement (SLA) violation mitigation. The method includes generating a model for an engineered feature (eF); determining thresholds T1, T2, and a maximum threshold T? for the eF based on the model; estimating a value of the eF based on metrics; responsive to determining that the value of the eF exceeds T?, modifying the values of T1 and T2 and modifying the estimation frequency and sending to a cloud orchestrator a message indicating that an SLA violation of type T? has occurred.

Abstract: Exemplary methods include determining to consolidate a plurality of rules, each comprising a match field and an action field, the action field identifying an action to be performed on packets identified by the match field. The methods include determining a size of a group membership (GM) vector and a false positive rate. The methods include selecting hash functions, wherein a number of hash functions selected is determined based on the GM vector size and the number of rules in the plurality of rules. The methods include updating the GM vector based the plurality of rules and the selected hash functions, generating a consolidated rule comprising of a GM match field and a GM action field, wherein the GM match field comprises the GM vector, wherein the GM action field identifies an action to be performed on packets identified by the GM match field, and sending the consolidated rule.

Abstract: Exemplary methods include receiving requests comprising of monitoring zones (MZs), each MZ to be allocated a pair of probes in a network, wherein each MZ is associated with a rule identifying a condition for when its probes are to be updated, and wherein each probe in the network is associated with a rule identifying a condition of when it is updated. The methods include determining whether previously allocated pairs of probes in the network can serve as probes for one or more MZs in the requests, wherein a previously allocated pair of probes can serve as probes for a MZ if a rule associated with the MZ is similar to rules associated with the previously allocated pair of probes. The methods include for each MZ that can be served by a previously allocated pair of probes, sending information identifying the MZ and the previously allocated pair of probes.

Abstract: In one embodiment, a request is received to route a network function chain. For each contained network function, a subgraph is generated, where each of a plurality of network elements in a network is split into two vertexes, and one edge is added between the split two vertexes for each network element that hosts that network function of the subgraph. The subgraphs are ordered and connected through connecting each vertex with one edge to another vertex with one edge in a subsequent subgraph to form a graph, where the connection is included in a representation of the network. Each edge includes a cost measure. The method selects a path from the vertex representing the source network element to the vertex representing the destination network element in the graph to route the network function chain, where each edge of the path is selected based on at least its cost measure.

Abstract: A method for redirecting a traffic flow in a communication network, in which a first or default service path has been configured for the traffic flow to go through is disclosed. The method comprises: receiving a notification message from a network node, the notification message including a traffic characteristic information of a packet of the traffic flow; creating a set of rules based on the received traffic characteristic information; and sending the set of rules to a plurality of switches in the communication network, the set of rules configuring a second or alternative service path to be used by subsequent packets of this traffic flow. Also, a network node for carrying out this method is provided.

Abstract: A method of enhancing Quality of Experience (QoE) associated with an application flow for an end-user in a communication network comprises: receiving a packet belonging to the application flow, the packet comprising QoE information determined based on previous packets exchanged within the application flow; decoding the QoE information from the received packet; and adjusting a QoS mechanism for the packet, based on the decoded QoE information for enhancing the QoE of the application flow. A network node for carrying out this method is disclosed. Also, a method for relaying QoE associated with an application flow for an end-user in a communication network comprises: receiving packets belonging to the application flow; calculating QoE information based on the received packets; and sending the calculated QoE information back to the communication network, the QoE information being included in a packet belonging to the application flow. A network node for carrying out this method is disclosed.

Abstract: A method implemented for network function placement is disclosed. The method optimizes network function placement for each traffic flow, to minimize the overall inter-pod traffic volume. For each traffic flow going through a data center, the method initiates a pod list. The network functions of the traffic flow is sorted in a descending order by resource demanded. Then one network function is selected one at a time according to the descending order. For each network function, the pods in the pod list is sorted in an ascending order by resource available in each pod. The method selects a first pod for the network function when possible. When no pod in the pod list has enough resource for the network function, the method adds a pod with the most available resource from a pod pool to the pod list, and selects the added pod for the network function.

Abstract: The present disclosure describes methods and apparatus for differentiating subscriber devices of a subscriber hidden by a network address translation device and enables traffic flow steering on a per device basis rather than a per subscriber basis. Identification of subscriber devices is achieved by assigning a reserved set of external ports to each subscriber device. Different service paths can be defined for different subscriber devices to provide a subscriber with a different experience for each subscriber device of the subscriber.