Abstract: Architectures and techniques are presented that provide an improved mechanism for a subscriber entity to report to a network provider a network issue that affects the performance of an application that uses a service provided by the network provider. The improved mechanism can enable fine granularity with respect to the network issue by identifying the issue on a per-session basis. In response to feedback data that is reported by the subscriber entity, the network provider can perform self-healing or other upgrade techniques to rapidly remedy the network issue.

Abstract: Concepts and technologies disclosed herein are directed to zero trust network access (“ZTNA”) and virtual private network (“VPN”) client offloading. According to one aspect, a user device can establish a private network session to access a private network resource in a private network. The user device can receive a request to offload the private network session from the user device to a secure router. In response to the request, the user device can offload the private network session to the secure router.

Abstract: Architectures and techniques are presented that provide an improved mechanism for a subscriber entity to report to a network provider a network issue that affects the performance of an application that uses a service provided by the network provider. The improved mechanism can enable fine granularity with respect to the network issue by identifying the issue on a per-session basis. In response to feedback data that is reported by the subscriber entity, the network provider can perform self-healing or other upgrade techniques to rapidly remedy the network issue.

Abstract: Architectures and techniques are presented that provide an improved mechanism for a subscriber entity to report to a network provider a network issue that affects the performance of an application that uses a service provided by the network provider. The improved mechanism can enable fine granularity with respect to the network issue by identifying the issue on a per-session basis. In response to feedback data that is reported by the subscriber entity, the network provider can perform self-healing or other upgrade techniques to rapidly remedy the network issue.

Abstract: Architectures and techniques are presented that record bi-directional traffic flows of a network such as a software defined network, that result from execution of a specified application. This recorded traffic data can be generated prior to a network change and can be anonymized in various ways to maintain security and privacy. After applying the network change, the traffic data can be replayed to test performance of the specified application in a manner that realistically represents actual use of the specified application.

Abstract: Devices, computer-readable media, and methods for routing traffic of a network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of an identified user are described. A method may determine a network service that an endpoint device is attempting to access and may detect an identity of a user of the endpoint device. The processing system may obtain a plurality of virtual private network configuration preferences of the user, each of the plurality of virtual private network configuration preferences matching a virtual private network configuration preference with one or more of a plurality of network services, and route traffic of the endpoint device for the network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of the plurality of virtual private network configuration preferences.

Abstract: Devices, computer-readable media, and methods for routing traffic of a network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of an identified user are described. A method may determine a network service that an endpoint device is attempting to access and may detect an identity of a user of the endpoint device. The processing system may obtain a plurality of virtual private network configuration preferences of the user, each of the plurality of virtual private network configuration preferences matching a virtual private network configuration preference with one or more of a plurality of network services, and route traffic of the endpoint device for the network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of the plurality of virtual private network configuration preferences.

Abstract: Devices, computer-readable media, and methods for routing traffic of a network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of an identified user are described. A method may determine a network service that an endpoint device is attempting to access and may detect an identity of a user of the endpoint device. The processing system may obtain a plurality of virtual private network configuration preferences of the user, each of the plurality of virtual private network configuration preferences matching a virtual private network configuration preference with one or more of a plurality of network services, and route traffic of the endpoint device for the network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of the plurality of virtual private network configuration preferences.

Abstract: Devices, computer-readable media, and methods for routing traffic of a network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of an identified user are described. A method may determine a network service that an endpoint device is attempting to access and may detect an identity of a user of the endpoint device. The processing system may obtain a plurality of virtual private network configuration preferences of the user, each of the plurality of virtual private network configuration preferences matching a virtual private network configuration preference with one or more of a plurality of network services, and route traffic of the endpoint device for the network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of the plurality of virtual private network configuration preferences.

Abstract: Network function may be dissected and the common functions abstracted into inspection network function as the first hop, for example, of a service function chain. The inspection network function then inserts a value into the network service header (NSH) which may be used for the rest of the network functions of the service function chain.

Abstract: Concepts and technologies disclosed herein are directed to virtual private network (“VPN”) resiliency over multiple transports. According to one aspect, a customer premises equipment can select, from a transport preference database, a transport from a plurality of transports available to support a VPN tunnel. The transport selected is associated with a highest priority value of the plurality of transports in the transport preference database. The customer premises equipment can initiate setup of the VPN tunnel through the transport and can determine whether setup of the VPN tunnel was successful. If setup was not successful, the customer premises equipment can select a further transport from the plurality of transports available to support the VPN tunnel. Additional details are disclosed herein.

Abstract: Concepts and technologies disclosed herein are directed to virtual private network (“VPN”) resiliency over multiple transports. According to one aspect, a customer premises equipment can select, from a transport preference database, a transport from a plurality of transports available to support a VPN tunnel. The transport selected is associated with a highest priority value of the plurality of transports in the transport preference database. The customer premises equipment can initiate setup of the VPN tunnel through the transport and can determine whether setup of the VPN tunnel was successful. If setup was not successful, the customer premises equipment can select a further transport from the plurality of transports available to support the VPN tunnel. Additional details are disclosed herein.

Abstract: Methods and apparatus to dynamically control connectivity within VPNs are disclosed. A disclosed example method includes a route server for storing an indication in an entry for a first pair of provider edge routers in a virtual private network (intra-VPN) connectivity database, the intra-VPN connectivity database including entries for a plurality of pairs of provider edge routers. The indication to define an additional connectivity for the first pair of provider edge routers beyond connectivity defined in a virtual private network routing and forwarding table associated with a first provider edge router of the first pair of provider edge routers. The first pair of provider edge routers including a second provider edge router to which the first provider edge router is to be communicatively coupled.

Abstract: Methods and apparatus to dynamically control connectivity within VPNs are disclosed. A disclosed example method includes a route server for storing an indication in an entry for a first pair of provider edge routers in a virtual private network (intra-VPN) connectivity database, the intra-VPN connectivity database including entries for a plurality of pairs of provider edge routers. The indication to define an additional connectivity for the first pair of provider edge routers beyond connectivity defined in a virtual private network routing and forwarding table associated with a first provider edge router of the first pair of provider edge routers. The first pair of provider edge routers including a second provider edge router to which the first provider edge router is to be communicatively coupled.

Abstract: A method of routing data in a network includes sending an instruction to a router to statically route outbound traffic to a firewall farm having an anycast address, identifying prefixes of endpoints that communicate with router, instructing a firewall router to send a route advertisement to the network announcing that the firewall router is the subsequent best hop for data bound for the endpoints, detecting a change in network condition, and sending another instruction to the router to route outbound traffic to another firewall farm having the anycast address after detecting the change.

Abstract: Methods and apparatus to dynamically control connectivity within VPNs are disclosed. A disclosed example method includes broadcasting, by a route server, a border gateway protocol advertisement as received at the route server; determining a first provider edge router is to be configured for additional connectivity beyond a connectivity defined in a table associated with the first provider edge router, the additional connectivity including an identification of a second provider edge router to which the first provider edge router is to be communicatively coupled; generating a copy of the received border gateway protocol advertisement; modifying the copy of the received border gateway protocol advertisement to facilitate the additional connectivity; and broadcasting the modified copy of the received border gateway protocol advertisement.

Abstract: A method includes receiving a control message that identifies a first video conference terminal as an active talker. The method includes sending, in response to the control message, outgoing video conference data from the first video conference terminal via a first multicast group to two or more video conference terminals joined to the first multicast group. The method also includes sending a command to join a second multicast group in response to the control message.

Abstract: A method of routing data in a network includes sending an instruction to a router to statically route outbound traffic to a firewall farm having an anycast address, identifying prefixes of endpoints that communicate with router, instructing a firewall router to send a route advertisement to the network announcing that the firewall router is the subsequent best hop for data bound for the endpoints, detecting a change in network condition, and sending another instruction to the router to route outbound traffic to another firewall farm having the anycast address after detecting the change.

Abstract: Methods and apparatus to dynamically control connectivity within VPNs are disclosed. A disclosed example method includes broadcasting, by a route server, a border gateway protocol advertisement as received at the route server; determining a first provider edge router is to be configured for additional connectivity beyond a connectivity defined in a table associated with the first provider edge router, the additional connectivity including an identification of a second provider edge router to which the first provider edge router is to be communicatively coupled; generating a copy of the received border gateway protocol advertisement; modifying the copy of the received border gateway protocol advertisement to facilitate the additional connectivity; and broadcasting the modified copy of the received border gateway protocol advertisement.

Abstract: Methods and apparatus to dynamically control connectivity within VPNs are disclosed. A disclosed example route server to control connectivity within a VPN comprises a memory to implement a database, a border gateway protocol (BGP) engine to process BGP advertisements, a network interface to receive a first BGP advertisement, which a first route target (RT) associated with the first PE router, from a first provider edge (PE) router associated with the VPN, and an intra-VPN connectivity controller to, in response to the first BGP advertisement, query the database to determine whether the first PE router is to be communicatively coupled to a second PE router of the VPN and when the first and second PE routers of the VPN are to be communicatively coupled, direct the BGP engine to form a second BGP advertisement that includes a second RT associated with the second PE router based on the first BGP advertisement.