Abstract: The present disclosure is directed to BIER forwarding over varying BSL domains, the methods including the steps of receiving, at a border node, a packet comprising a BIER header having a BIER bit string with a first bit string length; reading an incoming label of the packet comprising instructions to split the BIER header into a plurality of smaller headers associated with a plurality of smaller bit strings; generating a set of split bit masks; performing a separate bitwise AND operation on each split bit mask and the BIER bit string to generate the plurality of smaller bit strings, each copied to a corresponding smaller header of the plurality of smaller headers; and performing a lookup for each of the plurality of smaller headers on a respective forwarding table to determine one or more egress routers to which to transmit the packet.

Abstract: Energy-aware configurations can be utilized to operate a network based on sustainability-related metrics. In many embodiments, a suitable device includes a processor, a memory commutatively coupled to the processor, a plurality of elements, a communication port, and an energy-aware topology logic configured to collect topology data from one or more network devices, wherein each of the one or more network devices include a plurality of elements. The energy-aware topology logic can receive power source data and power usage data related to plurality of elements and generate an element energy coefficient (EEC) for a plurality of elements. Subsequently, the energy-aware topology logic can also generate an energy-aware configuration for at least one of the one or more network devices, and then pass the generated energy-aware configuration to the at least one network device, wherein the energy-aware configuration is configured to steer traffic based on at least one sustainability-related metric.

Abstract: A network infrastructure component determines a risk measurement associated with a wireless client device's use of a device address, and provides an advisory with respect to an address rotation strategy of the wireless client device based on the risk measurement. In some embodiments, the risk measurement is based on one or more of an exposure, by the wireless client device, of information on the wireless network that identifies the wireless client device and/or a characterization of a security of the wireless network environment in which the wireless client device operates.

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

Abstract: Methods are provided in which a network device hosts distinct network access resources that are managed by different entities. The method includes obtaining a request for partitioning one or more network resources of an on-premise network device for connecting one or more endpoints to a first network managed by a first entity. The on-premise network device connects one or more endpoints to a second network managed by a different entity. The method further involves partitioning, based on the request, the one or more network resources and connecting the one or more endpoints to the first network using the one or more network resources. The one or more network resources are managed by the first entity while at least one other network resource of the on-premise network device is managed by the different entity and is associated with connecting the one or more endpoints to the second network.

Abstract: Techniques are described for quickly rerouting traffic to an application hosted on a first Virtual Private Cloud (VPC) location. In the event of an error in routing traffic to the first VPC portion traffic can be rerouted to a second VPC portion. The first and second VPC portions can be different portions of the same VPC or could be different VPSs. The techniques include steps for calculating a predetermined route to the second private virtual cloud location. The techniques further include steps for monitoring data for detecting an error in the first cloud location. The steps further include detecting a potential error based on the monitored data, and also verifying that the potential error is in fact a valid error. In response to verifying that the error is a valid error, further steps include performing a fast reroute of traffic to the second cloud locations along the predetermined route.

Abstract: Methods are provided to perform a name resolution triggered monitoring agent selection for full stack observability. The methods involve obtaining a name resolution request for an enterprise service to be accessed by an endpoint device. A plurality of service instances are configured to provide the enterprise service. The methods further involve determining, based on the name resolution request, a monitoring agent from a plurality of monitoring agents of a monitoring service that monitors performance of the enterprise service and selecting a service instance, from the plurality of service instances, that is associated with the monitoring agent in a name resolution record. The methods further involve providing, to the endpoint device, location information for accessing the service instance and provisioning the monitoring agent to monitor the performance of the enterprise service executed by the service instance for the endpoint device.

Abstract: Described herein are devices, systems, methods, and processes for optimizing network traffic distribution across multiple paths in a manner that is energy-efficient and environmental sustainability-aware. This may be achieved by leveraging time-series analytics and capacity planning based on seasonalities. Data associated with the Layer 3 topology of the network can be collected. Bandwidth can be pre-reserved on an energy-aware traffic engineering tunnel. The time-series data can be used to build a capacity plan based on the seasonalities. Nodes may be clustered based on usage patterns and network utilization seasonality. The data can be used to make decisions about when and where to combine or shut down paths for energy efficiency, while maintaining optimal network performance. A hysteresis mechanism may be incorporated to avoid oscillation when changing active links. Power savings can be achieved by fully turning off or depowering certain network components when they are not needed.

Abstract: This disclosure provides systems, devices, apparatus, and methods, including computer programs encoded on storage media, for runtime optimization of the shader execution flow. A graphics processor may obtain instruction execution data associated with a graphics workload, the instruction execution data including graphics data for a set of shader operations. The graphics processor may configure, at a first iteration, at least one predication value based on the instruction execution data including the graphics data for the set of shader operations. The graphics processor may adjust, at a second iteration, an execution flow of the graphics workload based on the configured at least one predication value, the execution flow of the graphics workload including the set of shader operations. The graphics processor may execute or refrain from executing, at the second iteration, each of the set of shader operations based on the adjusted execution flow of the graphics workload.

Abstract: Some embodiments provide a non-transitory machine-readable medium that stores a program executable by at least one processing unit of a device. The program retrieves a plurality of sets of master data from a plurality of master data sources. Each set of master data in the plurality of sets of master data includes a set of entities. For each entity in each set of entities, the program further determines whether the entity is consistent or inconsistent. The program also receives, from an application, a request for a set of entities. The program further determines a subset of the set of entities, each entity in the subset of the set of entities determined to be consistent. The program also provides the subset of the set of entities to the application.

Abstract: Embodiments relate to a method and an electronic device for modifying a user interface of the electronic device. The method includes detecting, on the electronic device, a selection of a multi-keypad configuration among a plurality of multi-keypad configurations. Based on the selection of the multi-keypad configuration, a plurality of virtual keys are displayed on the user interface. The method includes receiving, on the user interface, a user touch gestures to configure one or more of the plurality of virtual keys to generate a virtual keyboard. The method includes updating machine learning models, image classifier models, and memory of the electronic device to update and store the generated virtual keyboard including the configuration of the one or more of the plurality of virtual keys to initiate user authentication in real time.

Abstract: Devices and methods that incorporate sustainability data within a header of a data packet to allow for the generation of sustainable configurations for various network devices are disclosed. Power efficiency is obtained at a node-level by including metadata to existing network flows, in an in-band/in-situ configuration. This information may be used for optimum flow placement. Received data packets may be formatted with sustainability data within a metadata shim. The received data packets are processed, and a sustainable configuration is generated for the one or more network devices. The generated sustainable configuration is transmitted to the one or more network devices to enable efficient and effective management of network devices by incorporating sustainability data into the data packets.

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.

Abstract: This disclosure provides systems, devices, apparatus, and methods, including computer programs encoded on storage media, for adaptive BVH rebuilds with biased cost functions for dynamic geometry. A graphics processor may obtain an indication of first BVH structure(s) including first nodes, where the first BVH structure(s) are representative of first geometry data for first primitives in first frame(s), where each of the first nodes is associated with first primitive(s), may detect a number of rays that intersect each of the first BVH structure(s) from direction(s) associated with the first frame(s), may update a cost function based on the number of rays and each of the direction(s), and may configure, based on the updated cost function, second BVH structure(s) including second nodes, where the second BVH structure(s) are representative of second geometry data for second primitives in second frame(s), where each of the second nodes is associated with second primitive(s).

Abstract: Techniques for optimizing routing decisions based on security metrics within a network environment are described herein. In some cases, by using various security metrics, such as encryption indicators, attestation indicators, secureness metrics, and reliability metrics, an exemplary system can assess the security level and reliability of network paths. These metrics may provide valuable insights into the trustworthiness and integrity of participating nodes and links and enable informed decision-making regarding path selection.

Abstract: In one embodiment, a method herein comprises: receiving, at a device, a registration request from a telemetry exporter that transmits telemetry data; generating, by the device, a telemetry configuration file for the telemetry exporter, the telemetry configuration file defining a policy for transmission of telemetry data from the telemetry exporter and an authentication token for the telemetry exporter; sharing, by the device, the policy with a security enforcer; and sending, by the device, the telemetry configuration file to the telemetry exporter, wherein the telemetry exporter is caused to connect with the security enforcer using the authentication token, send the telemetry configuration file to the security enforcer, and transmit collected telemetry data to the security enforcer, and wherein the security enforcer is caused to create a dynamic publish-subscribe stream for publishing the collected telemetry data received from the telemetry exporter based on the telemetry configuration file and the policy.

Abstract: This disclosure describes techniques for implementing centralized path computation for routing in hybrid information-centric networking protocols implemented as a virtual network overlay. A method includes receiving an interest packet header from a forwarding router node of a network overlay. The method further includes determining an interest path of the interest packet and one or more destination router nodes of the network overlay. The method further includes computing one or more paths over the network overlay. The method further includes determining an addressing method for the one or more computed paths over the network overlay. The method further includes performing at least one of encoding each computed path in a data packet header, and encoding each computed path as state entries of each router node of the network overlay on each respective path. The method further includes returning the computed path information to the forwarding router node.

Abstract: In one aspect, a method for monitoring a Fast Re-Route (FRR) path between a source node (Node-S) and a destination node (Node-E) in a network, includes generating a discovery-probe at the source node (Node-S) to detect at least one node with an FRR indicator along the FRR path that includes a plurality of next available nodes. The method also includes upon the discovery probe reaching a first node with the FRR indicator, generating a primary probe configured to detect a primary path and a repair probe configured to detect a repair path. The method also includes in response to receiving the primary probe via the primary path and the repair probe via the repair path at the destination node, sending the primary probe and the repair probe back to the source node to monitor the FRR path between the source node and the destination node.

Abstract: In one embodiment, a method includes generating a security policy and converting the security policy into a chaos hypothesis. The method also includes initiating execution of the chaos hypothesis across a plurality of microservices within a technology stack. The method further includes receiving metrics associated with the execution of the chaos hypothesis across the plurality of microservices within the technology stack.

Abstract: In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.