Abstract: Methods are provided in which a network device hosts distinct network access resources that are managed by different entities. The method includes obtaining a request for partitioning one or more network resources of an on-premise network device for connecting one or more endpoints to a first network managed by a first entity. The on-premise network device connects one or more endpoints to a second network managed by a different entity. The method further involves partitioning, based on the request, the one or more network resources and connecting the one or more endpoints to the first network using the one or more network resources. The one or more network resources are managed by the first entity while at least one other network resource of the on-premise network device is managed by the different entity and is associated with connecting the one or more endpoints to the second network.

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

Abstract: A network infrastructure component determines a risk measurement associated with a wireless client device's use of a device address, and provides an advisory with respect to an address rotation strategy of the wireless client device based on the risk measurement. In some embodiments, the risk measurement is based on one or more of an exposure, by the wireless client device, of information on the wireless network that identifies the wireless client device and/or a characterization of a security of the wireless network environment in which the wireless client device operates.

Abstract: Techniques are described for quickly rerouting traffic to an application hosted on a first Virtual Private Cloud (VPC) location. In the event of an error in routing traffic to the first VPC portion traffic can be rerouted to a second VPC portion. The first and second VPC portions can be different portions of the same VPC or could be different VPSs. The techniques include steps for calculating a predetermined route to the second private virtual cloud location. The techniques further include steps for monitoring data for detecting an error in the first cloud location. The steps further include detecting a potential error based on the monitored data, and also verifying that the potential error is in fact a valid error. In response to verifying that the error is a valid error, further steps include performing a fast reroute of traffic to the second cloud locations along the predetermined route.

Abstract: Methods are provided to perform a name resolution triggered monitoring agent selection for full stack observability. The methods involve obtaining a name resolution request for an enterprise service to be accessed by an endpoint device. A plurality of service instances are configured to provide the enterprise service. The methods further involve determining, based on the name resolution request, a monitoring agent from a plurality of monitoring agents of a monitoring service that monitors performance of the enterprise service and selecting a service instance, from the plurality of service instances, that is associated with the monitoring agent in a name resolution record. The methods further involve providing, to the endpoint device, location information for accessing the service instance and provisioning the monitoring agent to monitor the performance of the enterprise service executed by the service instance for the endpoint device.

Abstract: Described herein are devices, systems, methods, and processes for optimizing network traffic distribution across multiple paths in a manner that is energy-efficient and environmental sustainability-aware. This may be achieved by leveraging time-series analytics and capacity planning based on seasonalities. Data associated with the Layer 3 topology of the network can be collected. Bandwidth can be pre-reserved on an energy-aware traffic engineering tunnel. The time-series data can be used to build a capacity plan based on the seasonalities. Nodes may be clustered based on usage patterns and network utilization seasonality. The data can be used to make decisions about when and where to combine or shut down paths for energy efficiency, while maintaining optimal network performance. A hysteresis mechanism may be incorporated to avoid oscillation when changing active links. Power savings can be achieved by fully turning off or depowering certain network components when they are not needed.

Abstract: Embodiments relate to a method and an electronic device for modifying a user interface of the electronic device. The method includes detecting, on the electronic device, a selection of a multi-keypad configuration among a plurality of multi-keypad configurations. Based on the selection of the multi-keypad configuration, a plurality of virtual keys are displayed on the user interface. The method includes receiving, on the user interface, a user touch gestures to configure one or more of the plurality of virtual keys to generate a virtual keyboard. The method includes updating machine learning models, image classifier models, and memory of the electronic device to update and store the generated virtual keyboard including the configuration of the one or more of the plurality of virtual keys to initiate user authentication in real time.

Abstract: Devices and methods that incorporate sustainability data within a header of a data packet to allow for the generation of sustainable configurations for various network devices are disclosed. Power efficiency is obtained at a node-level by including metadata to existing network flows, in an in-band/in-situ configuration. This information may be used for optimum flow placement. Received data packets may be formatted with sustainability data within a metadata shim. The received data packets are processed, and a sustainable configuration is generated for the one or more network devices. The generated sustainable configuration is transmitted to the one or more network devices to enable efficient and effective management of network devices by incorporating sustainability data into the data packets.

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.

Abstract: Techniques for optimizing routing decisions based on security metrics within a network environment are described herein. In some cases, by using various security metrics, such as encryption indicators, attestation indicators, secureness metrics, and reliability metrics, an exemplary system can assess the security level and reliability of network paths. These metrics may provide valuable insights into the trustworthiness and integrity of participating nodes and links and enable informed decision-making regarding path selection.

Abstract: In one embodiment, a method herein comprises: receiving, at a device, a registration request from a telemetry exporter that transmits telemetry data; generating, by the device, a telemetry configuration file for the telemetry exporter, the telemetry configuration file defining a policy for transmission of telemetry data from the telemetry exporter and an authentication token for the telemetry exporter; sharing, by the device, the policy with a security enforcer; and sending, by the device, the telemetry configuration file to the telemetry exporter, wherein the telemetry exporter is caused to connect with the security enforcer using the authentication token, send the telemetry configuration file to the security enforcer, and transmit collected telemetry data to the security enforcer, and wherein the security enforcer is caused to create a dynamic publish-subscribe stream for publishing the collected telemetry data received from the telemetry exporter based on the telemetry configuration file and the policy.

Abstract: This disclosure describes techniques for implementing centralized path computation for routing in hybrid information-centric networking protocols implemented as a virtual network overlay. A method includes receiving an interest packet header from a forwarding router node of a network overlay. The method further includes determining an interest path of the interest packet and one or more destination router nodes of the network overlay. The method further includes computing one or more paths over the network overlay. The method further includes determining an addressing method for the one or more computed paths over the network overlay. The method further includes performing at least one of encoding each computed path in a data packet header, and encoding each computed path as state entries of each router node of the network overlay on each respective path. The method further includes returning the computed path information to the forwarding router node.

Abstract: In one aspect, a method for monitoring a Fast Re-Route (FRR) path between a source node (Node-S) and a destination node (Node-E) in a network, includes generating a discovery-probe at the source node (Node-S) to detect at least one node with an FRR indicator along the FRR path that includes a plurality of next available nodes. The method also includes upon the discovery probe reaching a first node with the FRR indicator, generating a primary probe configured to detect a primary path and a repair probe configured to detect a repair path. The method also includes in response to receiving the primary probe via the primary path and the repair probe via the repair path at the destination node, sending the primary probe and the repair probe back to the source node to monitor the FRR path between the source node and the destination node.

Abstract: In one embodiment, a method includes generating a security policy and converting the security policy into a chaos hypothesis. The method also includes initiating execution of the chaos hypothesis across a plurality of microservices within a technology stack. The method further includes receiving metrics associated with the execution of the chaos hypothesis across the plurality of microservices within the technology stack.

Abstract: In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.

Abstract: Devices, systems, methods, and processes for conducting sustainability-aware virtual meetings are described herein. When establishing virtual meetings, each of the participants can have various devices, locations, histories, and other data associated with them. This data can be packaged together as a user profile which can be transmitted to a virtual meeting service or a host that can receive the various user profiles and generate a meeting profile that can be utilized to maximize the overall sustainability of the virtual meeting. The meeting profile can include configuration suggestions that can be transmitted out to each corresponding device of the participants to either prompt or automatically adjust one or more settings, features, or other configuration, such as energy-saving features, that can increase the overall sustainability. These conditions can be monitored during the meeting and adjusted dynamically in response to changing conditions.

Abstract: Techniques to add environmental-impact and energy sustainability criteria and support to service function chains (SFCs). These techniques enabling steering of network traffic that carries energy sustainability related metadata within in an SFC based on energy sustainability or “green criteria.” This allows for achieving, for example, so-called “green Operations, Administration and Maintenance (OAM)”, whether realized with Network Service Header (NSH), Segment Routing, Multi-protocol Label Switching (MPLS), etc. In other words, these techniques enhance service functions (SFs) and SFCs to allow for finding an energy sustainable or green path in an SFC, and to allow for conveying environmental information as in-line metadata.

Abstract: Techniques for determining an optimal connection path by a NHNaaS are described. The techniques may include receiving a registration from an IPS that includes service ISP service parameters, and storing the registration in a NaaS database. A request to connect to a remote service from a user device, including user parameters required is received. ISPs having respective service parameters compatible with the user parameters are identified in the NaaS database. Multiple paths offered by the service providers between the user device and the remote service are determined. Network performance data for each path is received from a network monitoring service. Using the network performance data, an optimal path for establishing the connection is identified. A request to instantiate a tunnel between the user device and remote service is transmitted to the service providers along the optimal path and the tunnel information is transmitted to the user device.

Abstract: Devices, systems, methods, and processes for sustainably reallocating resources based on within a plurality of computing nodes of a network, such as a managed network are described herein. Each computing node may be configured to transmit infrastructure data to an infrastructure monitor or ecosystem management tool. Additional sustainability data may also be accessed either internally or externally. The infrastructure data and sustainability data may be utilized to generate one or more scores that can be evaluated against each other. These scores may be configured to reflect various conditions or facts about the computing nodes including the overall sustainability. In order to increase sustainability levels, a variety of different resource configurations can be generated and evaluated against each other and the current configuration.

Abstract: Technologies for testing resiliency of a data network with real-world accuracy without affecting the flow of production data through the network. A method according to the technologies may include receiving a production data packet and determining a preferred data route toward a destination node for the production data packet based on a first routing information base, wherein the first routing information base includes a database where routes and route metadata are stored according to a routing protocol. The method may also include, receiving a test data packet, and determining an alternate data route toward the destination node for the test data packet based on a second routing information base, wherein the second routing information base simulates an error in the preferred data route. The method may include sending the production data packet to the preferred data route and sending the test data packet to the alternate data route.