Abstract: In one embodiment, a device sends data traffic to a gateway of a backhaul mesh network via a first wireless access point of the backhaul mesh network. The device maintains, while associated with the first wireless access point, an association with a second wireless access point of the backhaul mesh network by sending a frame to the first wireless access point that is relayed by the first wireless access point to the second wireless access point. The device makes a determination that additional data traffic should be sent to the gateway of the backhaul mesh network via the second wireless access point. The device sends, based on the determination, the additional data traffic to the gateway of the backhaul mesh network via the second wireless access point.

Abstract: Devices, systems, methods, and processes for optimizing wireless communications on paths is described herein. Paths may be associated with vehicles which can include one or more mobile access points (APs). When travelling on a constrained path or track, a series of polygons can be configured to project a time-series determination on the upcoming available channels and power levels available. By utilizing the embodiments described herein, mapping along the polygon paths can help to optimize the selected channels based on the current trajectory. The AP can subsequently select channels that fulfill a constrained optimization function or similar problem based on the current network and path conditions. These embodiments can be operated on an automated frequency coordination (AFC) device, or network device that is in communication with the AP and/or AFC. Data may be held as well based on the current network conditions and transmitted based on the determined upcoming conditions.

Abstract: Devices, systems, methods, and processes for resource allocation among network devices are described herein. Access points (APs) with overlapping Radio-Frequency coverage may interfere with each other's transmission and reception operations. To address this, a device is provided with a bandwidth allocation logic that allocates resources among APs in a time and frequency domain. The device may determine a first transmission opportunity (TXOP) schedule and may obtain a second TXOP schedule associated with at least one network device. The device may determine whether there is any conflict between the first TXOP schedule and the second TXOP schedule. In case there is any conflict, the device may resolve the conflict and based on the resolution the network device may generate an aggregate TXOP schedule that may include proportions of resource units allocated to the device and the network device. The device may transmit the aggregate TXOP schedule to the network device.

Abstract: Proxy Address Resolution Protocol (ARP) support and specifically to providing proxy ARP support in Access Point (AP) Multi-Link Devices (MLDs) may be provided. Proxy ARP support can include, in response to a Multi-Link Operation (MLO) reconfiguration, waiting for a period. After the period, it is determined a removed link was removed during the MLO reconfiguration. A proxy ARP request associated with the removed link is dropped, and proxy ARP reconfiguration is performed. A proxy ARP cache is maintained based on the proxy ARP reconfiguration.

Abstract: Techniques for improved network management and troubleshooting are provided. A set of packets are received, indicating, for each respective station of a set of stations associated to an access point in a network, machine learning support provided by the respective station. A textual diagnostic prompt relating to network conditions of the network is transmitted by the access point and to at least a first station of the set of stations. A textual response to the diagnostic prompt is received by the access point and from the first station, where the first station generated the textual response based on processing the textual diagnostic prompt using a first machine learning model. One or more network settings are modified based on the textual response.

Abstract: In one embodiment, a supervisory device in a network forms a virtual access point (VAP) for a node in the network. A set of access points (APs) in the network are mapped to the VAP as part of a VAP mapping and the node treats the APs in the VAP mapping as a single AP for purposes of communicating with the network. The supervisory device receives measurements from the APs in the VAP mapping regarding communications associated with the node. The supervisory device identifies a movement of the node based on the received measurements from the APs in the VAP mapping. The supervisory device adjusts the set of APs in the VAP mapping based on the identified movement of the node.

Abstract: Techniques for adaptively adjusting retry limits and modulation and coding scheme (MCS) thresholds are provided. A first network device receives a traffic flow from a second network device via a wireless network. The first network devices analyzes the traffic flow to identify a network service associated with the traffic flow. The first network device examines one or more predefined network service policies to determine one or more characteristics of the network service. The first network device detects a network congestion within the wireless network. Responsive to detecting the network congestion, the first network device switches to a congestion management mode, which further comprises that the first network device determines one or more network transmission settings for the traffic flow based on the one or more characteristics, and communicates the one or more network transmission settings to the second network device.

Abstract: Devices, networks, systems, methods, and processes for calibration of barometric sensors in the devices are described herein. A device may include a barometric sensor for measuring an observed pressure value at a geolocation of the device. The device can receive one or more reference pressure values from multiple sources. The device may compare the one or more reference pressure values with the observed pressure value to determine an offset pressure value. The device can calibrate or re-calibrate the barometric sensor based on the offset pressure value. The device may determine an altitude value based on the observed pressure value. The device can further optimize the altitude value after calibration of the barometric sensor. The device may dynamically re-calibrate the barometric sensor to adapt to changing environmental conditions in real-time. The device may also periodically re-calibrate the barometric sensor to reduce or eliminate an effect of drift in the barometric sensor.

Abstract: Described herein are devices, systems, methods, and processes for optimizing network traffic distribution across multiple paths in a manner that is energy-efficient and environmental sustainability-aware. This may be achieved by leveraging time-series analytics and capacity planning based on seasonalities. Data associated with the Layer 3 topology of the network can be collected. Bandwidth can be pre-reserved on an energy-aware traffic engineering tunnel. The time-series data can be used to build a capacity plan based on the seasonalities. Nodes may be clustered based on usage patterns and network utilization seasonality. The data can be used to make decisions about when and where to combine or shut down paths for energy efficiency, while maintaining optimal network performance. A hysteresis mechanism may be incorporated to avoid oscillation when changing active links. Power savings can be achieved by fully turning off or depowering certain network components when they are not needed.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: In one embodiment, a method comprises: outputting, by a gateway device in a wireless data network comprising wireless network devices, a rule template for execution by any of the wireless network devices, the rule template comprising a device information variable for insertion of a device-specific value by a corresponding wireless network device executing the rule template, a context variable for insertion, by the wireless network devices, of a generic network context, and a compression rule specifying a compression operation and a corresponding decompression operation; and providing the generic network context to the wireless network devices, enabling each wireless network device to selectively execute the rule template, for execution of one of the compression operation on a network protocol data packet or the corresponding decompression operation for recovery of the network protocol data packet, based on the insertion of the corresponding device-specific value for the device information variable.

Abstract: A method includes receiving, at a first edge node, an Internet Protocol (IP) multicast address of a first silent host node. The method further includes receiving, at a second edge node, an IP multicast address of a second silent host node. The IP multicast address of the first silent host node is equal to the IP multicast address of the second silent host node. The method further includes storing the IP multicast address of the first and second silent host node in a shared entry of a routing table. The method further includes receiving, at a third edge node, a packet from a third host node and determining that a destination address of the packet corresponds to the IP multicast address stored in the shared entry of the routing table. The method further includes sending the packet to both the first host node and the second host node.

Abstract: In one embodiment, an access point is configured with a plurality of resource units (RUs). Each RU is configured to use a frequency range that differs from frequency ranges used by the other RUs. The access point determines a pattern of recurring signal performance over time. For each RU of the plurality of RUs, the pattern indicates the recurring signal performance with respect to a station when the station is located in a given physical location. The access point allocates one or more of the RUs for communicating with the station. The pattern is used for avoiding allocation of any of the RUs for which the station is predicted to experience strong multipath fading or other destructive interference.

Abstract: A first address resolution request may be received by a first access switch from a first device and the address resolution request may be resolved by the first access switch with a central database of a network. Then a second address resolution request may be sent to a sensor by the first access switch in response to resolving the first address resolution request. An address resolution response may then be sent by the sensor to the first device in response to the sensor determining that the first device is a bad endpoint. A session may then be established between the sensor and the first device in response to the sensor sending the address resolution response. The first device may then be prompted by the sensor via the established session to resolve issues that lead the sensor to determine that the first device is a bad endpoint.

Abstract: In one embodiment, a method is disclosed comprising monitoring dynamic locations of a plurality of mobile communication devices within a physical area covered by a wireless communication network, wherein keys are distributed to the mobile communication devices at association time; determining that a particular mobile communication device should have a relay for communication with the network based on a first location of the particular mobile communication device and inadequate wireless communication characteristics at the first location; selecting an opportunistic relay device from the mobile communication devices based on a second location of the opportunistic relay device and adequate wireless communication characteristics of the opportunistic relay device within the network and to the first location from the second location; and directing the opportunistic relay device to relay communications for the particular mobile communication device at the first location, wherein the communications are encrypted base

Abstract: This disclosure describes techniques for device to device authentication. For instance, a first device may detect a second device, such as when a user physically attaches the second device to the first device or when the second device wireless communicates with the first device. A component of the first device and/or an authentication entity may then determine to authenticate the second device. In some instances, the component determines to authenticate the second device using information associated with an environment of the second device. To authenticate the second device, the authentication entity may send a request to a user, receive a response from the user, and then verify the response. After the authentication, the first device may determine that the second device includes a trusted device and establish a connection with the second device.

Abstract: Described herein are devices, systems, methods, and processes for optimizing network traffic distribution across multiple paths in a manner that is energy-efficient and environmental sustainability-aware. This may be achieved by leveraging time-series analytics and capacity planning based on seasonalities. Data associated with the Layer 3 topology of the network can be collected. Bandwidth can be pre-reserved on an energy-aware traffic engineering tunnel. The time-series data can be used to build a capacity plan based on the seasonalities. Nodes may be clustered based on usage patterns and network utilization seasonality. The data can be used to make decisions about when and where to combine or shut down paths for energy efficiency, while maintaining optimal network performance. A hysteresis mechanism may be incorporated to avoid oscillation when changing active links. Power savings can be achieved by fully turning off or depowering certain network components when they are not needed.

Abstract: Techniques for detecting and/or confirming a Man-in-The-Middle (MiTM) attack using Fine Timing Measurement (FTM) are provided. In one aspect, a FTM exchange is initiated between a second station and a first station to detect or confirm a MiTM attack in a network in which a MiTM is positioned between the first station and a third station. The MiTM attack is detected or confirmed, or both, based at least in part on FTM information determined during the FTM exchange.

Abstract: In one embodiment, a process determines wireless station (STA) load and schedule of two or more access point (AP) radios. The process then develops a coordination between the two or more access point radios to limit downtime for one or more multi-link wireless devices capable of multi-link operation (MLO) on two or more channels. The process further causes the one or more multi-link wireless devices to move between access point radios based on the wireless station load and schedule and according to the coordination.

Abstract: Techniques for using Prefix Address Translation (PAT), Mobile Internet Protocol (MIP), and/or other techniques to anonymize server-side addresses in data communications. Rather than allowing a server and/or endpoint have visibility of a client IP address of a client device accessing the server and/or endpoint, a virtual network service instead returns a PAT IP address that is mapped to the client device and/or the endpoint device. In this way, IP addresses of clients devices are obfuscated by the virtual network. The client device may then communicate data packets to the server and/or endpoint using the PAT IP address as the source address, and the virtual network service that works in conjunction with the server and/or endpoints can convert the PAT IP address to the actual IP address of the client for return packets using PAT and forward the return packet onto the client device.