Abstract: In one embodiment, an access point is configured with a plurality of resource units (RUs). Each RU is configured to use a frequency range that differs from frequency ranges used by the other RUs. The access point determines a pattern of recurring signal performance over time. For each RU of the plurality of RUs, the pattern indicates the recurring signal performance with respect to a station when the station is located in a given physical location. The access point allocates one or more of the RUs for communicating with the station. The pattern is used for avoiding allocation of any of the RUs for which the station is predicted to experience strong multipath fading or other destructive interference.

Abstract: In one embodiment, a method comprises causing, by an apparatus, establishment of first and second multicast trees within one or more underlay switching fabrics of one or more fat tree topologies, the first and second multicast trees comprising first and second multicast roots for multicast transmission to leaf network devices in the respective first and second multicast trees; causing, by the apparatus, establishment of an overlay tunnel between the first and second multicast roots, the overlay tunnel independent and distinct from the first and second multicast trees; causing the first multicast root to multicast transmit, via the first multicast tree, a data packet having been transmitted to the first multicast root; and causing the first multicast root to unicast transmit the data packet to the second multicast root via the overlay tunnel, for multicast transmission of the data packet by the second multicast root via the second multicast tree.

Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.

Abstract: In one embodiment, a method comprises identifying a fat tree network topology comprising top-of-fabric (ToF) switching devices, an intermediate layer of intermediate switching devices connected to each of the ToF switching devices, and a layer of leaf network devices; and causing a first leaf network device to initiate establishment of first and second redundant multicast trees for multicasting of data packets, including: causing first and second ToF switching devices to operate as roots of the first and second multicast trees according to first and second attribute types, respectively, causing the first leaf network device to select first and second of the intermediate switching devices as first and second flooding relays belonging to the first and second attribute types, respectively, and causing the first and second flooding relays to limit propagation of registration messages generated by the first leaf network device to the first and second ToF switching devices, respectively.

Abstract: A particular fat tree network node stores default routing information indicating that the particular fat tree network node can reach a plurality of parent fat tree network nodes of the particular fat tree network node. The particular fat tree network node obtains, from a first parent fat tree network node of the plurality of parent fat tree network nodes, a negative disaggregation advertisement indicating that the first parent fat tree network node cannot reach a specific destination. The particular fat tree network node determines whether the first parent fat tree network node is the only parent fat tree network node of the plurality of parent fat tree network nodes that cannot reach the specific destination. If so, the particular fat tree network node installs supplemental routing information indicating that every parent fat tree network node except the first parent fat tree network node can reach the specific destination.

Abstract: This disclosure describes techniques for authenticating a user device for a session. For instance, an authentication entity may authenticate a user device using single sign-on authentication and/or multi-factor authentication. The authentication entity may then determine a duration for which the user device is authenticated for the session. For example, the authentication entity may receive information representing a state of an environment of the user device. The authentication entity may then use the information to identify one or more transitions associated with the environment between the session and a previous session. Using the one or more transitions, the authentication entity may determine the duration for the session by increasing or decreasing a previous duration associated with the previous session.

Abstract: In one embodiment, a device in a mesh network joins a source-destination oriented partial directed acyclic graph (SDO-PDAG) between a source node and a destination node in the network. The device receives operations, administration and maintenance (OAM) packets flooded along reverse paths of the SDO-PDAG. The device determines, based on the received OAM packets, packet drop rate (PDR) capacities of different paths between the device and the destination node. The device replicates a data packet sent from the source node to the destination node along two or more of the paths between the device and the destination node, based on the determined PDR capacities of those paths.

Abstract: A method by a wireless network device in a wireless data network comprises: joining a non-storing mode destination-oriented directed acyclic graph (DODAG) in response to receiving a multicast DODAG information object (DIO) message originated by a root device; generating and transmitting a unicast destination advertisement (DAO) message destined for the root device and indicating the wireless network device has joined the DODAG; advertising as a subroot of a subDAG in the DODAG, based on outputting a second message specifying subDAG information identifying the subDAG; receiving a second unicast DAO message generated by a child network device in the subDAG and addressed to the wireless network device, the second unicast DAO message indicating the child network device has joined the subDAG; and generating and sending a third unicast DAO message to the root device specifying the child network device is reachable via the wireless network device.

Abstract: In one embodiment, a method comprises causing, by a network controller device, a first access point (AP) device to initiate a reverse sounding operation comprising wirelessly requesting a mobile constrained network device to transmit a null data packet (NDP) at a first transmission interval, wirelessly receiving the NDP at the first transmission interval, and generating a reception report describing reception of the NDP and including beamforming information; causing, by the network controller device, a second AP device to generate a corresponding reception report describing a corresponding wireless detection of the NDP at the first transmission interval; and causing, by the network controller device, the mobile constrained network device to connect to a selected one of the first AP device or the second AP device for an identified data flow based on the respective reception reports from the first and second AP devices.

Abstract: This disclosure describes techniques for device to device authentication. For instance, a first device may detect a second device, such as when a user physically attaches the second device to the first device or when the second device wireless communicates with the first device. A component of the first device and/or an authentication entity may then determine to authenticate the second device. In some instances, the component determines to authenticate the second device using information associated with an environment of the second device. To authenticate the second device, the authentication entity may send a request to a user, receive a response from the user, and then verify the response. After the authentication, the first device may determine that the second device includes a trusted device and establish a connection with the second device.

Abstract: In one embodiment, a method comprises: registering, by a root network device in a low power and lossy network, a constrained network device that is reachable within the low power and lossy network; obtaining, by the root network device, executable code associated with execution of a network service operation by the constrained network device; receiving a data packet from a source device and destined for the constrained network device; and causing execution on the data packet, by the root network device, of the network service operation on behalf of the constrained network device in response to reception of the data packet.

Abstract: Embodiments include technologies for creating a manifest for a conferencing event in a network, adding a name tag identifying the conferencing event to the manifest, receiving an interest packet including one or more parameters indicating a named flow being produced at a source node, adding content metadata of the named flow to the manifest, and sending the manifest to the source node. Further embodiments include adding, to the manifest, session-level metadata associated with a user of the source node. Embodiments include receiving a second interest packet with one or more second parameters identifying a user of a client node, where the second interest packet indicates a request to authorize the user of the client node to subscribe to the conferencing event. In further embodiments, session-level metadata associated with the user is added to the manifest if the user is authorized to subscribe to the conferencing event.

Abstract: Various embodiments disclosed herein enable performing energy detection on a subset of a channel. In various embodiments, a method of performing energy detection is performed by a computing device. In various embodiments, the computing device includes a wireless transceiver, one or more processors, and a non-transitory memory. In various embodiments, the method includes performing energy detection on one or more overlapping portions of a first channel and a second channel. In some embodiments, the method includes determining whether a detected energy level from the energy detection satisfies a threshold. In some embodiments, the method includes transmitting a signal into the first channel based on the threshold being satisfied.

Abstract: In one embodiment, an access point is configured with a plurality of resource units (RUs). Each RU is configured to use a frequency range that differs from frequency ranges used by the other RUs. The access point receives first information indicating, for each RU, a first signal quality that the station associates with the respective RU. The access point receives second information indicating, for each RU, a second signal quality that the station associates with the respective RU. The access point further determines, based on at least the first information and the second information, a pattern indicating a recurring signal quality that the station associates with each RU. The access point uses the pattern to allocate one of the RUs for communicating with the station.

Abstract: In one embodiment, a method comprises determining, by a link layer switch within a distributed link layer switched data network, a trust metric for a media access control (MAC) address used by a network device on a link layer connection provided by the link layer switch; receiving, by the link layer switch, a query originated by a second link layer switch in the distributed link layer switched data network, the query specifying the MAC address and a corresponding specified trust metric; and responding to the query, by the link layer switch, based on determining whether the specified trust metric indicates a higher trust level than the corresponding trust metric for the MAC address used by the network device on the link layer connection.

Abstract: This disclosure describes techniques for monitoring expected behavior of devices in a computing network. Behavior of network devices may include performing various functions associated with transferring data packets through the computing network. Monitoring expected behavior may include sending a probe packet into the computing network, and determining whether network devices behave as expected with respect to the probe packet. In some examples, behaviors such as replicating, forwarding, eliminating, ordering, and/or other functions regarding data packets may be validated using the present techniques. As computing networks and/or operations become more complex, assuring the expected behavior of network devices may become more important for the continued efficient, smooth, successful, and/or timely flow of data traffic.

Abstract: A method includes identifying within a network topology, by an apparatus, a plurality of network devices; and establishing by the apparatus, a multiple tree topology comprising a first multicast tree and a second multicast tree, the first and second multicast trees operable as redundant trees for multicast traffic in the network topology, the establishing including: allocating a first of the network devices as a corresponding root of the first multicast tree, allocating a first group of intermediate devices from the network devices as first forwarding devices in the first multicast tree, allocating a second group of intermediate devices as belonging to first leaf devices in the first multicast tree, and allocating terminal devices of the network devices as belonging to the first leaf devices, and allocating a second of the network devices as the corresponding root of the second multicast tree, allocating the second group of intermediate devices as second forwarding devices in the second multicast tree, alloca

Abstract: Time Sensitive Networking (TSN) in wireless environments may be provided. First, a Radio Frequency (RF) profile associated with a station may be received by a computing device. Next, a number of Transmit Opportunities (TxOPs) to use for transmitting data between an Access Point (AP) and the station based on the received RF profile may be determined. The determined number of TxOPs may then be provided to a wireless controller associated with the AP.

Abstract: In one example, a responder obtains an Operations, Administration, and Management/Maintenance (OAM) probe packet from a network entity operating as an initiator in a network, provides, to the initiator, a first response to the OAM probe packet over a first network path in the network, and further provides, to the initiator, a second response to the OAM probe packet over a second network path in the network that is different from the first network path. In another example, an initiator provides an OAM probe packet to a network entity operating as responder in a network, obtains, from the responder, a first response to the OAM probe packet over a first network path in the network, and further obtains, from the responder, a second response to the OAM probe packet over a second network path in the network that is different from the first network path.

Abstract: A cooling system for a networking device may be provided. The networking device may comprise a first plurality of switch bars each comprising a first switch type arranged parallel to one another, a second plurality of switch bars each comprising a second switch type arranged parallel to one another, and a third plurality of switch bars each comprising a third switch type arranged parallel to one another. The first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars may be arranged orthogonally. A plurality of cooling passages may be configured to supply a coolant to the apparatus and to exhaust the coolant from the apparatus. The coolant may pass through the first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars.