Abstract: In one embodiment, a method comprises: receiving, by a parent network device providing at least a portion of a directed acyclic graph (DAG) according to a prescribed routing protocol in a low power and lossy network, a destination advertisement object (DAO) message, the DAO message specifying a target Internet Protocol (IP) address claimed by an advertising network device in the DAG and the DAO message further specifying a secure token associated with the target IP address; and selectively issuing a cryptographic challenge to the DAO message to validate whether the advertising network device generated the secure token.

Abstract: A method includes receiving, at a home controller of a home domain and from a first device in the home domain, a first message concerning a user device that is anchored to the home domain and that has roamed from the home domain to a visitor domain. The method also includes, in response to determining that the first device is a router, opening a tunnel between the home controller and a visitor controller of the visitor domain and communicating the first message to the user device through the tunnel. The method further includes receiving, at the home controller and from a second device in the home domain, a second message concerning the user device and in response to determining that the second device is not a router, communicating, to the second device, a proxy response to the second message.

Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server trains a machine learning-based behavioral model for the particular node based on the redirected traffic. The server controls whether a particular redirected traffic flow associated with the node in the LAN is sent to a destination of the traffic flow using the trained behavioral model.

Abstract: The present disclosure is directed to systems and methods for first hop security in a multi-site and multi-vendor cloud. The method may include receiving, at a first hop security (FHS) device located within a defined security perimeter, a message from a first host; validating a security of the message; signing the message with a signature to prove validation of the message, the signature comprising at least a Crypto-ID Parameters Option (CIPO) and a Neighbor Discovery Protocol Signature Option (NDPSO); and transmitting the signed message to one or more network FHS devices within the security perimeter.

Abstract: Providing for time sensitive networking (TSN) traffic in high density deployments is described. An access point (AP) is a high density deployment receives a message identifying another AP as a TSN neighbor and also detects a TSN device within an area covered by the APs. This arrangement may cause traffic interruptions for the TSN traffic between the TSN device and the APs. In order to prevent disruption in TSN traffic, a TSN time slot and a resource unit (RU) is determined for each of the APs, and the TSN traffic is communicated between the various devices in network according to the determined TSN time slot and RU.

Abstract: Techniques for leveraging MLD capabilities at edge nodes of network fabrics to receive SNMAs from silent hosts, and creating unicast addresses from the SNMAs for the silent nodes that are used as secondary matches in a network overlay if primary unicast address lookups fail. The edge nodes described herein may act as snoopers of MLD reports in order to identify the SNMAs of the silent hosts. The edge nodes then forge unicast addresses for the silent hosts that match with the least three bytes of the SNMAs. The forged unicast addresses are presented as unicast MAC/IP mappings in the fabric overlay. In situations where a primary IP address lookup fails, the look-up device performs a secondary lookup for a mapped address that has the last three bytes of the IP address. If a mapping is found, the lookup is sent as a unicast message to the matching MAC address.

Abstract: In one embodiment, a method comprises determining, by a controller device in a low power and lossy network (LLN), that a first LLN border device is in a first personal area network (PAN) having a first directed acyclic graph (DAG) topology, and that the first LLN border device is a neighbor of a second LLN border device in a second PAN of the LLN having a second DAG topology; receiving a path request for a third LLN device in the first PAN to reach a fourth LLN device in the second PAN; and generating an inter-PAN path between the third LLN device and the fourth LLN device via the first and second LLN border devices, the inter-PAN path providing a stitching between the first DAG topology and the second DAG topology.

Abstract: Systems and methods may include sending, to a network registrar, an extended duplicate address request (EDAR) message including a first nonce generated by a host computing device, and receiving, from the network registrar, an extended duplicate address confirmation (EDAC) message including a second nonce and a first signature, a first nonce pair including the first nonce and the second nonce being signed by the network registrar via a first key pair of the network registrar via the first signature. The systems and methods may further include sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and a public key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that a router through which the host computing device connects to a network is not impersonating the network.

Abstract: In one embodiment, a method comprises: classifying, by a controller device, a first access point device in a WLAN as a leader access point for a wireless client device, and at least a second access point device as a follower access point; and allocating, to the leader access point, a shortened medium access control layer timer (“timer”) that is shorter than a prescribed timer used by the follower access point, the shortened timer causing the leader access point to respond to reception of a wireless data packet from the wireless client device by transmitting an acknowledgment to the wireless client device upon expiration of the shortened timer; the prescribed timer causing the follower access point to defer to the leader access point based on the follower access point waiting for at least expiration of the prescribed timer before selectively transmitting a corresponding acknowledgment in response to receiving the wireless data packet.

Abstract: In one embodiment, a method is performed. A spine node in communication with a network may determine a subtree of a shadow cone of the spine node. The subtree may comprise a plurality of nodes and a plurality of links connecting pairs of the nodes. The spine node may determine a disaggregated route to a first leaf node to which a disaggregated prefix may be attached. The disaggregated route may be propagated to the plurality of the nodes of the subtree.

Abstract: Techniques for leveraging MLD capabilities at edge nodes of network fabrics to receive SNMAs from silent hosts, and creating unicast addresses from the SNMAs for the silent nodes that are used as secondary matches in a network overlay if primary unicast address lookups fail. The edge nodes described herein may act as snoopers of MLD reports in order to identify the SNMAs of the silent hosts. The edge nodes then forge unicast addresses for the silent hosts that match with the least three bytes of the SNMAs. The forged unicast addresses are presented as unicast MAC/IP mappings in the fabric overlay. In situations where a primary IP address lookup fails, the look-up device performs a secondary lookup for a mapped address that has the last three bytes of the IP address. If a mapping is found, the lookup is sent as a unicast message to the matching MAC address.

Abstract: A wireless device can achieve higher predictability for its transmissions by inserting a placeholder frame in a transmission queue before time sensitive data has been received. In addition, a contention countdown associated with the placeholder frame can start before the time sensitive data is ready for transmission. Once the data is available, the device can insert the data into the payload of the placeholder frame, thereby reducing the wait time before the data can be transmitted wirelessly. Additionally, the device can improve reliability by transmitting data using multiple subcarrier RUs in a channel. The data blocks and the duplicative data can be transmitted in parallel using the subcarrier RUs. If a subset of the subcarrier RUs are blocked because of narrowband interference, the receiving device can nonetheless recover the data blocks and reconstruct the packet from the data transported on the RUs that did not have interference.

Abstract: In one illustrative example, a network node connected in a network fabric may identify that it is established as part of a multicast distribution tree for forwarding multicast traffic from a source node to one or more host receiver devices of a multicast group. In response, the network node may propagate in the network fabric a message for advertising the network node as a candidate local source node at which to join the multicast group. The message for advertising may include data such as a reachability metric. The propagation of the message may be part of a flooding of such messages in the network fabric. The network node serving as the candidate local source node may thereafter “locally” join a host receiver device in the multicast group at the network node so that the device may receive the multicast traffic from the source node via the network node.

Abstract: Optimal determination of wireless network pathway configurations may be provided. A computing device may receive an error profile and a response instruction associated with the error profile, as generated by a network controller. The computing device may then monitor, for an error, on a communication Track, in a network, between an ingress node and an egress node. Then, the computing device, upon detecting the error, can determine that the error is similar to the error profile, and based on the determination that the error is similar to the error profile, enact the response instruction. The response instruction can direct the computing device to switch from the communication Track to a communication subTrack between the ingress node and the egress node.

Abstract: Techniques are provided that validate a participant in a video conference. As a video conferencing system is remote from a video conference participant, and user devices are not trusted, traditional methods such as client side facial recognition are ineffective at validating a participant from a video conferencing system. Thus, the embodiments encode modulated data for projection onto a face of the participant. A video of the participant is then captured. The conferencing system then confirms that the modulated data is present in the captured video.

Abstract: In one embodiment, a method comprises: identifying, by a low power and lossy network (LLN) device in a low power and lossy network, a minimum distance value and a distance limit value for limiting multicast propagation, initiated at the LLN device, of a multicast data message in the LLN; and multicast transmitting, by the LLN device, the multicast data message with a current distance field specifying the minimum distance value and a distance limit field specifying the distance limit value, the multicast transmitting causing a receiving LLN device having a corresponding rank in the LLN to respond to the multicast data message by: (1) determining an updated distance based on adding to the current distance field a rank difference between the receiving LLN device and the LLN device, and (2) selectively retransmitting the multicast data message if the updated distance is less than the distance limit value.

Abstract: This disclosure describes techniques for monitoring expected behavior of devices in a computing network. Behavior of network devices may include performing various functions associated with transferring data packets through the computing network. Monitoring expected behavior may include sending a probe packet into the computing network, and determining whether network devices behave as expected with respect to the probe packet. In some examples, behaviors such as replicating, forwarding, eliminating, ordering, and/or other functions regarding data packets may be validated using the present techniques. As computing networks and/or operations become more complex, assuring the expected behavior of network devices may become more important for the continued efficient, smooth, successful, and/or timely flow of data traffic.

Abstract: Techniques for providing a non-blocking fabric in a network are described. A network controller determines the network requirement for various network traffic types on the network and determines the allocation of resources across the network needed to establish a midlay, including midlay components on the network. The network controller then establishes the midlay on the network according to the determined allocation. At least one of the midlay components is a virtually non-blocking fabric for high-priority traffic or fully non-blocking fabric for deterministic traffic.

Abstract: A management device for a low power wide area network can: generate and send, to each constrained wireless network device via a wired gateway, a link layer multicast listener command specifying a listening interval and causing each constrained wireless network device to change from a low-power optimized mode to a listening mode until reception of a multicast data packet within the listening interval; generate collision avoidance parameters including a minimum waiting interval, a maximum waiting interval relative to the listening interval, and a redundancy constant; and instruct the wired gateways to selectively transmit the multicast data packet based on the collision avoidance parameters, wherein each wired gateway responds by waiting a randomly-selected wait interval between the minimum and maximum waiting intervals, and selectively transmitting the multicast data packet only if a received number of the multicast data packet by the corresponding wired gateway is less than the redundancy constant.

Abstract: Optimal determination of wireless network pathway configurations may be provided. A computing device may receive an error profile and a response instruction associated with the error profile, as generated by a network controller. The computing device may then monitor, for an error, on a communication Track, in a network, between an ingress node and an egress node. Then, the computing device, upon detecting the error, can determine that the error is similar to the error profile, and based on the determination that the error is similar to the error profile, enact the response instruction. The response instruction can direct the computing device to switch from the communication Track to a communication subTrack between the ingress node and the egress node.