Abstract: A method of managing data streaming processes may include at a processing device, computing hypertext transmission protocol version 3 (HTTP/3) header of a first message received at a first network interface controller (NIC) into a first control message and a second control message, and transmitting the first control message to the first NIC associated with the processing device. The method may further include transmitting the second control message to a second NIC associated with the processing device, and with the first control message and the second control message, transmitting data directly between the first NIC and the second NIC.

Abstract: A method is provided that includes injecting a trace agent within a side-car container on a first microservice that runs in a point-of-delivery (POD) on a compute device; when an API request is made from the first microservice to a second microservice the trace agent adds traceability metadata in a header within application data of the API request and within an application-layer protocol header of the API request. A mapping table is generated or updated, the mapping table including entries for identification information associated with the API request. When an API reply is received at the first microservice from the second microservice, the identification information in the mapping table is updated. The mapping table may be exported to a collector device that is configured to reconcile API communications between the first microservice and the second microservice using contents of the mapping table.

Abstract: A method to protect data in a database. The method includes detecting an actual flow path for an API call between a source node and a destination node, determining whether the actual flow path for the API call deviates from an expected flow path for the API call, and in response to determining that the actual flow path for the API call deviates from the expected flow path by a predetermined threshold, denying access to data sought by the API call at the destination node.

Abstract: A method of managing data streaming processes may include at a processing device, computing hypertext transmission protocol version 3 (HTTP/3) header of a first message received at a first network interface controller (NIC) into a first control message and a second control message, and transmitting the first control message to the first NIC associated with the processing device. The method may further include transmitting the second control message to a second NIC associated with the processing device, and with the first control message and the second control message, transmitting data directly between the first NIC and the second NIC.

Abstract: Techniques are described herein for managing access to sensitive data detected within an electronic communication. In some embodiments, such techniques may comprise receiving, from a sender, an electronic communication directed toward a first recipient. The techniques may then comprise identifying one or more pieces of sensitive data within the electronic communication, providing a content of the one or more pieces of sensitive data to a data hosting device to be stored in a memory location and first information associated with the first recipient used to access the memory location, updating the electronic communication to replace the one or more pieces of sensitive data with a reference to the memory location, and transmitting the electronic communication to the first recipient.

Abstract: A method of managing data storage processes may include, at a processing device, computing a hypertext transmission protocol version 3 (HTTP/3) header of a first message received at a network interface controller (NIC) device into a non-volatile memory express (NVMe) message, transmitting the NVMe message to a device associated with the processing device, and with the NVMe message, transmitting data directly between a NIC and the data storage device.

Abstract: According to one or more embodiments of the disclosure, an example process herein may comprise: causing, responsive to a triggering event, establishment of a service tree that follows a same path as a multicast parent tree through a data communication network to one or more intended recipient devices; causing a duplication of a particular flow from the multicast parent tree to the service tree; causing a determination of a performance characteristic of the particular flow through the service tree; and causing an association of the performance characteristic with the multicast parent tree.

Abstract: In one embodiment, a method comprises: receiving, by a process, an executed function flow of a daisy chained serverless function-as-a-service (FaaS) function, the executed function flow having been injected with a particular trace identifier in response to an initial event trigger and span identifiers having been injected by each service that was executed; generating, by the process, a serverless flow graph associated with the particular trace identifier based on linking a path of serverless functions according to correlation of the span identifiers between the serverless functions; performing, by the process, a trace-based analysis of the serverless flow graph through comparison to a baseline of expectation; detecting, by the process, one or more anomalies in the serverless flow graph according to the trace-based analysis; and mitigating, by the process, the one or more anomalies in the serverless flow graph.

Abstract: This disclosure describes techniques for policy validation techniques relating to data traffic routing among network devices. The techniques may include processing a validation request from a controller. A validation request may include information related to a computed path for routing data traffic in a computing network. The processing may include sending one or more path requests to one or more redundant controllers, and comparing computed paths from the redundant controller(s) to the originally computed path. The techniques may include generating a validation response based on comparing the computed paths. In some examples, the techniques may further include determining a health score for the controller. Policy validation techniques may improve data traffic routing among network devices by helping to ensure valid policies are produced.

Abstract: This disclosure describes using a dynamic proxy for securing communications between a source within a cloud environment and an application container. The techniques include intercepting traffic directed to an application container, analyzing the traffic and traffic patterns, and allowing or preventing the traffic from being delivered to the application container based on the analysis. A traffic analysis engine may determine whether the traffic is considered safe and is to be allowed to be delivered to the application container, or whether the traffic is considered unsafe and is to be prevented from being delivered to the application container, According to some configurations, the address(es) to the network interfaces (e.g., WIFI or Eth0) are abstracted to help ensure security of the application containers.

Abstract: A method performed by a controller configured to communicate with one or more cloud platforms that are configured to host application components, which are configured to implement user services over a network, the method comprising: generating an application dependency mapping of the application components; collecting traffic flow data to identify data transfers between the application components; defining an application boundary around particular application components of the application components in the application dependency mapping; overlaying the application dependency mapping, the traffic flow data, and the application boundary, to identify particular data transfers between the particular application components; computing a network cost based on individual costs of the particular data transfers; and adding, to the network cost, compute and storage costs for the particular application components, to produce a total cost of using the particular application components.

Abstract: In one embodiment, a method herein comprises: determining a set of flows to be monitored within a computer network; determining, by the device, a set of nodes within the computer network through which the set of flows traverse; determining monitoring capabilities for the set of nodes; generating an assignment for each particular node of the set of nodes to monitor a subset of one or more flows of the set of flows based on the monitoring capabilities of each particular node, wherein the assignment for each particular node of the set of nodes ensures that each flow of the set of flows is monitored by at least one or more nodes of the set of nodes; and instructing the set of nodes to monitor the set of flows according to the assignment for each particular node of the set of nodes.

Abstract: This disclosure describes techniques for configuring an edge router of a communication provider network, the edge router coupled to communicate with a plurality of media streaming playback devices. Based at least in part on an indication of characteristics associated with the plurality of media streaming playback devices, a first multicast join for the edge router is configured to the communication provider network such that one or more media servers delivers a first plurality of media streams to the edge router via the communication provider network. Based at least in part on an indication of a request for an additional media stream not included in the first plurality of media streams, a second multicast join for the edge router is configured to the communication provider network such that the one or more media servers delivers the additional media stream to the edge router via the communication provider network.

Abstract: A method is provided for interchangeably allocating radio resources between a non-standalone (NSA) network and a standalone (SA) network in an overlapping area of coverage. The method may include monitoring utilization of radio resources of the SA network and the radio resources of the NSA network by a radio access network (RAN) intelligent controller (RIC). The method may also include determining that utilization of radio resources in one of the SA network or the NSA network is high by the RIC while utilization of radio resources in the other of the SA network or the NSA network having excess capacity. The method may also include reallocating radio resources from the one of the SA network or the NSA network having high radio resource utilization to the other of the SA network or the NSA network has excess capacity by the RIC.

Abstract: Blockchain technology is used to provide distributed authentication, entitlements and trust among different virtual Radio Access Network (vRAN) elements. An enterprise blockchain with interfaces enables multi-vendor vRAN deployment across multiple service providers. In another embodiment, a method is provided for authenticating entities in a virtualized radio access network to ensure various entitles are in fact entitled to participate in various radio access network operations.

Abstract: This disclosure describes using a dynamic proxy for securing communications between a source within a cloud environment and an application container. The techniques include intercepting traffic directed to an application container, analyzing the traffic and traffic patterns, and allowing or preventing the traffic from being delivered to the application container based on the analysis. A traffic analysis engine may determine whether the traffic is considered safe and is to be allowed to be delivered to the application container, or whether the traffic is considered unsafe and is to be prevented from being delivered to the application container, According to some configurations, the address(es) to the network interfaces (e.g., WIFI or Eth0) are abstracted to help ensure security of the application containers.

Abstract: A solution for selecting an optimal user Plane entity (with Control and User Plane Separation (CUPS)) per UE during seamless roaming. In one embodiment, a method is provide that is performed by a control plane entity in a mobile core network that supports inter public land mobile network (PLMN) roaming among two or more PLMNs. The method includes obtaining a create session request from an entity in a second PLMN to which a user equipment has roamed from a first PLMN; selecting a particular user plane entity among a plurality of user plane entities based on one or more user equipment related parameters; and establishing a session with the particular user plane entity to serve user plane traffic in the mobile core network for the user equipment.

Abstract: A system is provided that includes one management cluster to manage network function virtualization infrastructure (NFVI) resources lifecycle in more than one edge POD locations, where resources include hardware and/or software, and where software resources lifecycle includes software development, upgrades, downgrades, logging, monitoring etc. Methods are provided for decoupling storage from compute and network functions in each virtual machine (VM)-based NFVI deployment location and moving it to a centralized location. Centralized storage could simultaneously interact with more than one edge PODs, and the security is built-in with periodic key rotation. Methods are provided for increasing NFVI system viability by dedicating (fencing) CPU core pairs for specific controller operations and workload operations, and sharing the CPU cores for specific tasks.

Abstract: The present technology is directed to a system and method for automatic triggering of relevant code segments corresponding to a sequence of code segments or function codes having a preferred execution order. The automatic triggering action is based on the snooping of a response generated from an execution of a previous code segment. Information with respect to the next code segment in the preferred execution order may be obtained by directing a network proxy, such as Envoy to snoop the Uniform Resource Identifier (URI) field of a response packet being forwarded to a client entity. In this way, a network proxy may preemptively spawn and instantiate the following function codes (pointed to by the snooped Uniform Resource Identifier) prior to receiving the corresponding client request. As such, by the time a client request for the subsequent function code is received the code ready for execution.

Abstract: Blockchain technology is used to provide distributed authentication, entitlements and trust among different virtual Radio Access Network (vRAN) elements. An enterprise blockchain with interfaces enables multi-vendor vRAN deployment across multiple service providers. In another embodiment, a method is provided for authenticating entities in a virtualized radio access network to ensure various entitles are in fact entitled to participate in various radio access network operations.