Abstract: Techniques that provide proactive and intelligent packet capturing are described herein. In one embodiment, a method includes storing information associated with a plurality of user equipment (UE) sessions of a plurality of UEs within a mobile network; detecting an anomaly associated with at least one UE session of at least one UE based, at least in part, on the information stored for the at least one UE session; and activating a trace for the at least one UE session based, at least in part, on detecting the anomaly associated with the at least one UE session, wherein activating the trace comprises capturing packet information for a data packet flow associated with the at least one UE session at one or more data-path network elements of a plurality of data-path network elements within the mobile network.

Abstract: A method of controlling performance of a wireless device is performed by a node that is in electronic communication with a cellular network. The node includes a processor, a non-transitory memory, and a network interface. The method includes receiving a performance value characterizing a performance of a communication channel between a wireless device and a wireless access point. In some implementations, the wireless device and the cellular network are associated with different radio access technologies (RATs). The method includes determining whether the performance value breaches a performance criterion for the wireless device. The method includes adjusting a first amount of data transmitted to the wireless device from a base station of the cellular network and a second amount of data transmitted to the wireless device from the wireless access point. In some implementations, the combined first and second amounts of data satisfy the performance criterion for the wireless device.

Abstract: The disclosed technology relates to systems and methods for automatically scaling down network resources, such as servers or gateway instances, based on predetermined thresholds. A system is configured to detect a reduction in one or more network metrics related to a first server, and instruct the first server to issue a rekey request to a plurality of devices connected to the first server. The system is further configured to instruct a load balancer to route to at least one other server responses from the plurality of devices to the rekey request, and determine a number of connections remaining between the first server and the plurality of devices. The system may be further configured to instruct the load balancer to terminate the first server based on the detected number of connections remaining between the first server and the plurality of devices.

Abstract: An example method is provided in one example embodiment and may include receiving, at a packet data network gateway (PGW), a packet associated with an Internet Protocol (IP) flow of a user equipment (UE); identifying a routing rule associated with the IP flow, wherein the routing rule comprises routing access information that identifies whether the IP flow can be routed across a plurality of access networks using weighted link aggregation; and selecting a particular access network to facilitate communications for the IP flow of the UE based on the routing rule. In some cases, the selecting can include assigning the IP flow of the UE to a bearer established for the UE for the particular access network.

Abstract: The disclosed technology relates a system is configured to generate a protected configuration for a network device based on network connectivity data for a plurality of devices in a managed network associated with a cloud management system. The system is further configured to receive a configuration change for the managed network, determine that the configuration change is incompatible with the protected configuration, and generate a notification that the configuration change is incompatible with the protected configuration.

Abstract: Various implementations disclosed herein enable identifying anomalies in a network. For example, in various implementations, a method of identifying anomalies in a network is performed by a network node. In various implementations, the network node includes one or more processors, and a non-transitory memory. In various implementations, the method includes generating a characteristic indicator that characterizes a device type based on communications associated with a first device of the device type. In various implementations, the method includes determining, based on communications associated with the first device, a performance indicator that indicates a performance of the first device. In various implementations, the method includes synthesizing an anomaly indicator as a function of the performance indicator in relation to the characteristic indicator.

Abstract: In one embodiment, an IoT server includes: processing circuitry, an I/O module operative to communicate with at least an IoT device and a vendor network server, and an onboarding application and operative to at least: receive an onboarding request from the IoT device via the I/O module, send a confirmation request to the vendor network server via the I/O module, where the confirmation request indicates a request to confirm an identity of the IoT device according to a connection to a network device authenticated by the vendor network server, receive a confirmation response from the vendor network server via the I/O module, where the confirmation response indicates whether the IoT device is connected to the network device, and if the confirmation response is a positive confirmation response that indicates that the IoT device is connected to the network device, onboard the IoT device for participation in an IoT-based system.

Abstract: In one embodiment, a server generates expected levels of capability associated with possible combinations of settings for first and second adjustable parameters for an aspect of a software image feature. The server receives an indication of a desired level of capability for the aspect of the software image feature and, based on the indication, identifies a particular expected level of capability associated with a particular possible combination of the settings for the first and second adjustable parameters. The particular expected level of capability is closer to a desired level of capability for an aspect of a software image feature than the other expected levels of capability associated with the possible combinations of the settings for the first and second adjustable parameters. The server produces a software image that includes the particular possible combination of the settings for the first and second adjustable parameters.

Abstract: Methods and systems to estimate encrypted multi-path TCP (MPTCP) network traffic include restricting traffic in a first direction (e.g., uplink) to a single path, and estimating traffic of multiple subflows of a second direction (e.g., downlink) based on traffic over the single path of the first direction. The estimating may be based on, without limitation, acknowledgment information of the single path, a sequence of acknowledgment numbers of the single path, an unencrypted initial packet sent over the single path as part of a secure tunnel setup procedure, TCP header information of the unencrypted initial packet (e.g., sequence number, acknowledgment packet, and/or acknowledgment packet length), and/or metadata of packets of the single path (e.g., regarding cryptographic algorithms, Diffie-Helman groups, and/or certificate related data).

Abstract: Various implementations disclosed herein enable identifying anomalies in a network. For example, in various implementations, a method of identifying anomalies in a network is performed by a network node. In various implementations, the network node includes one or more processors, and a non-transitory memory. In various implementations, the method includes generating a characteristic indicator that characterizes a device type based on communications associated with a first device of the device type. In various implementations, the method includes determining, based on communications associated with the first device, a performance indicator that indicates a performance of the first device. In various implementations, the method includes synthesizing an anomaly indicator as a function of the performance indicator in relation to the characteristic indicator.

Abstract: In one embodiment, a device identifies a predicted future location of a vehicle. The device uses a machine learning-based model to predict a dwell time for the vehicle at the predicted future location. The device determines, based on the predicted dwell time, whether the vehicle should associate with a wireless access point in the predicted future location. The device selects a particular wireless access point in the predicted future location for association, when the device determines that the vehicle should associate with a wireless access point in the predicted future location. The device initiates an association between the vehicle and the selected wireless access point, prior to the vehicle arriving at the predicted future location.

Abstract: Embodiments include receiving one or more packets of a Wi-Fi calling session via a secure tunnel from a user device, where the user device is connected to a source network via a Wi-Fi access point. Embodiments also include determining whether the Wi-Fi calling session is a threat based, at least in part, on identifying an anomaly of at least one packet of the one or more packets. An action can be taken if the Wi-Fi calling communication is determined to be a threat. More specific embodiments include determining the at least one packet is associated with the Wi-Fi calling session by correlating information in the packet with control plane data of the Wi-Fi calling session. Further embodiments can include intercepting the one or more packets in a second secure tunnel established between an evolved packet data gateway and a service provider network associated with the user device.

Abstract: Various implementations disclosed herein enable controlling access to networks. In various implementations, a method of controlling access to a network is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes obtaining an indication that a mobile device having access to a first network utilizing a first radio access technology (RAT) has requested access to a second network utilizing a second RAT. In some implementations, the method includes determining whether the access to the first network satisfies an authentication criterion associated with the second network. In some implementations, the method includes granting the mobile device access to the second network in response to determining that the access to the first network satisfies the authentication criterion associated with the second network.

Abstract: A server receives a certificate signing request and onboarding information for an applicant device, and identifies a customer associated with the applicant device based on an applicant device identifier and a database identifiers associated with customers. The device determines a registered device associated with the customer is a trusted device, a location trust value for the applicant device based on a geolocation proximity between the applicant device and the trusted device, and an environment trust value for the applicant device based on a proximity in a network topology between the applicant device and the trusted device. The device further determines a trust score for the applicant device based on the location trust value and the environment trust value, and sends a signed certificate to the applicant device over the network when the trust score for the applicant device exceeds a threshold.

Abstract: Various implementations disclosed herein enable identifying anomalies in a network. For example, in various implementations, a method of identifying anomalies in a network is performed by a network node. In various implementations, the network node includes one or more processors, and a non-transitory memory. In various implementations, the method includes generating a characteristic indicator that characterizes a device type based on communications associated with a first device of the device type. In various implementations, the method includes determining, based on communications associated with the first device, a performance indicator that indicates a performance of the first device. In various implementations, the method includes synthesizing an anomaly indicator as a function of the performance indicator in relation to the characteristic indicator.

Abstract: A method of controlling performance of a wireless device is performed by a node that is in electronic communication with a cellular network. The node includes a processor, a non-transitory memory, and a network interface. The method includes receiving a performance value characterizing a performance of a communication channel between a wireless device and a wireless access point. In some implementations, the wireless device and the cellular network are associated with different radio access technologies (RATs). The method includes determining whether the performance value breaches a performance criterion for the wireless device. The method includes adjusting a first amount of data transmitted to the wireless device from a base station of the cellular network and a second amount of data transmitted to the wireless device from the wireless access point. In some implementations, the combined first and second amounts of data satisfy the performance criterion for the wireless device.

Abstract: In various implementations, a method includes receiving a request to establish an end-to-end encrypted session between a device in an enterprise network and an external entity that is outside the enterprise network. In some implementations, the end-to-end encrypted session allows encrypted packets to be transmitted between the device and the external entity. In various implementations, the method includes determining whether the request satisfies an enterprise security criterion for establishing the end-to-end encryption session. In various implementations, the method includes in response to determining that the request satisfies the enterprise security criterion, triggering the establishment of the end-to-end encrypted session between the device in the enterprise network and the external entity that is outside the enterprise entity.

Abstract: An example method is provided in one example embodiment and may include receiving, at a packet data network gateway (PGW), a packet associated with an Internet Protocol (IP) flow of a user equipment (UE); identifying a routing rule associated with the IP flow, wherein the routing rule comprises routing access information that identifies whether the IP flow can be routed across a plurality of access networks using weighted link aggregation; and selecting a particular access network to facilitate communications for the IP flow of the UE based on the routing rule. In some cases, the selecting can include assigning the IP flow of the UE to a bearer established for the UE for the particular access network.

Abstract: An example method is provided in one example embodiment and may include determining a presence of user equipment (UE) in relation to small cell radio(s) of a small cell network based on information obtained through the small cell network and one or more parallel networks; and adjusting transmit power for the small cell radio(s) based on the presence of UE in relation to the small cell radio(s). Another example method can include determining that a UE in cell paging channel mode has changed its selected macro cell radio; determining that the UE is allowed service on a small cell radio located in a vicinity of a macro cell coverage area of a selected macro cell radio; and adjusting a transmit power of the small cell radio based on a presence of the UE in a surrounding macro cell coverage area of the small cell radio.

Abstract: An example method is provided in one example embodiment and includes receiving a request to relocate a user equipment (UE) from a source macro radio to an ambiguous small cell access point (AP), wherein the request includes a target cell identity (ID) encoded with a source macro cell identifier for the source macro radio and a target sub-carrier identifier for the ambiguous small cell AP; determining potential target small cell APs for relocation of the first UE using the using the first target cell ID, wherein each of the potential target small cell APs are within a coverage area of the source macro radio and operate using the target sub-carrier identifier; and preparing, for each of the potential target small cell APs, a common channel to receive relocation of the first UE. The first UE can relocate to a particular target small cell access point using the common channel.