Abstract: This disclosure describes techniques for employing an adaptive mechanism in communications among network devices. Adaptive mechanism techniques may include adapting network operations relative to characteristics of devices and/or network access technologies or mechanisms used in the network. Adaptation may help to accommodate a wider variety of types of devices. For instance, adaptive mechanism techniques may include determining, based on characteristics of a device in the network, a forwarding mechanism to be used at an access device to forward data traffic from the device to another device via the network. As such, adaptive mechanism techniques may provide more efficient integration of devices within a complex network, thereby improving network operations.

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

Abstract: Techniques are provided for controlling access entitlement for networking device data. In one example, a geographic location of a networking device is determined. A request to access data associated with the networking device is obtained from a user device. A user parameter of a user associated with the user device is determined. An access policy that controls access to the data based on the geographic location of the networking device and the user parameter is identified. The request to access the data is permitted or denied based on the geographic location of the networking device, the user parameter, and the access policy.

Abstract: Roaming validation for Access Network Providers (ANPs), and particularly to protecting communications between Stations (STAs) and ANPs while providing roaming validation for ANPs may be provided. An ANP may first register a roaming federation system. The ANP may determine a roaming message based on subscription features of the network, and the ANP may request signing of the roaming message by the roaming federation system. The ANP may receive the signed roaming message from the roaming federation system and send the signed roaming message to a STA. The ANP may then receive a request to connect to the network from the STA and initiate a connection for the STA.

Abstract: Systems and methods are provided for providing transference of a user equipment to a 5G network when a voice call is terminated. The systems and method can include receiving, at a mobility management entity, a voice call termination message from a serving gateway, determining, by the mobility management entity, whether the user equipment includes a 5G subscription and 5G capability based on the voice call termination message, and providing, by the mobility management entity, a handover message to the user equipment to initiate a handover to the 5G network based on the determining of whether the user equipment includes the 5G subscription and 5G capability.

Abstract: Techniques for a Software-Defined Networking (SDN) controller associated with a multisite network to implement jurisdictional data sovereignty polices in a multisite network, route network traffic flows between user sites and destination services over one or more provider sites, and/or perform a routing operation on the network traffic flow(s) based on the jurisdictional data sovereignty policies. The jurisdictional data sovereignty polices may be implemented using destination group tags (DGTs) and/or source group tags (SGTs). A secure access service edge (SASE) associated with the network controller may generate, store, and distribute the DGTs to provider sites and/or the SGTs to user sites. Based on the SGT and/or DGT associated with a network traffic flow, one or more services may be applied to the network traffic flow, and the network traffic flow may be routed through a particular region of a software-defined access (SDA) transit.

Abstract: In one embodiment, a method herein comprises: establishing, by a process, a virtual private network connection (VPN connection) with a particular VPN gateway; requesting, by the process, observability monitoring through the particular VPN gateway, wherein requesting results in a controller being informed about the particular VPN gateway and a domain of the particular VPN gateway; receiving, by the process, test specifics from the controller based on the particular VPN gateway and the domain of the particular VPN gateway; and executing, by the process, one or more tests to the particular VPN gateway based on the test specifics.

Abstract: Wireless infrastructure upgrading may be provided. An Access Point (AP) may be caused to decline new association requests received from client devices not associated with the AP. Next, the AP may be caused to instruct client devices associated with the AP that detect a signal level from the AP to be below their roaming margin to roam away from the AP. Then the power of the signal level from the AP may be decreased by a predetermined amount. Causing the AP to instruct client devices associated with the AP that detect the signal level from the AP to be below their roaming margin to roam away from the AP and decreasing the power of the signal level from the AP may be repeated until the power of the signal level from the AP is at a predetermined level.

Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for using a sponsor as a proxy for multi-factor authentication of a first user account for a first user when a primary multi-factor authentication mechanism is unavailable to the first user account, comprising registering the sponsor in a multi-factor authentication chain of trust associated with the first user account; requesting verification of an identity of the first user from the sponsor; receiving, from the sponsor, a verification of the identity of the first user; and granting access to a service to the first user account.

Abstract: A trust based continuous Fifth Generation (5G) network service assessment, and more specifically a trust based continuous 5G network service assessment for a user equipment to ensure an authorized user is using the user equipment may be provided. A registration request may be received by an Access and Mobility Management Function (AMF) from a User Equipment (UE). In response to the registration request, a Policy Control Function (PCF) may exchange a policy with the AMF, wherein the policy comprises instructions to perform a continuous service assessment. Next, a registration accept message may be sent to the UE, wherein the registration accept message comprises instructions for the UE to enable the continuous service assessment.

Abstract: Systems and methods are provided for providing transference of a user equipment to a 5G network when a voice call is terminated. The systems and method can include receiving, at a mobility management entity, a voice call termination message from a serving gateway, determining, by the mobility management entity, whether the user equipment includes a 5G subscription and 5G capability based on the voice call termination message, and providing, by the mobility management entity, a handover message to the user equipment to initiate a handover to the 5G network based on the determining of whether the user equipment includes the 5G subscription and 5G capability.

Abstract: Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

Abstract: A method is provided for use in a network that includes a plurality of user plane functions that perform processing of user plane traffic sessions from one or more mobile wireless user devices. The method includes periodically monitoring resource utilization of the plurality of user plane functions to estimate a resource utilization level of respective user plane functions. Based on the periodically monitoring, the method further includes storing for the respective user plane functions a resource utilization level indicator for each of the respective user plane functions according a resource utilization level of the respective user plane functions. User plane traffic sessions for a given tracking area are re-assigned (moved) among the plurality of user plane functions based on the resource utilization level indicators for the respective user plane functions to achieve a desired quality of experience for the user plane traffic sessions.

Abstract: Methods and a system described herein manage the power of IoTs and smart devices operating on a wireless network. When an access point coupled to the network receives a low power indication from a battery-powered IoT or smart device, it may take several actions in response. In one case, it extends the target wake time to become longer and longer to preserve the device's battery. In addition, the device changes its operation to conserve power. In another case, it provides power over the wireless network to the wireless device. The access point restores the target wake time when the device returns to a power-ok condition. The device resumes operation according to the parameters in effect before the low power condition occurs.

Abstract: Disclosed are a system and a method for selecting an additional radio link from a second access point after a connection with a first access point has been established. The first and second access points cooperate with each other by sharing information about performance and available resources. They communicate this information to a multi-link non-AP MLD device requesting the additional radio link so that the non-AP MLD can make a selection that matches the needs of its request. Information about performance includes throughput, a delay between access points, and a delay between access points and a gateway connected to the access points.

Abstract: In one embodiment, a management service for a network that is executed by one or more devices establishes a trust relationship with an entity associated with an endpoint in the network. The management service receives, via a Manufacturer Usage Description (MUD) file for the endpoint, an indication that the entity desires remote access to the endpoint in the network. The management service configures, based on the indication, the network to provide a remote access connection between the entity and the endpoint in the network. The management service provides, to the entity, credentials to the entity for the remote access connection.

Abstract: Systems, methods, and computer-readable media are disclosed for dynamically onboarding a UE between private 5G networks. In one aspect, a private 5G (P5G) federation system can receive a request from a user device for registration with a serving private 5G network, which is part of a P5G federation system. The P5G federation system can further determine that the user device is authenticated with a home private 5G network of the user device, which is also part of the P5G federation system. The P5G federation system can transmit, to the serving private 5G network, a security profile of the user device that is received from the home private 5G network. As follows, the P5G federation system can facilitate onboarding of the user device to the serving private 5G network with the security profile.

Abstract: In one embodiment, a method herein comprises: receiving, at a device, a registration request from a telemetry exporter that transmits telemetry data; generating, by the device, a telemetry configuration file for the telemetry exporter, the telemetry configuration file defining a policy for transmission of telemetry data from the telemetry exporter and an authentication token for the telemetry exporter; sharing, by the device, the policy with a security enforcer; and sending, by the device, the telemetry configuration file to the telemetry exporter, wherein the telemetry exporter is caused to connect with the security enforcer using the authentication token, send the telemetry configuration file to the security enforcer, and transmit collected telemetry data to the security enforcer, and wherein the security enforcer is caused to create a dynamic publish-subscribe stream for publishing the collected telemetry data received from the telemetry exporter based on the telemetry configuration file and the policy.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for participating in a meeting through an application provider using application-specific network slices. A method includes transmitting a request to a mobile network operator (MNO) for setup of a data connection with a device for a meeting provided by an application provider; receiving allowed network slices for the data connection that are generated by the MNO for the meeting; identifying a network slice from the allowed network slices for the meeting based on one or more characteristics specific to the meeting; and establishing the data connection with the mobile network operator based on the network slice.