Abstract: Techniques for implementing intelligent querying of network-connected devices are disclosed. In some embodiments, a method comprises the following: identifying a set of unique identifiers corresponding to a set of devices connected to a network; obtaining information associated with a set of communications transmitted to or from a particular device in the set of devices based on the unique identifier corresponding to the particular device; identifying a device type for the unique identifier corresponding to the particular device based on the identified information associated with the set of communications; selecting a subset of a candidate set of queries based on the identified device type for the unique identifier; and executing the subset of the candidate set of queries on the particular device based on the selecting of the subset.

Abstract: Techniques for implementing intelligent querying of network-connected devices are disclosed. In some embodiments, a method comprises the following: identifying a set of unique identifiers corresponding to a set of devices connected to a network; obtaining information associated with a set of communications transmitted to or from a particular device in the set of devices based on the unique identifier corresponding to the particular device; identifying a device type for the unique identifier corresponding to the particular device based on the identified information associated with the set of communications; selecting a subset of a candidate set of queries based on the identified device type for the unique identifier; and executing the subset of the candidate set of queries on the particular device based on the selecting of the subset.

Abstract: Techniques for generating and enforcing security policies for device clusters are disclosed. A security manager generates a plurality of clusters of devices for applying security policies. For each cluster of devices, the security manager trains a machine learning model to indicate whether a particular data flow associated with a device in the particular cluster of devices is allowed or denied. The security manager detects a data flow corresponding to a device. If the security manager determines that the device corresponds to a first cluster of devices, the security manager identifies a first trained machine learning model corresponding to the first cluster of devices. The security manager applies the first trained machine learning model to the first data flow to determine whether the first data flow is to be allowed or denied. The security manager allows or denies the first data flow based on the applying operation.

Abstract: Examples described herein include a method and system for determining a number of controllers in a Network Authentication Server (NAS) controller cluster, wherein each of the controllers in the NAS controller cluster includes a unique Physical Internet Protocol (PIP) address; creating a number of unique Virtual Internet Protocol (VIP) addresses for use by an external authentication server (EAS) to communicate with the controllers in the NAS controller cluster, wherein the number of VIP addresses is to be proportional to the number of PIP addresses; and mapping each controller in the NAS controller cluster to a plurality of VIP addresses, wherein the VIP addresses are to have different priorities for different controllers in the NAS controller cluster.

Abstract: The present disclosure discloses a method and a network device for failure detection of nodes in a cluster. Specifically, a network device transmits data to another device at a first time. The network device then receives an acknowledgment of the data from the second device at a second time. Next, the network device determines a Round Trip Time (RTT) for the first device and the second device based on the first time and the second time. Based on the RTT, the network device determines a first frequency for transmitting a heartbeat protocol message between the first device and the second device, and transmits a heartbeat protocol message between the first device and the second device at the first frequency.

Abstract: Example implementations relate to upgrading controllers and access points by group. A master controller may comprise a processing resource and a memory resource storing machine-readable instructions to cause the processing resource to create a plurality of groups of access points (APs) connected to a first and a second local controller, move a subset of the plurality of APs connected to the first local controller to the second local controller, upgrade the first local controller, move APs associated with a group of the plurality of APs to the first local controller, and upgrade the APs associated with the group of the first local controller.

Abstract: In some examples, a method includes determining a number of controllers in a Network Authentication Server (NAS) controller cluster, wherein each of the controllers in the NAS controller cluster includes a unique Physical Internet Protocol (PIP) address; creating a number of unique Virtual Internet Protocol (VIP) addresses for use by an external authentication server (EAS) to communicate with the controllers in the NAS controller cluster, wherein the number of VIP addresses is to be proportional to the number of PIP addresses; and mapping each controller in the NAS controller cluster to a plurality of VIP addresses, wherein the VIP addresses are to have different priorities for different controllers in the NAS controller cluster.

Abstract: Example implementations relate to upgrading controllers and access points by group. A master controller may comprise a processing resource and a memory resource storing machine-readable instructions to cause the processing resource to create a plurality of groups of access points (APs) connected to a first and a second local controller, move a subset of the plurality of APs connected to the first local controller to the second local controller, upgrade the first local controller, move APs associated with a group of the plurality of APs to the first local controller, and upgrade the APs associated with the group of the first local controller.

Abstract: The present disclosure discloses a method and a network device for failure detection of nodes in a cluster. Specifically, a network device transmits data to another device at a first time. The network device then receives an acknowledgment of the data from the second device at a second time. Next, the network device determines a Round Trip Time (RTT) for the first device and the second device based on the first time and the second time. Based on the RTT, the network device determines a first frequency for transmitting a heartbeat protocol message between the first device and the second device, and transmits a heartbeat protocol message between the first device and the second device at the first frequency.

Abstract: The present disclosure discloses a method and a network device for failure detection of nodes in a cluster. Specifically, a network device transmits data to another device at a first time. The network device then receives an acknowledgment of the data from the second device at a second time. Next, the network device determines a Round Trip Time (RTT) for the first device and the second device based on the first time and the second time. Based on the RTT, the network device determines a first frequency for transmitting a heartbeat protocol message between the first device and the second device, and transmits a heartbeat protocol message between the first device and the second device at the first frequency.

Abstract: The present disclosure discloses a method and a network device for failure detection of nodes in a cluster. Specifically, a network device transmits data to another device at a first time. The network device then receives an acknowledgment of the data from the second device at a second time. Next, the network device determines a Round Trip Time (RTT) for the first device and the second device based on the first time and the second time. Based on the RTT, the network device determines a first frequency for transmitting a heartbeat protocol message between the first device and the second device, and transmits a heartbeat protocol message between the first device and the second device at the first frequency.

Abstract: Techniques are provided for obtaining first and second digital certificates from a certificate authority database for establishing a secure exchange between network devices. The first digital certificate contains identity information of a first network device, and the second digital certificate contains classification information of the first network device. In one embodiment, a secure key exchange is initiated with the second network device, and the first and second digital certificates are transmitted as a part of the secure key exchange to the second network device. In another embodiment, the first and second digital certificates are received by an intermediate network device. The first digital certificate is encrypted and is not evaluated by the intermediate network device. The second digital certificate is evaluated for classification information of the first network device.

Abstract: Techniques are provided for obtaining first and second digital certificates from a certificate authority database for establishing a secure exchange between network devices. The first digital certificate contains identity information of a first network device, and the second digital certificate contains classification information of the first network device. In one embodiment, a secure key exchange is initiated with the second network device, and the first and second digital certificates are transmitted as a part of the secure key exchange to the second network device. In another embodiment, the first and second digital certificates are received by an intermediate network device. The first digital certificate is encrypted and is not evaluated by the intermediate network device. The second digital certificate is evaluated for classification information of the first network device.

Abstract: Techniques are provided for obtaining first and second digital certificates from a certificate authority database for establishing a secure exchange between network devices. The first digital certificate contains identity information of a first network device, and the second digital certificate contains classification information of the first network device. In one embodiment, a secure key exchange is initiated with the second network device, and the first and second digital certificates are transmitted as a part of the secure key exchange to the second network device. In another embodiment, the first and second digital certificates are received by an intermediate network device. The first digital certificate is encrypted and is not evaluated by the intermediate network device. The second digital certificate is evaluated for classification information of the first network device.

Abstract: Techniques are provided for obtaining first and second digital certificates from a certificate authority database for establishing a secure exchange between network devices. The first digital certificate contains identity information of a first network device, and the second digital certificate contains classification information of the first network device. In one embodiment, a secure key exchange is initiated with the second network device, and the first and second digital certificates are transmitted as a part of the secure key exchange to the second network device. In another embodiment, the first and second digital certificates are received by an intermediate network device. The first digital certificate is encrypted and is not evaluated by the intermediate network device. The second digital certificate is evaluated for classification information of the first network device.