The present disclosure describes an access point with an adjustable scan radio and a method of operating the access point. The access point operates a scan radio to determine first and second sets of metrics for packets detected by the scan radio with a received signal strength indicator (RSSI) greater than first and second RSSI thresholds, respectively. The access point also operates a service radio to determine a third set of metrics for packets transmitted by the service radio and determines a first weight and a second weight based on the third set of metrics. The access point further applies the first and second weights to the first and second sets of metrics to produce first and second sets of weighted metrics and adjusts the service radio based on the first and second sets of weighted metrics.
H04W 52/24 - Commande de puissance d'émission [TPC Transmission power control] le TPC étant effectué selon des paramètres spécifiques utilisant le rapport signal sur parasite [SIR Signal to Interference Ratio] ou d'autres paramètres de trajet sans fil
A format for a Physical layer Protocol Data Unit (PPDU) that can be transmitted over a network is disclosed. The PPDU includes a field having one or more bits identifying whether a vendor-specific signal field (VS-SIG) is present in the PPDU. When present, the VS-SIG includes one or more bits identifying a vendor-specific language in which vendor-specific data is presented. The VS-SIG also includes one or more bits representing the vendor-specific data in the vendor- specific language.
Various methods, systems, and/or processes are described herein to create more sustainable configurations of wireless Access Points (APs), switches, and other network devices based upon network speed, client demand, among other factors. Clients may wirelessly couple to an AP using a variety of different technologies. The clients may be distributed over these frequency bands in an optimal manner allowing minimum use of transceiver power. The network link speed between the AP and the Ethernet switch may also be dynamically adjusted. These configurations may dynamically change over time as client demand or network traffic increases or decreases. In certain other configurations, the APs may have a higher wireless throughput than the ethemet connections to the network. In these instances, sustainable configurations can be achieved by powering down transceivers, radio chains, and/or processor cores. Traffic and other events may trigger the need for new sustainable configurations to be generated and applied.
H04L 41/0833 - Réglages de configuration caractérisés par les objectifs d’un changement de paramètres, p.ex. l’optimisation de la configuration pour améliorer la fiabilité pour la réduction de la consommation d’énergie du réseau
H04W 24/04 - Configurations pour maintenir l'état de fonctionnement
Techniques for symmetric routing in a software-defined wide area network (SDWAN) are disclosed herein. In some aspects, the techniques described herein relate to a method including: determining a first device group, wherein the first device group includes a first router associated with a branch tag and a second router associated with a hub tag; determining a second device group, wherein the second device group includes a third router associated with and a fourth router associated with the hub tag; transmitting a first route advertisement associated with a first route from the first router to the second router to the first router; transmitting a second route advertisement associated with a second route from the first router to the third router to the first router; and preventing transmission of a third route advertisement associated with a third route from the first router to the fourth router to the first router.
H04L 45/02 - Mise à jour ou découverte de topologie
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
H04L 45/50 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données utilisant l'échange d'étiquettes, p.ex. des commutateurs d'étiquette multi protocole [MPLS]
H04L 45/64 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données à l'aide d'une couche de routage superposée
H04L 45/655 - Interaction entre les entités de calcul de routes et les entités de transmission, p.ex. pour la détermination de la route ou pour la mise à jour des tables de flux
H04L 45/76 - Routage dans des topologies définies par logiciel, p.ex. l’acheminement entre des machines virtuelles
Techniques for extending application-aware routing (AAR) policies to enable intelligent routing decisions based on device security posture. The techniques may include receiving, from a client device, traffic that is to be sent over a network to an application and determining a security score associated with the traffic. The security score may be based on a security posture associated with the client device, a security level associated with a connectivity network used by the client device, and the like. The techniques may also include determining, based at least in part on the security score and based at least in part on an application-aware routing policy, a path for sending the traffic to the application.
Devices, systems, methods, and processes for orchestrating and managing various lower-power modes in a variety of network devices within a network are described herein. Various network devices, such as access points may be capable of entering one or more lower-power modes of operation that utilize less electricity to operate. When initiating a lower-power mode, the various clients that the network device has been handling need to be handed off to a sibling AP nearby. However, when exiting these lower-power modes, these devices may need different amounts of time to reboot and/or resume normal operations. Thus, when deciding which clients to re-associate with the waking up network device, various considerations need to be weighed based on client needs and network device capabilities. Thus, a smart environmental controller (SEC) is utilized to coordinate these processes. The SEC can be a specialized device, or a logic distributed remotely or among the network devices.
A set of alert records stored in a shared alert data store that is shared amongst a cluster of processing nodes are presented in an interface. From the interface, a request is received to delete an identified alert record from the set of alert records. A delete alert record matching the identified alert record is added to the shared alert data store. The identified alert record is deleted from the shared alert data store responsive to the request. The delete alert record is transmitted to a processing node of the cluster of processing nodes, wherein the processing node deletes a local copy of the identified alert record according to the delete alert record.
This document discloses methods and systems for modeling product usage. In one practical application, the systems and methods may be utilized to model product usage based on large volume, machine generated product usage data to optimize product pricing and operations. Specifically, the systems and methods described herein may utilize methods with key components to select the maximum number of dimensions that can be modeled based on the number of data points, use a logarithm kernel function to normalize machine data with long-tailed statistical distributions on different numerical scales, compare a large number of candidate models with different candidate dimensions and different structures, and quantify the amount of change and drift in models over time.
Techniques are disclosed for placing content in and applying layers to an extended reality environment. An extended reality (XR) system determines an identifier that is associated with an object viewable within an extended reality environment. The XR system determines a plurality of data structures associated with the identifier, each data structure including a workspace and a dashboard. The XR system generates, using the plurality of data structures, a plurality of extended reality objects for display in the extended reality environment, each extended reality object including a dashboard from the plurality of data structures, where, in the extended reality environment, a first dashboard is visible. The XR system receives an input associated with the extended reality environment. The XR system causes, in response to the input, the second dashboard to be visible.
G06F 16/904 - Navigation; Visualisation à cet effet
G06F 3/04815 - Interaction s’effectuant dans un environnement basé sur des métaphores ou des objets avec un affichage tridimensionnel, p.ex. modification du point de vue de l’utilisateur par rapport à l’environnement ou l’objet
G06F 3/04883 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p.ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p.ex. des gestes en fonction de la pression exer utilisant un écran tactile ou une tablette numérique, p.ex. entrée de commandes par des tracés gestuels pour l’entrée de données par calligraphie, p.ex. sous forme de gestes ou de texte
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
G06T 19/00 - Transformation de modèles ou d'images tridimensionnels [3D] pour infographie
In some embodiments, operational characteristics-based container management may include receiving, by a device and from a container agent executing in a container environment, operational characteristics of an application instance executing in the container environment; determining, by the device and based on the operational characteristics, whether the application instance executing in the container environment is associated with a policy violation for application instances; generating, by the device, a notification of the policy violation when the device determines that the application instance is associated with the policy violation; and causing, by the device, the container environment to perform a mitigation action of the policy violation by the application instance.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
11.
PROACTIVE PATH COMPUTATION ELEMENT TO ACCELERATE PATH COMPUTATION
A method performed at a controller of an optical network configured with an optical path comprising a series of fiber spans for forwarding traffic: as a background operation to forwarding the traffic along the optical path, generating and storing precomputed optical paths as alternates to the optical path for path restoration by simulating some number of faults impacting the optical path; upon receiving, from the optical network, a path restoration query that indicates actually failed fiber spans, determining availability of a precomputed optical path that avoids the actually failed fiber spans; and when the precomputed optical path is available, sending, to the optical network, a first descriptor of the precomputed optical path to enable a deployment of the precomputed optical path. The method drastically reduces the time of alternate path research in complex meshed networks.
Aspects of the present disclosure are directed to improving network resource utilization (at edge network devices) as well as at cloud-based processing components of a network, when performing attribute searches on video data captured at the edge devices of the network. In one aspect, a method includes detecting a motion event in a plurality of frames of video data captured using one or more edge devices, generating a motion blob for a subset of the plurality of frames associated with the motion event, processing the motion blob to generate one or more attributes, wherein each of the one or more attributes are identified once in the motion blob, and send the one or more attributes to a cloud processing component.
The present disclosure describes systems and methods for detecting temperature in an electro-optical circuit (e.g., an electro-optical transceiver). According to an embodiment, an electro-optical circuit includes a photonic integrated circuit and an electronic integrated circuit. The photonic integrated circuit includes an optical component and a first resistor positioned by the optical component. The electronic integrated circuit determines a temperature for the optical component based on a first resistance of the first resistor.
G01K 7/18 - Mesure de la température basée sur l'utilisation d'éléments électriques ou magnétiques directement sensibles à la chaleur utilisant des éléments résistifs l'élément étant une résistance linéaire, p.ex. un thermomètre à résistance de platine
G02F 1/01 - Dispositifs ou dispositions pour la commande de l'intensité, de la couleur, de la phase, de la polarisation ou de la direction de la lumière arrivant d'une source lumineuse indépendante, p.ex. commutation, ouverture de porte ou modulation; Optique non linéaire pour la commande de l'intensité, de la phase, de la polarisation ou de la couleur
H04B 10/40 - Systèmes de transmission utilisant des ondes électromagnétiques autres que les ondes hertziennes, p.ex. les infrarouges, la lumière visible ou ultraviolette, ou utilisant des radiations corpusculaires, p.ex. les communications quantiques Émetteurs-récepteurs
14.
Sustainable Configuration Generation Based On Network Speed and Client Demand
Various methods, systems, and/or processes are described herein to create more sustainable configurations of wireless Access Points (APs), switches, and other network devices based upon network speed, client demand, among other factors. Clients may wirelessly couple to an AP using a variety of different technologies. The clients may be distributed over these frequency bands in an optimal manner allowing minimum use of transceiver power. The network link speed between the AP and the Ethernet switch may also be dynamically adjusted. These configurations may dynamically change over time as client demand or network traffic increases or decreases. In certain other configurations, the APs may have a higher wireless throughput than the ethernet connections to the network. In these instances, sustainable configurations can be achieved by powering down transceivers, radio chains, and/or processor cores. Traffic and other events may trigger the need for new sustainable configurations to be generated and applied.
Techniques for determine latency, loss, and liveness performance metrics associated with ECMP routes. The techniques may include determining that a TWAMP probe is to be sent from a first node to a second node along an equal-cost multipath ECMP route. In some examples, the first node may generate a packet for sending the TWAMP probe to the second node. The packet may include information specifying a forward path and reverse path to be traversed by the packet. In examples, the first node may send the packet to the second node along the ECMP route and subsequently receive the packet including telemetry data associated with the second node and a midpoint node of the ECMP route. Based at least in part on the telemetry data, the first node may determine a metric indicative of a performance measurement associated with the ECMP route.
H04L 43/10 - Surveillance active, p.ex. battement de cœur, utilitaire Ping ou trace-route
H04L 43/04 - Traitement des données de surveillance capturées, p.ex. pour la génération de fichiers journaux
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
This disclosure describes techniques and mechanisms for performing passive measurement for combined one-way latency, packet loss metrics along with liveness detection using customer data packets ingested at a sink node in hardware for Level 2 and Level 3 VPN services. The customer data packets are sampled and copied for measurement either at source node or sink node. The duplicated measurement packet headers are punted based on the IPV6 destination option type to hardware analytics engine at sink node for analytics that populates histogram bins using the timestamps from the packets. Using the transmitted packets during a period, and received packets in all the bins, packet loss is measured. Based on the packets received status, liveness state is detected by the sink node and notified to the source node.
H04L 43/106 - Surveillance active, p.ex. battement de cœur, utilitaire Ping ou trace-route en utilisant des informations liées au temps dans des paquets, p.ex. en ajoutant des horodatages
The disclosed technology relates to a process of dynamically assigning operational parameters for access points within a CBRS (Citizen Broadband Radio Service) network. In particular, the disclosed technology monitors for and detects interference between nearby access points and user equipment devices that may belong to the same enterprise or to different enterprises. Machine learning processes are used to revise the operational parameters that were initially assigned by the Spectrum Access System (SAS). These processes are also used to suggest an updated set of operational parameters to the SAS for the access points. The dynamic assignment reduces interference experienced by the access point with respect to nearby other access points and/or nearby other user equipment. The dynamic assignment aims to improve a quality of communication between the access point and its associated user equipment.
H04W 72/541 - Critères d’affectation ou de planification des ressources sans fil sur la base de critères de qualité en utilisant le niveau d’interférence
H04W 72/542 - Critères d’affectation ou de planification des ressources sans fil sur la base de critères de qualité en utilisant la qualité mesurée ou perçue
18.
DYNAMIC CONFIGURATION OF A MACHINE LEARNING SYSTEM
Systems, methods, and computer-readable media are disclosed for dynamically adjusting a configuration of a pre-processor and/or a post-processor of a machine learning system. In one aspect, a machine learning system can receive raw data at a pre-processor where the pre-processor being configured to generate pre-processed data, train a machine learning model based on the pre-processed data to generate output data, process the output data at a post-processor to generate inference data, and adjust, by a controller, configuration of one or a combination of the pre-processor and the post-processor based on the inference data.
G06V 10/774 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant l’intégration et la réduction de données, p.ex. analyse en composantes principales [PCA] ou analyse en composantes indépendantes [ ICA] ou cartes auto-organisatrices [SOM]; Séparation aveugle de source méthodes de Bootstrap, p.ex. "bagging” ou “boosting”
G06V 10/776 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant l’intégration et la réduction de données, p.ex. analyse en composantes principales [PCA] ou analyse en composantes indépendantes [ ICA] ou cartes auto-organisatrices [SOM]; Séparation aveugle de source Évaluation des performances
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
19.
COMPOSITE CONNECTOR CARRYING POWER, ELECTRO-OPTICAL DATA, AND FLUID INPUT/OUTPUT
A composite connector includes modular data connectors, electrical power connectors, a fluid exchange connector, an alignment feature, and a housing. The modular data connectors include electrical data connectors and optical data connectors and are configured to carry data. The electrical power connectors are configured to carry electrical power, and the fluid exchange connector is configured to carry cooling fluid. The composite connector includes an alignment feature to align the composite connector with a complementary connector. The housing of the composite connector is configured to contain the modular data connectors, the electrical power connectors, the fluid exchange connector, and the alignment feature in a confined physical space.
The present disclosure is directed to managing industrial internet of things end points and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more switches to perform operations comprising: identifying a first end point using a protocol associated with the first end point, determining a classification for the identified first end point based on one or more attributes of the first end point, identifying one or more related end points having the classification in common with the first end point, segmenting the first end point with the identified one or more related end points, and applying one or more policies to the segmented first end point and the one or more related end points.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p.ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 41/50 - Gestion des services réseau, p.ex. en assurant une bonne réalisation du service conformément aux accords
H04L 47/76 - Contrôle d'admission; Allocation des ressources en utilisant l'allocation dynamique des ressources, p.ex. renégociation en cours d'appel sur requête de l'utilisateur ou sur requête du réseau en réponse à des changements dans les conditions du réseau
H04L 49/00 - TRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE Éléments de commutation de paquets
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p.ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
Techniques for managing migrations of QUIC connection session(s) across proxy nodes, data centers, and/or private application nodes are described herein. A global key-value datastore, accessible by proxy nodes and/or application nodes, may store mappings between a first QUIC connection, associated with a proxy node and a client device, on the frontend of the proxy node and a second QUIC connection, associated with the proxy node and an application node, on the backend of the proxy node. With the global key-value datastore being accessible by the proxy nodes, when a proxy node receives a QUIC packet on the front end or the back end, the proxy node may determine where to map this connection to on the opposite end. Additionally, with the global key-value datastore being accessible to the application nodes, when an application node receives a QUIC packet, the application node may determine the client device associated with the connection.
H04L 61/103 - Correspondance entre adresses de types différents à travers les couches réseau, p.ex. résolution d’adresse de la couche réseau dans la couche physique ou protocole de résolution d'adresse [ARP]
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 67/02 - Protocoles basés sur la technologie du Web, p.ex. protocole de transfert hypertexte [HTTP]
H04L 67/101 - Sélection du serveur pour la répartition de charge basée sur les conditions du réseau
H04L 67/1012 - Sélection du serveur pour la répartition de charge basée sur la conformité des exigences ou des conditions avec les ressources de serveur disponibles
H04L 67/141 - Configuration des sessions d'application
H04L 67/562 - Courtage des services de mandataires
22.
SIGNALING A PREFIX UNREACHABILITY IN A NETWORK UTILIZING A ROUTE SUMMARIZATION
The present technology is directed to signaling unreachability of a network device, more specifically, a prefix of the network device in network that utilizes route summarization. A pulse trigger agent can detect an unreachability of at least one Provider Edge (PE) device in a network domain of a network and determine that a route summarization is being used within the network where the unreachability of the at least one PE device is hidden by the route summarization. A pulse distribution agent can transmit a failure message informing other PE devices of the unreachability of the at least one PE device.
H04L 41/0654 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant la reprise sur incident de réseau
H04L 41/0631 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant l’analyse de la corrélation entre les notifications, les alarmes ou les événements en fonction de critères de décision, p.ex. la hiérarchie ou l’analyse temporelle ou arborescente
H04L 41/0686 - Présence d’informations supplémentaires dans la notification, p.ex. pour l’amélioration de métadonnées spécifiques
23.
METHOD AND SYSTEM FOR ENCODING MULTI-LEVEL PULSE AMPLITUDE MODULATED SIGNALS USING INTEGRATED OPTOELECTRONIC DEVICES
Methods and systems for encoding multi-level pulse amplitude modulated signals using integrated optoelectronics are disclosed and may include generating a multi-level, amplitude-modulated optical signal utilizing an optical modulator driven by first and second electrical input signals, where the optical modulator may configure levels in the multi-level amplitude modulated optical signal, drivers are coupled to the optical modulator; and the first and second electrical input signals may be synchronized before being communicated to the drivers. The optical modulator may include optical modulator elements coupled in series and configured into groups. The number of optical modular elements and groups may configure the number of levels in the multi-level amplitude modulated optical signal. Unit drivers may be coupled to each of the groups. The electrical input signals may be synchronized before communicating them to the unit drivers utilizing flip-flops. Phase addition may be synchronized utilizing one or more electrical delay lines.
H04B 10/516 - Systèmes de transmission utilisant des ondes électromagnétiques autres que les ondes hertziennes, p.ex. les infrarouges, la lumière visible ou ultraviolette, ou utilisant des radiations corpusculaires, p.ex. les communications quantiques Émetteurs - Détails du codage ou de la modulation
G02B 26/06 - Dispositifs ou dispositions optiques pour la commande de la lumière utilisant des éléments optiques mobiles ou déformables pour commander la phase de la lumière
G02B 26/08 - Dispositifs ou dispositions optiques pour la commande de la lumière utilisant des éléments optiques mobiles ou déformables pour commander la direction de la lumière
G02F 1/01 - Dispositifs ou dispositions pour la commande de l'intensité, de la couleur, de la phase, de la polarisation ou de la direction de la lumière arrivant d'une source lumineuse indépendante, p.ex. commutation, ouverture de porte ou modulation; Optique non linéaire pour la commande de l'intensité, de la phase, de la polarisation ou de la couleur
G02F 1/21 - Dispositifs ou dispositions pour la commande de l'intensité, de la couleur, de la phase, de la polarisation ou de la direction de la lumière arrivant d'une source lumineuse indépendante, p.ex. commutation, ouverture de porte ou modulation; Optique non linéaire pour la commande de l'intensité, de la phase, de la polarisation ou de la couleur par interférence
G02F 1/225 - Dispositifs ou dispositions pour la commande de l'intensité, de la couleur, de la phase, de la polarisation ou de la direction de la lumière arrivant d'une source lumineuse indépendante, p.ex. commutation, ouverture de porte ou modulation; Optique non linéaire pour la commande de l'intensité, de la phase, de la polarisation ou de la couleur par interférence dans une structure de guide d'ondes optique
H04B 10/079 - Dispositions pour la surveillance ou le test de systèmes de transmission; Dispositions pour la mesure des défauts de systèmes de transmission utilisant un signal en service utilisant des mesures du signal de données
H04B 10/50 - Systèmes de transmission utilisant des ondes électromagnétiques autres que les ondes hertziennes, p.ex. les infrarouges, la lumière visible ou ultraviolette, ou utilisant des radiations corpusculaires, p.ex. les communications quantiques Émetteurs
Disclosed are systems, apparatuses, methods, and computer-readable media to address bearer loss during inter-radio access technology (RAT) handovers. A method includes sending a create bearer request for establishing a service for the mobile device using a first connection; receiving a create bearer response message to setup a second connection for the mobile device to continue the service; and, in response to the create bearer response message, sending an update bearer request message to provide the mobile device with the QoS information associated with the second connection, the QoS information allowing the mobile device to verify an existing QoS flow to continue the service after the handover. In some cases, a user equipment (UE) may delete a mapping between a QoS information when a previous message does not include an evolved packet core (EPC) bearer indicator (EBI) that identifies QoS policies.
Systems and techniques are provided for synchronizing DHCP snoop information. In some examples, a method can include, performing, by a first PE device from a plurality of PE devices, DHCP snooping of a first plurality of DHCP messages between a DHCP client and a DHCP server, wherein the plurality of PE devices is part of an ethernet segment for multihoming the DHCP client. In some aspects, the method includes determining, based on snooping the first plurality of DHCP messages, an association between an IP address corresponding to the DHCP client and a MAC address corresponding to the DHCP client. In some examples, the method includes sending, by the first PE device to at least one other PE device from the plurality of PE devices, a first route advertisement that includes the association between the IP address corresponding to the DHCP client and the MAC address corresponding to the DHCP client.
H04L 61/5014 - Adresses de protocole Internet [IP] en utilisant le protocole de configuration dynamique de l'hôte [DHCP] ou le protocole d'amorçage [BOOTP]
H04L 101/622 - Adresses de couche 2, p.ex. adresses de contrôle d'accès au support [MAC]
26.
CONTINUOUS MULTIFACTOR AUTHENTICATION SYSTEM INTEGRATION WITH CORPORATE SECURITY SYSTEMS
Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.
In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.
Disclosed are systems, apparatuses, methods, and computer-readable media for configuring network groups without software-based processing and management. A method includes: validating veracity of a secure enclave based on a secure identify of the secure enclave using the instructions of a secure enclave predriver stored in a memory integral to a processor; establishing a secure connection with the secure enclave; retrieving at least one authentication key from the secure enclave; retrieving at least a portion of a bootstrapper from a secure storage based on the instructions of the secure enclave predriver; validating a veracity of the bootstrapper based on the at least one authentication key; initializing an external memory using the instructions of the bootstrapper; copying a bootloader from the secure storage into the external memory; validating a veracity of the bootloader based on the at least one authentication key; and executing the bootloader.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
In one embodiment, a method includes generating a security policy and converting the security policy into a chaos hypothesis. The method also includes initiating execution of the chaos hypothesis across a plurality of microservices within a technology stack. The method further includes receiving metrics associated with the execution of the chaos hypothesis across the plurality of microservices within the technology stack.
Systems and methods for providing system wide cyber security policies include providing a unified security policy to a distributed cloud environment that includes cloud, edge, and local infrastructure. The method includes identifying one or more assets and using telemetry and logs associated with the assets to determine one or more paths connecting the one or more assets. Once one or more paths are determined, the method produces a map of the paths and determines the level of compliance for each. The paths are ranked and a user, such as an administrator or CISO, may be informed of the rankings.
Techniques for memory access management in a distributed computing system are described herein. In some aspects, the techniques described herein relate to a method for memory access management in a distributed computing system, where the method includes: receiving a first request to execute a first operation using a distributed architecture and in a uniform memory access (UMA) mode, wherein the distributed architecture comprises a first processor, a first memory that is local to the first processor, and a second memory that is remote to the first processor; subsequent to receiving the first request and a first delay period, transmitting first data associated with the first operation to the first processor, wherein the first data is stored in the first memory; and subsequent to receiving the first request, transmitting second data associated with the first operation to the first processor, wherein the second data is stored in the second memory.
In one embodiment, a device determines one or more key-value pairs associated with observability data for an online application, and searches the observability data for events corresponding to the one or more key-value pairs. The device also builds a responsive event list with the events corresponding to the one or more key-value pairs within the observability data and sorts the responsive event list by associated timestamps to provide the responsive event list as a sequence of transactional milestones reached by one or more users of the online application.
Aspects of the present disclosure are directed to improving network resource utilization (at edge network devices) as well as at cloud-based processing components of a network, when performing attribute searches on video data captured at the edge devices of the network. In one aspect, a method includes detecting a motion event in a plurality of frames of video data captured using one or more edge devices, generating a motion blob for a subset of the plurality of frames associated with the motion event, processing the motion blob to generate one or more attributes, wherein each of the one or more attributes are identified once in the motion blob, and send the one or more attributes to a cloud processing component.
G06V 20/52 - Activités de surveillance ou de suivi, p.ex. pour la reconnaissance d’objets suspects
G06F 16/783 - Recherche de données caractérisée par l’utilisation de métadonnées, p.ex. de métadonnées ne provenant pas du contenu ou de métadonnées générées manuellement utilisant des métadonnées provenant automatiquement du contenu
G06V 10/22 - Prétraitement de l’image par la sélection d’une région spécifique contenant ou référençant une forme; Localisation ou traitement de régions spécifiques visant à guider la détection ou la reconnaissance
G06V 10/25 - Détermination d’une région d’intérêt [ROI] ou d’un volume d’intérêt [VOI]
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p.ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersections; Analyse de connectivité, p.ex. de composantes connectées
G06V 10/62 - Extraction de caractéristiques d’images ou de vidéos relative à une dimension temporelle, p.ex. extraction de caractéristiques axées sur le temps; Suivi de modèle
G06V 10/764 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant la classification, p.ex. des objets vidéo
G06V 10/80 - Fusion, c. à d. combinaison des données de diverses sources au niveau du capteur, du prétraitement, de l’extraction des caractéristiques ou de la classification
G06V 10/94 - Architectures logicielles ou matérielles spécialement adaptées à la compréhension d’images ou de vidéos
G06V 20/40 - RECONNAISSANCE OU COMPRÉHENSION D’IMAGES OU DE VIDÉOS Éléments spécifiques à la scène dans le contenu vidéo
H04N 5/14 - Circuits de signal d'image pour le domaine des fréquences vidéo
H04N 7/18 - Systèmes de télévision en circuit fermé [CCTV], c. à d. systèmes dans lesquels le signal vidéo n'est pas diffusé
H04N 21/234 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4
H04N 23/61 - Commande des caméras ou des modules de caméras en fonction des objets reconnus
34.
ACTIVE AND PASSIVE MEASUREMENT ON DATA TRAFFIC OF A VIRTUAL PRIVATE NETWORK (VPN) SERVICE
This disclosure describes techniques and mechanisms for performing passive measurement for combined one¬ way latency, packet loss metrics along with liveness detection using customer data packets ingested at a sink node in hardware for Level 2 and Level 3 VPN sendees. The customer data packets are sampled and copied for measurement either at source node or sink node. The duplicated measurement packet headers are punted based on the IPv6 destination option type to hardware analytics engine at sink node for analytics that populates histogram bins using the timestamps from the packets. Using the transmitted packets during a period, and received packets in all the bins, packet loss is measured. Based on the packets received status, liveness state is detected by the sink node and notified to the source node.
A method for file system destinations includes obtaining events for storage on one or more of the storage systems. For each event, the method includes extracting at least one field value from the event, comparing the at least one field value to configurations of the storage systems to identify at least one storage system of the plurality of storage systems having a matching configuration, transmitting the event to an ingest module queue for the at least one storage system, selecting a partition for the event based on the at least one field value to obtain a selected partition, mapping the selected partition to a file using a partition mapping, and appending the event to the file on the at least one storage system.
Techniques for improved networking are provided. An access point (AP) determines an AP duty cycle based at least in part on transmission activity of a station (STA) associated to the AP. The AP duty cycle is signaled via one or more beacon frames transmitted by the AP. The AP exchanges data in accordance with the AP duty cycle, comprising exchanging data with the STA during one or more active periods indicated by the AP duty cycle, and sleeping during one or more inactive periods indicated by the AP duty cycle.
Devices, systems, methods, and processes for conducting sustainability-aware virtual meetings are described herein. When establishing virtual meetings, each of the participants can have various devices, locations, histories, and other data associated with them. This data can be packaged together as a user profile which can be transmitted to a virtual meeting service or a host that can receive the various user profiles and generate a meeting profile that can be utilized to maximize the overall sustainability of the virtual meeting. The meeting profile can include configuration suggestions that can be transmitted out to each corresponding device of the participants to either prompt or automatically adjust one or more settings, features, or other configuration, such as energy-saving features, that can increase the overall sustainability. These conditions can be monitored during the meeting and adjusted dynamically in response to changing conditions. In response, devices can adjust configurations or alter audio/video transmissions.
Embodiments provide for a tunable driving circuit by monitoring a frequency of a ring oscillator of an electrical integrated circuit connected to an optical modulator to determine operational characteristics of the electrical integrated circuit; setting, based on the operational characteristics, a driving voltage for a plurality of tunable inverters and a plurality of fixed gain inverters that control the optical modulator, wherein each tunable inverter of the plurality of tunable inverters is connected in parallel with a corresponding fixed gain inverter of the plurality of fixed gain inverters on one of a first arm and a second arm connected to the optical modulator; and setting an amplification strength for the plurality of tunable inverters based on the operational characteristics.
H03F 1/02 - Modifications des amplificateurs pour augmenter leur rendement, p.ex. étages classe A à pente glissante, utilisation d'une oscillation auxiliaire
H03K 5/24 - Circuits présentant plusieurs entrées et une sortie pour comparer des impulsions ou des trains d'impulsions entre eux en ce qui concerne certaines caractéristiques du signal d'entrée, p.ex. la pente, l'intégrale la caractéristique étant l'amplitude
39.
System and Method for Adaptive Encryption for SD-WAN
A system and method for adaptive encryption for SD-WAN includes identifying an encrypted conversational flow and determining whether a duration of the encrypted conversational flow exceeds a threshold. The method also includes selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold. The method further includes transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.
A user device connected to a wireless network maintains session persistence through a MAC address change of a user device. The user device establishes a multi-path communication session including a first subflow associated with a first MAC address for the user device. When the user device changes from the first MAC address to a second MAC address. the user device establishes a second subflow of the multi-path communication session. The second subflow is associated with the second MAC address. After establishing the second subflow associated with the second MAC address, the user device ends the first subflow associated with the first MAC address.
Techniques are provided for client-driven Randomized and Changing Media Access Control (MAC) address (RCM) mechanisms. In one example, a wireless client is configured to wirelessly communicate with a wireless network. The wireless client obtains data relating to a level of security for one or more MAC addresses of the wireless client. Based on the data, the wireless client computes a score that represents the level of security for the one or more MAC addresses. Using the score, the wireless client determines when or how frequently to rotate the one or more MAC addresses. Based on determining when or how frequently to rotate the one or more MAC addresses, the wireless client rotates the one or more MAC addresses.
Techniques for leveraging a distributed Domain Name System (DNS) infrastructure for preserving Personally Identifiable Information (PII) data by creating a hash to policy pair (HPP) database on premises at an enterprise organization. A policy engine hosted on premises at an enterprise organization applies a cryptographic hash function to metadata including PII associated with a client of the enterprise organization to generate a client hash value. The HPP is created by mapping the client hash value to a set of DNS policy instructions associated with the client and stored in the HPP database. The HPP database in published to a DNS security service, such that the DNS security service can resolve a DNS query for the client of the enterprise organization absent knowledge of the PII associated with the client by mapping the client hash value included in the DNS query to the client HPP in the HPP database.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
In one embodiment, a method includes receiving power delivered over a data fiber cable at an optical transceiver installed at a network communications device and transmitting data and the power from the optical transceiver to the network communications device. The network communications device is powered by the power received from the optical transceiver. An apparatus is also disclosed herein.
H04B 10/80 - Aspects optiques concernant l’utilisation de la transmission optique pour des applications spécifiques non prévues dans les groupes , p.ex. alimentation par faisceau optique ou transmission optique dans l’eau
G01J 3/02 - Spectrométrie; Spectrophotométrie; Monochromateurs; Mesure de la couleur - Parties constitutives
G02B 6/38 - Moyens de couplage mécaniques ayant des moyens d'assemblage fibre à fibre
G02B 6/42 - Couplage de guides de lumière avec des éléments opto-électroniques
H02J 50/30 - Circuits ou systèmes pour l'alimentation ou la distribution sans fil d'énergie électrique utilisant de la lumière, p.ex. des lasers
H02J 50/80 - Circuits ou systèmes pour l'alimentation ou la distribution sans fil d'énergie électrique mettant en œuvre l’échange de données, concernant l’alimentation ou la distribution d’énergie électrique, entre les dispositifs de transmission et les dispositifs de réception
H02S 40/38 - Moyens de stockage de l’énergie, p.ex. batteries, structurellement associés aux modules PV
A method to achieve fast session transfer between radio access technologies. The method includes monitoring radio performance between an access point of a wireless local area network and a user equipment in a wireless local area network, and in response to detecting that the radio performance is below a predetermined threshold, the access point signaling the user equipment to scan for and access a cellular radio service.
A heterogeneous graph learning system generates and analyzes network implementations. The heterogeneous graph learning system includes obtaining information describing multiple network implementations including heterogeneous nodes. The heterogeneous graph learning system also includes generating a one-hop graph connecting a particular node of the heterogeneous nodes with a set of related nodes. The one-hop graph connects the particular node with the set of related nodes via corresponding edges. The heterogeneous graph learning system further includes transforming the one-hop graph into a weighted graph based on a Dynamic Meta Path Transformation (DMPT). In the DMPT, each of the corresponding edges connecting the particular node to a corresponding related node among the set of related nodes is associated with a corresponding weight.
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
46.
ACTIVELY ALIGNED AND REFLOWABLE PLUGGABLE-CONNECTOR FOR PHOTONIC INTEGRATED CIRCUITS
Embodiments herein describe attaching (or bonding) alignment parts to a photonic die so that these alignment parts can then be used to passively align a FAU to the photonic die. In one embodiment, the alignment part (or parts) is aligned to a photonic die using a mounting FAU. The mounting FAU (along with the mated alignment parts) can then be actively aligned to the photonic die. When aligned, the alignment parts can be bonded (e.g., using cured epoxy) to the photonic die. The mounting FAU can then be lifted off, leaving the alignment parts attached to the photonic die. Later, a final product FAU (which may have a different shape than the mounting FAU) can then be passively aligned to the photonic die using the previously mounted alignment part or parts.
Devices, systems, methods, and processes for conducting sustainability-aware virtual meetings are described herein. When establishing virtual meetings, each of the participants can have various devices, locations, histories, and other data associated with them. This data can be packaged together as a user profile which can be transmitted to a virtual meeting service or a host that can receive the various user profiles and generate a meeting profile that can be utilized to maximize the overall sustainability of the virtual meeting. The meeting profile can include configuration suggestions that can be transmitted out to each corresponding device of the participants to either prompt or automatically adjust one or more settings, features, or other configuration, such as energy-saving features, that can increase the overall sustainability. These conditions can be monitored during the meeting and adjusted dynamically in response to changing conditions. In response, devices can adjust configurations or alter audio/video transmissions.
Provided herein are techniques to facilitate conflict management in a shared Open Radio Access Network (O-RAN) architecture. In one instance, a method can be performed by a conflict manager of a near-real-time RAN intelligent controller of a shared RAN including radio unit (RU) nodes provided by a host operator. The method can include obtaining each of a requested radio unit (RU) configuration from each of a distributed unit (DU) node operated by each of a tenant operator and determining whether there are any conflicts among RU configuration parameters for each requested RU configuration. In one instance, upon determining one or more conflicts among the RU configuration parameters for each requested RU configuration, the method may include providing a response to each DU node indicating that each DU node is allowed to configure the plurality of RU nodes using each requested RU configuration in accordance with a modification.
H04W 28/16 - Gestion centrale des ressources; Négociation de ressources ou de paramètres de communication, p.ex. négociation de la bande passante ou de la qualité de service [QoS Quality of Service]
H04W 72/53 - Critères d’affectation ou de planification des ressources sans fil sur la base de politiques d’affectation réglementaires
49.
METHOD AND APPARATUS FOR CHARGING ELECTRIC VEHICLES AND PROVIDING CHARGING STATION BASED DATA CENTER
A dual purpose electric charging station that includes a housing, a network interface configured to enable network communications and an electric charging interface configured to connect to an electric vehicle to charge a battery of the electric vehicle. The electric charging station further includes at least one server that is housed within the housing and includes at least one processor configured to perform one or more data center functions and a power module that distributes power to the electric charging interface and to the at least one server. Methods are also provided for a dual-purpose electric charging station that charges an electric vehicle and performs one or more functions of a cloud data center.
B60L 53/66 - Transfert de données entre les stations de charge et le véhicule
B60L 53/30 - PROPULSION DES VÉHICULES À TRACTION ÉLECTRIQUE; FOURNITURE DE L'ÉNERGIE ÉLECTRIQUE À L'ÉQUIPEMENT AUXILIAIRE DES VÉHICULES À TRACTION ÉLECTRIQUE; SYSTÈMES DE FREINS ÉLECTRODYNAMIQUES POUR VÉHICULES, EN GÉNÉRAL; SUSPENSION OU LÉVITATION MAGNÉTIQUES POUR VÉHICULES; CONTRÔLE DES PARAMÈTRES DE FONCTIONNEMENT DES VÉHICULES À TRACTION ÉLECTRIQUE; DISPOSITIFS ÉLECTRIQUES DE SÉCURITÉ POUR VÉHICULES À TRACTION ÉLECTRIQUE Échange d'éléments d’emmagasinage d'énergie dans les véhicules électriques - Détails de construction des stations de charge
B60L 53/62 - Surveillance et commande des stations de charge en réponse à des paramètres de charge, p.ex. courant, tension ou charge électrique
B60L 53/68 - Surveillance ou commande hors site, p.ex. télécommande
50.
ACCESS POINT DUTY CYCLED OPERATION AND POWER SAVING
Techniques for improved networking are provided. An access point (AR) determines an AR duty cycle based at least in part on transmission activity of a station (STA) associated to the AR. The AR duty cycle is signaled via one or more beacon frames transmitted by the AR. The AR exchanges data in accordance with the AR duty cycle, comprising exchanging data with the STA during one or more active periods indicated by the AR duty cycle, and sleeping during one or more inactive periods indicated by the AR duty cycle.
Embodiments herein describe an electro-optic waveguide having a multi-mode multi-pass phase shifter (MMPS) tuner, one or more two-mode Bragg gratings, and one or more selective evanescent couplers. An input signal having a fundamental mode is reflected by the one or more Bragg gratings and tuned by the MMPS tuner. In this manner, the electro-optic waveguide isolates the higher order modes of the input signal. The one or more selective evanescent couplers capture an output signal having the highest order mode and reduces the mode of the output signal to the fundamental mode.
Techniques for, among other things, embedding metadata in network traffic without having to implement an overlay network. By way of example, and not limitation, the techniques described herein may include receiving an Ethernet packet at a network node and determining that a preamble of the Ethernet packet includes metadata. The metadata may, in some examples, be associated with the Ethernet packet itself, a flow that the Ethernet packet belongs to, etc. Based at least in part on the metadata, a policy decision may be made for handling the Ethernet packet, and the Ethernet packet may be handled in accordance with the policy decision.
Provided herein are techniques to provide per-enterprise subscriber data management (SDM) in multi-tenant network environment. In one instance, a method may include obtaining, by an SDM system, input information indicating SDM services requested for an enterprise entity in which the input information includes a multi-tenancy service attribute for the enterprise entity and indicates whether subscriber data for is to be provided on-premise for the enterprise entity. The method may further include identifying a particular SDM service of the SDM system for storing the subscriber data, deploying the particular SDM service via the SDM system, and deploying one or more on-premise SDM services at each of one or more on-premise locations of the enterprise entity for storing the subscriber data based on determining that the subscriber data is to be provided on-premise for the enterprise entity.
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
54.
REVERSED FIBER DETECTION AND CORRECTION IN OPTICAL TRANSCEIVERS
Embodiments described herein provide for improved detection and correction of a polarity mismatch/swapped fiber without requiring manual intervention. The optical transceivers and methods provide improved detection and correction by determining receive (Rx) optical signals for an optical connection are not detected in a Rx path in an optical transceiver and, upon detecting the crossover Rx optical signals in the Tx path, implementing a crossover correction scheme in the optical transceiver to enable optical connections.
H04B 10/079 - Dispositions pour la surveillance ou le test de systèmes de transmission; Dispositions pour la mesure des défauts de systèmes de transmission utilisant un signal en service utilisant des mesures du signal de données
H04B 10/038 - Dispositions pour le rétablissement de communication après défaillance utilisant des contournements
H04B 10/40 - Systèmes de transmission utilisant des ondes électromagnétiques autres que les ondes hertziennes, p.ex. les infrarouges, la lumière visible ou ultraviolette, ou utilisant des radiations corpusculaires, p.ex. les communications quantiques Émetteurs-récepteurs
55.
FACILITATING RADIO ACCESS NETWORK INTEGRATION WITH DATA CENTERS
A method, computer system, and computer program product are provided for facilitating radio access network integration with data centers. Mobile network configuration information is obtained identifying threshold latency and distance criteria and network function operating criteria. Data center information is obtained for a plurality of data centers. Latencies between a plurality of radio base stations and the plurality of data centers are determined. A primary data center and a backup data center are selected to interconnect with each radio base station based on a geographical distance between each data center and each radio base station satisfying the threshold distance and latency criteria. Network function pool configuration information is generated for the primary data center and the backup data center. A domain name system (DNS) server and a network repository function (NRF) are configured based on the network function pool configuration information.
Devices, systems, methods, and processes for sustainably operating a plurality of network planes via de-energization and re-energization is described herein. In many network configurations, a plurality of planes exist that allow for more modular connections in a network fabric. Often, these planes are configured such that each plane is not directly connected to another plane. Because of this, various embodiments described herein can evaluate network conditions and determine if there are conditions suitable to de-energize a plane by either directing the plane to enter a lower-power mode, by shutting off the plane, or disconnecting the available power. This de-energization period can be for a period of time or can occur until a triggering event is detected that indicates that the plane should be re-energized. These determinations can be done based on current traffic trends or historical conditions. They may also be heuristic-based or generated via one or more machine-learning processes.
In one aspect, the present disclosure is directed to a method that includes receiving, at an edge component of a cloud-based secure access service, a corresponding access designation for each of a plurality of endpoints, each access designation specifying a type of access a corresponding endpoint has to remaining ones of the plurality of endpoints and other accessible network resources; based on the corresponding access designation of each of the plurality of endpoints, updating a routing table at the edge component, to include routing information for a subset of the plurality of endpoints having access to at least one other endpoint of the plurality of endpoints or to the other accessible network resources; and enabling routing of network traffic, via the cloud-based secure access service, between any number of the plurality of endpoints based at least in part on the routing table.
Devices, systems, methods, and processes for sustainably operating a plurality of network planes via de-energization and re-energization is described herein. In many network configurations, a plurality of planes exist that allow for more modular connections in a network fabric. Often, these planes are configured such that each plane is not directly connected to another plane. Because of this, various embodiments described herein can evaluate network conditions and determine if there are conditions suitable to de-energize a plane by either directing the plane to enter a lower-power mode, by shutting off the plane, or disconnecting the available power. This de-energization period can be for a period of time or can occur until a triggering event is detected that indicates that the plane should be re-energized. These determinations can be done based on current traffic trends or historical conditions. They may also be heuristic-based or generated via one or more machine¬ learning processes.
H04L 41/0813 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres
H04L 41/5025 - Pratiques de respect de l’accord du niveau de service en réagissant de manière proactive aux changements de qualité du service, p.ex. par reconfiguration après dégradation ou mise à niveau de la qualité du service
Techniques for determining an optimal connection path by a NHNaaS are described. The techniques may include receiving a registration from an IPS that includes service ISP service parameters, and storing the registration in a NaaS database. A request to connect to a remote service from a user device, including user parameters required is received. ISPs having respective service parameters compatible with the user parameters are identified in the NaaS database. Multiple paths offered by the service providers between the user device and the remote service are determined. Network performance data for each path is received from a network monitoring service. Using the network performance data, an optimal path for establishing the connection is identified. A request to instantiate a tunnel between the user device and remote service is transmitted to the service providers along the optimal path and the tunnel information is transmitted to the user device.
In one embodiment, a method includes acquiring an Internet Protocol version 6 (IPv6) address for a physical interface of a first network element. The method also includes configuring an Internet Protocol version 4 (IPv4) over IPv6 tunnel between the first network element and a second network element using the physical interface of the first network element. The method also includes acquiring an updated IPv6 address for the physical interface of the first network element and using an IPv6 Service Level Agreement (SLA) Hypertext Transfer Protocol (HTTP) operation to notify the second network element of the updated IPv6 address to establish a bidirectional IPv4 over IPv6 tunnel. The method further includes establishing a control connection with an IPv4 SD-WAN controller and automatically building an SD-WAN overlay tunnel with the bidirectional IPv4 over IPv6 tunnel as a transport.
H04L 61/251 - Traduction d'adresses de protocole Internet [IP] entre versions IP différentes
H04L 61/5014 - Adresses de protocole Internet [IP] en utilisant le protocole de configuration dynamique de l'hôte [DHCP] ou le protocole d'amorçage [BOOTP]
H04L 67/141 - Configuration des sessions d'application
61.
Managing Traffic for Endpoints in Data Center Environments to Provide Cloud Management Connectivity
Techniques for combining the functionality of fabric interconnects and switches (e.g., Top-of-Rack (ToR) switches) into one network entity, thereby reducing the number of devices in a fabric and complexity of communications in the fabric. By collapsing FI and ToR switch functionality into one network entity, server traffic may be directly forwarded by the ToR switch and an entire tier is now eliminated from the topology hierarchy which may improve the control, data, and management plane. Further, this disclosure describes techniques for dynamically managing the number of gateway proxies running on one or more computer clusters based on a number of managed switch domains.
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p.ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
H04L 12/44 - Réseaux en étoile ou réseaux arborescents
H04L 41/04 - Architectures ou dispositions de gestion de réseau
H04L 41/046 - Architectures ou dispositions de gestion de réseau comprenant des agents de gestion de réseau ou des agents mobiles à cet effet
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p.ex. prêt à l’emploi [plug-and-play]
H04L 41/34 - Canaux de signalisation pour la communication dédiée à la gestion du réseau
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
H04L 45/741 - Routage dans des réseaux avec plusieurs systèmes d'adressage, p.ex. avec IPv4 et IPv6
H04L 61/103 - Correspondance entre adresses de types différents à travers les couches réseau, p.ex. résolution d’adresse de la couche réseau dans la couche physique ou protocole de résolution d'adresse [ARP]
H04L 61/5038 - Allocation d'adresse pour une utilisation locale, p.ex. dans des réseaux LAN ou USB, ou dans un réseau de contrôle [CAN]
H04L 67/567 - Intégration de l’approvisionnement des services à partir d'une pluralité de fournisseurs de services
The disclosed technology relates to determining a period in which a non-urgent RRM update should be deferred. The method may comprise applying a first update to an existing configuration of the plurality of wireless access points in the network based on an analysis of telemetry received from the plurality of wireless access points received over a period spanning at least two busy periods. The method may further comprise applying a second update that modifies the first preferred network configuration based on an analysis of telemetry received during the first busy period. The method may further comprise applying a maintenance update to the tweaked network configuration based on telemetry received during the next busy period.
H04L 41/082 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres la condition étant des mises à jour ou des mises à niveau des fonctionnalités réseau
H04L 41/0823 - Réglages de configuration caractérisés par les objectifs d’un changement de paramètres, p.ex. l’optimisation de la configuration pour améliorer la fiabilité
H04L 41/149 - Analyse ou conception de réseau pour la prédiction de la maintenance
63.
PRIORITY-BASED FLOW CONTROL MESSAGING FOR PORT EXTENDER
A port extender provides individual flow control for ports multiplexed from a network device. The port extender is configured to multiplex a network device port across the front panel ports on the port extender. The port extender also determines that an input buffer for the network device port is overloaded, and generates a Priority-based Flow Control (PFC) frame identifying that the network device port is congested. The port extender sends the PFC frame via the network device port to the network device. The PFC frame causes the network device coupled to the network device port to discontinue sending data for transmission from the plurality of ports on the port extender.
Presented herein are a system and secure device onboarding techniques. A Connectivity Management Platform (CMP) receives a request for an access token that includes a user identifier, a customer organization identifier, and an authorization code from a Device Management Platform (DMP), verifies the authorization code, queries an enterprise server using the user identifier and the customer organization identifier to confirm the user belongs to the customer organization, generates the access token, stores the access token in an authentication datastore, and transmits the access token to DMP. The CMP receives a provisioning request including an eSIM identifier of a device and an access token from the DMP, verifies the access token, obtains a customer organization identifier based thereon, queries an enterprise server using the eSIM identifier and the customer organization identifier to confirm the device belongs to the customer organization, and facilitates secure provisioning of the device with an eSIM profile.
Devices, systems, methods, and processes for sustainably deploying serverless functions across the globe are described herein. Often, when considering sustainability options for cloud-based service providers that can accept and operate serverless functions from various sources, the power source type can be considered. In many cases, solar-powered power sources can be desired, but is only available during the day. Thus, it may be desirable to consider where the location of a cloud-based service provider is located in relation to the daylight time. Thus, various data related to the power being utilized to power the cloud-based service provider location can be determined and utilized when comparing potential locations to deploy serverless functions. In some cases, a sustainability score can be generated based on this sustainability data and a sustainability profile that can be compared against other locations to determine the most suitable cloud-based service provider to deploy the serverless function onto.
Techniques to add environmental-impact and energy sustainability criteria and support to service function chains (SFCs). These techniques enabling steering of network traffic that carries energy sustainability related metadata within in an SFC based on energy sustainability or “green criteria.” This allows for achieving, for example, so-called “green Operations, Administration and Maintenance (OAM)”, whether realized with Network Service Header (NSH), Segment Routing, Multi-protocol Label Switching (MPLS), etc. In other words, these techniques enhance service functions (SFs) and SFCs to allow for finding an energy sustainable or green path in an SFC, and to allow for conveying environmental information as in-line metadata.
H04L 47/2425 - Trafic caractérisé par des attributs spécifiques, p.ex. la priorité ou QoS pour la prise en charge de spécifications de services, p.ex. SLA
Techniques for determining an optimal connection path by a NHNaaS are described. The techniques may include receiving a registration from an IPS that includes service ISP service parameters, and storing the registration in a NaaS database. A request to connect to a remote service from a user device, including user parameters required is received. ISPs having respective service parameters compatible with the user parameters are identified in the NaaS database. Multiple paths offered by the service providers between the user device and the remote service are determined. Network performance data for each path is received from a network monitoring service. Using the network performance data, an optimal path for establishing the connection is identified. A request to instantiate a tunnel between the user device and remote service is transmitted to the service providers along the optimal path and the tunnel information is transmitted to the user device.
Techniques are described for detecting a change in Path Maximum Transfer Unit (PMTU) in a network and initiating a PMTU discovery process. A Bidirectional Forwarding Detection (BFD) data packet is generated having enhanced headers configured to record a largest packet sent value and a largest packet received value. The BFD data packet is sent from a first network device (such as a first router) to a second network device (such as a second router). A largest packet sent value and a largest packet received value are each recorded in the BFD data packet. If the largest data packet sent value is larger than the largest data packet received value, then a determination can be made that a path change has resulted in a reduction in PMTU which has resulted in either a data packet being fragmented, a data packet being dropped or both. A PMTU discovery can then be performed.
Techniques for mitigating network failures (e.g., SLA violations, service degradations, network outages, etc.) based on output(s) from a predictive network system. The techniques may include determining that a failure is predicted to occur in a network and determining a correlation between the failure and a previous failure that occurred in the network. In examples, the correlation may be determined using a machine-learned model. The techniques may also include determining, based at least in part on the correlation, a condition contributing to the failure. In this way, prior to occurrence of the failure, a parameter associated with the network may be altered based at least in part on the condition to mitigate or otherwise prevent the failure.
H04L 41/0631 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant l’analyse de la corrélation entre les notifications, les alarmes ou les événements en fonction de critères de décision, p.ex. la hiérarchie ou l’analyse temporelle ou arborescente
H04L 41/0604 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant du filtrage, p.ex. la réduction de l’information en utilisant la priorité, les types d’éléments, la position ou le temps
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
70.
SYSTEMS AND METHODS OF INSERTING IDLES WITHIN PACKETS TO REDUCE LATENCY
Devices, systems, methods, and processes for transmitting and receiving one or more data packets are described herein. A device may face an internal non-deterministic delay in processing causing a gap or an interruption during transmission of the data packet. During the gap, the device can transmit one or more Intra-Packet Idle (IPI) words between the transmission of the data packet. The IPI words can be ignored or discarded by a receiver. The device may transmit the data packet into multiple parts by transmitting the IPI words between the parts. The receiver can receive the parts of the data packet and the IPI words and retrieve the data packet based on the parts of the data packet. The device may set a configurable threshold value indicative of a maximum number of the IPI words that can be transmitted during the gap of the interruption, such that the receiver can efficiently identify and discard a runt packet. The device does not require a buffer to fetch and store the data packet prior to the transmission, thereby eliminating a latency caused by the buffer.
Disclosed are systems, apparatuses, methods, computer readable medium, and circuits for sharing multifactor authentication with shared session tokens using an authentication service. According to at least one example, a method includes: in response to receiving a request to check an authentication status from a first application, transmitting a first message to an authentication service including shared information; providing first authentication credentials related to a first authentication to the authentication service; and receiving a message related to a second authentication to bypass the second authentication.
G06F 21/41 - Authentification de l’utilisateur par une seule ouverture de session qui donne accès à plusieurs ordinateurs
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A combinational circuit (e.g., multiplexer or demultiplexer) comprises a sub-circuit that comprises first and second current paths from an input of the combinational circuit to an output of the combinational circuit, such that substantially all input current at the input of the combinational circuit is conducted by the sub-circuit via the first and second current paths to the output of the combinational circuit. The first current path comprises a first inductor and a first switch; and the second current path comprises a second inductor and a second switch. The first inductor is part of an output LC transmission line of the sub-circuit; the second inductor is part of an input LC transmission line of the sub-circuit; and the first and second inductors are sized such that parasitic capacitances of the first and second switches are substantially absorbed by the input and output LC transmission lines.
In one embodiment, a device receives, at a first large language model executed by a device, textual input from a user of a network regarding a networking issue in the network. The device issues, by the first large language model and to a second large language model, one or more questions regarding the network based on the textual input. The device receives, at the first large language model and from the second large language model, one or more answers to the one or more questions. The device generates, by the first large language model, a textual response to the textual input for presentation to the user.
H04L 41/5074 - Traitement des plaintes des utilisateurs ou des tickets d’incident
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
H04L 41/5067 - Mesures de la qualité du service [QoS] centrées sur le client
74.
USER FEEDBACK COLLECTION FOR APPLICATION QOE PREDICTION
In one embodiment, a device makes, using a prediction model, a prediction regarding a quality of experience metric for an online application, based on telemetry from a network used to access the network. The device determines a degree of uncertainty associated with the prediction. The device selects one or more users of the online application from which user feedback should be requested, based on the degree of uncertainty. The device requests that the one or more users provide user feedback regarding their satisfaction with the online application.
H04L 41/5025 - Pratiques de respect de l’accord du niveau de service en réagissant de manière proactive aux changements de qualité du service, p.ex. par reconfiguration après dégradation ou mise à niveau de la qualité du service
H04L 41/0816 - Réglages de configuration caractérisés par les conditions déclenchant un changement de paramètres la condition étant une adaptation, p.ex. en réponse aux événements dans le réseau
H04L 41/5067 - Mesures de la qualité du service [QoS] centrées sur le client
H04L 43/04 - Traitement des données de surveillance capturées, p.ex. pour la génération de fichiers journaux
H04L 67/75 - Services réseau en affichant sur l'écran de l'utilisateur les conditions du réseau ou d'utilisation
Techniques for using Locator ID Separation Protocol (LISP), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to obfuscate server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns an endpoint identifiers (EID) that is mapped to the client device and at least one routing locator (RLOC) of the endpoint device. In this way, IP addresses of servers are obfuscated by a network mapping of EIDs and RLOCs. The client device may then communicate data packets to the server using the EIDs as the destination address, and a virtual network service that works in conjunction with DNS can encapsulate the data packet with the RLOC using LISP and forward the data packet onto the server.
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
76.
VIRTUAL ROUTER FUNCTION SHARDING FOR SCALABLE MULTI-TENANT ROUTING
Proposed herein at techniques for scalable network traffic steering in a multi-tenant network. In one aspect, a method includes receiving, at an ingress of a multi-tenant network, a data packet, the data packet including a Virtual Network Identifier (VNI) identifying a corresponding tenant for the data packet in the multi-tenant network, and determining, at the ingress, a corresponding cluster of routers for processing the data packet based on the VNI, wherein the corresponding cluster of routers is one of a plurality of clusters of routers in the multi-tenant network. The method further includes forwarding the data packet to a router in the corresponding cluster of routers for processing.
Audio is captured from an online meeting and words being spoken by a participant during the online meeting from the audio are identified. One or more suggested next words or phrases to be spoken by the participant are determined based on the words being spoken by the participant and one or more scores associated with previous words spoken by the participant. The words being spoken by the participant and the one or more suggested next words or phrases are generated for display to the participant.
Disclosed is an adiabatic optical coupler. The adiabatic optical coupler includes a tapered input region which includes a first waveguide core and a second waveguide core. The first and second waveguide cores are separated at the tapered input region. The adiabatic optical coupler also includes a narrow coupling region extending from the tapered input region. In the narrow coupling region, the first and second waveguide cores are brought within close proximity and a third waveguide core is positioned between the first and second waveguide cores. The third waveguide core defines a longitudinal axis. The adiabatic optical coupler also includes a flared output region extending from the narrow coupling region. In the flared output region, the first, second, and third waveguide cores are separated.
G02B 6/293 - Moyens de couplage optique ayant des bus de données, c. à d. plusieurs guides d'ondes interconnectés et assurant un système bidirectionnel par nature en mélangeant et divisant les signaux avec des moyens de sélection de la longueur d'onde
A receiver comprises at least two input ports. An optical signal containing n wavelengths is coupleable to one of these input ports. The receiver comprises a first demultiplexer coupled to a first input port to separate n wavelengths in the first input port onto n first multiplexer output ports, a second demultiplexer coupled to a second input port to separate the n wavelengths in the second input port onto n second multiplexer output ports, and a waveguide crossing matrix comprising an input side and an output side. The crossing matrix coupled to the n first and the n second multiplexer output ports on the input side and coupled to n shared photodetectors on the output side, one for each wavelength channel. Each of the photodetectors is coupled to one of the n first multiplexer output ports and one of the n second multiplexer output ports for the one wavelength channel.
H04B 10/294 - Commande de la puissance du signal dans un système à plusieurs longueurs d’onde, p.ex. égalisation du gain
H04B 10/50 - Systèmes de transmission utilisant des ondes électromagnétiques autres que les ondes hertziennes, p.ex. les infrarouges, la lumière visible ou ultraviolette, ou utilisant des radiations corpusculaires, p.ex. les communications quantiques Émetteurs
80.
AMBIENCE-ADAPTED AUDIO WATERMARKING FOR TELECONFERENCING
A method is performed by an endpoint device that includes a loudspeaker, a microphone, and a controller. The method includes: by the loudspeaker, playing a loudspeaker signal into a space; by the microphone, detecting audio in the space, to produce a feedback audio signal; estimating acoustic parameters for the space including a reverberation time and an ambient noise power based on the feedback audio signal and the loudspeaker signal; receiving an incoming audio signal that is not detected by the microphone; using the acoustic parameters, generating an acoustic watermark signal that, when played into the space through the loudspeaker, would be inaudible to a listener; adding the acoustic watermark signal to the incoming audio signal to produce a watermarked audio signal; and playing the watermarked audio signal into the space through the loudspeaker.
A multicast state is generated within a Layer 2 (L2) fabric through a set of L2 tunnel router devices within the L2 fabric. The multicast state is generated without forwarding multicast traffic through Layer 3 (L3) gateways. When a data packet is received for distribution to other devices in the L2 fabric, an underlay multicast tree is defined at an L2 tunnel router device that is to serve as the multicast source for the data packet in the L2 fabric. The data packet is streamed to the other devices through the L2 tunnel router device along the underlay multicast tree without forwarding the data packet through the L3 gateways.
In one embodiment, a method is disclosed comprising: detecting, by a processor, a remote access session from an accessing device to an accessed device; determining, by the processor, an access session screen-sharing security policy for the accessed device; and preventing, by the processor, the remote access session in response to a violation of the access session screen-sharing security policy.
Devices, systems, methods, and processes for transmitting and receiving one or more data packets are described herein. A device may face an internal non-deterministic delay in processing causing a gap or an interruption during transmission of the data packet. During the gap, the device can transmit one or more Intra-Packet Idle (IPI) words between the transmission of the data packet. The IPI words can be ignored or discarded by a receiver. The device may transmit the data packet into multiple parts by transmitting the IPI words between the parts. The receiver can receive the parts of the data packet and the IPI words and retrieve the data packet based on the parts of the data packet. The device may set a configurable threshold value indicative of a maximum number of the IPI words that can be transmitted during the gap of the interruption, such that the receiver can efficiently identify and discard a runt packet. The device does not require a buffer to fetch and store the data packet prior to the transmission, thereby eliminating a latency caused by the buffer.
H04L 1/1607 - Dispositions pour détecter ou empêcher les erreurs dans l'information reçue en utilisant un canal de retour dans lesquelles le canal de retour transporte des signaux de contrôle, p.ex. répétition de signaux de demande - Détails du signal de contrôle
H04L 1/00 - Dispositions pour détecter ou empêcher les erreurs dans l'information reçue
H04L 1/1867 - Dispositions spécialement adaptées au point d’émission
84.
SELECTIVE PRIVACY FILTERING FOR ONLINE CONFERENCES
Methods are provided in which a user device connects a participant to a collaboration session in which the participant communicates with at least one other participant using audio and/or video, which is distributed in a media stream to the at least one other participant via a respective user device. In these methods, the user device detects at least one of an object within a space that is included in the video and an audio signal and selectively filters the media stream to exclude the object or a portion of the audio signal based on at least one of participant list information, learned background information, or learned voices of participants of the collaboration session.
Techniques for optimizing technologies related to network path tracing and network delay measurements are described herein. Some of the techniques may include using an IPv6 header option and/or segment identifier field of a segment list or a TLV of a segment routing header as a telemetry data carrier. The techniques may also include using an SRv6 micro-segment (uSID) instruction to indicate to a node of a network that the node is to perform one or more path tracing actions and encapsulating the packet and forward. Additionally, the techniques may include using short interface identifiers corresponding to node interfaces to trace a packet path through a network. Further, the techniques may include using short timestamps to determine delay measurements associated with sending a packet through a network. In various examples, the techniques described above and herein may be used with each other to optimize network path tracing and delay measurement techniques.
H04L 43/0805 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 43/106 - Surveillance active, p.ex. battement de cœur, utilitaire Ping ou trace-route en utilisant des informations liées au temps dans des paquets, p.ex. en ajoutant des horodatages
Techniques for propagating security group tag mapping between external interconnected sites that are not capable of carrying the SGT mappings. A system is disclosed that includes operations of subscribing at a first border of a first site, by a control plane, a first SGT mapping associated with a first data packet at the first site for storing the SGT mapping of the first data packet at the control plane. Then transmitting, the first data packet from the first border of the first site to a second border of the second site without attaching the first SGT mapping with the first data packet. Further, in response to a determination by the control plane that the first data packet has lost the associated first SGT mapping at the second border, identifying the SGT mapping with the first data packet at the second border to be re-associated with the first data packet.
In one embodiment, a device obtains path metrics for a network path used to convey application traffic for an online application. The device discretizes the path metrics into labeled states. The device generates state transition visualization data that represents the labeled states as nodes and transitions between the labeled states as edges connecting the nodes. The device provides the state transition visualization data for display.
H04L 45/50 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données utilisant l'échange d'étiquettes, p.ex. des commutateurs d'étiquette multi protocole [MPLS]
Systems, methods, and computer-readable media are provided for on-boarding network devices onto a private 5G network. An example method can include discovering a first private 5G network upon the network device being turned on, authenticating, at the network device, the network device, downloading a second network profile from an SM-DP+ server of a second private 5G network, and on-boarding the network device to the second private 5G network.
H04W 8/26 - Adressage ou numérotation de réseau pour support de mobilité
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
In Wi-Fi 8, backscatter devices (BKDs) may be viewed as part of the 802.11 wireless local area network (WLAN). BKDs in a WLAN have limited transmission interactions with a Wi-Fi access point (AP). Onboarding BKDs to the WLAN is described, which allows for the AP and BKD to participate as elements of the same local network, with security controls. The onboarding of the BKD to a WLAN may occur after discovery of the BKD at an AP and includes replacing an Initial Device Identifier (IDevID) on the BKD with a Local Device Identifier (LDevID) in order to provide for secure communications between the BKD and the WLAN.
H04B 7/04 - Systèmes de diversité; Systèmes à plusieurs antennes, c. à d. émission ou réception utilisant plusieurs antennes utilisant plusieurs antennes indépendantes espacées
Methods and systems provide authentication of signaling from on-premise network(s) to a cloud network to prevent unauthorized access to device information belonging to another enterprise/on-premise network. Methods involve a cloud proxy service obtaining a request originating from a source network function deployed in an on-premise network and destined for a destination network function deployed in a cloud network. These methods further involve determining whether the source network function is associated with an enterprise network based on a unique identifier extracted from the request. The unique identifier is indicative of a particular enterprise network. The methods further involve providing the request to the destination network function based on determining that the source network function is associated with the particular enterprise network and blocking the request from propagating to the destination network function based on determining that the source network function is not associated with the particular enterprise network.
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 12/037 - Protection de la confidentialité, p.ex. par chiffrement du plan de contrôle, p.ex. trafic de signalisation
A centralized controller automatically detects connections in a network system of network elements. The centralized controller provides a measurement schedule to network elements in the network system. The measurement schedule indicates a predetermined time to sample optical ports of each network element. The centralized controller obtains measurement results from each network element, with each particular measurement result being associated with an optical port of a network element. The centralized controller then cross-correlates the measurement results to determine one or more direct connections between optical ports on corresponding pairs of network elements. A notification indicating the one or more direct connections is provided to at least one administrative device.
Techniques for enabling service insertion using dynamic service path selection are described herein. In some aspects, the techniques described herein relate to avoiding a service route that passes through a service router when the second-leg path from the service router to a destination router is unreachable. In some cases, the techniques described herein relate to avoiding a route that includes a service router that does not have a path to a viable target in a core service region.
A method of application program interface (API) endpoint host redirection may include with an intelligent domain name system (DNS) engine (IDE) associated with a containerized service within a pod of a mesh network, snooping a DNS query from the containerized service, identifying within the DNS query, an API endpoint name, snooping a DNS response associated with the DNS query, identifying an Internet protocol (IP) address associated with the API endpoint name, transmitting the API endpoint name and the IP address to a controller, receiving, from the controller, a list of safe API endpoint hosts with no known security vulnerabilities based on security data obtained from at least one security service, caching, at the IDE, the list of safe API endpoint hosts including safe IP addresses, and transmitting to the containerized service, via the IDE, IP addresses of safe API endpoint hosts within the list of safe API endpoint hosts.
Techniques for augmenting deep packet inspection capabilities of a network security device provisioned in a networked computing environment with inference-based flow selection to focus processing resources on network traffic that is likely to be malicious. The network device(s) may receive decryption policies comprising one or more decrypt and/or do not decrypt rules for applying the decryption policy to the network traffic. The network device may receive network traffic associated with a given connection flow through the network between a client device and a workload application, and the network device may determine whether to decrypt or refrain from decrypting the network traffic associated with the network flow based on a risk score that is generated by the network device using connection fingerprints associated with the client device and the workload application, respectively, based on behavioral characteristics of the client device and the workload, respectively.
In one embodiment, a device identifies, based on traceroute information for a path in a network between an endpoint client and an online application, a particular segment of the path as most likely to cause degraded performance along the path. The device makes, using a prediction model, a prediction that routing traffic for the online application via the path will result in degraded quality of experience for the online application. The device obtains, based on the prediction, additional traceroute information in the network, to identify a bypass path in the network between the endpoint client and the online application that bypasses the particular segment. The device causes traffic for the online application to be routed along the bypass path.
In one embodiment, external API vulnerability assessments may include detecting, by a process, usage of an external application programming interface in execution of an application; transmitting, by the process, a query to the external application programming interface for a list of one or more components of the external application programming interface; generating, by the process, a vulnerability assessment for the application based on a response to the query; and performing, by the process, one or more mitigation actions based on the vulnerability assessment.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
97.
SCALABLE SOURCE SECURITY GROUP TAG (SGT) PROPAGATION OVER THIRD-PARTY WAN NETWORKS
Techniques for propagating security group tag mapping between external interconnected sites that are not capable of carrying the SGT mappings. A system is disclosed that includes operations of subscribing at a first border of a first site, by a control plane, a first SGT mapping associated with a first data packet at the first site for storing the SGT mapping of the first data packet at the control plane. Then transmitting, the first data packet from the first border of the first site to a second border of the second site without attaching the first SGT mapping with the first data packet. Further, in response to a determination by the control plane that the first data packet has lost the associated first SGT mapping at the second border, identifying the SGT mapping with the first data packet at the second border to be re-associated with the first data packet.
Techniques for a client device configured with a kernel driver framework (KDF) to establish connection(s) with target workload(s) provisioned in remote network(s) (e.g., an enterprise network) using non-routable synthetic IP address(es) (e.g., a loopback address within a link-local address range, a unique local address within a discard prefix range, and/or the like). The KDF may intercept DNS requests from application(s) executing on a client device, generate and return a synthetic IP address associated with a given domain in the DNS request, and establish a connection with a secure access gateway using the non-routable synthetic IP address. Additionally, the KDF may invoke an external browser with an authentication redirect to a randomly generated synthetic IP address on a randomly generated port, where a local listener on a client device may listen on the synthetic IP address and random port to obtain and/or store authentication data for later use.
H04L 61/2514 - Traduction d'adresses de protocole Internet [IP] entre adresses IP locales et globales
H04L 61/2539 - Traduction d'adresses de protocole Internet [IP] en gardant les adresses anonymes
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
Techniques for augmenting deep packet inspection capabilities of a network security device provisioned in a networked computing environment with inference-based flow selection to focus processing resources on network traffic that is likely to be malicious. The network device(s) may receive decryption policies comprising one or more decrypt and/or do not decrypt rules for applying the decryption policy to the network traffic. The network device may receive network traffic associated with a given connection flow through the network between a client device and a workload application, and the network device may determine whether to decrypt or refrain from decry pting the network traffic associated with the network flow based on a risk score that is generated by the network device using connection fingerprints associated with the client device and the workload application, respectively, based on behavioral characteristics of the client device and the workload, respectively.
Techniques for enabling service insertion using dynamic service path selection are described herein. In some aspects, the techniques described herein relate to avoiding a service route that passes through a service router when the second-leg path from the service router to a destination router is unreachable. In some cases, the techniques described herein relate to avoiding a route that includes a service router that does not have a path to a viable target in a core service region.
