In one implementation, a device may generate cleaned log messages by removing irrelevant data from log messages. The device may construct a directed root tree graph for the cleaned log messages. The device may refine the cleaned log messages in the directed root tree graph based on predefined relationships established in the directed root tree graph. The device may select representative messages from the cleaned log messages in the directed root tree graph to generate a relevancy-filtered file configured for inclusion in a language model prompt.
This disclosure describes techniques for improving routing policy awareness in a network. The method includes detecting, by a controller, an application initiated for use at an edge node of a network. Then, generating, by an analytics engine coupled to the controller, analytical data of traffic flow at the edge node of the network wherein the traffic flow is in accordance with a routing policy for routing traffic associated with the application. Further, routing of the traffic through a path from one or more paths configured at the edge node that is in accordance with at least a Service Level Agreement (SLA) for traffic flow. Also, in response to an SLA violation during routing of the traffic, causing an action, by the controller, of routing traffic flow through another path that is in accordance with at least the SLA for traffic flow based on analytical data received of the traffic flow.
In one implementation, a device may obtain natural language descriptions of issues detected in a computing system. The device may prompt one or more language models to generate sets of possible causal dependencies between the issues based on their natural language descriptions. The device may form, using the one or more language models, an issue dependency graph that reaches consensus among the sets of possible causal dependencies between the issues. The device may use the issue dependency graph to determine a particular one of the issues as a root cause of an indicated problem in the computing system.
Some implementations of the disclosure provide a computer-implemented method including operations of receiving a user question by an orchestration agent, where generating a response to a user question includes generation of programming code, executing, by a sub-large language model (LLM), an instruction to generate the programming code and performing, by the sub-LLM, a validation process including determining whether the programming code generated by the sub-LLM includes a syntax error. When the validation process indicates the programming code does not include the syntax error, the method includes operations of invoking a logic module configured to execute the programming code, wherein the logic module is provided the programming code generated by the sub-LLM and executes the programming code and generating, by the orchestration agent, a graphical user interface that displays the response to the user question that includes or is based on results of execution of the programming code.
An optical receiver and a linear receiver pluggable optics (LRO) module are disclosed. The optical receiver includes a photodiode, a transimpedance amplifier (TIA), and a variable gain stage with multiple amplifiers. The optical receiver features dual output buffers for signal distribution to a HOST serializer/deserializer and a re-timer or digital signal processor (DSP). A switch controls the second output buffer without causing bit errors. The LRO module connects to a remote transmitter and includes a photodiode, TIA, and DSP for signal processing. The optical receiver supports advanced monitoring and testing through multiple test points. The module's design ensures efficient signal conversion and transmission, with the ability to toggle re-timers without introducing errors. The system is designed for high-performance optical communication, offering flexibility and reliability in signal handling and processing.
H04B 10/69 - Electrical arrangements in the receiver
H03G 3/30 - Automatic control in amplifiers having semiconductor devices
H04B 10/079 - Arrangements for monitoring or testing transmission systemsArrangements for fault measurement of transmission systems using an in-service signal using measurements of the data signal
6.
METHOD FOR USING GENERATIVE LARGE LANGUAGE MODELS (LLM) FOR CYBERSECURITY DECEPTION AND HONEYPOTS
In one aspect, a method for enhancing cybersecurity using Large Language Model (LLM)-generated honeypot schemes, the method includes generating a plurality of deceptive information using an LLM, configured to attract and engage potential attackers, where the plurality of deceptive information includes one or more characteristics referencing vulnerabilities of a network, continuously monitoring for interactions initiated by an interacting party with one or more components of the generated deceptive information, where the interaction is identified as a potential threat to the network, in response to detection of an interaction identified as a potential threat, extracting interaction data associated with the interacting party retrieved during the interaction, and retraining the LLM with the interaction data to create more effective honeypots.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
Systems, methods, and computer-readable media are provided for path tracing proxy behavior using an external probing appliance. An example method can include generating, at an external probing appliance of a network, a probe packet, the probe packet including a source address, a destination address, and a packet tracing indication in a next header field of the probe packet, the packet tracing indication triggering a proxy source behavior at a source node having the source address and a proxy sink behavior at a sink node having the destination address; sending the probe packet to the source node to trigger a packet tracing mechanism; and receive an updated probe packet from the sink node, the updated probe packet including probe data associated with one or more data flows in the network as the one or more data flows traverse the network from the source node to the sink node.
Devices, systems, methods, and processes for fabric congestion management are described herein. At each ingress switch, virtual output (“VO”) queues are created for egress ports based on identifiers, state indicators, and encapsulation values of the egress ports received via an Ethernet Virtual Private Network (“EVPN”) control plane. When a data packet is received at the ingress switch, an egress port for the data packet is determined, an identifier and an encapsulation value of the egress port are added to the data packet, and the data packet is stored in a corresponding VO queue. The data packet remains at the ingress switch until an egress switch is available. At the egress switch, one or more tags are added in the data packet based on the encapsulation value, whereas the destination egress port is identified based on the identifier. Thus, a quick egress through the egress switch is achieved.
Devices, systems, methods, and processes for recommendation and update of network policies. Existing network policy update solutions rely on human intervention in monitoring and analyzing traffic patterns in a network, checking for policy compliance, detecting any policy violations, and even updating new policies in the network. However, manual processes are prone to human error, introduce significant delays, and lack scalability and objectivity. To address these issues, an automated system is provided that monitors traffic across a network (in real-time or near real-time) and detects violations in a set of network policies associated with the network. The system utilizes one or more recommendation models to process network flow data and network inventory data, and generate one or more policy update recommendations to resolve the detected policy violations. The system further enforces the one or more policy update recommendations on various network devices within the network to resolve the detected policy violations.
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
Devices, systems and methods to provide a more effective way of allocating power across a plurality of drops in a multi-drop power delivery arrangement. A power transmitter transmits a power waveform together with a multi-drop signaling waveform. Thus, the power waveform and the multi-drop signaling waveform are directed to each of a plurality of drops. The multi-drop signaling waveform has a plurality of divisions, and each of a plurality of power receivers at respective drops of the plurality of drops are assigned to one or more divisions of the plurality of divisions of the multi-drop signaling waveform to draw an associated portion of power from the power waveform.
Techniques for providing a language model to detect and remedy a security incident are described. A language model is deployed to respond to prompts from network operators. The language model receives a prompt from the network operator indicating actions to take based on trigger events. When a trigger event occurs, the language model receives a description of a potential security incident and identifies indicators of compromise in the description. The language model calls one or more other models to analyze the indicators and receives from the one or more other models, information indicating that the potential security incident is a real security incident, and outputs a prompt to the network operator to approve confirmation of the security incident.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Some implementations of the disclosure provide a computer-implemented method including operations of receiving, by an orchestration agent, user input corresponding to a user question, wherein generating a response to the user question includes one of generating, editing, or refining programming code, and generating, by the orchestration agent, a prompt instructing a first sub-large language model (LLM) to perform a first task. In response to the prompt, generating, by the first sub-LLM, instructions for a second sub-LLM to perform a second task, wherein results of performing the second task by the second sub-LLM are provided to the first sub-LLM and performing, by the first sub-LLM, the first task utilizing the results of the second task generated by the second sub-LLM. An additional operation includes generating, by the orchestration agent, a GUI that displays the response to the user question, wherein the response includes or is based on the programming code.
Described herein are techniques are provided for enabling a security orchestration, automation, and response (SOAR) service to automatically manage apps used to interface with an integrated security operations service and other related devices and services. Further described herein is a SOAR app generator service or application used to automate the creation of apps for a SOAR service based on application programming interfaces (API) specifications for related devices or services, as well as visual playbook editor interfaces for a SOAR service that enable the configuration of complex action input parameters including arrays and objects.
In one embodiment, a device receives, via a user interface, definition of a first sequence of transactional milestones performed by users of an online application and identified using a first type of identifier. The device also receives, via the user interface, definition of a second sequence of transactional milestones performed by users of the online application and identified using a second type of identifier. The device further receives, via the user interface, definition of a key transition associated with at least one transactional milestone in the first sequence of transactional milestones or second sequence of transactional milestones that links the first type of identifier with the second type of identifier. The device represents, using the key transition, performance of the first sequence of transactional milestones and the second sequence of transactional milestones by a particular user of the online application as a unified sequence.
In one embodiment, a device instruments an application to generate OpenTelemetry trace data during execution of the application. The device identifies, based on where the application was instrumented, a particular method of the application. The device determines that a circuit breaker should be inserted for the particular method of the application. The device inserts a circuit breaker for the particular method.
This disclosure describes techniques for enforcing conditional access to network services. In an example method, a first computing device detects a second device operating in a per-flow authorization mode. The first device receives a first request from a second computing device to communicate with a third computing device using a first network flow and determines that the first flow is authorized (e.g., because of an active past authentication and/or the third device's authentication exemption). Data associated with the first request is transmitted to the third device. The first device then receives a second request to communicate with a fourth computing device using a second network flow and determines that the second flow is not authorized (e.g., because it is not associated with an active past authentication and/or the fourth device is not exempt from authentication). Data associated with the second request is not transmitted to the fourth device.
Techniques are described for managing QUIC connections. The techniques include identifying a first QUIC connection between a first and second device. Determining, from the connection, a first IP address and port number of the first device, a second IP address and port number of the second device, and a first CID. Storing an association between the first and second IP addresses, port numbers and first CID. Identifying a second QUIC connection between the first device and another device. Identifying, from the second connection, the first IP address and port number, a second CID, and a third IP address and port number. Determining if two of the following are met: the second IP address corresponds to the third IP address, the second port number corresponds to the third port number, the second CID corresponds to the first CID, if two are met, the first and second QUIC connections are the same.
Devices, systems, methods, and processes for energy scoring of network paths are described herein. Various network paths, each including one or more hops, may be identified in a network. Presence of additional hops in each network path may be determined. From the identified and determined hops, a set of hops may be determined for energy score determination. For each selected hop, a set of energy parameters may be determined and one or more weights may be assigned to the determined set of energy parameters. A weight may correspond to a level of confidence in or an accuracy of the energy parameter determination. An energy score of each network path may be determined based on the determined set of energy parameters and the assigned one or more weights. One network path may be selected based on the energy scores and traffic may be routed along the selected network path.
The present disclosure provides techniques for seamless roaming with uplink/downlink context transfer. A serving AP transmits a sequence of downlink data units for a TID to a client device, the sequence of downlink data units having sequence numbers falling within a transmit window for the TID. The serving AP receives, from the client device, a roaming request identifying a target AP. In response, the serving AP sends a roaming context message to the target AP, comprising at least one of a SSN of the transmit window corresponding to the TID, or a NSN for the TID, where the NSN is a first sequence number to be assigned for downlink data units of the TID transmitted by the target AP to the client device.
A system monitors a network or web application provided by one or more distributed applications and provides data for each and every method instance in an efficient low-cost manner. Agents may monitor the performance of the distributed application by the web services and report monitoring data as runtime data to the remote server, for example a controller. The controller may analyze the data to identify one or more performance issues or “hot spot” methods based on current or past performance, functionality, content, or business relevancy. Instructions and/or configuration information may be transmitted by the controller to the agents that correspond to a particular business transaction portion associated with a hot spot. The portions are then monitored to collect data associated with the hot spot and the hot spot data is reported back to the controller.
One embodiment of the disclosure is an electro-optical modulator system. The system may include a ferroelectric material having one or more crystal orientation axes and a Mach-Zehnder interferometer (MZI) modulator comprising an MZI input, an MZI output, a first arm and a second arm, wherein the first arm and the second arm are in optical communication with the MZI input and the MZI output. The ferroelectric material may define or be in communication with a portion of the first arm and the second arm. The first arm may have a first phase parameter and the second arm may have a second phase parameter. The arms may have domain orientations that differ. A portion of the first arm may include a portion of one or more loading layers and a portion of the second arm may include a portion of one or more loading layers.
G02F 1/05 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulatingNon-linear optics for the control of the intensity, phase, polarisation or colour based on ceramics or electro-optical crystals, e.g. exhibiting Pockels or Kerr effect with ferro-electric properties
G02F 1/00 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulatingNon-linear optics
G02F 1/21 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulatingNon-linear optics for the control of the intensity, phase, polarisation or colour by interference
G02F 1/225 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulatingNon-linear optics for the control of the intensity, phase, polarisation or colour by interference in an optical waveguide structure
22.
MULTI-LINK OPERATION WITH LOCALIZED PERFORMANCE OF B-ACK FUNCTIONS
Seamless client roaming for Multi-Link Device (MLD) clients may be provided. First, a Traffic Identifier (TID)-to-link map may be established by an Upper Service Access Point (U-SAP) of a multi-AP MLD entity that assigns subsets of TIDs to at least two links of the entity. For example, a client device logically associates with the U-SAP, while the client device physically connects to a first and second AP of the entity on a respective first and second link, where the first and second AP include first and second Lower Service Access Points (L-SAPs) and are non-collocated. Next, using the map, data received at the U-SAP is directed over one of the two links for transmission to the client device. Further, frame aggregation and block acknowledgment functions may be performed by one of the first or second L-SAP based on whether data transmission is over the first or second link.
Techniques for providing a language model to detect and remedy a security incident are described. A language model is deployed to respond to prompts from network operators. The language model receives a prompt from the network operator indicating actions to take based on trigger events. When a trigger event occurs, the language model receives a description of a potential security incident and identifies indicators of compromise in the description. The language model calls one or more other models to analyze the indicators and receives from the one or more other models, information indicating that the potential security incident is a real security incident, and outputs a prompt to the network operator to approve confirmation of the security incident.
Techniques are described for providing a threat analysis platform capable of automating actions performed to analyze security-related threats affecting IT environments. Users or applications can submit objects (e.g., URLs, files, etc.) for analysis by the threat analysis platform. Once submitted, the threat analysis platform routes the objects to dedicated engines that can perform static and dynamic analysis processes to determine a likelihood that an object is associated with malicious activity such as phishing attacks, malware, or other types of security threats. The automated actions performed by the threat analysis platform can include, for example, navigating to submitted URLs and recording activity related to accessing the corresponding resource, analyzing files and documents by extracting text and metadata, extracting and emulating execution of embedded macro source code, performing optical character recognition (OCR) and other types of image analysis, submitting objects to third-party security services for analysis, among many other possible actions.
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
25.
PERISCOPE OPTICAL ASSEMBLY WITH INSERTED COMPONENTS
Periscope assemblies are provided which have a light path that travels in a first plane along the first waveguide, a second plane along the second waveguide that is parallel to the first plane, and along a third plane along the third waveguide that intersects the first plane and the second plane. In some examples the periscope assembly includes first and second carriers comprising respective first and second waveguides and defining respective first and second cavities in which a third carrier comprising a third waveguide is disposed and optionally includes an optical component. In some examples, the cavities are defined in one or more carriers on a mating surface, on a side opposite to the mating surface, or on a side perpendicular to a mating surface.
G02B 6/12 - Light guidesStructural details of arrangements comprising light guides and other optical elements, e.g. couplings of the optical waveguide type of the integrated circuit kind
G02B 6/28 - Optical coupling means having data bus means, i.e. plural waveguides interconnected and providing an inherently bidirectional system by mixing and splitting signals
G02B 6/30 - Optical coupling means for use between fibre and thin-film device
G02B 6/35 - Optical coupling means having switching means
G02B 7/00 - Mountings, adjusting means, or light-tight connections, for optical elements
Supporting Multi-Access Point (AP) Coordination (MAPC) across multiple bands may be provided. Supporting multi-band MAPC can include receiving one or more multi-band MAPC capabilities elements from one or more APs. One or more MAPC modes can be determined for a plurality of bands based on the one or more multi-band MAPC capabilities elements. A multi-band MAPC Coordination Group (CG) can be formed including the one or more APs, wherein the multi-band MAPC CG uses the one or more MAPC modes for the plurality of bands.
H04B 7/024 - Co-operative use of antennas at several sites, e.g. in co-ordinated multipoint or co-operative multiple-input multiple-output [MIMO] systems
27.
Mesh retexturing in an extended reality environment
Various implementations set forth a computer-implemented method for scanning a three-dimensional (3D) environment. The method includes generating, in a first time interval, a first extended reality (XR) stream based on a first set of meshes representing a 3D environment, transmitting, to a remote device, the first XR stream for rendering a 3D representation of a first portion of the 3D environment in a remote XR environment, determining that the 3D environment has changed based on a second set of meshes representing the 3D environment and generated subsequent to the first time interval, generating a second XR stream based on the second set of meshes, and transmitting, to the remote device, the second XR stream for rendering a 3D representation of at least a portion of the changed 3D environment in the remote XR environment.
Implementations of the disclosure pertain to detecting mislabeling of a source type assigned to machine data through utilization of machine learning techniques. Operations of a computerized method for detecting the mislabeling include receiving machine data that has been assigned an initial source type upon receipt by a data intake and query system and parsing the data block into a plurality of events based on a source type definition of the initial source type. Further operations include generating a data representation of a first event being a portion of the machine data and is associated with a point in time, determining a predicted source type of the first event by at least analyzing the data representation through machine learning techniques, and performing a comparison between the predicted source type and the initial source type thereby determining whether the source type of the event was initially mislabeled.
Technologies are described herein for executing queries expressed with reference to a structured query language against unstructured data. A user issues a structured query through a traditional structured data management (“SDM”) application. Upon receiving the structured query, an SDM driver analyzes the structured query and extracts a data structure from the unstructured data, if necessary. The structured query is then converted to an unstructured query based on the extracted data structure. The converted unstructured query may then be executed against the unstructured data. Results from the query are reorganized into structured data utilizing the extracted data structure and are then presented to the user through the SDM application.
G06F 16/80 - Information retrievalDatabase structures thereforFile system structures therefor of semi-structured data, e.g. markup language structured data such as SGML, XML or HTML
A receiver configured to receive a plurality of symbols is disclosed. The receiver includes a hard decision decoder, a look-up table (LUT) coupled to the hard decision decoder, and a soft metric generator coupled to the LUT. The hard decision decoder is to receive a first set of symbols from the plurality of symbols and provide a set of hard coded neighboring symbols to the LUT. The first set of symbols comprises a center symbol with neighboring symbols. The LUT is to store a value representative of the center symbol that is addressable by the set of hard coded neighboring symbols. The soft metric generator is to calculate bit log likelihood ratio (LLR) values based on the center symbol and the value representative of the center symbol stored in the LUT.
H03M 13/11 - Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits using multiple parity bits
H03M 13/39 - Sequence estimation, i.e using statistical methods for the reconstruction of the original codes
31.
LLM TECHNOLOGY FOR POLYMORPHIC GENERATION OF SAMPLES OF MALWARE FOR FUTURE MALWARE DETECTION
Systems, methods, and computer-readable media are disclosed for detecting a malware sample by creating polymorphic variants of a malware sample using a large language model. The technology can obtain a known malware sample and decompose the known malware sample into behavioral characterizations of the known malware sample that correspond to respective processes taken by the known malware sample. The technology can then train a large language model with data corresponding to the behavioral characterizations and generate polymorphic variants of the known malware sample with a large language model based on the behavioral characterizations. When the technology later receives a potential malware sample, it can analyze the potential malware sample by comparing the potential malware sample to the polymorphic variants of the known malware sample generated by the large language model.
In one embodiment, a method includes receiving a request from a powered device for power to be supplied from power sourcing equipment to the powered device; granting, in response to the request, provisional power to the powered device; receiving, an authentication request from the powered device to authenticate the powered device and reserve power; analyzing user data and device data to determine an authentication status for the powered device; denying power within a power budget for the powered device in response to the analyzing determining that the authentication status for the powered device corresponds to a failed authentication; and using an authenticated-power-profile to determine one or more actions to be performed with respect to the powered device having the failed authentication, in response to a defined number of failed authentications or an expiration of a timeout period defining an amount of time allowed to authenticate the powered device.
Devices, systems, methods, and processes for flow entropy management using network address translation (NAT) scheme are described herein. Typically, due to fewer flows and high bandwidth demands in backend data center networks, hash distribution algorithms may exhibit bias, leading to congestion on certain network paths while others remain underutilized, a phenomenon known as low flow entropy. To address the low flow entropy problem, a network interface controller (NIC) decomposes a traffic flow into multiple flowlets and applies a NAT operation on each flowlet. In the NAT operation, an actual source port value of a flowlet is replaced with a unique unused source port value to make the flowlet look like a different traffic flow to a switch. Thus, the switch processes each flowlet as a different traffic flow and uses load balancing schemes to distribute the flowlets across various network paths. Thus, improving the flow entropy of the network.
An optical apparatus is described that includes an input port configured to receive an optical signal comprising a plurality of wavelengths, a plurality of output ports, and one or more grating filters arranged between the input port and the plurality of output ports. Each grating filter is configured to receive one or more wavelengths of the plurality of wavelengths at a multimode waveguide, to propagate the one or more wavelengths through a first transition section extending between the multimode waveguide and a slot waveguide, and to reflect, using a respective antisymmetric Bragg grating formed in the slot waveguide, a first mode of a respective wavelength of the one or more wavelengths through the first transition section toward a respective output port of the plurality of output ports.
G02B 6/293 - Optical coupling means having data bus means, i.e. plural waveguides interconnected and providing an inherently bidirectional system by mixing and splitting signals with wavelength selective means
G02B 6/42 - Coupling light guides with opto-electronic elements
35.
DYNAMIC TRANSACTION-AWARE WEB APPLICATION AUTHENTICATION USING CALL INTERCEPTS
According to one or more embodiments of the disclosure, the techniques herein are directed toward a dynamic transaction-aware web application authentication using call intercepts. In one embodiment, a method comprises: intercepting, by a monitoring process, calls made for transactions within an executing application; determining, by the monitoring process, whether a particular intercepted call triggers an enhanced user authentication requirement for a particular transaction; initiating, by the monitoring process in response to the particular intercepted call triggering the enhanced user authentication requirement, a corresponding challenge to adequately authenticate a user for the particular transaction; and allowing, by the monitoring process, the particular intercepted call to proceed for the particular transaction in response to an adequately authenticated user for the particular transaction.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 21/55 - Detecting local intrusion or implementing counter-measures
In one embodiment, an illustrative method herein may comprise: obtaining, by a device, a plurality of indications of errors experienced by a bot performing tasks, wherein each of the plurality of indications includes contextual information of a corresponding error; determining, by the device, correlated errors among the errors experienced by the bot; aggregating, by the device, contextual information of each of the correlated errors into aggregated contextual data; and providing, by the device, the aggregated contextual data with an error notification for a particular correlated error.
In one embodiment, a method includes receiving at a thermal modeling module, data from a Power Sourcing Equipment device (PSE) for cables extending from the PSE to Powered Devices (PDs), the cables configured to transmit power and data from the PSE to the PDs, calculating at the thermal modeling module, thermal characteristics for the cables based on the data, and identifying a thermal rise above a specified threshold at one of the cables. The data comprises real-time electrical data for the cables. An apparatus and logic are also disclosed herein.
Techniques for determining an optimal connection path by a NHNaaS are described. The techniques may include receiving, by an end-to-end neutral host NaaS and from a user device, a request for a connection to a remote service, the request including user parameters required for the connection. multiple paths between the user device and the remote service offered by service providers that provide connections having service parameters compatible with the user parameters are determined by the end-to-end neutral host NaaS. The neutral host NaaS identifies an optimal path for establishing the connection between the user device and the remote service based on network performance of the multiple paths. Finally, the neutral host NaaS enables an instantiation of a tunnel along the optimal path between the user device and the remote service.
Disclosed herein is a machine learning-based approach to detect suspiciously named processes. When malware executes on a networking device, such as a laptop or desktop computer, the malware may create a copy of itself, assign the copy a process name consisting of random characters, and store the copy in a directory of the networking device. As characters of words in a given language follow patterns and rules, the presence of each character is not equally likely. In contrast, characters in random sequences have an equal likelihood of being present. In some implementations disclosed herein, a character-level recurrent neural network (RNN) is trained to distinguish between randomly generated filenames from those created by an user and thus, identify malware attacks. In some implementations, a character-level RNN is configured to classify filenames as malicious or benign.
In one embodiment, a method herein comprises: registering, by an orchestration service agent, with a central management device to receive a corresponding configuration for the orchestration service agent, wherein the central management device receives a registration from each of a plurality of orchestration service agents; self-configuring, by the orchestration service agent, based on the corresponding configuration; obtaining, by the orchestration service agent and from the central management device, an agent-specific configuration package; and configuring, by the orchestration service agent and based on the agent-specific configuration package, a corresponding agent associated with the orchestration service agent and executing on a corresponding entity.
Devices, systems, and methods to enable a user to control initiation and execution of a maintenance mode in a power distribution system that includes a power transmitter subsystem that transmits power over a cable to a power receiver subsystem. A maintenance mode associated with the power transmitter subsystem and the power receiver subsystem is initiated. The maintenance mode causes the power transmitter subsystem and power receiver subsystem to enter a power mode to allow for maintenance activity to be performed at the power transmitter subsystem and power receiver subsystem. An authorization server is configured to authorize initiation of the maintenance mode on the power transmitter subsystem and power receiver subsystem.
H02J 3/00 - Circuit arrangements for ac mains or ac distribution networks
H02J 13/00 - Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the networkCircuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
42.
Integration of Erbium-Doped Low Loss Silicon Nitride Waveguides on Silicon Photonics
In various embodiments, the disclosure relates to an electro-optical device that includes an optical amplifier and a photonic assembly. The optical amplifier may include a first encapsulation layer defining a first bonding surface, and an erbium-doped Si3N4 waveguide, wherein the erbium-doped Si3N4 waveguide disposed within the first encapsulation layer. The photonic assembly may include a substrate, a second encapsulation layer defining a second bonding surface, the second encapsulation layer disposed on the substrate, a modulator, one or more photodetectors, and a waveguide. In various embodiments, the modulator, the one or more photodetectors and the waveguide are disposed within the second encapsulation layer. The one or more regions of the first bonding surface are bonded to the one or more regions of the second bonding surface in various embodiments. The Si3N4 waveguide is optically coupled to the waveguide in various embodiments.
G02B 6/12 - Light guidesStructural details of arrangements comprising light guides and other optical elements, e.g. couplings of the optical waveguide type of the integrated circuit kind
G02B 6/124 - Geodesic lenses or integrated gratings
H01S 3/10 - Controlling the intensity, frequency, phase, polarisation or direction of the emitted radiation, e.g. switching, gating, modulating or demodulating
H01S 5/026 - Monolithically integrated components, e.g. waveguides, monitoring photo-detectors or drivers
43.
IN-NETWORK COMPUTING USING MODULAR SWITCH ARCHITECTURE
Devices, systems, methods, and processes for in-network computing using modular switch architecture are described herein. Endpoint devices generate data chunks and forward them to a network, comprising spine and leaf switches, for data reduction. Leaf switches act as conduits and forward the data chunks to a spine switch. The spine switch includes various line cards (e.g., one for each leaf switch) and a fabric element. The line cards may execute a stage of data reduction on the received data chunks or may forward the received data chunks directly to the fabric element. The fabric element executes a data reduction operation on the data received from the line cards and obtains a reduced output which is forwarded to the endpoint devices via the line cards and the leaf switches. Thus, a single-tier in-network computing topology is implemented to execute data reduction in a cost-effective, simple, and efficient manner.
Devices, systems, methods, and processes for incast congestion management are described herein. Typically, in a Packet Sequence Number (PSN) based Remote Direct Memory Access (RDMA) network, Priority Flow Control (PFC) is asserted upstream when an incast congestion event occurs, which can victimize unrelated flows. Thus, instead of asserting PFC, a switch in the PSN based RDMA network detects an incast congestion event and directly notifies one or more Reliable Connection (RC) Queue Pairs (QPs) of various sending devices, associated with the incast congestion event using Receiver Not Ready (RNR) negative acknowledgements (NACKs). These RNR NACKs are associated with unique pause time-periods. The associated RC QPs receive the RNR NACKs and pause packet transmission. The associated RC QPs resume packet transmission upon expiration of corresponding pause time-periods. Thus, the packet transmission from the contributing RC QPs is spaced out, avoiding all packets reaching a switch output port at the same time.
Devices, systems, methods, and processes for switch triggered faster go-back-N recovery are described herein. Typically, Go-back-N recovery is triggered in response to: a receiver missing a packet and receiving a next packet in a data transmission sequence, or a sender timing out and identifying a missing acknowledgement for a dropped packet. Such scheme suffers potential latency issues, especially when the dropped packet is the last packet or corresponds to a single packet message. Thus, instead of relying on the sender to timeout and identify missing acknowledgements or on the receiver to receive the next packet, a switch executes a packet mirroring and trimming scheme on the dropped packet and generates a trimmed out-of-order packet of the same reliable connection flow. The trimmed out-of-order packet causes the receiver to transmit a negative acknowledgement to the sender, thus triggering faster go-back-N recovery and causing the sender to retransmit the dropped packet.
H04L 67/1095 - Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Devices, systems, and methods to enable a user to control initiation and execution of a maintenance mode in a power distribution system that includes a power transmitter subsystem that transmits power over a cable to a power receiver subsystem. A maintenance mode associated with the power transmitter subsystem and the power receiver subsystem is initiated, The maintenance mode causes the power transmitter subsystem and power receiver subsystem to enter a power mode to allow for maintenance activity to be performed at the power transmitter subsystem and power receiver subsystem. An authorization server is configured to authorize initiation of the maintenance mode on the power transmitter subsystem and power receiver subsystem.
H02J 3/00 - Circuit arrangements for ac mains or ac distribution networks
H02J 11/00 - Circuit arrangements for providing service supply to auxiliaries of stations in which electric power is generated, distributed or converted
H02J 13/00 - Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the networkCircuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
H04W 24/00 - Supervisory, monitoring or testing arrangements
Techniques are described for providing a software-based platform for context-based vulnerability management of information technology (IT) environments. In some examples, a vulnerability management application collects vulnerability scan data, from potentially many different scanning agents, as well as vulnerability information from other third-party sources. The vulnerability management application also accesses asset and activity data associated with an IT environment. The vulnerability management application can provide a user interface contextualizing vulnerabilities, based on the contextual asset or activity data, allowing for user-configured or automated vulnerability risk adjustments to impact the management and remediation of vulnerabilities for the IT environment.
Embodiments of the present invention are directed to facilitating search input recommendations. In accordance with aspects of the present disclosure, a set of events determined from raw machine data is obtained. The events are analyzed to generate a temporal map associated with the set of events. Generally, the temporal map associates candidate terms with temporally related terms that occur within a period of time corresponding with the candidate terms. A search term input into a search field is received. Based on the input search term, the temporal map is used to identify one or more temporally related term recommendations.
Described herein is a framework for identifying one or more points-of-interest that are geographically proximal to a geographical location of the mobile device. Geographical location information of a mobile device is transformed from a first format to a second format by performing a Mercator projection of the geographical location information in the first format. Using a point-of-interest search memory structure, one or more points-of-interest are identified that are geographically proximal to a geographical location of the mobile device, wherein the point-of-interest search memory structure includes location information for a plurality of points-of-interest. Information indicative of the one or more points-of-interest are transmitted to an analytical server to enable the analytical server to perform analysis related to the mobile device.
Method, system, and/or computer readable medium for roaming on a Wi-Fi network having a plurality of access points including: determining that a new AP actor provides a station (STA) actor enhanced characteristics as compared to an existing AP actor, wherein the enhanced characteristics include one or more of a stronger connection, lower congestion, and/or increased bandwidth; transferring required state from the existing AP actor to the new AP actor; and transferring at least some of data wherein the at least some data includes one or more of medium access control service data units (MSDUs), aggregated-MSDUs (A-MSDUs), medium access control protocol data units (MPDUs), and/or aggregated-MPDUs from the existing AP actors to the new AP actor.
Method, system, and/or computer readable medium for providing enhanced diversity and reliability for a continued wireless connection including: establishing an upper upper medium access controller (UMAC) and a plurality of lower UMACs; discovering the upper UMAC by each of the plurality of lower UMACs; connecting a station (STA) actor to each of the plurality of lower UMACs; connecting each of the plurality of lower UMACs to the upper UMAC; and establishing a connection through the upper UMAC and each of the plurality of lower UMACs to the STA actor.
In one embodiment, a method includes receiving, by a network component, application performance data. The application performance data is associated with one or more applications. The method also includes determining to transform, by the network component, the application performance data into application security data, generating, by the network component, a baseline for the application security data, and detecting, by the network component, an anomaly in the baseline. The method further includes determining, by the network component, a potential security threat based on the anomaly.
Techniques for dynamic TID mapping are provided. A network device creates an Internet-of-things (IoT) traffic identifier (TID) for IoT traffic. The network device determines a first operational spectrum for the IoT TID. The network device maps the IoT TID to access one or more links operating on the first operational spectrum, between the network device and the IoT device. The network device communicates the TID and the one or more links to the IoT device.
A system for managing addresses for a device includes at least one processor; and a computer-readable storage medium storing instructions which, when executed by the at least one processor, cause the at least one processor to be configured to: receive, at a network component of a network, data regarding a device; perform analysis of the device based on the data; based on the analysis, trigger a request to an address management system for the network; reprovision, based on the request, a subscription profile for the device with a selected Internet Protocol (IP) address to be used by the device; deregister the device from the network; reconnect the device to the network; and assign and transmit the selected IP address to the device.
A method is performed by an access point (AP) using coordinated time division multiple access (Co-TDMA) with multi-AP coordination (MAPC). The method comprises: upon acquiring a transmit opportunity (TXOP) having a TXOP duration for traffic of an access category among prioritized access categories, exchanging the traffic with a client during a portion of the TXOP; and transmitting, to a first AP, a first outbound control frame configured to allocate, to the first AP, a first shared portion of the TXOP duration to be used by the first AP to exchange first traffic for the access category or a higher priority access category with a first client, wherein the first outbound control frame includes a multi-user request-to-send TXOP sharing trigger frame having a first indication of the first shared portion of the TXOP duration, and a second indication of the access category.
In one embodiment, a device may obtain a media topology of nodes involved in a collaboration session. The device may cause each of a plurality of probes to be provisioned to a corresponding node of the nodes involved in the collaboration session to perform a test of a corresponding segment of the media topology, and each of the plurality of probes may be associated to a session identifier of the collaboration session. The device may determine observability information based on results of the plurality of probes for each segment of the media topology, and the results may include an indication of the session identifier. The device may correlate the observability information to the collaboration session based on the indication of the session identifier.
In one embodiment, a device may receive a multicast path trace request for a multicast tree, wherein the device is a mid-node in the multicast tree. The device may perform, based on the device being a mid-node in the multicast tree, an upstream trace of network topology of the multicast tree from the device to a head-node of the multicast tree and a downstream trace of network topology of the multicast tree from the device to at least one tail-node. The device may generate an end-to-end visible topology of the multicast tree based on the upstream trace and the downstream trace. The device may provide the end-to-end visible topology of the multicast tree to an observability manager.
In one embodiment, a service determines authentication credentials for a web application transaction. The service determines one or more performance metrics regarding the web application transaction. The service generates an enhanced web token comprising the one or more performance metrics regarding the web application transaction. The service sends the enhanced web token and the authentication credentials along a path of the web application transaction, the path including one or more services configured to use the one or more performance metrics sent in addition to the authentication credentials to process the web application transaction.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
59.
MULTI-LINK OPERATION FOR WIRELESS LOCAL AREA NETWORK MULTI-LINK DEVICE
A method to operate a multi-link wireless device. The method includes establishing at least a first multi-link device interface and a second multi-link device interface, exposing, via a virtual data port, the first multi-link device interface and the second multi-link device interface at a data processing layer of the wireless device, selecting one of the first multi-link device interface and the second multi-link device interface, as a selected multi-link device interface, based on performance information associated with a first radio and a second radio associated, respectively, with the first multi-link device interface and the second multi-link device interface, and wirelessly transmitting a packet from the wireless device by routing the packet through the selected multi-link device interface.
A method, computer system, and computer program product are provided for prioritizing network traffic. An indication is received at a network controller that an alarm is activated at a physical site. A request is received from a user device to join a network at the physical site that is under control of the network controller, wherein the request includes a flag indicating an identity of a user of the user device and a priority status of the user. In response to authenticating the identity of the user via an identity provider server, the user device is authorized to join the network. Based on verifying the priority status of the user using the flag and authentication via the identity provider server, network traffic for the user device is prioritized.
H04W 72/566 - Allocation or scheduling criteria for wireless resources based on priority criteria of the information or information source or recipient
H04W 4/90 - Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]
A system and method are provided for implementing a network component and verifying an update of the network component. The network component can be, e.g., a software-defined wide area network, a firewall, a router, or a load balancer. The network component can be an embedded network edge device that is implemented, e.g., in software, in circuitry, or using hardware acceleration (e.g., a data processing unit (DPU), a smart network interface card (SmartNIC), etc.). The updated version of the network component is verified by implementing it on a shadow dataplane concurrently with the current version operating on a primary dataplane, and comparing the performances of these two versions. Based on this comparison satisfying various verification criteria, the updated version passes a verification test and can be promoted to the primary dataplane.
The present disclosure is directed to migrating network traffic from a licensed spectrum to an unlicensed spectrum within the same radio access technology (RAT). In one aspect, a method includes identifying a user device connected to a cellular wireless access technology, over a licensed spectrum; determining whether a condition for switching network traffic associated with the user device to an unlicensed spectrum is triggered; in response to determining that the condition is triggered, determining an unlicensed spectrum to move the network traffic to, the unlicensed spectrum being within a same cell as the licensed spectrum or in a different cell compared to a cell in which the licensed spectrum is; and migrating at least a portion of the network traffic to the unlicensed spectrum while maintaining network connectivity of the user device over the cellular wireless access technology.
Provided herein are techniques through which coordinated steering of a Reconfigurable Intelligent Surface (RIS) device can be utilized according to prioritized time-slices determined for each of multiple wireless access points (APs) for a wireless local area network (WLAN). Coordinated steering of an RIS device by multiple wireless APs according to prioritized time-slices may facilitate seamless roaming for wireless clients between the wireless APs for the WLAN.
Devices, systems, methods, and processes for data plane redundancy management in network devices are described herein. A linecard in a network device may classify a plurality of packets into a first category or a second category based on whether a packet is a control packet or a data packet. The linecard may transmit all control packets and data packets to an active data plane. The linecard may selectively transmit the control packets and a sampled subset of the data packets to a standby data plane. Thus, the standby data plane is equipped with dynamic information of network using the control packets and Media Access Control addresses using the sampled subset of the data packets. When a failure is detected in the active data plane, the linecard starts transmitting all the data packets also to the standby data plane and starts accepting processed packets from the standby data plane for forwarding.
In some aspects, the techniques described herein relate to a method including: obtaining, at a network device from a user device, a request for a network session, the request including an indication of a user device profile; determining a traffic identifier to associate with the user device profile; binding the traffic identifier to a network policy to be applied to traffic associated with the user device profile; and providing the traffic identifier to the user device.
The present disclosure describes an integrated circuit that uses a unit cell of capacitors as floating metal fill. An integrated circuit includes a first capacitor that includes a transistor and a second capacitor that includes a first set of metal fingers and a second set of metal fingers. The transistor is positioned in a first layer of the integrated circuit and a second layer of the integrated circuit. The transistor forms an anode and a cathode of the first capacitor. The first set of metal fingers are interdigitated with the second set of metal fingers. The first set of metal fingers and the second set of metal fingers are positioned in the second layer. The first set of metal fingers are electrically connected to the cathode of the first capacitor. The second set of metal fingers are electrically connected to the anode of the first capacitor.
Presented herein are techniques to tunnel Pre-Association Security Negotiation (PASN) communications within another PASN protected exchange established with an (initial) access point (AP), thus allowing a station (STA) to establish one or more PASN sessions with one or more other access points (APs) through the initial AP, thereby enabling the STA to pre-establish PASN sessions with multiple APs without leaving its active channel with the initial AP. In at least embodiment, a method may include establishing a first PASN session between a STA and a first AP through initial PASN communications exchanged between the STA and the first AP and performing subsequent PASN communications between the STA and at least one other AP that are facilitated through the first PASN session established between the STA and the first AP to enable at least one subsequent PASN session to be established between the STA and the at least one other AP.
Devices, systems, methods, and processes for data plane redundancy management in network devices are described herein. A linecard in a network device may classify a plurality of packets into a first category or a second category based on whether a packet is a control packet or a data packet. The linecard may transmit all control packets and data packets to an active data plane. The linecard may selectively transmit the control packets and a sampled subset of the data packets to a standby data plane. Thus, the standby data plane is equipped with dynamic information of network using the control packets and Media Access Control addresses using the sampled subset of the data packets. When a failure is detected in the active data plane, the linecard starts transmitting all the data packets also to the standby data plane and starts accepting processed packets from the standby data plane for forwarding.
H04L 47/2408 - Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
H04L 49/113 - Arrangements for redundant switching, e.g. using parallel planes
A method is performed by an access point (AP) using coordinated time division multiple access (Co-TDMA) with multi-AP coordination (MAPC). The method comprises: upon acquiring a transmit opportunity (TXOP) having a TXOP duration for traffic of an access category among prioritized access categories, exchanging the traffic with a client during a portion of the TXOP; and transmitting, to a first AP, a first outbound control frame configured to allocate, to the first AP, a first shared portion of the TXOP duration to be used by the first AP to exchange first traffic for the access category or a higher priority access category with a first client, wherein the first outbound control frame includes a multi-user request-to-send TXOP sharing trigger frame having a first indication of the first shared portion of the TXOP duration, and a second indication of the access category.
A computing device monitors a key performance indicator (KPI) relative to a first alert threshold, where a value of the KPI having a specified relationship to the first alert threshold causes the computing device to generate an alert. When the computing device receives an instruction to modify the first alert threshold by an adjustment amount, for a specified time window, the computing device generates a modified alert threshold by applying the adjustment amount to the first alert threshold. During the specified time window, the computing device monitors the KPI relative to the modified alert threshold instead of the first alert threshold. Monitoring is resumed relative to the first alert threshold after the specified time window.
G06F 11/34 - Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation
G06Q 10/0637 - Strategic management or analysis, e.g. setting a goal or target of an organisationPlanning actions based on goalsAnalysis or evaluation of effectiveness of goals
G06Q 10/0639 - Performance analysis of employeesPerformance analysis of enterprise or organisation operations
71.
Optimized MVPN route exchange in SD-WAN environments
According to certain embodiments, a router comprises one or more processors and one or more computer-readable non-transitory storage media. The one or more computer-readable non-transitory storage media comprise instructions that, when executed by the one or more processors, cause one or more components of the router to perform operations comprising determining an occurrence of one or more network events associated with a multicast service, generating route exchange information associated with the multicast service locally by the router based on the one or more network events, and using the route exchange information locally to configure the router.
According to one aspect, a method includes establishing, by an access point (AP), a wireless communications link between the AP and a wireless station, wherein establishing the wireless communications link includes receiving a protected association request frame from the wireless station. The protected association request frame includes rotation pace preference information for randomized Media Access Control (MAC) address rotation management that indicates a preferred rotation pace. The method also includes selecting, by the AP, an Enhanced Data Privacy (EDP) group based on the rotation pace preference, the selected EDP group associated with epoch timing information for rotating wireless frame anonymization parameters at epoch transitions. A response frame that indicates the selected EDP group is transmitted to the wireless station. The AP maintains the wireless communications link with the wireless station based in part on the timing information for randomized M A C address rotation for the selected EDP group.
Presented herein are a system and secure device onboarding techniques. A Connectivity Management Platform (CMP) receives a request for an access token that includes a user identifier, a customer organization identifier, and an authorization code from a Device Management Platform (DMP), verifies the authorization code, queries an enterprise server using the user identifier and the customer organization identifier to confirm the user belongs to the customer organization, generates the access token, stores the access token in an authentication datastore, and transmits the access token to DMP. The CMP receives a provisioning request including an eSIM identifier of a device and an access token from the DMP, verifies the access token, obtains a customer organization identifier based thereon, queries an enterprise server using the eSIM identifier and the customer organization identifier to confirm the device belongs to the customer organization, and facilitates secure provisioning of the device with an eSIM profile.
Techniques are described herein for dynamic service extension to provide risk mitigation upon detecting a threat. In embodiments, such techniques may be performed by a service provider platform and may comprise receiving information about a security threat, identifying one or more components susceptible to the security threat, determining, based on a software bill of materials, at least one data flow that includes a point of delivery (pod) associated with the one or more components, identifying at least one additional service determined to mitigate the security threat, and implementing the at least one additional service in relation to the at least one data flow.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
75.
INITIALIZATION AND SYNCHRONIZATION FOR PULSE POWER IN A NETWORK SYSTEM
In one embodiment, a method includes receiving low voltage pulse power from power sourcing equipment at a powered device, synchronizing the powered device with a waveform of the low voltage pulse power received from the power sourcing equipment, and operating the powered device with high voltage pulse power received from the power sourcing equipment.
G06F 1/30 - Means for acting in the event of power-supply failure or interruption, e.g. power-supply fluctuations
H02J 13/00 - Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the networkCircuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
Described herein are devices, systems, methods, and processes for managing the collection and synchronization of telemetry data in a network overseen by a cloud-based network controller. This can be achieved by representing telemetry data as doubly-indexed state blocks within a shared meta-schema. Each type within the schema may be associated with a temporal list of objects of that type, providing ordered indexing by name and by time of last change. Cursors representing data witnesses may be threaded in place within these lists, enabling synchronization of telemetry data between devices without buffering. The system can dynamically adjust telemetry collection cadence in real time across devices in the fabric as users navigate the user interface. This approach can provide an effective mechanism to manage the load created by the telemetry, particularly in the context of network switches and telemetry collection.
H04L 43/062 - Generation of reports related to network traffic
H04L 43/0817 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
77.
ROUTER AFFINITY IN SOFTWARE DEFINED WIDE AREA NETWORK(S)
This disclosure describes techniques and mechanisms for utilizing affinity routing in SDWAN networks. The techniques may enable network administrators to assign and/or configure affinity numbers to hub(s) and/or gateway(s), tunneling interface(s), service(s), etc., as well as affinity-preference-order(s) to edge device(s) within the network. Network administrators may also configure control polic(ies). The techniques enable a scalable and simplified way to automatically load-balance traffic across different gateways within a network, while reducing network resource usage. The techniques may utilize routing affinity to achieve a variety of networking related functionalities, including automatic load-balancing of traffic, provisioning of active and backup gateways, optimal route distribution to routers from routing controllers, optimized service placement for edge routers, without the need for any policy configuration at all, let alone complex policies.
A method, computer system, and computer program product are provided for triggering a low power operating mode for a radio access network. Connectivity criteria are obtained for each of a plurality of user equipment (UEs) connected to a radio access network comprising a plurality of radio base stations. It is determined that at least one radio base station of the plurality of radio base stations can be placed in a low power operating mode based, at least in part, on the connectivity criteria of one or more user equipment connected to the at least one radio base station. The at least one radio base station is caused to enter into the low power operating mode.
In one embodiment, a method for detecting phishing activity by a webpage is provided. The method includes: receiving, by a processor, webpage data associated with the webpage; analyzing, by the processor, the webpage data to determine if at least one of a brand logo and credential entry box is present; in response to a determination that the brand logo is present or the credential entry box is present: extracting, by the processor, cookie feature data from the webpage data; determining, by the processor, cookie score data based on an analysis of the cookie feature data with a cookie model; predicting, by the processor, fraudulent content of the webpage based on the cookie score data and a prediction model; and generating, by the processor, notification data including an indication of the fraudulent content.
Techniques for providing a confidence rating for an attack technique tag and a guidance for improving the confidence rating are described. An attack technique analytics engine receives telemetry data, a notification that an attack has been detected using an attack detection source, the notification including an attack technique tag indicating an attack technique used in the attack, and attack technique data including a likelihood of a particular attack technique, from among multiple attack techniques, occurring determined using a particular attack detection source from among multiple attack detection sources. Based on the telemetry, the attack technique tag, and the attack technique data, a confidence rating that the attack corresponds to the attack technique is determined. The attack detection source and attack technique are analyzed to determine a guidance for improving the confidence rating, and the rating and guidance are appended to the attack technique tag.
Techniques for enabling centralized distribution and configuration of routing control settings in a software-defined wide area network (SD-WAN) overlay are disclosed herein. In some aspects, the techniques described herein relate to defining a new address family in a communication protocol. The techniques may enable users to provide input related to configurations for routing control settings in a hierarchical manner. The routing controller may identify device(s) in the SD-WAN and send the routing control settings to the edge devices using the new address family. The techniques described herein provide a streamlined and dynamic way to manage routing controls, while also enabling centralized distribution of routing control settings, routes, best path data, etc. from a centralized routing controller.
Techniques for routing in a software-defined wide area network (SD-WAN) are disclosed herein. In some aspects, the techniques described herein relate to configuring, by a routing controller, at least one data traffic route originating from a device of a first group of devices to a first Transport Gateway (TGW) and a gateway hub, tagging the at least one data traffic route with a first identifier associated with the first group of devices to send to the first TGW and to a first set of routers of the hub gateway wherein the at least one data traffic route originates from at least one device of the first group of devices, and sending a tagged data traffic route originating from at least one device of the first group of devices based on the first identifier to the first TGW and the first set of routers of the hub gateway.
In one embodiment, a supervisory service for a network obtains quality of experience metrics for application sessions of an online application. The supervisory service maps the application sessions to paths that traverse a plurality of autonomous systems. The supervisory service identifies, based in part on the quality of experience metrics, a particular autonomous system from the plurality of autonomous systems associated with a decreased quality of experience for the online application. The supervisory service causes application traffic for the online application to avoid the particular autonomous system.
Techniques for routing in a software-defined wide area network (SD-WAN) are disclosed herein. In some aspects, the techniques described herein relate to configuring, by a routing controller, at least one data traffic route originating from a device of a first group of devices to a first Transport Gateway (TGW) and a gateway hub, tagging the at least one data traffic route with a first identifier associated with the first group of devices to send to the first TGW and to a first set of routers of the hub gateway wherein the at least one data traffic route originates from at least one device of the first group of devices, and sending a tagged data traffic route originating from at least one device of the first group of devices based on the first identifier to the first TGW and the first set of routers of the hub gateway.
Techniques for enabling centralized distribution and configuration of routing control settings in a software- defined wide area network (SD-WAN) overlay are disclosed herein. In some aspects, the techniques described herein relate to defining a new address family in a communication protocol. The techniques may enable users to provide input related to configurations for routing control settings in a hierarchical manner. The routing controller may identify device(s) in the SD-WAN and send the routing control settings to the edge devices using the new address family. The techniques described herein provide a streamlined and dynamic way to manage routing controls, while also enabling centralized distribution of routing control settings, routes, best path data, etc. from a centralized routing controller.
H04L 45/64 - Routing or path finding of packets in data switching networks using an overlay routing layer
H04L 45/645 - Splitting route computation layer and forwarding layer, e.g. routing according to path computational element [PCE] or based on OpenFlow functionality
H04L 45/655 - Interaction between route computation entities and forwarding entities, e.g. for route determination or for flow table update
H04L 45/76 - Routing in software-defined topologies, e.g. routing between virtual machines
86.
DYNAMIC BANDWIDTH EXPANSION ACTIVATION AND TERMINATION OPERATION
Signal mechanisms are described for performing dynamic bandwidth expansion (DBE) at an access point (AR). In one embodiment, the AR and stations (STAs) exchange signals indicating their respective DBE capabilities (e.g., whether DBE is supported, maximum dynamic BW, etc.). Later, the AR (or a network controller) can determine to perform DBE. For example, the load on the AR may jump because the AR is located in a conference room or an event center. To provide additional BW, the AR (or RRM) can determine to perform DBE to increase the bandwidth available to the AR. To do so, the AR transmits a DBE announcement to inform the STAs. This announcement can include information such as bandwidth, center frequency, whether a subchannel is punctured, etc.). The AR and STAs can then use the expanded bandwidth.
The present disclosure provides techniques for physical layer (PHY) parameter recommendation for improved link quality. An access point (AP) receives a recommendation request frame from a station (STA), the recommendation request frame comprising at least one of: one or more physical layer (PHY) parameters of the STA, a link margin of the STA, or one or more acceptable link degradation limits of the STA. The AP determines, based on the recommendation request frame, a recommended range for at least one of the PHY parameters, the recommended range being determined to maintain link performance within the acceptable link degradation limits. The AP transmits a recommendation response frame to the STA, the recommendation response frame comprising the recommended range, where the STA adjusts at least one PHY parameter based on the recommended range.
H04L 5/00 - Arrangements affording multiple use of the transmission path
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
88.
DYNAMIC BANDWIDTH EXPANSION ACTIVATION AND TERMINATION OPERATION
Signal mechanisms are described for performing dynamic bandwidth expansion (DBE) at an access point (AP). In one embodiment, the AP and stations (STAs) exchange signals indicating their respective DBE capabilities (e.g., whether DBE is supported, maximum dynamic BW, etc.). Later, the AP (or a network controller) can determine to perform DBE. For example, the load on the AP may jump because the AP is located in a conference room or an event center. To provide additional BW, the AP (or RRM) can determine to perform DBE to increase the bandwidth available to the AP. To do so, the AP transmits a DBE announcement to inform the STAs. This announcement can include information such as bandwidth, center frequency, whether a subchannel is punctured, etc.). The AP and STAs can then use the expanded bandwidth.
Devices and methods that incorporate sustainability data within a header of a data packet to allow for the generation of sustainable configurations for various network devices are disclosed. Power efficiency is obtained at a node-level by including metadata to existing network flows, in an in-band/in-situ configuration. This information may be used for optimum flow placement. Received data packets may be formatted with sustainability data within a metadata shim. The received data packets are processed, and a sustainable configuration is generated for the one or more network devices. The generated sustainable configuration is transmitted to the one or more network devices to enable efficient and effective management of network devices by incorporating sustainability data into the data packets.
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
90.
ESTIMATING POSITION FROM REFERENCE SIGNALS RECEIVED BY COORDINATING ACCESS POINTS
Disclosed are systems, apparatuses, methods, and computer-readable media for identifying a location of a wireless device. A method for identifying a location of a wireless device includes transmitting a request message to the wireless device for identifying a position of the wireless device; receiving a response message from the wireless device; determining first time information based on a time of flight (ToF) of the request message and the response message, wherein the ToF corresponds to a distance of the wireless device from the AP; receiving a second message from a second AP that includes second time information associated with the request message and the response message; receiving a third message from a third AP that includes third time information associated with the request message and the response message; and transmitting location configuration information to the wireless device for the wireless device to determine a position of the wireless device.
G01S 5/00 - Position-fixing by co-ordinating two or more direction or position-line determinationsPosition-fixing by co-ordinating two or more distance determinations
G01S 5/02 - Position-fixing by co-ordinating two or more direction or position-line determinationsPosition-fixing by co-ordinating two or more distance determinations using radio waves
Techniques for leveraging the MASQUE protocol to provide remote clients with full application access to private enterprise resources are described herein. One or more network nodes may be configured to execute a MASQUE proxy service to provide a remote client device with full access to an enterprise/private application resource executing on an application node and hosted in an enterprise/application network, behind the MASQUE proxy service. In some examples, the MASQUE proxy service may execute on a single proxy node hosted at an edge of a cloud network or at an edge of an enterprise network. Additionally, or alternatively, a first instance of the MASQUE proxy service may execute on a first proxy node hosted at an edge of a cloud network (e.g., an ingress proxy node) and a second instance of the MASQUE proxy service may execute on a second proxy node hosted at an edge of the enterprise network.
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
H04L 67/02 - Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
H04L 67/101 - Server selection for load balancing based on network conditions
H04L 67/1012 - Server selection for load balancing based on compliance of requirements or conditions with available server resources
This disclosure describes techniques for orchestrating implementation of a security solution among network devices. The techniques include determining capabilities of routers of the network and capabilities of a cloud security service to perform security features of a security solution. Based at least in part on the capabilities, the techniques include configuring a router of the network to execute a first subset of the security features on data traffic of the network, and configuring the cloud security service to execute a second subset of the security features on the data traffic. The techniques may also include causing the security solution to be presented to a security administrator via a display, the display providing representations of the first subset and the second subset of the security features.
A method, computer system, and computer program product are provided for performing evolved packet system fallback for location services. A request is received from a location service client for a location of a user equipment that is connected to a first network. In response to determining that the first network does not support location services, a fallback of the user equipment to a second network is triggered. A location of the user equipment is obtained using the second network. The location of the user equipment is provided to the location service client.
In one embodiment, a method may determine collective load data from a plurality of Ethernet Virtual Private Network (EVPN) leaf nodes in a Link Aggregation Group (LAG) within a network. The LAG may include a plurality of physical Ethernet links. The method may distribute the collective load data between the plurality of EVPN leaf nodes in the LAG. The method may determine, using a de-powering algorithm, a sustainability factor for a particular physical Ethernet link of the plurality of physical Ethernet links in in the LAG. The method may determine whether to activate or de-power the particular physical Ethernet link in response to comparing the sustainability factor to a predetermined threshold.
Provided herein are techniques to facilitate multiple sessions for a wireless device with a mobile core network via a trusted WLAN. In one example, a method may include obtaining, by an interworking function of a WLAN, an indication that a wireless device seeks to establish a session with the mobile core network, wherein the indication comprises first parameters associated with the session. The method may further include upon identifying, by the interworking function, that the first parameters match a route selection rule of a plurality of route selection rules for the wireless device, facilitating establishment of the session with the mobile core network based on the first parameters. In one instance, the wireless device is not capable of Non-Access-Stratum (NAS) signaling with the mobile core network via the WLAN.
In one embodiment, a method includes determining, by an access broker, a first group of users of a first tenant within a computer network and exposing, by the access broker, the first group of users to a second tenant within the computer network. The method may further include receiving, by the access broker, a selection of particular users from the first group of users for which the second tenant has granted remote access to one or more networked assets of the second tenant and managing, by the access broker, access of the particular users of the first tenant to the one or more networked assets of second tenant based on a group configuration for the first group of users by the first tenant and the selection of the particular users by the second tenant.
Techniques for providing a confidence rating for an attack technique tag and a guidance for improving the confidence rating are described. An attack technique analytics engine receives telemetry data, a notification that an attack has been detected using an attack detection source, the notification including an attack technique tag indicating an attack technique used in the attack, and attack technique data including a likelihood of a particular attack technique, from among multiple attack techniques, occurring determined using a particular attack detection source from among multiple attack detection sources. Based on the telemetry, the attack technique tag, and the attack technique data, a confidence rating that the attack corresponds to the attack technique is determined. The attack detection source and attack technique are analyzed to determine a guidance for improving the confidence rating, and tire rating and guidance are appended to the attack technique tag.
The present disclosure provides techniques for physical layer (PHY) parameter recommendation for improved link quality. An access point (AP) receives a recommendation request frame from a station (STA), the recommendation request frame comprising at least one of: one or more physical layer (PHY) parameters of the STA, a link margin of the STA, or one or more acceptable link degradation limits of the STA. The AP determines, based on the recommendation request frame, a recommended range for at least one of the PHY parameters, the recommended range being determined to maintain link performance within the acceptable link degradation limits. The AP transmits a recommendation response frame to the STA, the recommendation response frame comprising the recommended range, where the STA adjusts at least one PHY parameter based on the recommended range.
Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.
H03L 7/087 - Details of the phase-locked loop concerning mainly the frequency- or phase-detection arrangement including the filtering or amplification of its output signal using at least two phase detectors or a frequency and phase detector in the loop
