A method for learning potential correlation of data structures and fields across multiple disparate data sources. The method automatically identifies relationships that exist in multiple data sources to facilitate a data broker that can return the “shortest-path-to-data”. The method includes communicating with a data lake that integrates access to data stored in a plurality of different data sources. The method next includes correlating, via the data lake, data fields in data sets across the plurality of different data sources to identify relationships across the plurality of different data sources. A request to access data is obtained, and the method determines that data for the request is stored in two or more data sources of the plurality of different data sources, selects a particular data source of the two or more data sources and retrieves the data for the request from the particular data source.
Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on observing and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a hash table associated with frequently traversed execution paths is generated. A monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers. The frequently traversed execution paths may be identified based on the hash table and be identified as valid if the hash value corresponds to the table.
Techniques for optimizing routing decisions based on security metrics within a network environment are described herein. In some cases, by using various security metrics, such as encryption indicators, attestation indicators, secureness metrics, and reliability metrics, an exemplary system can assess the security level and reliability of network paths. These metrics may provide valuable insights into the trustworthiness and integrity of participating nodes and links and enable informed decision-making regarding path selection.
The method disclosed herein manages and generates enterprise-policy compliant guest credentials for connectivity to one or more enterprise networks. The method may include receiving a request from a guest user device to connect to a first network provided by an enterprise. The method may further comprise determining that the guest user device is authorized to access the first network when the access by the guest user is subject to a movement and roaming policy. A first credential may be provisioned for the guest user to access the first network that is consistent with the movement and roaming policy. Prior to receiving a second request to connect to a second network of the enterprise from the guest user device, provisioning a second credential, consistent with the movement and roaming policy, to the guest user.
Techniques for ultra-short-term resource forecasting for a network device are described. A selection of a time series algorithm from a set of time series algorithms for determining capacity right-sizing of a local resource is received, the is selection based at least in part on current local traffic conditions. Based on current local traffic conditions, parameter values to be used in the algorithm are determined, the parameters are associated with the time series algorithm selection. A number of data points for input to the time series algorithm are determined, the data points are a sequence of values representing an amount of the local resource used by the network device at a point in time and are collected at predetermined time intervals. Based on a calculation of the time series algorithm using the number of data points and parameter values, the right-size capacity of the local resource for the network device is determined and provided.
H04L 41/147 - Network analysis or design for predicting network behaviour
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
Backup communication paths can be determined for use by different circuits of a network in the event of a failure of active communication paths. The disclosed backup path determination techniques can reduce contention in which multiple circuits share a backup path. Contention metrics are determined for communication paths in the network. The contention metrics are used to determine a communication path for contention reduction. A circuit that uses the communication path as a backup path is selected, and the backup path of the selected circuit is modified to avoid the communication path. Contention metrics can then be recalculated, and contention reduction techniques can be repeated until a desired convergence point is reached.
Described herein are systems and methods for optimizing energy efficiency in a network utilizing a control plane or other network administration device or software suite. The control plane continuously monitors end-to-end network paths and collects real-time data about network topology, traffic patterns, and connected devices. By analyzing the collected network data, the control plane identifies power needs for network nodes and generates energy saving recommendations or instructions tailored to each node's specific capabilities. Network nodes can subscribe to the energy efficiency service provided by the control plane, receive network usage data, and execute energy saving operations based on the recommendations. The control plane dynamically updates the energy saving recommendations in response to changes in network conditions, enabling network nodes to optimize their energy efficiency without compromising network performance and availability. These updates can be based on current network conditions but can be generated from historical data and/or machine learning processes.
In one embodiment, a method comprises: obtaining a plurality of results for a corresponding plurality of independent tests performed on a corresponding plurality of services in a computer network, the plurality of results comprising one or more determined pathways through the computer network; determining a specified subset selection regarding the plurality of results, the specified subset selection corresponding to at least two independent service-related tests; combining a portion of the plurality of results into an aggregated results subset according to the specified subset selection; generating a graphical representation visualization of the aggregated results subset, the graphical representation visualization illustrating a plurality of specific pathways through the computer network corresponding to the aggregated results subset; and providing, to a graphical user interface, the graphical representation visualization of the aggregated results subset, the graphical user interface providing for further specification of the specified subset selection regarding the plurality of results.
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 41/0681 - Configuration of triggering conditions
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
A system and method are provided for detecting malicious messages using a two-step Bayesian approach. A discrimination engine determines for each of the messages a first score and a second score. The first score represents a likelihood that the respective messages are malicious messages, and the second score represents a likelihood that they were generated by a machine learning (ML) method, such as a large language model (LLM). Using a combination of these two scores, message with a high probability of being malicious message are discriminated and marked as such. For example, messages for which the first and second scores exceed respective thresholds are marked as suspicious.
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
10.
CATEGORIZING PARTICIPANT CONTRIBUTION OF CONFERENCES
A non-transitory computer-readable medium has instructions that, when executed by one or more processors, cause the one or more processors to perform operations that include receiving a contribution provided by a participant in a video session and/or audio session, determining whether a type of the contribution is a question or a comment, storing the contribution and its type, determining whether a total quantity of received contributions exceeds a threshold, classifying each received contribution into an appropriate category of a plurality of categories in response to determining the total quantity of received contributions exceeds the threshold, and outputting the received contributions and their categories for display to one or more additional participants in the video session and/or audio session.
Techniques and architecture are described for eliminating double encryption in zero-trust network access authenticated sessions. The techniques include an endpoint client-based proxy of a network receiving, from a browser, a request to access a protected private service. The endpoint client-based proxy pauses access of the browser to the protected private service and establishes a transport layer security (TLS) connection between the endpoint client-based proxy and a zero-trust network access (ZTNA) gateway. The ZTNA gateway determines whether the protected private service uses a secure transport mechanism and establishes either a null cipher encrypted tunnel between at least the endpoint client-based proxy and the ZTNA gateway or a non-null cipher encrypted tunnel between at least the endpoint client-based proxy and the ZTNA gateway. The endpoint client-based proxy resumes access of the browser to the protected private service.
A method, computer system, and computer program product are provided for responding to user queries. A plurality of metadata objects are extracted from a plurality of knowledge artifacts in a database. A portion of the plurality of metadata objects is encrypted using homomorphic encryption to generate a plurality of encrypted embeddings, wherein each encrypted embedding relates to content of a knowledge artifact. A plurality of encrypted similarity scores are received that are generated by processing a query, received from a user, against the plurality of encrypted embeddings. The plurality of encrypted similarity scores are decrypted. A particular knowledge artifact is identified based on the decrypted plurality of similarity scores. A response is provided to the user based on the particular knowledge artifact.
Devices, systems, methods, and processes for managing network devices through generated predictions and associated confidence levels are described herein. Networks within a floorplan can be operated at full capacity all day in an inefficient way when not adjusted due to traffic patterns and seasonality changes. Data related to the topology of the network, along with historical data can be utilized to generate predictions of various network needs. For example, the overall network throughput capacity needs may be predicted for a series of points in the future. An associated confidence level can be generated as well including one or more confidence intervals. These can be utilized to select a future need for the network and generate a corresponding sustainable network configuration for the network devices and/or their transceivers that can provide sufficient network needs while minimizing the overall power used. This can be automated over time once trust has been established.
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
H04L 41/083 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for increasing network speed
H04L 41/12 - Discovery or management of network topologies
H04L 41/147 - Network analysis or design for predicting network behaviour
14.
ENTERPRISE-MANAGED AUTHENTICATION AND AUTHORIZATION
Techniques for syncing authentication and/or authorization tokens, cookies, and related metadata across different browser instances to enable disparate applications to share a single authentication/authorization ceremony. The techniques may include receiving a policy indicating multiple enterprise-managed applications that are capable of sharing tokens or cookies for user authentication. The techniques may also include receiving a token or a cookie indicating that a user is authenticated to access a first application of the multiple enterprise-managed applications. Based at least in part on the policy, the token or the cookie may be provided to a browser such that a second application of the multiple enterprise-managed applications refrains from causing the user to authenticate for access to the second application.
Techniques for routing service mesh traffic based on whether the traffic is encrypted or unencrypted are described herein. The techniques may include receiving, from a first node of a cloud-based network, traffic that is to be sent to a second node of the cloud-based network and determining whether the traffic is encrypted or unencrypted. If it is determined that the traffic is encrypted, the traffic may be sent to the second node via a service mesh of the cloud-based platform. Alternatively, or additionally, if it is determined that the traffic is unencrypted, the traffic may be sent to the second node via an encrypted tunnel. In some examples, the techniques may be performed at least partially by a program running on the first node of the cloud-based network, such as an extended Berkeley Packet Filter (eBPF) program, and the like.
In one embodiment, a method includes ingesting security tool findings associated with an application and identifying events associated with the application. The method also includes comparing the security tool findings and the events against known attack paths and determining partial attack path matches between the security tool findings and the events and the known attack paths. The method further includes performing a risk analysis of the partial attack path matches and prioritizing the partial attack path matches based on the risk analysis.
Devices and methods are discussed herein to track networked electronic devices during the course of their lifecycles. Each electronic device may be provided with a “green passport” by its manufacturer which contains all relevant information concerning the operation of the device during its lifetime. When a new electronic device is coupled to a network, it may emit a uniform resource identifier (URI) which may be received by a server that may operate as a manager for the green passports of devices within its purview. The manager may download the green passport from the manufacturer's server. The manager may verify the authenticity of the URI and/or the green passport to avoid security threats. The manager may monitor the electronic device and issue notifications throughout its lifecycle. At the end-of-life of the electronic device, the manager may issue sustainable disposable information for the device.
G06Q 10/20 - Administration of product repair or maintenance
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
18.
BRIDGING CONFIGURATION CHANGES FOR COMPLIANT DEVICES
Various implementations disclosed herein provide a mechanism for determining that a configuration status of a compliant device is too far out-of-date, and subsequently bridging the configuration status of the compliant device to the up-to-date configuration data and instructions in response. In various implementations, determination of the configuration status of the compliant device is possible using a single request from the compliant device, which in turn reduces the amount of network traffic and utilization of network resources needed to update the compliant device with the up-to-date configuration data and instructions.
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
A process can include determining respective link state information corresponding to a plurality of links between two or more border routers and a plurality of child nodes of the two or more border routers, the border routers and the child nodes included in a Destination Oriented Directed Acyclic Graph (DODAG) of a Low-Power Lossy Network (LLN). Consensus information indicative of a current status of each border router of the two or more border routers can be determined based on the respective link state information. The consensus information can be used to update an election of one or more active border routers from the two or more border routers to utilize as a virtual DODAG root for the LLN. Traffic directed to the virtual DODAG root can be routed to an active border router of the two or more border routers based on the updated election.
A computer-implemented method of determining whether to configure a detection comprised within a query is disclosed. The method includes analyzing a query to determine clauses within the query that identify logs relevant to the detection comprised within the query. The method further includes determining a statistical distribution for modeling a likely hit rate of the detection. Additionally, the method includes updating the statistical distribution with information associated with an observed hit rate. Also, the method includes determining a hit rate for the detection using the updated statistical distribution and live telemetry data and computing a confidence score for the detection. Responsive to a determination that the confidence score for the detection is above a predetermined threshold, the method includes maintaining the detection online.
Embodiments of the present disclosure provide techniques for efficiently and accurately performing propagation of search-head specific configuration customizations across multiple individual configuration files of search heads of a cluster for a consistent user experience. The cluster of search heads may be synchronized such that the search heads operate to receive the configuration or knowledge object customizations from one or more clients from a central or lead search head. To reduce the amount of data that is transferred during propagation, the list of configuration or knowledge object customizations maintained in each search head is filtered from the list of the lead search head until a divergence point is determined. Once determined and communicated to the lead search head, the lead search head sends the configuration and knowledge object customization data that is absent from the internal list of the member search head.
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
22.
Integration of cloud-based and non-cloud-based data in a data intake and query system
A software module ingests data into a data intake and query system. At least a portion of the data is cloud data. The software module includes an event type definition that specifies a type of data to be ingested by the software module, a first tag that associates ingested data of the event type with a data model, and a second tag that designates ingested data of the event type as cloud data. The ingested data is stored in a data repository, and subsequently a search query that includes the first tag and the second tag is executed against the data repository, to identify ingested cloud data that satisfies the search query and a first search constraint specified in the data model. A display device is caused to display a visualization based on the identified ingested cloud data that satisfies the search query.
A computing device receives an ingest preview request to preview events to be stored by at least one indexer. Responsive to the ingest preview request, the computing device sends a subscription request to the forwarders. The forwarders receive the subscription request and intercept the events that are being sent to at least one of the indexers. The forwarders then clone matching events to the subscription request and responds to the computing device with the matching events. When the computing device receives the matching events, the computing device adds the matching events to a dispatch directory. The user interface is then populated with events in the dispatch directory.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
A process can include determining a plurality of Network Address Translation (NAT) routes associated with respective edge routers included in a same virtual private network (VPN) for communicating with a software-defined wide area network (SDWAN). A process can include identifying a first subset of the plurality of NAT routes as mapped to a first public NAT address included in a NAT pool associated with the VPN. A process can include tagging each NAT route of the first subset with a tag value indicative of a preferred router for receiving return traffic of the respective NAT route. A process can include routing traffic on a respective NAT route of the plurality of NAT routes based on applying, at an SDWAN controller, a corresponding control policy matching the tag value of the respective NAT route.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
In one embodiment, a device identifies a set of attributes from telemetry data generated by one or more agents regarding an online application accessible via a network. The device provides an interactive display to a user interface that includes options for a user to specify a selection of one or more attributes from the set of attributes and to specify an aggregation function. The device updates the interactive display to show a visualization of the aggregation function applied to the selection of one or more attributes and configures the one or more agents to collect only a subset of the telemetry data based on the selection of the one or more attributes and the aggregation function.
In one embodiment, a device identifies a port associated with a backend probing agent for a cloud-hosted application. The device performs external probing of a path to the cloud-hosted application by sending a probe along the path to the port, to generate external probing results. The device triggers the backend probing agent to generate backend probing results by performing backend probing of a backend service used by the cloud-hosted application. The device causes formation of unified probing results that correlate the external probing results and the backend probing results.
In one embodiment, a device determines whether applications in a messaging system are data producers or data consumers. The device determines workloads of the applications. The device assigns message brokers of the messaging system to the applications based on the workloads of the applications and whether the applications are data producers or data consumers.
In one embodiment, a device obtains telemetry data indicative of a plurality of different types of events that occurred in a network. The device computes event counts for each of the plurality of different types of events within each of a sequence of predefined timespans based on the telemetry data and generates timeseries for each of the plurality of different types of events using the event counts. The device provides display data that causes a user interface to display a selected two or more of the timeseries concurrently.
In one embodiment, a device obtains testing parameters used by a plurality of agents in a network to perform testing with respect to an online application. The device identifies overlapping parameters among the testing parameters and generates a consolidated set of testing parameters for the overlapping parameters. The device configures the plurality of agents such that a singular testing agent performs testing with respect to the online application using the consolidated set of testing parameters instead of multiple testing agents performing testing with respect to the online application using the overlapping parameters.
The present disclosure relates to a photodiode and method of forming the photodiode. The photodiode includes a doped layer and an absorption region positioned on the doped layer. The absorption region includes a base region contacting the doped layer, a first facet region positioned on the base region, and a second facet region positioned on the first facet region. The first facet region includes (i) a first tapered surface and a second tapered surface extending from the base region and (ii) a first step region and a second step region extending laterally from the first tapered surface and the second tapered surface, respectively. The second facet region includes a third tapered surface extending from the first step region and a fourth tapered surface extending from the second step region.
H01L 31/0352 - SEMICONDUCTOR DEVICES NOT COVERED BY CLASS - Details thereof characterised by their semiconductor bodies characterised by their shape or by the shapes, relative sizes or disposition of the semiconductor regions
H01L 31/0232 - Optical elements or arrangements associated with the device
H01L 31/105 - Devices sensitive to infrared, visible or ultraviolet radiation characterised by only one potential barrier or surface barrier the potential barrier being of the PIN type
H01L 31/18 - Processes or apparatus specially adapted for the manufacture or treatment of these devices or of parts thereof
The present disclosure relates to an opto-electrical circuit and a method of forming an opto-electrical circuit. According to an embodiment, a circuit includes a photonic integrated circuit, an intermetal dielectric, an oxide layer, and a first electronic integrated circuit. The intermetal dielectric is coupled to the photonic integrated circuit. The oxide layer is coupled to the intermetal dielectric such that the intermetal dielectric is positioned between the photonic integrated circuit and the oxide layer. The first electronic integrated circuit is positioned within the oxide layer and coupled to the intermetal dielectric. A through oxide via extends through the oxide layer to the intermetal dielectric.
The present technology involves system, methods, and computer-readable media for establishing mobility of user equipment (UEs) or mobile from congested new radio (NR) cells to un-congested Long-Term Evolution (LTE) cells. For operators that deploy both LTE cells and NR cells, the UEs can move from congested NR cells to un-congested LTE cells but can also be handed back into un-congested NR cells.
Techniques described herein provide procedures for reducing MACsec Key Agreement (MKA)-related traffic and improving resource allocation for MKA protocol through an EVPN environment. Techniques include leveraging Border Gateway Protocol (BGP) signaling for MKA between Provider Edge (PE) routers instead of between Customer Edge (CE) routers, which mitigates both hardware restrictions and scalability challenges with a new Xaas enablement. A new BGP-EVPN route type is defined that can communicate a set of MKA information along with an address destination associated with a provider edge device to establish a BGP MKA session and enable MACsec encryption/decryption at the provider edge device.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Techniques for generating and utilizing overlay-based Border Gateway Protocol (BGP) Operations, Administration, and Maintenance (OAM) packets to detect issues with an underlay network. The techniques may include receiving, from a BGP peer device via a control plane path, an OAM probe indicating a forwarding path to be used for sending the traffic to a destination associated with a prefix. The techniques may also include determining, based at least in part on the OAM probe, that a next-hop device is incapable of being utilized to forward the traffic to the destination, the next-hop device determined based on an origination of the prefix. The techniques may further include performing a policy-based action based at least in part on determining that the next-hop device is incapable of being utilized to forward the traffic to the destination.
H04L 45/64 - Routing or path finding of packets in data switching networks using an overlay routing layer
H04L 43/0817 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
H04L 43/10 - Active monitoring, e.g. heartbeat, ping or trace-route
Techniques for coordinating traffic and performing preemption in multi-link operations are provided. At least a first portion of a first element of data is transmitted by the first network device via a first link. A second element of data is identified by the first network device. The transmission of the first element of data is interrupted by the first network device to transmit the second element of data via the first link. A remaining portion of the first element of data is transmitted by the first network device via a second link.
H04W 72/566 - Allocation or scheduling criteria for wireless resources based on priority criteria of the information or information source or recipient
H04W 28/06 - Optimising, e.g. header compression, information sizing
36.
PPDU FORMAT SUPPORTING VENDOR SPECIFIC PER-USER PARAMETERS
A format for a Physical layer Protocol Data Unit (PPDU) that can be transmitted over a network is disclosed. The PPDU includes one or more bits signaling that vendor-specific (VS) per-user content is present in the PPDU. The PPDU also includes one or more bits signaling a VS language in which the VS per-user content is presented. The PPDU further includes bits representing the VS per-user content in the VS language. The VS per-user content is arranged in the PPDU to provide individualized VS information for respective users intended to receive the PPDU.
A first packet of a packet flow is received at a classifying network device. The first packet is forwarded from the classifying network device to a firewall network device. An indication that the packet flow is to be offloaded is received at the classifying network device. Data is stored at the classifying network device indicating that the packet flow is to be offloaded. A non-control packet of the packet flow is received at the classifying network device. A determination is made that the non-control packet belongs to the packet flow by comparing data contained in the non-control packet to the stored data. The non-control packet of the packet flow is directed to a processing entity in response to the determining. A control packet of the packet flow is received at the classifying network device. The control packet of the packet flow is directed to the firewall network device.
G06F 16/901 - Indexing; Data structures therefor; Storage structures
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
Optimizing or otherwise improving sounding intervals may be provided. Improving sounding intervals can include generating predicted Channel State information (CSI) of a Station (STA). A Null Data Packet (NDP) Announcement (NDPA) can be sent to the STA, wherein the NDPA instructs the STA to send compressed CSI. A reference signal is then sent to the STA. Finally, the compressed CSI is received from the STA.
Predicting network throughput and balancing network loads may be provided. Predicting network throughput and balancing network loads can comprise receiving traffic information from a plurality of Access Points (APs). Based on the traffic information, traffic associated with the plurality of APs can be modeled. Based on the modeled traffic, a gain in AP efficiency for one or more APs of the plurality of APs can be modeled when modifying Station (STA) traffic of a STA. A recommendation can be sent to one or more recipient APs of the plurality of APs, wherein the recommendation indicates the gain in AP efficiency for the one or more APs when modifying the STA traffic.
Aspects described herein include a method of automated grouping of client devices for a user-defined network (UDN). The method includes receiving, from a first client device, an authentication request to join an access provider network. The authentication request includes a unique identifier of the first client device. The method also includes transmitting the unique identifier to a UDN cloud and receiving a first list from the UDN cloud. The first list indicates that the UDN is associated with the unique identifier. The method further includes joining the first client device with a second client device present on the access provider network based on a second list from the UDN cloud. The second list indicates that the UDN is associated with the second device.
This disclosure describes techniques for allowing an organization to manage user identities. In some examples, the management of user identities may be serverless. In some examples, serverless identity management may be enabled through a distributed application on user devices of the organization. The application may generate and/or store information related to the user identities on the user devices. Serverless identity management may further include storing at least some of the information at a location that is easily accessible to the user devices, such as a cloud computing location, while maintaining security for private data. Serverless identity management may therefore provide an organization with greater operational flexibility.
A method is provided that is performed in a wireless network to detect a rogue wireless device. The method comprises detecting a suspect wireless device in the wireless network based on messages transmitted by the suspect wireless device using a first Media Access Control (MAC) address that is also used by a valid wireless device in the wireless network. When a suspect wireless device is detected, the method next includes sending to the valid wireless device in the wireless network a request configured to cause the valid wireless device to change its MAC address. After the valid wireless device has changed its MAC address, the method involves observing messages transmitted by the suspect wireless device in the wireless network. The method then includes determining that the suspect wireless device is a rogue device when the suspect wireless device continues to transmit messages using the first MAC address.
Disclosed herein are systems, methods, and computer-readable media for upgrading vSmart controllers. In one aspect, a method includes an edge router receiving a notification from a vSmart controller that an upgrade to the controller will occur. The notification can be dynamically triggered by a centralized network management system. In some embodiments, the vSmart controller can run as a virtual machine (VM) and maintains a control plane connection with one or more edge routers in an overlay network. In response to the notification, a length of time of an expiry timer in which the edge router attempts to connect to the vSmart controller can be increased, and the edge router can connect to the vSmart controller once the increased length of time has passed.
Techniques are described for storing and processing network data for responding to queries for such network data. Operational network data is separated from configuration network data so that they can be processed and stored separately. A sliding window cache is used to continually, temporarily store network data objects having time stamps falling within the time range of the sliding window cache. Network data objects stored within the sliding window cache are then moved to computer memory for storage and later retrieval. In response to a query for network data, network data objects can be retrieved from the sliding window cache and also from the computer memory based on time stamps of the network data objects and on the time range of the query.
A network storage volume stores a first entry in a first-mode storage bucket and a second entry in a second-mode storage bucket, the first-mode storage bucket having first bucket metadata, and the second-mode storage bucket having second bucket metadata. At least one bucket to be purged from the buckets of the network storage volume are selected based at least in part on bucket metadata of the plurality of buckets, where the buckets include the first-mode storage bucket and the second-mode storage bucket. The selected bucket is caused to be purged from the network storage volume.
Techniques for implementing a differential differencing TIA for coherent applications are disclosed. A method includes receiving first and second optical signals from a 90 degree optical hybrid that receives a coherent optical signal, wherein the first and second optical signals each include one pair of sum and difference signals output by the 90 degree optical hybrid, generating, based on the first optical signal and from a first photo diode, a first differential signal, generating, based on the second optical signal and from a second photo diode, a second differential signal, differentially transconducting the first and second differential signals to produce first and second transconducted signals, performing a differencing operation on the first and second differential transconducted signals to produce a combined differential-differencing transconducted signal that is representative of the first optical signal and the second optical signal, and outputting the combined differential transconducted signal as a differential output.
In various embodiments, a natural language (NL) application enables users to more effectively access various data storage systems based on NL requests. The NL application includes functionality for selecting an optimal interpretation algorithm, generating a dashboard, and/or generating an alert based on an NL request. Advantageously, the operations performed by the NL application reduce the amount of time and user effort associated with accessing data storage systems and increase the likelihood of properly addressing NL requests.
In one embodiment, a device performs a detection stage of an automated instrumentation pipeline during which the device detects an application server type by examining a command line of a process of an application. The device performs, based on the application server type, an extraction stage of the automated instrumentation pipeline during which the device extracts application server attributes. The device performs, based on the application server attributes, a naming stage of the automated instrumentation pipeline during which the device forms a naming hierarchy for processes of the application. The detection stage, the extraction stage, and the naming stage of the automated instrumentation pipeline do not have access to a controlled space of the application. The device inserts, based in part on the naming hierarchy, arguments into command lines of processes of the application that cause the processes of the application to be instrumented at runtime.
This document discloses methods and systems for modeling product usage. In one practical application, the systems and methods may be utilized to model product usage based on large volume, machine generated product usage data to optimize product pricing and operations. Specifically, the systems and methods described herein may utilize methods with key components to select the maximum number of dimensions that can be modeled based on the number of data points, use a logarithm kernel function to normalize machine data with long-tailed statistical distributions on different numerical scales, compare a large number of candidate models with different candidate dimensions and different structures, and quantify the amount of change and drift in models over time.
A set of alert records stored in a shared alert data store that is shared amongst a cluster of processing nodes are presented in an interface. From the interface, a request is received to delete an identified alert record from the set of alert records. A delete alert record matching the identified alert record is added to the shared alert data store. The identified alert record is deleted from the shared alert data store responsive to the request. The delete alert record is transmitted to a processing node of the cluster of processing nodes, wherein the processing node deletes a local copy of the identified alert record according to the delete alert record.
Techniques are disclosed for placing content in and applying layers to an extended reality environment. An extended reality (XR) system determines an identifier that is associated with an object viewable within an extended reality environment. The XR system determines a plurality of data structures associated with the identifier, each data structure including a workspace and a dashboard. The XR system generates, using the plurality of data structures, a plurality of extended reality objects for display in the extended reality environment, each extended reality object including a dashboard from the plurality of data structures, where, in the extended reality environment, a first dashboard is visible. The XR system receives an input associated with the extended reality environment. The XR system causes, in response to the input, the second dashboard to be visible.
G06F 3/04815 - Interaction with a metaphor-based environment or interaction object displayed as three-dimensional, e.g. changing the user viewpoint with respect to the environment or object
G06F 3/04883 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures for inputting data by handwriting, e.g. gesture or text
G06F 16/955 - Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
G06T 19/00 - Manipulating 3D models or images for computer graphics
52.
PROACTIVE PATH COMPUTATION ELEMENT TO ACCELERATE PATH COMPUTATION
A method performed at a controller of an optical network configured with an optical path comprising a series of fiber spans for forwarding traffic: as a background operation to forwarding the traffic along the optical path, generating and storing precomputed optical paths as alternates to the optical path for path restoration by simulating some number of faults impacting the optical path; upon receiving, from the optical network, a path restoration query that indicates actually failed fiber spans, determining availability of a precomputed optical path that avoids the actually failed fiber spans; and when the precomputed optical path is available, sending, to the optical network, a first descriptor of the precomputed optical path to enable a deployment of the precomputed optical path. The method drastically reduces the time of alternate path research in complex meshed networks.
Aspects of the present disclosure are directed to improving network resource utilization (at edge network devices) as well as at cloud-based processing components of a network, when performing attribute searches on video data captured at the edge devices of the network. In one aspect, a method includes detecting a motion event in a plurality of frames of video data captured using one or more edge devices, generating a motion blob for a subset of the plurality of frames associated with the motion event, processing the motion blob to generate one or more attributes, wherein each of the one or more attributes are identified once in the motion blob, and send the one or more attributes to a cloud processing component.
The present disclosure describes systems and methods for detecting temperature in an electro-optical circuit (e.g., an electro-optical transceiver). According to an embodiment, an electro-optical circuit includes a photonic integrated circuit and an electronic integrated circuit. The photonic integrated circuit includes an optical component and a first resistor positioned by the optical component. The electronic integrated circuit determines a temperature for the optical component based on a first resistance of the first resistor.
G01K 7/18 - Measuring temperature based on the use of electric or magnetic elements directly sensitive to heat using resistive elements the element being a linear resistance, e.g. platinum resistance thermometer
G02F 1/01 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulating; Non-linear optics for the control of the intensity, phase, polarisation or colour
Various methods, systems, and/or processes are described herein to create more sustainable configurations of wireless Access Points (APs), switches, and other network devices based upon network speed, client demand, among other factors. Clients may wirelessly couple to an AP using a variety of different technologies. The clients may be distributed over these frequency bands in an optimal manner allowing minimum use of transceiver power. The network link speed between the AP and the Ethernet switch may also be dynamically adjusted. These configurations may dynamically change over time as client demand or network traffic increases or decreases. In certain other configurations, the APs may have a higher wireless throughput than the ethernet connections to the network. In these instances, sustainable configurations can be achieved by powering down transceivers, radio chains, and/or processor cores. Traffic and other events may trigger the need for new sustainable configurations to be generated and applied.
Techniques for determine latency, loss, and liveness performance metrics associated with ECMP routes. The techniques may include determining that a TWAMP probe is to be sent from a first node to a second node along an equal-cost multipath ECMP route. In some examples, the first node may generate a packet for sending the TWAMP probe to the second node. The packet may include information specifying a forward path and reverse path to be traversed by the packet. In examples, the first node may send the packet to the second node along the ECMP route and subsequently receive the packet including telemetry data associated with the second node and a midpoint node of the ECMP route. Based at least in part on the telemetry data, the first node may determine a metric indicative of a performance measurement associated with the ECMP route.
This disclosure describes techniques and mechanisms for performing passive measurement for combined one-way latency, packet loss metrics along with liveness detection using customer data packets ingested at a sink node in hardware for Level 2 and Level 3 VPN services. The customer data packets are sampled and copied for measurement either at source node or sink node. The duplicated measurement packet headers are punted based on the IPV6 destination option type to hardware analytics engine at sink node for analytics that populates histogram bins using the timestamps from the packets. Using the transmitted packets during a period, and received packets in all the bins, packet loss is measured. Based on the packets received status, liveness state is detected by the sink node and notified to the source node.
The disclosed technology relates to a process of dynamically assigning operational parameters for access points within a CBRS (Citizen Broadband Radio Service) network. In particular, the disclosed technology monitors for and detects interference between nearby access points and user equipment devices that may belong to the same enterprise or to different enterprises. Machine learning processes are used to revise the operational parameters that were initially assigned by the Spectrum Access System (SAS). These processes are also used to suggest an updated set of operational parameters to the SAS for the access points. The dynamic assignment reduces interference experienced by the access point with respect to nearby other access points and/or nearby other user equipment. The dynamic assignment aims to improve a quality of communication between the access point and its associated user equipment.
Systems, methods, and computer-readable media are disclosed for dynamically adjusting a configuration of a pre-processor and/or a post-processor of a machine learning system. In one aspect, a machine learning system can receive raw data at a pre-processor where the pre-processor being configured to generate pre-processed data, train a machine learning model based on the pre-processed data to generate output data, process the output data at a post-processor to generate inference data, and adjust, by a controller, configuration of one or a combination of the pre-processor and the post-processor based on the inference data.
A composite connector includes modular data connectors, electrical power connectors, a fluid exchange connector, an alignment feature, and a housing. The modular data connectors include electrical data connectors and optical data connectors and are configured to carry data. The electrical power connectors are configured to carry electrical power, and the fluid exchange connector is configured to carry cooling fluid. The composite connector includes an alignment feature to align the composite connector with a complementary connector. The housing of the composite connector is configured to contain the modular data connectors, the electrical power connectors, the fluid exchange connector, and the alignment feature in a confined physical space.
The present disclosure is directed to managing industrial internet of things end points and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more switches to perform operations comprising: identifying a first end point using a protocol associated with the first end point, determining a classification for the identified first end point based on one or more attributes of the first end point, identifying one or more related end points having the classification in common with the first end point, segmenting the first end point with the identified one or more related end points, and applying one or more policies to the segmented first end point and the one or more related end points.
H04L 41/50 - Network service management, e.g. ensuring proper service fulfilment according to agreements
H04L 47/76 - Admission control; Resource allocation using dynamic resource allocation, e.g. in-call renegotiation requested by the user or requested by the network in response to changing network conditions
H04L 67/12 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Techniques for managing migrations of QUIC connection session(s) across proxy nodes, data centers, and/or private application nodes are described herein. A global key-value datastore, accessible by proxy nodes and/or application nodes, may store mappings between a first QUIC connection, associated with a proxy node and a client device, on the frontend of the proxy node and a second QUIC connection, associated with the proxy node and an application node, on the backend of the proxy node. With the global key-value datastore being accessible by the proxy nodes, when a proxy node receives a QUIC packet on the front end or the back end, the proxy node may determine where to map this connection to on the opposite end. Additionally, with the global key-value datastore being accessible to the application nodes, when an application node receives a QUIC packet, the application node may determine the client device associated with the connection.
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
H04L 61/4511 - Network directories; Name-to-address mapping using standardised directory access protocols using domain name system [DNS]
H04L 67/02 - Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
H04L 67/101 - Server selection for load balancing based on network conditions
H04L 67/1012 - Server selection for load balancing based on compliance of requirements or conditions with available server resources
The present technology is directed to signaling unreachability of a network device, more specifically, a prefix of the network device in network that utilizes route summarization. A pulse trigger agent can detect an unreachability of at least one Provider Edge (PE) device in a network domain of a network and determine that a route summarization is being used within the network where the unreachability of the at least one PE device is hidden by the route summarization. A pulse distribution agent can transmit a failure message informing other PE devices of the unreachability of the at least one PE device.
H04L 41/0654 - Management of faults, events, alarms or notifications using network fault recovery
H04L 41/0631 - Management of faults, events, alarms or notifications using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
H04L 41/0686 - Additional information in the notification, e.g. enhancement of specific meta-data
In some embodiments, operational characteristics-based container management may include receiving, by a device and from a container agent executing in a container environment, operational characteristics of an application instance executing in the container environment; determining, by the device and based on the operational characteristics, whether the application instance executing in the container environment is associated with a policy violation for application instances; generating, by the device, a notification of the policy violation when the device determines that the application instance is associated with the policy violation; and causing, by the device, the container environment to perform a mitigation action of the policy violation by the application instance.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Disclosed are systems, apparatuses, methods, and computer-readable media for configuring network groups without software-based processing and management. A method includes: validating veracity of a secure enclave based on a secure identify of the secure enclave using the instructions of a secure enclave predriver stored in a memory integral to a processor; establishing a secure connection with the secure enclave; retrieving at least one authentication key from the secure enclave; retrieving at least a portion of a bootstrapper from a secure storage based on the instructions of the secure enclave predriver; validating a veracity of the bootstrapper based on the at least one authentication key; initializing an external memory using the instructions of the bootstrapper; copying a bootloader from the secure storage into the external memory; validating a veracity of the bootloader based on the at least one authentication key; and executing the bootloader.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
In one embodiment, a method includes generating a security policy and converting the security policy into a chaos hypothesis. The method also includes initiating execution of the chaos hypothesis across a plurality of microservices within a technology stack. The method further includes receiving metrics associated with the execution of the chaos hypothesis across the plurality of microservices within the technology stack.
Systems and methods for providing system wide cyber security policies include providing a unified security policy to a distributed cloud environment that includes cloud, edge, and local infrastructure. The method includes identifying one or more assets and using telemetry and logs associated with the assets to determine one or more paths connecting the one or more assets. Once one or more paths are determined, the method produces a map of the paths and determines the level of compliance for each. The paths are ranked and a user, such as an administrator or CISO, may be informed of the rankings.
Techniques for memory access management in a distributed computing system are described herein. In some aspects, the techniques described herein relate to a method for memory access management in a distributed computing system, where the method includes: receiving a first request to execute a first operation using a distributed architecture and in a uniform memory access (UMA) mode, wherein the distributed architecture comprises a first processor, a first memory that is local to the first processor, and a second memory that is remote to the first processor; subsequent to receiving the first request and a first delay period, transmitting first data associated with the first operation to the first processor, wherein the first data is stored in the first memory; and subsequent to receiving the first request, transmitting second data associated with the first operation to the first processor, wherein the second data is stored in the second memory.
Methods and systems for encoding multi-level pulse amplitude modulated signals using integrated optoelectronics are disclosed and may include generating a multi-level, amplitude-modulated optical signal utilizing an optical modulator driven by first and second electrical input signals, where the optical modulator may configure levels in the multi-level amplitude modulated optical signal, drivers are coupled to the optical modulator; and the first and second electrical input signals may be synchronized before being communicated to the drivers. The optical modulator may include optical modulator elements coupled in series and configured into groups. The number of optical modular elements and groups may configure the number of levels in the multi-level amplitude modulated optical signal. Unit drivers may be coupled to each of the groups. The electrical input signals may be synchronized before communicating them to the unit drivers utilizing flip-flops. Phase addition may be synchronized utilizing one or more electrical delay lines.
H04B 10/516 - Transmitters - Details of coding or modulation
G02B 26/06 - Optical devices or arrangements for the control of light using movable or deformable optical elements for controlling the phase of light
G02B 26/08 - Optical devices or arrangements for the control of light using movable or deformable optical elements for controlling the direction of light
G02F 1/01 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulating; Non-linear optics for the control of the intensity, phase, polarisation or colour
G02F 1/21 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulating; Non-linear optics for the control of the intensity, phase, polarisation or colour by interference
G02F 1/225 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulating; Non-linear optics for the control of the intensity, phase, polarisation or colour by interference in an optical waveguide structure
H04B 10/079 - Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal using measurements of the data signal
Disclosed are systems, apparatuses, methods, and computer-readable media to address bearer loss during inter-radio access technology (RAT) handovers. A method includes sending a create bearer request for establishing a service for the mobile device using a first connection; receiving a create bearer response message to setup a second connection for the mobile device to continue the service; and, in response to the create bearer response message, sending an update bearer request message to provide the mobile device with the QoS information associated with the second connection, the QoS information allowing the mobile device to verify an existing QoS flow to continue the service after the handover. In some cases, a user equipment (UE) may delete a mapping between a QoS information when a previous message does not include an evolved packet core (EPC) bearer indicator (EBI) that identifies QoS policies.
Systems and techniques are provided for synchronizing DHCP snoop information. In some examples, a method can include, performing, by a first PE device from a plurality of PE devices, DHCP snooping of a first plurality of DHCP messages between a DHCP client and a DHCP server, wherein the plurality of PE devices is part of an ethernet segment for multihoming the DHCP client. In some aspects, the method includes determining, based on snooping the first plurality of DHCP messages, an association between an IP address corresponding to the DHCP client and a MAC address corresponding to the DHCP client. In some examples, the method includes sending, by the first PE device to at least one other PE device from the plurality of PE devices, a first route advertisement that includes the association between the IP address corresponding to the DHCP client and the MAC address corresponding to the DHCP client.
Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.
In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.
In one embodiment, a device determines one or more key-value pairs associated with observability data for an online application, and searches the observability data for events corresponding to the one or more key-value pairs. The device also builds a responsive event list with the events corresponding to the one or more key-value pairs within the observability data and sorts the responsive event list by associated timestamps to provide the responsive event list as a sequence of transactional milestones reached by one or more users of the online application.
A method for file system destinations includes obtaining events for storage on one or more of the storage systems. For each event, the method includes extracting at least one field value from the event, comparing the at least one field value to configurations of the storage systems to identify at least one storage system of the plurality of storage systems having a matching configuration, transmitting the event to an ingest module queue for the at least one storage system, selecting a partition for the event based on the at least one field value to obtain a selected partition, mapping the selected partition to a file using a partition mapping, and appending the event to the file on the at least one storage system.
Techniques for improved networking are provided. An access point (AP) determines an AP duty cycle based at least in part on transmission activity of a station (STA) associated to the AP. The AP duty cycle is signaled via one or more beacon frames transmitted by the AP. The AP exchanges data in accordance with the AP duty cycle, comprising exchanging data with the STA during one or more active periods indicated by the AP duty cycle, and sleeping during one or more inactive periods indicated by the AP duty cycle.
A method to achieve fast session transfer between radio access technologies. The method includes monitoring radio performance between an access point of a wireless local area network and a user equipment in a wireless local area network, and in response to detecting that the radio performance is below a predetermined threshold, the access point signaling the user equipment to scan for and access a cellular radio service.
A heterogeneous graph learning system generates and analyzes network implementations. The heterogeneous graph learning system includes obtaining information describing multiple network implementations including heterogeneous nodes. The heterogeneous graph learning system also includes generating a one-hop graph connecting a particular node of the heterogeneous nodes with a set of related nodes. The one-hop graph connects the particular node with the set of related nodes via corresponding edges. The heterogeneous graph learning system further includes transforming the one-hop graph into a weighted graph based on a Dynamic Meta Path Transformation (DMPT). In the DMPT, each of the corresponding edges connecting the particular node to a corresponding related node among the set of related nodes is associated with a corresponding weight.
H04L 41/12 - Discovery or management of network topologies
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
79.
ACTIVELY ALIGNED AND REFLOWABLE PLUGGABLE-CONNECTOR FOR PHOTONIC INTEGRATED CIRCUITS
Embodiments herein describe attaching (or bonding) alignment parts to a photonic die so that these alignment parts can then be used to passively align a FAU to the photonic die. In one embodiment, the alignment part (or parts) is aligned to a photonic die using a mounting FAU. The mounting FAU (along with the mated alignment parts) can then be actively aligned to the photonic die. When aligned, the alignment parts can be bonded (e.g., using cured epoxy) to the photonic die. The mounting FAU can then be lifted off, leaving the alignment parts attached to the photonic die. Later, a final product FAU (which may have a different shape than the mounting FAU) can then be passively aligned to the photonic die using the previously mounted alignment part or parts.
Devices, systems, methods, and processes for conducting sustainability-aware virtual meetings are described herein. When establishing virtual meetings, each of the participants can have various devices, locations, histories, and other data associated with them. This data can be packaged together as a user profile which can be transmitted to a virtual meeting service or a host that can receive the various user profiles and generate a meeting profile that can be utilized to maximize the overall sustainability of the virtual meeting. The meeting profile can include configuration suggestions that can be transmitted out to each corresponding device of the participants to either prompt or automatically adjust one or more settings, features, or other configuration, such as energy-saving features, that can increase the overall sustainability. These conditions can be monitored during the meeting and adjusted dynamically in response to changing conditions. In response, devices can adjust configurations or alter audio/video transmissions.
Provided herein are techniques to facilitate conflict management in a shared Open Radio Access Network (O-RAN) architecture. In one instance, a method can be performed by a conflict manager of a near-real-time RAN intelligent controller of a shared RAN including radio unit (RU) nodes provided by a host operator. The method can include obtaining each of a requested radio unit (RU) configuration from each of a distributed unit (DU) node operated by each of a tenant operator and determining whether there are any conflicts among RU configuration parameters for each requested RU configuration. In one instance, upon determining one or more conflicts among the RU configuration parameters for each requested RU configuration, the method may include providing a response to each DU node indicating that each DU node is allowed to configure the plurality of RU nodes using each requested RU configuration in accordance with a modification.
A dual purpose electric charging station that includes a housing, a network interface configured to enable network communications and an electric charging interface configured to connect to an electric vehicle to charge a battery of the electric vehicle. The electric charging station further includes at least one server that is housed within the housing and includes at least one processor configured to perform one or more data center functions and a power module that distributes power to the electric charging interface and to the at least one server. Methods are also provided for a dual-purpose electric charging station that charges an electric vehicle and performs one or more functions of a cloud data center.
Embodiments provide for a tunable driving circuit by monitoring a frequency of a ring oscillator of an electrical integrated circuit connected to an optical modulator to determine operational characteristics of the electrical integrated circuit; setting, based on the operational characteristics, a driving voltage for a plurality of tunable inverters and a plurality of fixed gain inverters that control the optical modulator, wherein each tunable inverter of the plurality of tunable inverters is connected in parallel with a corresponding fixed gain inverter of the plurality of fixed gain inverters on one of a first arm and a second arm connected to the optical modulator; and setting an amplification strength for the plurality of tunable inverters based on the operational characteristics.
H03K 5/24 - Circuits having more than one input and one output for comparing pulses or pulse trains with each other according to input signal characteristics, e.g. slope, integral the characteristic being amplitude
84.
System and Method for Adaptive Encryption for SD-WAN
A system and method for adaptive encryption for SD-WAN includes identifying an encrypted conversational flow and determining whether a duration of the encrypted conversational flow exceeds a threshold. The method also includes selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold. The method further includes transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.
A user device connected to a wireless network maintains session persistence through a MAC address change of a user device. The user device establishes a multi-path communication session including a first subflow associated with a first MAC address for the user device. When the user device changes from the first MAC address to a second MAC address. the user device establishes a second subflow of the multi-path communication session. The second subflow is associated with the second MAC address. After establishing the second subflow associated with the second MAC address, the user device ends the first subflow associated with the first MAC address.
Techniques are provided for client-driven Randomized and Changing Media Access Control (MAC) address (RCM) mechanisms. In one example, a wireless client is configured to wirelessly communicate with a wireless network. The wireless client obtains data relating to a level of security for one or more MAC addresses of the wireless client. Based on the data, the wireless client computes a score that represents the level of security for the one or more MAC addresses. Using the score, the wireless client determines when or how frequently to rotate the one or more MAC addresses. Based on determining when or how frequently to rotate the one or more MAC addresses, the wireless client rotates the one or more MAC addresses.
Techniques for leveraging a distributed Domain Name System (DNS) infrastructure for preserving Personally Identifiable Information (PII) data by creating a hash to policy pair (HPP) database on premises at an enterprise organization. A policy engine hosted on premises at an enterprise organization applies a cryptographic hash function to metadata including PII associated with a client of the enterprise organization to generate a client hash value. The HPP is created by mapping the client hash value to a set of DNS policy instructions associated with the client and stored in the HPP database. The HPP database in published to a DNS security service, such that the DNS security service can resolve a DNS query for the client of the enterprise organization absent knowledge of the PII associated with the client by mapping the client hash value included in the DNS query to the client HPP in the HPP database.
In one embodiment, a method includes receiving power delivered over a data fiber cable at an optical transceiver installed at a network communications device and transmitting data and the power from the optical transceiver to the network communications device. The network communications device is powered by the power received from the optical transceiver. An apparatus is also disclosed herein.
H04B 10/80 - Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups , e.g. optical power feeding or optical transmission through water
G02B 6/38 - Mechanical coupling means having fibre to fibre mating means
G02B 6/42 - Coupling light guides with opto-electronic elements
H02J 50/30 - Circuit arrangements or systems for wireless supply or distribution of electric power using light, e.g. lasers
H02J 50/80 - Circuit arrangements or systems for wireless supply or distribution of electric power involving the exchange of data, concerning supply or distribution of electric power, between transmitting devices and receiving devices
H02S 40/38 - Energy storage means, e.g. batteries, structurally associated with PV modules
Provided herein are techniques to provide per-enterprise subscriber data management (SDM) in multi-tenant network environment. In one instance, a method may include obtaining, by an SDM system, input information indicating SDM services requested for an enterprise entity in which the input information includes a multi-tenancy service attribute for the enterprise entity and indicates whether subscriber data for is to be provided on-premise for the enterprise entity. The method may further include identifying a particular SDM service of the SDM system for storing the subscriber data, deploying the particular SDM service via the SDM system, and deploying one or more on-premise SDM services at each of one or more on-premise locations of the enterprise entity for storing the subscriber data based on determining that the subscriber data is to be provided on-premise for the enterprise entity.
Embodiments described herein provide for improved detection and correction of a polarity mismatch/swapped fiber without requiring manual intervention. The optical transceivers and methods provide improved detection and correction by determining receive (Rx) optical signals for an optical connection are not detected in a Rx path in an optical transceiver and, upon detecting the crossover Rx optical signals in the Tx path, implementing a crossover correction scheme in the optical transceiver to enable optical connections.
H04B 10/079 - Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal using measurements of the data signal
H04B 10/038 - Arrangements for fault recovery using bypasses
A method, computer system, and computer program product are provided for facilitating radio access network integration with data centers. Mobile network configuration information is obtained identifying threshold latency and distance criteria and network function operating criteria. Data center information is obtained for a plurality of data centers. Latencies between a plurality of radio base stations and the plurality of data centers are determined. A primary data center and a backup data center are selected to interconnect with each radio base station based on a geographical distance between each data center and each radio base station satisfying the threshold distance and latency criteria. Network function pool configuration information is generated for the primary data center and the backup data center. A domain name system (DNS) server and a network repository function (NRF) are configured based on the network function pool configuration information.
Devices, systems, methods, and processes for sustainably operating a plurality of network planes via de-energization and re-energization is described herein. In many network configurations, a plurality of planes exist that allow for more modular connections in a network fabric. Often, these planes are configured such that each plane is not directly connected to another plane. Because of this, various embodiments described herein can evaluate network conditions and determine if there are conditions suitable to de-energize a plane by either directing the plane to enter a lower-power mode, by shutting off the plane, or disconnecting the available power. This de-energization period can be for a period of time or can occur until a triggering event is detected that indicates that the plane should be re-energized. These determinations can be done based on current traffic trends or historical conditions. They may also be heuristic-based or generated via one or more machine-learning processes.
In one aspect, the present disclosure is directed to a method that includes receiving, at an edge component of a cloud-based secure access service, a corresponding access designation for each of a plurality of endpoints, each access designation specifying a type of access a corresponding endpoint has to remaining ones of the plurality of endpoints and other accessible network resources; based on the corresponding access designation of each of the plurality of endpoints, updating a routing table at the edge component, to include routing information for a subset of the plurality of endpoints having access to at least one other endpoint of the plurality of endpoints or to the other accessible network resources; and enabling routing of network traffic, via the cloud-based secure access service, between any number of the plurality of endpoints based at least in part on the routing table.
Embodiments herein describe an electro-optic waveguide having a multi-mode multi-pass phase shifter (MMPS) tuner, one or more two-mode Bragg gratings, and one or more selective evanescent couplers. An input signal having a fundamental mode is reflected by the one or more Bragg gratings and tuned by the MMPS tuner. In this manner, the electro-optic waveguide isolates the higher order modes of the input signal. The one or more selective evanescent couplers capture an output signal having the highest order mode and reduces the mode of the output signal to the fundamental mode.
Techniques for, among other things, embedding metadata in network traffic without having to implement an overlay network. By way of example, and not limitation, the techniques described herein may include receiving an Ethernet packet at a network node and determining that a preamble of the Ethernet packet includes metadata. The metadata may, in some examples, be associated with the Ethernet packet itself, a flow that the Ethernet packet belongs to, etc. Based at least in part on the metadata, a policy decision may be made for handling the Ethernet packet, and the Ethernet packet may be handled in accordance with the policy decision.
Presented herein are a system and secure device onboarding techniques. A Connectivity Management Platform (CMP) receives a request for an access token that includes a user identifier, a customer organization identifier, and an authorization code from a Device Management Platform (DMP), verifies the authorization code, queries an enterprise server using the user identifier and the customer organization identifier to confirm the user belongs to the customer organization, generates the access token, stores the access token in an authentication datastore, and transmits the access token to DMP. The CMP receives a provisioning request including an eSIM identifier of a device and an access token from the DMP, verifies the access token, obtains a customer organization identifier based thereon, queries an enterprise server using the eSIM identifier and the customer organization identifier to confirm the device belongs to the customer organization, and facilitates secure provisioning of the device with an eSIM profile.
Devices, systems, methods, and processes for sustainably deploying serverless functions across the globe are described herein. Often, when considering sustainability options for cloud-based service providers that can accept and operate serverless functions from various sources, the power source type can be considered. In many cases, solar-powered power sources can be desired, but is only available during the day. Thus, it may be desirable to consider where the location of a cloud-based service provider is located in relation to the daylight time. Thus, various data related to the power being utilized to power the cloud-based service provider location can be determined and utilized when comparing potential locations to deploy serverless functions. In some cases, a sustainability score can be generated based on this sustainability data and a sustainability profile that can be compared against other locations to determine the most suitable cloud-based service provider to deploy the serverless function onto.
Techniques to add environmental-impact and energy sustainability criteria and support to service function chains (SFCs). These techniques enabling steering of network traffic that carries energy sustainability related metadata within in an SFC based on energy sustainability or “green criteria.” This allows for achieving, for example, so-called “green Operations, Administration and Maintenance (OAM)”, whether realized with Network Service Header (NSH), Segment Routing, Multi-protocol Label Switching (MPLS), etc. In other words, these techniques enhance service functions (SFs) and SFCs to allow for finding an energy sustainable or green path in an SFC, and to allow for conveying environmental information as in-line metadata.
In one embodiment, a method includes acquiring an Internet Protocol version 6 (IPv6) address for a physical interface of a first network element. The method also includes configuring an Internet Protocol version 4 (IPv4) over IPv6 tunnel between the first network element and a second network element using the physical interface of the first network element. The method also includes acquiring an updated IPv6 address for the physical interface of the first network element and using an IPv6 Service Level Agreement (SLA) Hypertext Transfer Protocol (HTTP) operation to notify the second network element of the updated IPv6 address to establish a bidirectional IPv4 over IPv6 tunnel. The method further includes establishing a control connection with an IPv4 SD-WAN controller and automatically building an SD-WAN overlay tunnel with the bidirectional IPv4 over IPv6 tunnel as a transport.
Techniques for combining the functionality of fabric interconnects and switches (e.g., Top-of-Rack (ToR) switches) into one network entity, thereby reducing the number of devices in a fabric and complexity of communications in the fabric. By collapsing FI and ToR switch functionality into one network entity, server traffic may be directly forwarded by the ToR switch and an entire tier is now eliminated from the topology hierarchy which may improve the control, data, and management plane. Further, this disclosure describes techniques for dynamically managing the number of gateway proxies running on one or more computer clusters based on a number of managed switch domains.
H04L 41/04 - Network management architectures or arrangements
H04L 41/046 - Network management architectures or arrangements comprising network management agents or mobile agents therefor
H04L 41/0806 - Configuration setting for initial configuration or provisioning, e.g. plug-and-play
H04L 41/34 - Signalling channels for network management communication
H04L 45/00 - Routing or path finding of packets in data switching networks
H04L 45/741 - Routing in networks with a plurality of addressing schemes, e.g. with both IPv4 and IPv6
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
H04L 61/5038 - Address allocation for local use, e.g. in LAN or USB networks, or in a controller area network [CAN]
H04L 67/567 - Integrating service provisioning from a plurality of service providers