In one embodiment, a method includes onboarding, by an edge router, a first tenant from a network management system and determining, by the edge router, a mapping of a tenant identifier associated with the first tenant to a controller identifier associated with a controller. The method also includes reserving, by the edge router, a port number in a kernel for the first tenant and inserting, by the edge router, the tenant identifier into a first control packet. The method further includes communicating, by the edge router, the first control packet to the controller via an encrypted control connection during a first peering session. The first peering session shares the encrypted control connection with a second peering session.
According to an embodiment, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations. The operations comprise determining that an endpoint device has requested to discover a location of a protected resource that is protected by a gateway, determining whether the endpoint device has provided a token that is valid, and permitting the endpoint device to discover the location of the protected resource based on determining that the endpoint device has provided the token that is valid. The token indicates that the endpoint device successfully completed a first multi-factor authentication procedure in connection with accessing an authentication enforcement resource.
In one embodiment, a method includes identifying a problematic event between a first interest point and a second interest point of a network and activating, in response to identifying the problematic event between the first interest point and the second interest point, a first endpoint associated with the first interest point and a second endpoint associated with the second interest point. The method also includes receiving, from the first endpoint and the second endpoint, telemetry data associated with a problematic path between the first interest point and the second interest point. The method further includes determining the problematic path between the first interest point and the second interest point using the telemetry data received from the first endpoint and the second endpoint.
In one embodiment, a method includes receiving energy efficiency data from a plurality of nodes within a network. The method also includes determining an energy efficiency node quotient for each of the plurality of nodes within the network to generate a plurality of energy efficiency node quotients and determining an energy efficiency path quotient for each of a plurality of paths within the network to generate a plurality of energy efficiency path quotients. The method further includes determining one or more policies associated with the plurality of paths and selecting a path from the plurality of paths based at least on the plurality of energy efficient path quotients and the one or more policies.
H04L 43/0817 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
H04L 43/10 - Active monitoring, e.g. heartbeat, ping or trace-route
According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.
G06F 21/76 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
The present disclosure is directed to a centralized control policy for multicast replicator selection. Methods include receiving multicast advertisements from a plurality of edge devices configured with multicast protocol, each multicast advertisement including information indicating whether an associated edge device is a replicator; analyzing multicast advertisements from the plurality of edge devices to identify one or more replicators; receiving a centralized policy configuration associated with at least one control policy that includes a preference related to selection of at least one replicator from the identified one or more replicators, the preference applicable to a defined set of edge devices from the plurality of edge devices; and updating at least one multicast advertisement with the control policy for transmission to the defined set of edge devices, the updated at least one multicast advertisement indicating the preference for replicator selection for the defined set of edge devices based on the control policy.
The present technology discloses methods, systems, and non-transitory computer-readable media for defining, for a network primitive in a network domain, whether the network primitive can receive data carrying an assigned context associated from one or more source nodes through a software-defined wide area network (SDWAN) fabric overlay; advertising a capability of the network primitive, the capability stating whether the network primitive can receive the data carrying the assigned context; and controlling selective transmission of the data carrying the assigned context from the one or more source nodes to the network primitive through the SDWAN fabric overlay based on the capability of the network primitive to receive the data carrying the assigned context.
8.
FUNCTION-AS-A-SERVICE (FAAS) MODEL FOR SPECIALIZED PROCESSING UNITS
A server that includes a graphics processing unit (GPU) may receive, from a first application that is remote from the server, a first request to reserve a first number of cores of the GPU for a first amount of time. The server may also receive, from a second application that is also remote from the server, a second request to reserve a second number of cores of the GPU for a second amount of time that at least partly overlaps the first amount of time. The server may determine that the first request is associated with a higher priority than the second request and, in response, may reserve the first number of cores for the first amount of time for the first application. The server may send, to the first application, an indication that the first number of cores have been reserved as requested by the first application.
The present technology discloses systems, methods, and computer-readable media to establish at least one target for a network, the target including at least one of an ingress parameter or an egress parameter and a policy for network packets; receive at least one network packet on the network; search for at least one matching target from the at least one targets, the at least matching target comprising parameters that match the at least one network packet; apply a policy in the at least one matching target to the at least one network packet; and forward the at least one network packet in accordance with the policy.
Techniques for routing data packets through service chains within and between public cloud networks of multi-cloud fabrics. A router in a network, e.g., a public cloud network, receives data packets from nodes in the network through segments of the network. Based at least in part on (i) a source address of the data packet, (ii) a destination address of the data packet, and (iii) an identity of the segments of the network from which the data packets are received, the router determines a next node in the network to which the data packet is to be forwarded. The router may then forward the data packet through another segment of the network to the next node and then receive the data packet from the next node through the another segment.
11.
DYNAMIC FIREWALL DISCOVERY ON A SERVICE PLANE IN A SDWAN ARCHITECTURE
The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.
In one embodiment, a method includes receiving non-Internet Protocol (IP) traffic from one or more non-IP traffic sources. The method also includes terminating the non-IP traffic and re-originating the non-IP traffic as first IP traffic in accordance with one or more software- defined networking in a wide area network (SD-WAN) protocols. The method further includes communicating the first IP traffic to an SD-WAN link in accordance with one or more SD- WAN policies.
According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising: receiving location data associated with a plurality of remote users accessing one or more existing remote access gateways that are located at one or more network locations; building a heatmap of user locations based at least in part on the received location data; and identifying, from the heatmap of user locations, at least one new network location in which to generate at least one new remote access gateway, or at least one existing network location in which to remove at least one of the existing remote access gateways.
H04L 41/122 - Discovery or management of network topologies of virtualised topologies e.g. software-defined networks [SDN] or network function virtualisation [NFV]
H04L 41/0895 - Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.
The present disclosure is directed to a peer node discovery process whereby a network management node can discover peers of inaccessible nodes that have lost connectivity to the network management node over the control plane and receive health report of the inaccessible nodes via the discovered peers. In one example, a method includes detecting a loss of connectivity to a network node; based on a type of the network node, performing one of a first process or a second process to obtain a health report of the network node, the first process and the second process including identification of at least one corresponding peer node from which the health report of the network node is to be received; and analyzing the health report to determine root cause of the loss of connectivity.
H04L 41/0631 - Management of faults, events, alarms or notifications using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
H04L 43/20 - Arrangements for monitoring or testing data switching networks the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV
H04L 43/065 - Generation of reports related to network devices
16.
SYSTEMS AND METHODS FOR PROVIDING BIDIRECTIONAL FORWARDING DETECTION WITH PERFORMANCE ROUTING MEASUREMENTS
Disclosed is a first device and a second device each sending BFD echo request packets in an initial stage of establishing communication between the two devices. A method can include determining that a certain mode is detected, such as a low bandwidth mode. The method can be practiced by one or both of the devices or a separate network controller. Based on the detection of the certain mode or the communication link being in a certain mode, the method includes the first device or the second device electing to be a master or a slave. Upon establishing that one of the devices is the master and the other of the devices is a slave, only the master will send BFD echo request packets.
The present disclosure is directed to management of migration of SD-WAN solutions in a multi-cloud structure upon detection of a failover event. In one aspect, a method includes monitoring, using virtual bonds of a network orchestration component, clusters of virtual management components of multiple cloud networks, corresponding virtual management components of one of the multiple cloud networks implementing one or more services of a Software-Defined Wide Access Network (SD-WAN) solution; detecting, using the virtual bonds, a failover event at the one of the multiple cloud networks; and identifying, by the virtual bonds, a new destination cloud network to migrate the one or more services of the SD-WAN solution to, from a source cloud network at which the failover event is detected.
H04L 41/0668 - Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
H04L 41/40 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
According to some embodiments, a method performed by a first software defined wide area network (SD-WAN) edge router communicably coupled to a public network comprises: receiving a transport location (TLOC)-extension configuration for a known interface of the first edge router; detecting a second edge router attempting to connect to the known interface of the first edge router; and transmitting, to the second edge router, configuration information for the second edge router so that the second edge router is able to communicate with the public network through a TLOC-extension with the first edge router. In some embodiments, the second edge router receives device configuration information (e.g., PnP, ZTP, etc.) from the public network via the TLOC-extension.
H04L 41/0806 - Configuration setting for initial configuration or provisioning, e.g. plug-and-play
H04L 41/40 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
In one embodiment, a method includes providing a first profile to a plurality of edge routers of the SD-WAN, the plurality of edge routers operable to interface a plurality of devices to the SD-WAN. The first profile enables the plurality of edge routers to discover which devices of the plurality of devices support a first application. The method includes receiving, from one or more of the edge routers, information indicating which devices of the plurality of devices support the first application and building a first application fabric based on the information indicating which devices of the plurality of devices support the first application.
H04L 41/122 - Discovery or management of network topologies of virtualised topologies e.g. software-defined networks [SDN] or network function virtualisation [NFV]
H04L 43/065 - Generation of reports related to network devices
20.
SYSTEMS AND METHODS PROVIDING A MULTI-CLOUD MICROSERVICES GATEWAY USING A SIDECAR PROXY
A method includes, in a constellation of clients including a first client and a second client, receiving, at the first client, a connection request from the second client, retrieving endpoint reachability data associated with the second client and transmitting, to a server, a connection request based on the endpoint reachability data. The first client receives, from the server and based on the connection request, endpoint reachability information associated with the second client and starts a bidirectional connection with the second client. A direct or indirect tunnel is established between the first client and the second client. The tunnel is set up based on a table which maps a first connectivity option associated with the first client to a second connectivity option associated with the second client to determine whether to establish the direct tunnel or the indirect tunnel between the first client and the second client.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 61/2589 - NAT traversal over a relay server, e.g. traversal using relay for network address translation [TURN]
In one embodiment, a method includes detecting a request to route traffic to a service associated with an application. The method also includes identifying an application identifier associated with the application and selecting, using the application identifier, a label from a plurality of labels included in a routing table. The label includes one or more routes. The method further includes routing the traffic to the service associated with the application using the label.
In one embodiment, a router includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the router to perform operations including receiving software-defined networking in a wide area network (SD-WAN) policies from a component of an SD-WAN network. The operations also include establishing a session with a mobile device and receiving information associated with the mobile device in response to establishing the session with the mobile device. The operations further include filtering the SD-WAN policies based on the information associated with the mobile device to generate SD-WAN device-specific policies and communicating the SD-WAN device-specific policies to the mobile device.
Methods are provided for decentralized key negotiation. One method includes initiating, by a first Internet Key Exchange (IKE) node from among a plurality of IKE nodes, a rekeying process for an Internet Protocol Security (IP Sec) communication session established with a client device and serviced by a second IKE node from among the plurality of IKE nodes, and in which a first encryption key is used to encrypt traffic. The method further includes obtaining, by the first IKE node from a key value store, information about the IPSec communication session and performing, by the first IKE node, at least a part of the rekeying process in which the first encryption key is replaced with a second encryption key for the IPSec communication session.
Multi-tenant optimized serverless placement using network interface card and commodity storage may be provided. A first request to execute a first function may be received. Next, it may be determined to execute the first function at a first network interface card. The first network interface card may include a plurality of processors. Then, a container may be created at the first network interface card. The container may have at least one processor of the plurality of processors. The first function may be executed at the container.
Systems, methods, and computer-readable storage media are provided for using service affinity for application placement. A method includes evaluating, using a netflow module within an orchestrator, flows coming in and out of deployed services within a multi-node network to yield an evaluation. Based on the evaluation, the method includes determining an affinity between respective services of the deployed services to yield a traffic matrix and, based on the traffic matrix, at a placement module, determining on which nodes within the multi-node network to place one or more applications. Determining the affinity can be performed at at least a first level and a second level. The first level can include an individual container or virtual machine level and the second level can include a service description level.
The disclosed technology relates to a process for zero touch provisioning to provide cloud enablement of legacy computing devices. Specifically, the disclosed technology provides the ability to automate the process of connecting computing devices that may not originally have the capabilities to connect to the Internet so that the computing devices can be managed by a cloud network or be provided updates by the cloud network. The cloud enablement for computing devices is performed by modifying the computing device with hardware and software that would direct the computing device to establish secure communications with the cloud network without user involvement.
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
H04W 8/18 - Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
Systems and methods provide for optimizing video review using motion recap images. A video review system can identify background image data of a video clip including an amount of motion satisfying a motion threshold. The video review system can generate foreground mask data segmenting foreground image data, representing a moving object in the video clip, from the background image data. The video review system can select a set of instances of the moving object represented in the foreground image data. The video review system can generate a motion recap image by superimposing the set of instances of the moving object represented in the foreground image data onto the background data.
In one embodiment, a system includes a central hub comprising a power source, a data switch, a coolant system, and a management module, a plurality of network devices located within an interconnect domain of the central hub, and at least one combined cable connecting the central hub to the network devices and comprising a power conductor, a data link, a coolant tube, and a management communications link contained within an outer cable jacket.
G02B 6/38 - Mechanical coupling means having fibre to fibre mating means
H01B 11/22 - Cables including at least one electrical conductor together with optical fibres
H01R 13/00 - ELECTRICALLY-CONDUCTIVE CONNECTIONS; STRUCTURAL ASSOCIATIONS OF A PLURALITY OF MUTUALLY-INSULATED ELECTRICAL CONNECTING ELEMENTS; COUPLING DEVICES; CURRENT COLLECTORS - Details of coupling devices of the kinds covered by groups or
In one embodiment, an apparatus comprises an input power interface for receiving input power, a power control system for transmitting DC (Direct Current) pulse power on multiple phases over a cable to a plurality of powered devices and verifying cable operation during an off-time of pulses in the DC pulse power, and a cable interface for delivery of the DC pulse power on the multiple phases and data over the cable to the powered devices. A method for transmitting multiple phase pulse power is also disclosed herein.
Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.
The present technology provides a system, method and computer readable medium for steering a content request among plurality of cache servers based on multi-level assessment of content popularity. In some embodiments a three levels of popularity may be determined comprising popular, semi-popular and unpopular designations for the queried content. The processing of the query and delivery of the requested content depends on the aforementioned popularity level designation and comprises a acceptance of the query at the edge cache server to which the query was originally directed, rejection of the query and re-direction to a second edge cache server or redirection of the query to origin server to thereby deliver the requested content. The proposed technology results in higher hit ratio for edge cache clusters by steering requests for semi-popular content to one or more additional cache servers while forwarding request for unpopular content to origin server.
H04N 21/231 - Content storage operation, e.g. caching movies for short term storage, replicating data over plural servers or prioritizing data for deletion
In one embodiment, an apparatus includes an interface for transmitting pulse power and data to a powered device over a wire pair and a controller for receiving input identifying power transitions in the pulse power and suspending data transmission during the power transitions. A method is also disclosed herein.
In one embodiment, a method includes transmitting data on two wire pairs carrying pulse power, wherein the pulse power comprises a plurality of voltage pulses with the voltage pulses on the wire pairs offset between the wire pairs to provide continuous power and identifying transitions between at least one of a pulse-on time and a pulse-off time, and a pulse-off time and a pulse-on time on at least one of the wire pairs. Data transmission on the wire pair is controlled during the identified transitions on the wire pair to prevent interference between the pulse power and the data.
Technologies for multi-cloud routing and policy interconnectivity are provided. An example method can include assigning different sets of data plane routers to data plane traffic associated with different address spaces in a cloud site of a multi-cloud fabric to yield a distributed mapping of data plane traffic and data plane routers. The method can further include providing, to an on-premises site in the multi-cloud fabric, routing entries from a control plane router on the cloud site, the routing entries reflecting the distributed mapping and identifying, for each address space, which data plane router handles data plane traffic for that address space; and when a data plane router is deployed at the cloud site, providing, to the on-premises site, updated routing information from the control plane router, the updated routing information identifying the data plane router as a next hop for data plane traffic associated with a respective address space.
Systems and methods provide for provisioning a dynamic intent-based firewall. A network controller can generate a master route table for network segments reachable from edge network devices managed by the controller. The controller can receive zone definition information mapping the network segments into zones and Zone-based Firewall (ZFW) policies to apply to traffic between a source and destination zone specified by each ZFW policy. The controller can evaluate a ZFW policy to determine first edge network devices that can reach first network segments mapped to the source zone specified by the ZFW policy, second edge network devices that can reach second network segments mapped to the destination zone specified by the ZFW policy, and routing information (from the route table) between the first network segments, the first and second edge network devices, and the second network segments. The controller can transmit the routing information to the edge network devices.
Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.
Systems and methods provide for end-to-end identity-aware routing across multiple administrative domains. A first ingress edge device of a second overlay network can receive a first encapsulated packet from a first egress edge device of a first overlay network. The first ingress edge device can de-encapsulate the first encapsulated packet to obtain an original packet and a user or group identifier. The first ingress edge device can apply a user or group policy matching the user or group identifier to determine a next hop for the original packet. The first ingress edge device can encapsulate the original packet and the user or group identifier to generate a second encapsulated packet. The first ingress edge device can forward the second encapsulated packet to the next hop.
A request is received from a client device to connect to a wireless network associated with a cloud computing device. A first notification is received to indicate that a first client transaction has started. Using a first timer, a first timestamp associated with a start time of the first client transaction is identified. A first data frame having the first client transaction and the first timestamp is generated. A second notification indicating that the first client transaction has completed is received. Using the first timer, a second timestamp associated with an end time of the first client transaction is identified. Using the second timestamp, the first data frame is updated using the second timestamp. The first data frame is sent to the cloud computing device.
A Software-Defined Networking (SDN)-based "upstream" approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.
Systems and methods provide for determining unique identities of endpoints across L3 networks. For example, a first networking device of a network management system in a first L3 network can receive a mapping of a first L3 network address to a first L2 network address from a second networking device in a second L3 network. The system can determine that the first L2 network address is associated with a third networking device. The system can receive a mapping of the L3 address to a second L2 network address from the third device. The system can determine that the second L2 address is associated with an endpoint. The system can store the L3 address and the second L2 address as an identity of the endpoint. The system can present network utilization information of the endpoint using traffic to/from the L3 address correlated to the endpoint based on its identity.
H04L 41/0853 - Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
H04L 41/12 - Discovery or management of network topologies
H04L 41/142 - Network analysis or design using statistical or mathematical methods
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
41.
SYSTEM AND METHOD FOR MIGRATING AN APPLICATION CONTAINER BETWEEN NODES ON A NETWORK
Systems, methods, and computer-readable media for migrating an application container between nodes on a network while serving incoming request streams are disclosed. An interest packet for an application container may be received at an origin node from a destination node sent over an information centric network, the interest packet including a request for migrating the application container to the destination node. In response, the origin node may transfer a copy of the application container over the network and to the destination node. The origin node can then shut down the application container and transmit over interim network nodes and to the destination node, any remaining container state. The destination node may then update a routing plane for the information-centric network for routing network traffic for the application container to the destination node.
H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
42.
REDUCING DISTRIBUTED STORAGE OPERATION LATENCY USING SEGMENT ROUTING TECHNIQUES
Systems, methods, and computer-readable media for reducing distributed storage operation latency using segment routing. In some examples, a method can involve receiving, from a client, a message identifying an intent to store or retrieve data on a distributed storage environment, and sending to the client a segment routing (SR) list identifying storage node candidates for storing or retrieving the data. The method can involve steering a data request from the client through a path defined by the SR list based on a segment routing header (SRH) associated with the request, the SRH being configured to steer the request through the path until a storage node from the storage node candidates accepts the request. The method can further involve sending, to the client device, a response indicating that the storage node has accepted the request and storing or retrieving the data at the storage node that accepted the request.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
H04L 67/1095 - Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
43.
SERVICE TRAFFIC REPLICATION AND DYNAMIC POLICY ENFORCEMENT IN A MULTI-CLOUD SERVICE MESH
In an embodiment, a data processing method comprises receiving, at a BIER replicator node that is programmed to implement Bit Index Explicit Replication (BIER) protocol, from a data source, a multicast stream packet identifying a service-level multicast group address; using the BIER replicator node, replicating the multicast stream packet according to BIER protocol and transmitting two or more replicated packet streams to two or more BIER receiver nodes that are programmed to implement BIER; using the two or more BIER receiver nodes, transmitting the two or more replicated packet streams to two or more receivers. Other embodiments may use modified iOAM (In-situ Operations, Administration, and Maintenance) techniques comprising: using the source, encapsulating an iOAM header and placing in the header one of: an identifier of a replicator policy; a definition of a replicator policy expressed in a symbolic language; receiving the iOAM header at one or more of the BIER replicator nodes; at a particular one of the replicator nodes, performing one of: reading the identifier of the replicator policy, retrieving a pre-defined packet replication policy that matches the identifier, and executing the pre-defined packet replication policy to dynamically adjust packet processing behavior of the particular one of the BIER replicator nodes; or parsing the definition of the replicator policy in the symbolic language to yield a new packet replication policy, and executing the new packet replication policy to dynamically adjust packet processing behavior of the particular one of the BIER replicator nodes.
Systems, methods, and computer-readable media for providing multi-cloud connectivity. A method can involve adding a new virtual private cloud (VPC) to a multi-cloud environment including a private network and VPCs connected to the private network via a segment routing (SR) domain and respective virtual routers on the VPCs and the private network. The method can involve deploying a new virtual router on the new VPC, registering the new virtual router at a BGP controller in the multi-cloud environment, and receiving, at the BGP controller, topology information from the new virtual router. The method can further involve identifying routes in the multi-cloud environment based on paths computed based on the topology information, sending, to the new virtual router, routing information including the routes, SR identifiers and SR policies, and based on the routing information, providing interconnectivity between the private network, the VPCs, and the new VPC.
H04L 41/5041 - Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
The present technology is directed to a system and method for application aware management and recovery of link failures resulting from excessive errors observed on the link. One aspect of the proposed technology is based on identification of link errors associated with application-specific data patterns traversing link. Other aspects involve corrective actions based on relocation or modification of specific application traffic to thereby alleviate the observed excessive link errors and prevent a link failure or shut down. Relocation may involve moving the source application to a different virtual machine/container/physical device or rerouting application traffic by updating relevant routing protocols. Modification may involve harmlessly changing payload data pattern to remove data-pattern dependent signal attenuation. Information corresponding to identified faulty payload data patterns and associated frame data quality parameters maybe stored and utilized to provide analytics evaluation of network wide physical resource issues that maybe affecting application traffic.
H04L 41/0668 - Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
H04L 43/0817 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
H04L 45/28 - Routing or path finding of packets in data switching networks using route fault recovery
H04L 47/2475 - Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
H04L 47/26 - Flow control; Congestion control using explicit feedback to the source, e.g. choke packets
H04L 69/40 - Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
H04L 41/069 - Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 43/0811 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
Disclosed are systems, methods, and computer-readable media for a hybrid cloud structure for machine-learning based object recognition. In one aspect, a system includes one or more video-capable access points; and one or more processors configured to receive image data from the one or more video-capable access points; perform, at a first processor of the one or more processors, a first process to detect one or more objects of interest in the image data; generate vector IDs for one or more objects detected in the image data; perform, at a second processor of the one or more processors, a second process to identify the one or more objects in the vector IDs; and generate at least one offline trail for the one or more objects based on statistics associated with the one or more objects identified.
Techniques for provisioning multicast chains in a cloud-based environment are described herein. In an embodiment, a system sends a model of an application comprising sources, destinations, and virtualized appliances for initiation by host computers to a software- defined networking (SDN) controller. The SDN controller determines locations for the virtualized appliances and generates an updated model of the application, the updated model comprising the locations for the virtualized appliances. The SDN controller sends the updated model to the orchestration system. The orchestration system uses the updated model to generate a mapping of virtualized appliances to available host computers. Using the mapping of virtualized appliances to available host computers, the orchestration system sends instructions for initiating the virtualized appliances on the available host computers to one or more cloud management systems.
In an embodiment, a computer-implemented method is presented for updating a configuration of a deployed application, the deployed application comprising a plurality of instances each comprising one or more physical computers or one or more virtualized computing devices, in a computing environment, the method comprising: receiving a request to update an application profile model that is hosted in a database, the request specifying a change of a first set of application configuration parameters of the deployed application to a second set of application configuration parameters, the first set of application configuration parameters indicating a current configuration state of the deployed application and the second set of application configuration parameters indicating a target configuration state of the deployed application, in response to the request, updating the application profile model in the database using the second set of application configuration parameters, and generating, based on the updated application profile model, a solution descriptor comprising a description of the first set of application configuration parameters and the second set of application configuration parameters, and updating the deployed application based on the solution descriptor.
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
H04L 67/1001 - Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
49.
METHOD AND DEVICE FOR DYNAMIC AND SEAMLESS LINK SELECTION
A disclosed method is performed at an access point. The method includes receiving a request message from a client device, where the request message includes a request for an allocation of a wireless channel for the client device from the access point. The method further includes exchanging candidate and load information with a plurality of other access points. The method additionally includes selecting a preferred access point from the access point and the plurality of other access points based on the candidate and load information exchanged with the plurality of other access points. The method also includes facilitating the allocation of the wireless channel for the client device from the preferred access point.
In one embodiment, a method includes delivering power, data, and cooling on a cable from a central network device to a splitter device for splitting and transmitting the power, data, and cooling to a plurality of remote communications devices over a plurality of cables, each of the cables carrying the power, data, and cooling, receiving at the central network device, monitoring information from the remote communications devices on the cable, processing the monitoring information, and allocating the power, data, and cooling to each of the remote communications devices based on the monitoring information. A system is also disclosed herein.
(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) CORRECTED VERSION (19) World Intellectual Property 11111110111101100 0101111111111 110 I I 1110111 1011 11 11 11 111 10EOEE1110 111 1101111 Organization International Bureau (10) International Publication Number (43) International Publication Date WO 2019/168761 A8 06 September 2019 (06.09.2019) WIPO I PCT (51) International Patent Classification: 60189 (US). TWISS, Robert, Gregory; 405 BowdenRoad, HO4L 12/10 (2006.01) HO4B 7/00 (2006.01) Chapel Hill, NC 27516 (US). ACHKIR, D., Brice; 2423 Tait St., Livermore, CA 94550 (US). (21) International Application Number: PCT/US2019/019259 (74) Agent: KAPLAN, Cindy, S.; P.O. Box 2448, Saratoga, CA 95070 (US). (22) International Filing Date: 22 February 2019 (22.02.2019) (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, (25) Filing Language: English AO, Ar, AU, AZ, EA, 13E, EG, EH, EN, ER, EW, E Y, EZ, (26) Publication Language: English CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GII, GM, GT, IIN, (30) Priority Data: HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, 15/910,203 02 March 2018 (02.03.2018) US KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, (71) Applicant: CISCO TECHNOLOGY, INC. [US/US]: 170 MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, West Tasman Drive, San Jose, CA 95134-1706 (US). OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, (72) Inventors: GOERGEN, Joel, Richard; 18129 Clouds TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. Rest Road, Soulsbyville, CA 95372 (US) BYERS, Charles, Calvin; 2S710 Wendelin Court, Wheaton, IL (54) Title: COMBINED POWER, DATA, AND COOLING DELIVERY IN A COMMUNICATIONS NETWORK 12 REMOTE NETWORK DEVICE REMOTE } NETWORK DEVICE 10i REMOTE F-12 14 CENTRAL HUB NETWORK (NETWORK DEVICE DEVICE) _________________________ -7-15 REMOTE ¨Power __________ P. PSU NETWORK DEVICE -4¨Data _________ r. LINE CARDS = REMOTE 14 NETWORK HEAT X-18 DEVICE -41-Cooling EXCHANGER - REMOTE NETWORK DEVICE CABLE WITH POWER, DATA, AND COOLING L-12 FIGURE 1 1-1 r=-= cc (57) Abstract: In one embodiment, a method includes delivering power, data, and cooling from a central network device to a plurality of remote communications devices over cables connecting the central network device to the remote communications devices, each of the cables carrying said power, data, and cooling, and receiving at the central network device, power and thermal data from the remote CT communications devices based on monitoring of power and cooling at the remote communications devices. The remote communications 1-1 devices are powered by the power and cooled by the cooling delivered from the central network device. An apparatus is also disclosed el herein. C.) Date Recue/Date Received 2020-12-07 [Continued on next page] WO 2019/168761 A8 111E1101M I Ell l 11111 1111111111 10 1111111111 11111 111111111 111111111 1111111111111111111 (84) Designated States (unless otherwise indicated, for every kind of regional protection available): AREPO (BW, GH. GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ. UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Published: ¨ with international search report (Art. 21(3)) (48) Date of publication of this corrected version: 15 October 2020 (15.10.2020) (15) Information about Correction: see Notice of 15 October 2020 (15.10.2020) Date Recue/Date Received 2020-12-07
Systems, methods, computer-readable media are disclosed for determining a point of delivery (POD) device or network component on a cloud for workload and resource placement in a multi-cloud environment. A method includes determining a first amount of data for transitioning from performing a first function on input data to performing a second function on a first outcome of the first function; determining a second amount of data for transitioning from performing the second function on the first outcome to performing a third function on a second outcome of the second function; determining a processing capacity for each of one or more network nodes on which the first function and the third function are implemented; and selecting the network node for implementing the second function based on the first amount of data, the second amount of data, and the processing capacity for each of the network nodes.
Disclosed is a method that includes periodically observing packets in a user plane according to at least one key performance indicator in a configuration file to yield an observation, wherein the observation represents a closed-loop demand of resources within the user plane. The method includes adjusting, via a scheduler in the user plane and based on the observation, a binding of cores to work items. The binding between cores and work items is dynamic and changeable to improve performance. The at least one key performance indicator can include one or more of a CPU utilization, latency and packet drops. The workload allocations can include work items that are individually schedulable functions that operate on a queue of packets within the user plane.
In some examples, an example method to provide a virtualized Carrier-grade Network Address Translation (CGN) at a first customer edge router may include establishing a tunnel between the first customer edge router and each aggregation router among one or more aggregation routers, performing a Network Address Translation (NAT) on a first data packet to create a NAT'ed first data packet, selecting a first aggregation router from amongst the one or more aggregation routers to send the NAT'ed first data packet to, encapsulating the NAT'ed first data packet with overlay information corresponding to a tunnel established between the first customer edge router and a first aggregation router, and sending the encapsulated NAT'ed first data packet through the tunnel to the first aggregation router.
A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.
A. method may include receiving a data flow of an application directed to the destination in a software-defined network (SDN). The method may also include identifying a classification of the application. The method may additionally include identifying a set of performance thresholds associated with the classification of the application. The method may also include determining a current performance of the data flow of the application in the SDN. The method may also include generating a performance score for the application based on the set of performance thresholds and the current performance of the data flow of the application in the SDN. The method may further include causing the performance score for the application to be presented via an interface.
H04L 41/5009 - Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
H04L 41/5022 - Ensuring fulfilment of SLA by giving priorities, e.g. assigning classes of service
H04L 41/5025 - Ensuring fulfilment of SLA by proactively reacting to service quality change, e.g. by reconfiguration after service quality degradation or upgrade
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
H04L 45/302 - Route determination based on requested QoS
H04L 47/2425 - Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
In one embodiment, a method includes receiving at a thermal modeling module, data from a Power Sourcing Equipment device, PSE, (10) for cables (14) extending from the PSE (10) to Powered Devices, PDs (12), the cables (14) configured to transmit power and data from the PSE (10) to the PDs (12), calculating at the thermal modeling module (18), thermal characteristics for the cables (14) based on the data, and identifying a thermal rise above a specified threshold at one of the cables (14). The data comprises real-time electrical data for the cables (14). An apparatus and logic are also disclosed herein.
In some examples, an example method to measure quality of service (QoS) of a network tunnel may include configuring a network tunnel from a tunnel source endpoint to a tunnel destination endpoint, transmitting multiple status packets to the tunnel destination endpoint, receiving multiple forwarded status packets from the tunnel destination endpoint, determining a time of receipt of each of the forwarded status packets, and determining a QoS measure of the network tunnel based on a time of transmission of each of the multiple status packets and the time of receipt of each of the forwarded status packets.
A method may include selecting a destination of a traffic flow in a second network domain outside of a first network domain, and determining multiple paths from an origin of the traffic flow to the destination, where each of the multiple paths may include a first network domain path through the first network domain and a second network domain path through the second network domain. The method may also include, for each of the multiple paths, combining a first performance score for the first network domain path with a second performance score for the second network domain path. The method may additionally include selecting one of the plurality of paths with a combined first and second performance score below a threshold, and routing the traffic flow along the selected one of the plurality of paths.
A method may include receiving a domain name system (DNS) query at a network device, where the DNS query may be associated with a traffic flow identified for rerouting through an alternative path utilizing an alternative network device instead of a default path. The method may also include rewriting the DNS query such that the DNS query is routed through the alternative network device along the alternative path and to a DNS server associated with the alternative path. The method may additionally include receiving a DNS response from the DNS server, where a resource identified in the DNS response may be based on the DNS query coming through the alternative network device.
A method may include identifying an address within a packet of a traffic flow associated with a network device. The method may also include comparing the address within the packet with a stored address, the stored address associated with a route for an alternative traffic path, where the alternative traffic path may be different from a default route of traffic passing through the network device. The method may additionally include, based on the address within the packet matching the stored address, routing the packet along the alternative traffic path instead of the default route of traffic.
A method of routing network traffic may include routing traffic from a local network device, through a remote network location, to a third party network resource along a first path. The method may also include determining a first ranking for the first path, and determining a second ranking for a second path from the local network device to the third party network resource along a second path, the second path excluding the remote network location. The method may additionally include, based on the second ranking exceeding the first ranking by a threshold amount, rerouting the traffic along the second path.
In one embodiment, a device both communicates with a network operating a distributed proactive routing protocol, and participates in a centralized path computation protocol. The device communicates routing characteristics of the distributed proactive routing protocol for the network from the network to the centralized path computation protocol, and also communicates one or more computed paths from the centralized path computation protocol to the network, where the computed paths from the centralized path computation protocol are based on the routing characteristics of the distributed proactive routing protocol for the network.
H04W 40/26 - Connectivity information management, e.g. connectivity discovery or connectivity update for hybrid routing by combining proactive and reactive routing
H04W 40/28 - Connectivity information management, e.g. connectivity discovery or connectivity update for reactive routing
H04W 40/30 - Connectivity information management, e.g. connectivity discovery or connectivity update for proactive routing
A method and a device providing one virtual endpoint dedicated to serve one particular real endpoint, and the virtual endpoint is typically installed on a server in the same local network as the associated real endpoint, where an MCU or a fraction of a distributed MCU also is installed. In the upstream direction, the virtual endpoint includes at least an upstream decoder, a scaling unit and an upstream encoder. In the downstream direction, the virtual endpoint includes at least a number of decoders, a composing unit and a downstream encoder.
In one embodiment, techniques are shown and described relating to learning machine based detection of abnormal network performance. In particular, in one embodiment, a border router receives a set of network properties x; and network performance metrics M; from a network management server (NMS), and then intercepts x; and M; transmitted from nodes in a computer network of the border router. As such, the border router may then build a regression function F based on x; and Mi, and can detect one or more anomalies in the intercepted x; and M; based on the regression function F. In another embodiment, the NMS, which instructed the border router, receives the detected anomalies from the border router.
H04L 41/147 - Network analysis or design for predicting network behaviour
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
H04L 43/10 - Active monitoring, e.g. heartbeat, ping or trace-route
66.
CORE SERVICES PLATFORM FOR WIRELESS VOICE, DATA AND MESSAGING NETWORK SERVICES
A Core Service Platform (CSP) system is integrated with an operator network and IT system to provide services to subscribers and operators. Based on information collected from the operator network and IT system, the CSP system delivers alerts to a subscriber's device and provides offers to resolve the condition causing the alerts. The CSP system provides customized contextual offers to the subscriber's device based on contextual assessments of a subscriber's current context, such as time in contract, loyalty status, data and voice usage, value of customer, time, location and purchase history. The CSP system also provides an operator a suite of tools for the operator to manage its pricing, offers, campaigns and other subscriber-related issues.
Novel methods, components, and systems that enhance traditional techniques for detecting malicious software are presented. More specifically, methods, components, and systems that use important contextual information from a client system (such as recent history of events on that system), machine learning techniques, the automated deployment of generic signatures, and combinations thereof, to detect malicious software. The disclosed invention provides a significant improvement with regard to automation compared to previous approaches.
A system includes a processor device. The processor device is configured to receive reports of operating system identities for a single host; determine which of the operating system identities are an intersection of the reported operating system identities; and assign the intersection of the reported operating system identities as a resolved operating system identity.
A system includes a processor. The processor is configured to receive network traffic that includes a data block. The processor will generate a unique identifier (UID) for the file that includes a hash value corresponding to the file. The processor will determine whether the file is indicated as good or bad with the previously-stored UID. The processor will call a file -type specific detection nugget corresponding to the file's file -type to perform a full file inspection to detect whether the file is good or bad and store a result of the inspection together with the UID of the file, when the file is determined to be not listed in the previously-stored UIDs. The processor will not call the file-type specific detection nugget when the file's indicator is "good" or "bad" in the previously-stored UIDs. The processor will issue an alert about the bad file when the file's indicator is "bad".
An initial amount of data transmitted from a MAC (12) is buffered in a PHY buffer (25). Depending on the speed at which the PHY buffer fills up relative to the time remaining for the far-end PHY (66) to transition from a second to a first far-end PHY power state the PHY does or does not transmit a data delay indicator (50) to MAC to preempt the MAC from transmitting the remaining amount of data.
Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with loss of reducing flooding in a bridged network, typically including a device directly connected to multiple upstream bridges. These bridges are configured such that the device receives broadcast/multicast traffic from a single interface of one of the bridges, while allowing unicast traffic over each of the communications links connecting the device to the bridges. In one configuration, the device implements virtual machine(s), each including a virtual network interface associated with a MAC address; and the di-rectly connected bridges are configured, for each particular MAC address of these MAC addresses of the virtual interfaces, such that one and only one of the bridges will forward packets having the particular MAC address as its destination address over a com-munications link directly connected to the device.
In a virtual infrastructure, a single appliance (12, 36) is provided that hosts a centralized virtual machine monitor (VMM) control plane (34) to effectively establish a single virtual switch across all virtual machines (18) within one or more clusters of servers (12), thereby reducing the number of management points for the network administrator and facilitating easier VM migration.
An arrangement for collimating and turning an optica! beam utilizing a pair of two-dimensional lenses to separate the collimation into separate one-dimensional operations, while using one of the two-dimensional lenses to also perform the turn-ing operation. A first two-dimensional Sensing surface is disposed at the endface of a launching waveguide. This first two-dimen-sional lensing surface provides collimation along one axis of the system (for example, the X axis). A second two-dimensional lensing surface is provided by introducing a defined curvature to a turning mirror in the system. The curvature of the turning mir-ror is designed to create colvmation (or focusing, if desired) in the orthogonal beamfront (in this case, the Y axis beamfront), while also re-directing the propagating signal into the desired orientation.
A packet comparator includes a match packet buffer and a first in first out (FIFO) buffer that stores a reference packet stream. Once a packet in the reference stream and a candidate stream are matched to the match packet, the reference stream and the candidate stream are considered synchronized. Thereafter, the two streams are passed through a compare function and a resultant stream is output from the packet comparator. Possible resultant streams include the results of an exclusive OR (XOR) operation between all, or selected parts, of packets in each of the streams.
H04N 21/434 - Disassembling of a multiplex stream, e.g. demultiplexing audio and video streams or extraction of additional data from a video stream; Remultiplexing of multiplex streams; Extraction or processing of SI; Disassembling of packetised elementary stream
H04N 7/24 - Systems for the transmission of television signals using pulse code modulation
75.
COUPLING BETWEEN FREE SPACE AND OPTICAL WAVEGUIDE USING ETCHED COUPLING SURFACES
A plasma-based etching process is used to specifically shape the endface of an optical substrate supporting an optical waveguide into a contoured facet which will improve coupling efficiency between the waveguide and a free space optical signal. The ability to use standard photolithographic techniques to pattern and etch the optical endface facet allows for virtually any desired facet geometry to be formed - and replicated across the surface of a wafer for the entire group of assemblies being fabricated. A lens may be etched into the endface using a properly-defined photolithographic mask, with the focal point of the lens selected with respect to the parameters of the optical waveguide and the propagating free space signal. Alternatively, an angled facet may be formed along the endface, with the angle sufficient to re-direct reflected/scattered signals away from the optical axis.
Systems and methods are disclosed for adjusting bandwidth of streams carried on a subscriber loop. One exemplary method comprises the steps of: determining bandwidth in use on a subscriber loop; selecting, for adjustment, at least one of a plurality of TCP streams carried on the subscriber loop; and adjusting at least one flow control parameter of the selected TCP stream based on the bandwidth in use. An exemplary multimedia terminal adapter (MTA) comprises memory and a processor. The memory stores program code, and the code programs the processor to enable the MTA to: determine bandwidth in use on a subscriber loop; select, for adjustment, at least one of a plurality of TCP streams carried on the subscriber loop; and adjust at least one flow control parameter of the selected TCP stream based on the bandwidth in use.
H04L 47/193 - Flow control; Congestion control at layers above the network layer at the transport layer, e.g. TCP related
H04L 67/60 - Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
H04L 69/16 - Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
H04L 69/163 - In-band adaptation of TCP data exchange; In-band control procedures
H04L 69/165 - Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP] selection criteria therefor
77.
WIDEBAND OPTICAL COUPLING INTO THIN SOI CMOS PHOTONIC INTEGRATED CIRCUIT
An arrangement for providing optical coupling into and out of a relatively thin silicon waveguide formed in the SOI layer of an SOI structure includes a lensing element and a defined reference surface within the SOI structure for providing optical coupling in an efficient manner. The input to the waveguide may come from an optical fiber or an optical transmitting device (laser). A similar coupling arrangement may be used between a thin silicon waveguide and an output fiber (either single mode fiber or multimode fiber).
G02B 6/12 - Light guides; Structural details of arrangements comprising light guides and other optical elements, e.g. couplings of the optical waveguide type of the integrated circuit kind
A method for controlling cell sizes (118a, ..., 118n) associated with respective access points (102a, ..., 102n), each having a receive sensitivity and an output power. The method includes changing the start of packet thresholds and/or clear channel assessment thresholds to vary the cell sizes (I 18a,...,118n) of the access points (102a, ..., 102n).
A technique for network planning that includes an interface for guiding a network user through the network allocation process, such as defining groups of clients based on their capabilities. Portions of the wireless local area network infrastructure, e.g., access points, are allocated among the groups. When a client attempts to associate with an access point, the access point determines the client capabilities. If the client is supported by the access point, the access point allows the client to associate and sends the client a message that contains a prioritized list of other nearby access points allocated to service that client, otherwise the access point sends a prioritized roaming list of nearby access points to the client that are allocated to serve that type of client. Feedback is provided by the network infrastructure enabling a network user or the network to automatically reallocate resources based on the feedback.
An apparatus for managing information in a network environment is provided that includes a content service gateway operable to communicate with an end user in order to facilitate a communication session. The communication session relates to a request by the end user for content or for a service. A quota server coupled to the content service gateway is operable to receive a service authorization request from the content service gateway relating to the communication session. The service authorization request operates to authorize access to the service or to the content for the end user.
A method for radar protection. The method includes recording energy events and calculating differences in recorded energy events to determine pulses. The method further includes sorting intervals between pulses into histogram bins, each bin representing a range of time intervals between two pulses, each pulse indicative of a radar frequency and limiting network traffic on a frequency based on a selected bin count.
G01S 13/00 - Systems using the reflection or reradiation of radio waves, e.g. radar systems; Analogous systems using reflection or reradiation of waves whose nature or wavelength is irrelevant or unspecified
An optical system that includes an analog laser transmitter having a burst operative mode is disclosed. The system further includes a power controller that is configured to place the analog laser transmitter in the burst operative mode when a digital enable signal is provided to the power controller. The power controller comprises a reference voltage source, a ground node, and an input selector switch that is configured to select the reference voltage source when the digital enable signal is asserted, and alternatively, to select the ground node when the digital enable signal is de- asserted. In a second exemplary embodiment, a method of operating an analog laser transmitter is disclosed. The method comprises providing an analog signal to the analog laser transmitter, and a digital enable signal to a controller circuit that is coupled to the analog laser transmitter. The method further comprises turning on the analog laser transmitter when the enable signal is asserted, and turning off the analog laser transmitter when the enable signal is de-asserted.
The invention provides a method and system of detecting aliases in a network. The network comprises at least one device and at least one Network management system (NMS) for managing the devices. The NMS identifies each device available in the network with a message digest. The NMS retrieves the message digest of a device that is submitted for management. The NMS tries to locate the retrieved message digest with a database of message digests. In case the retrieved message digest is located on the database, the NMS declares the device as an alias. However, if the message digest is not located on the database, the NMS stores the message digest in the database and starts managing the device.
Propagation of minimum guaranteed scheduling rates among scheduling layers in a hierarchical schedule is disclosed. The minimum guaranteed scheduling rate for a parent schedule entry is typically based on the summation of the minimum guaranteed scheduling rates of its immediate child schedule entries. This propagation of minimum rate scheduling guarantees for a class of traffic can be dynamic (e.g., based on the active traffic for this class of traffic, active services for this class of traffic), or statically configured. One embodiment also includes multiple scheduling lanes for scheduling items, such as, but not limited to packets or indications thereof, such that different categories of traffic (e.g., propagated minimum guaranteed scheduling rate, non propagated minimum guaranteed scheduling rate, high priority, excess rate, etc.) of scheduled items can be propagated through the hierarchy of schedules accordingly without being blocked behind a lower priority or different type of traffic.
H04L 47/628 - Queue scheduling characterised by scheduling criteria for service slots or service orders based on packet size, e.g. shortest packet first
H04J 3/16 - Time-division multiplex systems in which the time allocation to individual channels within a transmission cycle is variable, e.g. to accommodate varying complexity of signals, to vary number of channels transmitted
In a subscriber television system having a headend, a server, and plurality of client-receivers, the server, which is remote from the headend, is adapted to receive a validation-message (800) from one or more client-receivers. The validation-message (800) includes content (802) and an authentication-token (804). The server validates that the sender of the validation-message is a valid client-receiver of the subscriber television system using an authentication-token and a validator that is known to both the server and to at least one of the client-receivers.
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
A virtual network device sub-unit (122(1), 122(2)) includes an interface (320(1), 320(2), 320(3), 320(4)) to a virtual network device link (360) and a distributed forwarding module (312(1), 312(2)). The interface (320(1), 320(2), 320(3), 320(4)) receives a packet, and the distributed forwarding module (312(1), 312(2))forwards the packet received by the interface (320(1), 320(2), 320(3), 320(4)). The distributed forwarding module (312(1), 312(2)) performs an ingress lookup if the packet includes a multicast destination address and an egress lookup if the packet includes a unicast destination address. If the packet includes a multicast destination address, the distributed forwarding module replicates the packet for each of several outgoing VLANs associated with the multicast destination address. If an additional multicast packet is received via an interface (320(1), 320(2), 320(3), 320(4)) that is not coupled to a virtual network device link (306), the distributed forwarding module (312(1), 312(2)) sends at most one copy of the additional multicast packet via the virtual network device link (360).
H04L 41/0806 - Configuration setting for initial configuration or provisioning, e.g. plug-and-play
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
87.
WAFER-LEVEL OPTO-ELECTRONIC TESTING APPARATUS AND METHOD
A wafer-level testing arrangement for opto-electronic devices formed in a silicon-on-insulator (SOI) wafer structure utilizes a single opto-electronic testing element to perform both optical and electrical testing. Beam steering optics may be formed on the testing element and used to facilitate the coupling between optical probe signals and optical coupling elements (e.g., prism couplers, gratings) formed on the top surface of the SOI structure. The optical test signals are thereafter directed into optical waveguides formed in the top layer of the SOI structure. The opto~electronic testing element also comprises a plurality of electrical test pins that are positioned to contact a plurality of bondpad test sites on the opto-electronic device and perform electrical testing operations. The optical test signal results may be converted into electrical representations within the SOI structure and thus returned to the testing element as electrical signals.
A method is disclosed for avoiding the storage of client state on a server. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the server can use to encrypt and authenticate communication to and from the client. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.
A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.
System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.
91.
OPTIMIZING 802.11 POWER-SAVE FOR IP MULTICAST GROUPS
A method for providing a superior quality of service for multicast data streams delivered over a wireless local area network. As Internet Protocol multicast data streams are received by an access point, the access point observes Internet Group Multicast Protocol registration messages to determine which of its associated stations subscribe to each multicast data stream. The access point then determines which of the multicast data streams it receives have only active subscribing stations as opposed to those data streams having at least one associated station operating in power-save mode. The access point will automatically transmit each multicast data stream having only active subscribers immediately to the associated active stations, while buffering the multicast data stream for which there is at least one associated station operating in power-save mode.
H04W 4/06 - Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
H04W 8/22 - Processing or transfer of terminal data, e.g. status or physical capabilities
Described herein is an apparatus for inclusion in a station of a wireless network, and a method implemented in a station of a wireless network. The method includes wirelessly receiving data via each of a plurality of antennas (703and 705), the data corresponding to a packet of information transmitted from a remote station, sampling the received data corresponding to the received packet to form data samples for each of the antennas, and determining a measure of signal quality from samples of the received data for each of the antennas. The method further includes selecting (1003) one of the plurality of receive antennas as the antenna for receiving from the remote station according to the determined measure of signal quality.
An apparatus for inclusion and a method for operation in a station (STA) of a wireless network. The method includes received data from at least one remote station and determining a measure of the signal quality, e.g., a measure of the EVM from samples of the data received from the remote station(s). If the remote station(s) is/are access point(s), the station selects an access point for association according to criteria that include the measure of the EVM from the remote station. If the received data includes a request management message, the station responds to the request management message with a response management message that include a measure of the EVM of the received data corresponding to the request management message. Thus, the remote station receiving the response management message receives an indication of the quality of the link between the station and the remote station without the receiving remote station necessarily being EVM-capable.
A method is provided that includes receiving a request from a communication device to establish a communication session with a mobile station. The request is responded to by signaling the mobile station via a cellular data network that a call is being initiated for the mobile station. Signaling information may be exchanged with a voice gateway such that one or more voice circuits are established to accommodate voice data that may propagate between the communication device and the mobile station. A signaling pathway may be established between an Internet protocol private branch exchange (IP PBX) and the mobile station via the cellular data network. The establishment of the signaling pathway is substantially concurrent with the establishment of one or more of the voice circuits such that one or more features associated with a private network are delivered to the mobile station during the communication session.
H04W 40/02 - Communication route or path selection, e.g. power-based or shortest path routing
H04W 4/06 - Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
H04W 8/18 - Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
95.
SYSTEM AND METHOD FOR PROVIDING TRANSPARENCY IN DELIVERING PRIVATE NETWORK FEATURES
A method is provided that includes receiving a request from a communication device to establish a communication session with a mobile station, the mobile station being operable to roam between a private and a public network. The mobile station is signaled via a cellular data network that a call is being initiated for the mobile station. Signaling information may be exchanged with a voice gateway such that one or more voice circuits are established. A signaling pathway may be established between an Internet protocol private branch exchange IP (PBX) and the mobile station via the cellular data network. The establishment of the signaling pathway is substantially concurrent with the establishment of one or more of the voice circuits. One or more features associated with a private network are delivered to the mobile station during the communication session as an end user moves between the public and private networks.
Method and devices are provided to form virtual switches for data networks. As noted above, the term "switch" as used herein will apply to switches, routers and similar network devices. Each virtual switch acts as a single logical unit, while encompassing at least two physical chassis. Accordingly, each virtual switch may be treated as a single point of management. Each virtual switch includes a master chassis and at least one slave chassis. The master chassis is configured to control the slave chassis. The master chassis includes at least one master supervisor card and the slave chassis includes at least one slave supervisor card. The master chassis and the slave chassis communicate via a virtual switch link according to a virtual switch link protocol.
H04L 41/0806 - Configuration setting for initial configuration or provisioning, e.g. plug-and-play
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
98.
METHOD AND APPARATUS FOR PROVIDING NETWORK SECURITY USING ROLE-BASED ACCESS CONTROL
A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list (700). Such an access control list includes an access control list entry (710), which, in turn, includes one or more user group fields (730 and 740). Alternatively, a network device implementing such a method can include, for example, a forwarding table (300) that includes a plurality of forwarding table entries (310). In such a case, at least one of the forwarding table entries includes a user group field (350).
H04L 45/7453 - Address table lookup; Address filtering using hashing
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04L 12/28 - Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
99.
A SCALABLE APPROACH TO LARGE SCALE QUEUING THROUGH DYNAMIC RESOURCE ALLOCATION
Methods and devices are provided for the efficient allocation and deletion of virtual output queues. According to some implementations, incoming packets are classified accordint to a queue in which the packet (or classification information for the packet) will be stored, e.g., according to a "Q" value. For example, a Q value may be a Q number defined as {Egress port number I I Priority number II Ingress port number}. Only a single physical queue is allocated for each classification. When a physical queue is empty, the physical queue is preferably de-allocated and added to a "free list" of available physical queues. Accordingly, the total number of allocated physical queues preferably does not exceed the total number of classified packets. Because the input buffering requirements of Fibre Channel ("FC") and other protocols place limitations on the number of incoming packets, the dynamic allocation methods of the present invention result in a sparse allocation of physical queues.
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
An apparatus for managing network access is provided that includes a billing system element operable to receive one or more packets of a communication flow and to communicate with a price server. The price server is operable to receive a query from the billing system element associated with a pricing parameter relating to a data segment to be accessed by an end user associated with the communication flow. The price server is also operable to return a response to the billing system element that includes the pricing parameter relating to the data segment such that the end user can verify the pricing parameter before accessing the data segment.
patents
