Disclosed in some examples are systems, methods, devices, and machine-readable mediums for improved communications between a software-defined radio front-end device and a network-based computing device. Rather than packetize samples together, same bit positions from multiple ADC samples may be packetized together. If a Quality of Service (QoS) metric of the network connection between the RF front-end device and the network-based processing computing drops below a threshold, the RF front-end device may prioritize sending packets with the more significant bits over packets with less significant bits. In other examples, the RF front-end device may prioritize samples corresponding to certain data types over other data types.

Disclosed in some examples are systems, methods, devices, and machine-readable mediums for improved communications between a software-defined radio front-end device and a network-based computing device. Rather than packetize samples together, same bit positions from multiple ADC samples may be packetized together. If a Quality of Service (QoS) metric of the network connection between the RF front-end device and the network-based processing computing drops below a threshold, the RF front-end device may prioritize sending packets with the more significant bits over packets with less significant bits. In other examples, the RF front-end device may prioritize samples corresponding to certain data types over other data types.

A system is provided for increasing authentication complexity for access to online systems. In particular, the system may use a hidden or obscured method for creating and enforcing a multi-factor authentication scheme. In this regard, the system may introduce authentication logic to a particular application in the network environment such that one or more “invalid” login credentials are generated by a local agent using a pre-shared key and/or algorithm. A back-end authentication system may be calculate its own set of “invalid” login credentials based on the same pre-shared key and/or algorithm, then subsequently compare the calculated incorrect credentials with the incorrect login credentials received from the local agent. If a match is detected, the system may permit a valid set of authentication credentials to be provided to authorize access to the target application and/or online system.

A system is provided for increasing authentication complexity for access to online systems. In particular, the system may use a hidden or obscured method for creating and enforcing a multi-factor authentication scheme. In this regard, the system may introduce authentication logic to a particular application in the network environment such that one or more “invalid” login credentials are generated by a local agent using a pre-shared key and/or algorithm. A back-end authentication system may be calculate its own set of “invalid” login credentials based on the same pre-shared key and/or algorithm, then subsequently compare the calculated incorrect credentials with the incorrect login credentials received from the local agent. If a match is detected, the system may permit a valid set of authentication credentials to be provided to authorize access to the target application and/or online system.

Methods and systems for implementing private allocated networks in a virtual infrastructure are presented. One method operation creates virtual switches in one or more hosts in the virtual infrastructure. Each port in the virtual switches is associated with a private allocated network (PAN) from a group of possible PANs. In one embodiment, one or more PANs share the same physical media for data transmission. The intranet traffic within each PAN is not visible to nodes that are not connected to the each PAN. In another operation, the method defines addressing mode tables for the intranet traffic within each PAN. The entries in the addressing mode tables define addressing functions for routing the intranet traffic between the virtual switches, and different types of addressing functions are supported by the virtual switches.

Methods and systems for implementing private allocated networks in a virtual infrastructure are presented. One method operation creates virtual switches in one or more hosts in the virtual infrastructure. Each port in the virtual switches is associated with a private allocated network (PAN) from a group of possible PANs. In one embodiment, one or more PANs share the same physical media for data transmission. The intranet traffic within each PAN is not visible to nodes that are not connected to the each PAN. In another operation, the method defines addressing mode tables for the intranet traffic within each PAN. The entries in the addressing mode tables define addressing functions for routing the intranet traffic between the virtual switches, and different types of addressing functions are supported by the virtual switches.

An example first network device includes a control unit configured to execute at least one application and a forwarding unit. The forwarding unit includes an interface configured to receive packets, at least one packet processor operably coupled to a memory, and a forwarding path, wherein at least a portion of the forwarding path is stored in the memory and is executable by the at least one packet processor. The forwarding unit is configured to receive an advertisement originated by a second network device in a network, wherein the advertisement specifies a second micro segment identifier (SID), and store, in a destination lookup table, a route entry comprising a first micro SID associated with the first network device and the second micro SID.

An example first network device includes a control unit configured to execute at least one application and a forwarding unit. The forwarding unit includes an interface configured to receive packets, at least one packet processor operably coupled to a memory, and a forwarding path, wherein at least a portion of the forwarding path is stored in the memory and is executable by the at least one packet processor. The forwarding unit is configured to receive an advertisement originated by a second network device in a network, wherein the advertisement specifies a second micro segment identifier (SID), and store, in a destination lookup table, a route entry comprising a first micro SID associated with the first network device and the second micro SID.

Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.