Systems, methods, and computer-readable storage media for automatic link security. A cloud controller can receive a signal indicating that an unauthenticated device is requesting private network resources, establish a connection between the unauthenticated device and the cloud controller, and determine that the unauthenticated device is associated with a private network. The cloud controller can facilitate the negotiation of security material between the device and the network and automatically establish a secure link between the device and the private network. The cloud controller can cause the security material to be sent to the device and can transmit a policy instruction that is effective to cause a switch port to automatically bypass a default access policy and automatically adopt a trusted policy for device to access the private network.

In one embodiment, a method includes processing network data models at a network device operating in a network comprising a plurality of network components, each of the network components associated with one of the network data models, performing semantic matching at the network device for at least two of the network data models, the semantic matching comprising computing labels for elements of the network data models utilizing label computation algorithms configured for notational conventions used in the network data models, computing contexts for the elements based on a hierarchy of each of the network data models, removing one or more of the labels used to form the contexts to create reduced contexts, and computing a semantic relationship for the reduced contexts of the network data models. The network data models are mapped at the network device based on the semantic matching for use in a network application. An apparatus and logic are also disclosed herein.

A Software Defined Wide Area Network (SD-WAN) edge node is disclosed. The SD-WAN edge node includes edge node SD-WAN ports coupled to untrusted underlay networks. The SD-WAN edge node transmits a first Border Gateway Protocol (BGP) update message advertising WAN (Wide Area Network) properties of the edge node SD-WAN ports to a local controller via an encrypted channel over the untrusted underlay network. The SD-WAN edge node receives a second BGP update message from the local controller, the second BGP update message advertising WAN properties of peer node SD-WAN ports of a peer node. The SD-WAN edge node establishes a security association with the peer node over the untrusted underlay networks based on the WAN properties of the edge node SD-WAN ports and the WAN properties of the peer node SD-WAN ports.

Methods, systems, and devices for wireless communications are described. A user equipment (UE) may receive a discovery reference signal from a base station on an anchor channel. The UE may perform a first random or pseudorandom frequency hopping procedure to identify a plurality of downlink carriers for a first time period. The UE may perform a second random or pseudorandom frequency hopping procedure within the plurality of downlink carriers to select one of the plurality of downlink carriers as the uplink channel for a second time period. The UE may then transmit an uplink communication during the second time period on the selected uplink channel. In some examples, the uplink communication may be transmitted based at least in part on time division multiplexing (TDM) information.

A system for multicast packet management in a first switch in an overlay tunnel fabric is provided. The system can operate the first switch as part of a virtual switch in conjunction with a second switch of the fabric. The virtual switch can operate as a gateway for the fabric. During operation, the system can receive a join request for a multicast group. The system can then determine whether to forward the join request to the second switch based on a type of a first ingress connection of the join request. Upon receiving a data packet for the multicast group, the system can determine how to forward the data packet based on respective types of a second ingress connection and an egress connection of the data packet. The type of a respective connection can indicate whether the connection includes an overlay tunnel.

A network device or system can operate to enable a security pass-through with a user equipment (UE) and further define various virtual functions between a physical access point (pAP) and a virtual AP (vAP) based on one or more communication link parameters (e.g., latency). The security pass-through can be an interface connection that passes through a computer premise equipment (CPE) or wireless residential gateway (GW) without the CPE or GW modifying or affecting the data traffic such as by authentication or security protocol. The SP network device can receive traffic data from a UE through or via the security pass-through from a UE of a community Wi-Fi network at a home, residence, or entity network.

In one embodiment, a supervisory service for a software-defined wide area network (SD-WAN) obtains telemetry data from one or more edge devices in the SD-WAN. The service trains, using the telemetry data as training data, a machine learning-based model to predict tunnel failures in the SD-WAN. The service receives feedback from the one or more edge devices regarding failure predictions made by the trained machine learning-based model. The service retrains the machine learning-based model, based on the received feedback.

A communication system includes multiple VPN termination devices that perform a first VPN communication and a configuration server that configures the first VPN communication. Each of the VPN termination devices includes a first processor programmed to implement a configuration information receiver that receives configuration information for the first VPN communication sent from the configuration server, a communication controller that controls the first VPN communication based on the configuration information, and a first VPN communication unit that performs the first VPN communication with another one of the VPN termination devices according to a control of the communication controller.

Techniques for utilizing multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

A communication method is provided. The method includes transmitting a network address assignment request to the network address translation entity after establishing a general packet radio service (GPRS) tunneling protocol (GTP) tunnel between the first user-plane function entity and the second user-plane function entity, such that the network address translation entity assigns a network address to the GTP tunnel, notifying the network address assigned by the network address translation entity to the GTP tunnel to the central data network, controlling a data packet to be transmitted by the edge service node to the central data network to be transmitted through the GTP tunnel, the network address translation entity replacing a source address of the data packet with the network address, and transmitting the data packet to the central data network after the data packet arrives at the network address translation entity.