公开(公告)号：US20210144069A1

公开(公告)日：2021-05-13

申请号：US17153831

申请日：2021-01-20

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Ramana Rao Kompella ,  Kartik Mohanram ,  Sundar Iyer ,  Shadab Nazar ,  Chandra Nagarajan

IPC: H04L12/24

Abstract: Systems, methods, and computer-readable media for receiving one or more models of network intents, comprising a plurality of contracts between providers and consumers, each contract containing entries with priority values. Each contract is flattened into a listing of rules and a new priority value is calculated. The listing of rules encodes the implementation of the contract between the providers and the consumers. Each entry is iterated over and added to a listing of entries if it is not already present. For each rule, the one or more entries associated with the contract from which the rule was flattened are identified, and for each given entry a flat rule comprising the combination of the rule and the entry is generated, wherein a flattened priority is calculated based at least in part on the priority value of the given one of given entry and the priority value of the rule.

公开(公告)号：US20180351819A1

公开(公告)日：2018-12-06

申请号：US15693242

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Kartik Mohanram ,  Sundar Iyer ,  Ramana Rao Kompella ,  Navneet Yadav

IPC: H04L12/24

Abstract: Systems, methods, and computer-readable media for performing semantic analysis to identify shadowing events. One or more models of network intents, based at least in part on a priority-ordered listing of rules representing network intents, is received. Each rule comprises a Boolean function of one or more packet characteristics and network fabric conditions, and a corresponding network action. For each given rule of the priority-ordered listing of rules, partial and complete shadowing events are detected based on semantic analysis. The semantic analysis comprises calculating an inverse set that comprises the inverse of the set comprising all rules with a higher or equal priority to the given rule, and then calculating a shadowing parameter that comprises the intersection between the inverse set and the given rule. If the shadowing parameter is equal to zero, a complete shadowing event is detected. If the shadowing parameter is not equal to zero and is not equal to the given rule, a partial shadowing event is detected.

公开(公告)号：US20180351791A1

公开(公告)日：2018-12-06

申请号：US15663233

申请日：2017-07-28

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Kartik Mohanram ,  Sundar Iyer ,  Ramana Rao Kompella

IPC: H04L12/24 ,  H04L12/46 ,  H04L29/06

CPC classification number: H04L41/08 ,  H04L12/4641 ,  H04L41/0873 ,  H04L41/0893 ,  H04L63/101 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for performing network assurance in a traditional network. In some examples, a system can collect respective sets of configurations programmed at network devices in a network and, based on the respective sets of configurations, determine a network-wide configuration of the network, the network-wide configuration including virtual local area networks (VLANs), access control lists (ACLs) associated with the VLANs, subnets, and/or a topology. Based on the network-wide configuration of the network, the system can compare the ACLs for each of the VLANs to yield a VLAN consistency check, compare respective configurations of the subnets to yield a subnet consistency check, and perform a topology consistency check based on the topology. Based on the VLAN consistency check, the subnet consistency check, and the topology consistency check, the system can determine whether the respective sets of configurations programmed at the network devices contain a configuration error.

公开(公告)号：US20180309640A1

公开(公告)日：2018-10-25

申请号：US15693299

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Kartik Mohanram ,  Ramana Rao Kompella ,  Divjyot Sethi ,  Sundar Iyer

IPC: H04L12/24

Abstract: Systems, methods, and computer-readable media for assurance of quality-of-service configurations in a network. In some examples, a system obtains a logical model of a software-defined network, the logical model including rules specified for the software-defined network, the logical model being based on a schema defining manageable objects and object properties for the software-defined network. The system also obtains, for each node in the software-defined network, a respective hardware model, the respective hardware model including rules rendered at the node based on a respective node-specific representation of the logical model. Based on the logical model and the respective hardware model, the system can perform an equivalency check between the rules in the logical model and the rules in the respective hardware model to determine whether the logical model and the respective hardware model contain configuration inconsistencies.

公开(公告)号：US20180309632A1

公开(公告)日：2018-10-25

申请号：US15693310

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Ramana Rao Kompella ,  Kartik Mohanram ,  Advait Dixit ,  Sundar Iyer

IPC: H04L12/24

CPC classification number: H04L41/0893 ,  H04L41/0806 ,  H04L41/0813 ,  H04L41/0853 ,  H04L41/0869 ,  H04L41/145 ,  H04L41/50

Abstract: In some examples, a system obtains a network logical model and, for each node in a network, a node-level logical, concrete, and hardware model. The system identifies a service function chain, and determines a respective set of service function chain rules. For each node, the system determines whether the respective set of service function chain rules is correctly captured in the node-level logical model and/or concrete model to yield a node containment check result. Based on a comparison of policy actions in the concrete model, hardware model, and at least one of the node-level logical model or network logical model, the system determines whether the respective set of service function chain rules is correctly rendered on each node to yield a node rendering check result. Based on the node containment check result and node rendering check result, the system determines whether the service function chain is correctly configured.

公开(公告)号：US11044273B2

公开(公告)日：2021-06-22

申请号：US16217500

申请日：2018-12-12

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Navneet Yadav ,  Navjyoti Sharma ,  Ramana Rao Kompella ,  Kartik Mohanram

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/18 ,  H04L12/46

Abstract: Systems, methods, and computer-readable media for configuring and verifying compliance requirements in a network. An example method can include receiving, via a user interface, endpoint group (EPG) inclusion rules defining which EPGs on a network should be included in specific EPG selectors; selecting EPGs that satisfy the EPG inclusion rules for inclusion in the specific EPG selectors; creating the specific EPG selectors based on the selected EPGs; creating a traffic selector including parameters identifying traffic corresponding to the traffic selector; creating a compliance requirement based on a first and second EPG selector from the specific EPG selectors, the traffic selector, and a communication operator defining a communication condition for traffic associated with the first and second EPG selectors and the traffic selector; determining whether policies on the network comply with the compliance requirement; and generating compliance events indicating whether the policies comply with the compliance requirement.

公开(公告)号：US10904101B2

公开(公告)日：2021-01-26

申请号：US15693280

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Ramana Rao Kompella ,  Kartik Mohanram ,  Sundar Iyer ,  Shadab Nazar ,  Chandra Nagarajan

IPC: G06F15/173 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for receiving one or more models of network intents, comprising a plurality of contracts between providers and consumers, each contract containing entries with priority values. Each contract is flattened into a listing of rules and a new priority value is calculated. The listing of rules encodes the implementation of the contract between the providers and the consumers. Each entry is iterated over and added to a listing of entries if it is not already present. For each rule, the one or more entries associated with the contract from which the rule was flattened are identified, and for each given entry a flat rule comprising the combination of the rule and the entry is generated, wherein a flattened priority is calculated based at least in part on the priority value of the given one of given entry and the priority value of the rule.

公开(公告)号：US10826788B2

公开(公告)日：2020-11-03

申请号：US15693299

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Kartik Mohanram ,  Ramana Rao Kompella ,  Divjyot Sethi ,  Sundar Iyer

IPC: G06F15/177 ,  H04L12/24 ,  H04L12/70 ,  H04L12/721 ,  H04L12/743

Abstract: Systems, methods, and computer-readable media for assurance of quality-of-service configurations in a network. In some examples, a system obtains a logical model of a software-defined network, the logical model including rules specified for the software-defined network, the logical model being based on a schema defining manageable objects and object properties for the software-defined network. The system also obtains, for each node in the software-defined network, a respective hardware model, the respective hardware model including rules rendered at the node based on a respective node-specific representation of the logical model. Based on the logical model and the respective hardware model, the system can perform an equivalency check between the rules in the logical model and the rules in the respective hardware model to determine whether the logical model and the respective hardware model contain configuration inconsistencies.

公开(公告)号：US10581694B2

公开(公告)日：2020-03-03

申请号：US15693174

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Kartik Mohanram

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media for generating counterexamples for equivalence failures between models of network intents. A listing of conflict rules corresponding to an equivalence failure between at least first and seconds model of networks intents describing the operation and communication of network devices in a network is obtained. A logical exclusive disjunction between first conflict rules from the first model and corresponding second conflict rules from the second model is calculated. One or more counterexamples corresponding to the equivalence failure are generated based at least in part on the logical exclusive disjunction, such that a given counterexample comprises network and packet conditions that cause the first conflict rules to trigger a first action and cause the second conflict rules to trigger a second action that is different from the first action. Hot fields that are more likely to be associated with the equivalence failure are identified in the counterexample.

公开(公告)号：US10560328B2

公开(公告)日：2020-02-11

申请号：US15663598

申请日：2017-07-28

Applicant: Cisco Technology, Inc.

Inventor： Kartik Mohanram ,  Chandra Nagarajan ,  Sundar Iyer ,  Shadab Nazar ,  Ramana Rao Kompella

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media for static network policy analysis for a network. In one example, a system obtains a logical model based on configuration data stored in a controller on a software-defined network, the logical model including a declarative representation of respective configurations of objects in the software-defined network, the objects including one or more endpoint groups, bridge domains, contexts, or tenants. The system defines rules representing respective conditions of the objects according to a specification corresponding to the software-defined network, and determines whether the respective configuration of each of the objects in the logical model violates one or more of the rules associated with that object. When the respective configuration of an object in the logical model violates one or more of the rules, the system detects an error in the respective configuration associated with that object.