公开(公告)号：US20210021471A1

公开(公告)日：2021-01-21

申请号：US16511732

申请日：2019-07-15

Applicant: Microsoft Technology Licensing, LLC

Inventor： Karthick JAYARAMAN ,  Parag SHARMA ,  Ashish BHARGAVA ,  Ryan BECKETT

IPC: H04L12/24 ,  H04L12/46 ,  G06F9/455 ,  G06F9/451 ,  H04L29/06

Abstract: Examples described herein generally relate to determining a current network state of the set of virtual networks, detecting, based at least in part on obtaining at least a portion of a high-level virtual network policy, an indicated change to the current network state, compiling, based on detecting the indicated change, at least a portion of the high-level virtual network policy to generate a set of low-level intermediate representation instructions to implement the indicated change to the high-level virtual network policy, and applying the set of low-level intermediate representation instructions in a network configuration for managing the set of virtual networks.

公开(公告)号：US20230300053A1

公开(公告)日：2023-09-21

申请号：US18017654

申请日：2021-04-30

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ryan Andrew BECKETT ,  Karthick JAYARAMAN ,  Neha Milind RAJE ,  Jitendra PADHYE ,  Christopher Scott JOHNSTON ,  Steven Jeffrey BENALOH ,  Nikolaj BJORNER ,  Andrey Aleksandrovic RYBALCHENKO ,  Nuno CERQUEIRA AFONSO ,  Nuno CLAUDINO PEREIRA LOPES ,  Sharad AGARWAL ,  Hang Kwong LEE ,  Aniruddha PARKHI ,  Maik RIECHERT

IPC: H04L43/50 ,  H04L43/06 ,  H04L41/14

CPC classification number: H04L43/50 ,  H04L43/06 ,  H04L41/145

Abstract: A network verification system uses general-purpose programming language to create network verification tests. A test orchestrator builds a model of the network only using data from the network verification test. An optimization testing manager creates symbolic packets for verification tests using assertions based on a packet library embedded into the testing manager and the general-purpose programming language.

公开(公告)号：US20240015072A1

公开(公告)日：2024-01-11

申请号：US18370824

申请日：2023-09-20

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Karthick JAYARAMAN ,  Ryan Andrew BECKETT ,  Nikolaj Skallerud BJORNER

IPC: H04L41/0895 ,  H04L41/0894

CPC classification number: H04L41/0895 ,  H04L41/0894

Abstract: Techniques of network configuration verification are disclosed herein. One example process includes, upon receiving a query to determine whether a packet from a first endpoint is reachable to a second endpoint in a virtual network, identifying a network path between the first endpoint to the second endpoint in a network graph. The network graph has nodes representing corresponding enforcement points of network policies in the virtual network and edges connecting pairs of the nodes. The example process can also include generating compound function representing conjoined individual constraints of the network policies at each of the nodes in the network graph along the identified network path, compiling the generated compound function into a Boolean formula, and solving the compiled Boolean formula to determine whether an assignment of values to packet fields of the packet exists such that all the conjoined individual constraints of the compound function can be satisfied.

公开(公告)号：US20230231806A1

公开(公告)日：2023-07-20

申请号：US18191573

申请日：2023-03-28

Applicant: Microsoft Technology Licensing, LLC

Inventor： Jitendra PADHYE ,  Karthick JAYARAMAN ,  Wei BAI ,  Rachee SINGH ,  Ryan Andrew BECKETT ,  Sarah Elisabeth MCCLURE ,  Neha Milind RAJE ,  Steven Jeffrey BENALOH ,  Christopher Scott JOHNSTON

IPC: H04L45/586 ,  H04L45/02 ,  H04L45/64

CPC classification number: H04L45/586 ,  H04L45/02 ,  H04L45/64

Abstract: Ghost routing is a network verification technique that uses a portion of a production network itself to verify the impact of potential network changes. Ghost routing logically partitions the production network into a main network and a ghost network. The main network handles live traffic while the ghost network handles traffic generated for diagnostic purposes. The ghost network may have a network topology identical to the production network and may use the same hardware and software as the production network. An operator may implement a network configuration change on the ghost network and then use verification tools to verify that the network configuration change on the ghost network does not result in bugs. Verifying on the ghost network may not affect the main network. If the network operator verifies the network configuration change on the ghost network, the network operator may implement the network configuration change on the main network.

公开(公告)号：US20220124031A1

公开(公告)日：2022-04-21

申请号：US17072147

申请日：2020-10-16

Applicant: Microsoft Technology Licensing, LLC

Inventor： Jitendra PADHYE ,  Karthick JAYARAMAN ,  Wei BAI ,  Rachee SINGH ,  Ryan Andrew BECKETT ,  Sarah Elisabeth MCCLURE ,  Neha Milind RAJE ,  Steven Jeffrey BENALOH ,  Christopher Scott JOHNSTON

IPC: H04L12/713 ,  H04L12/751 ,  H04L12/715

Abstract: Ghost routing is a network verification technique that uses a portion of a production network itself to verify the impact of potential network changes. Ghost routing logically partitions the production network into a main network and a ghost network. The main network handles live traffic while the ghost network handles traffic generated for diagnostic purposes. The ghost network may have a network topology identical to the production network and may use the same hardware and software as the production network. An operator may implement a network configuration change on the ghost network and then use verification tools to verify that the network configuration change on the ghost network does not result in bugs. Verifying on the ghost network may not affect the main network. If the network operator verifies the network configuration change on the ghost network, the network operator may implement the network configuration change on the main network.

公开(公告)号：US20250141777A1

公开(公告)日：2025-05-01

申请号：US19011331

申请日：2025-01-06

Applicant: Microsoft Technology Licensing, LLC

Inventor： Jitendra PADHYE ,  Karthick JAYARAMAN ,  Wei BAI ,  Rachee SINGH ,  Ryan Andrew BECKETT ,  Sarah Elisabeth MCCLURE ,  Neha Milind RAJE ,  Steven Jeffrey BENALOH ,  Christopher Scott JOHNSTON

IPC: H04L43/50 ,  H04L45/02 ,  H04L45/586 ,  H04L45/64

Abstract: Ghost routing is a network verification technique that uses a portion of a production network itself to verify the impact of potential network changes. Ghost routing logically partitions the production network into a main network and a ghost network. The main network handles live traffic while the ghost network handles traffic generated for diagnostic purposes. The ghost network may have a network topology identical to the production network and may use the same hardware and software as the production network. An operator may implement a network configuration change on the ghost network and then use verification tools to verify that the network configuration change on the ghost network does not result in bugs. Verifying on the ghost network may not affect the main network. If the network operator verifies the network configuration change on the ghost network, the network operator may implement the network configuration change on the main network.

公开(公告)号：US20230134981A1

公开(公告)日：2023-05-04

申请号：US17978081

申请日：2022-10-31

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Karthick JAYARAMAN ,  Ryan Andrew BECKETT ,  Nikolaj Skallerud BJORNER

IPC: H04L41/12 ,  H04L41/0893 ,  H04L41/0853

Abstract: Techniques of network configuration verification are disclosed herein. One example process includes, upon receiving a query to determine whether a packet from a first endpoint is reachable to a second endpoint in a virtual network, identifying a network path between the first endpoint to the second endpoint in a network graph. The network graph has nodes representing corresponding enforcement points of network policies in the virtual network and edges connecting pairs of the nodes. The example process can also include generating compound function representing conjoined individual constraints of the network policies at each of the nodes in the network graph along the identified network path, compiling the generated compound function into a Boolean formula, and solving the compiled Boolean formula to determine whether an assignment of values to packet fields of the packet exists such that all the conjoined individual constraints of the compound function can be satisfied.

公开(公告)号：US20180176094A1

公开(公告)日：2018-06-21

申请号：US15898517

申请日：2018-02-17

Applicant: Microsoft Technology Licensing, LLC

Inventor： Nikolaj Skallerud BJORNER ,  Karthick JAYARAMAN ,  Geoffrey Hugh OUTHRED

IPC: H04L12/24 ,  H04L12/741 ,  H04L12/751 ,  H04L12/703

CPC classification number: H04L41/12 ,  H04L41/0873 ,  H04L45/02 ,  H04L45/28 ,  H04L45/745

Abstract: A system performed by a computing device for validating routing tables of routing devices is provided. The routing tables map destination addresses to a next hops of the routing device. The system accesses one or more contracts that specify the desired behavior of a routing table of a routing device by specifying destination addresses and permissible next hops. For each routing device, the system generates a violation predicate for each contract that is applicable to the routing device. When a violation predicate is evaluated for a target destination address and a target next hop of the routing device, the violation predicate indicates whether the routing table violates the contract. The system then solves the violation predicates for all possible combinations of a target destination address and target next hops to determine whether any routing table violates the desired behavior of its routing device as specified by a contract.