公开(公告)号：US10911495B2

公开(公告)日：2021-02-02

申请号：US16217607

申请日：2018-12-12

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Navneet Yadav ,  Navjyoti Sharma ,  Ramana Rao Kompella ,  Kartik Mohanram

IPC: H04L12/26 ,  H04L29/06 ,  H04L29/08 ,  G06F9/50 ,  G06F15/16 ,  G06F16/22 ,  G06F9/455

Abstract: In some examples, a system creates a requirement including EPG selectors representing EPG pairs, a traffic selector, and a communication operator; determines that EPGs in distinct pairs are associated with different network contexts and, for each pair, which network context(s) contains associated policies; creates first data representing the pair, operator, and traffic selector; when only one network context contains the associated policies, creates second data representing a network model portion associated with the only network context and determines whether the first data is contained in the second data to yield a first check; when both network contexts contain the associated policies, also creates third data representing a network model portion associated with a second network context, and determines whether the first data is contained in the second and/or third data to yield a second check; and determines whether policies for the pairs comply with the requirement based on the checks.

公开(公告)号：US20200007584A1

公开(公告)日：2020-01-02

申请号：US16217607

申请日：2018-12-12

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Navneet Yadav ,  Navjyoti Sharma ,  Ramana Rao Kompella ,  Kartik Mohanram

IPC: H04L29/06 ,  G06F16/22 ,  H04L12/26

Abstract: In some examples, a system creates a requirement including EPG selectors representing EPG pairs, a traffic selector, and a communication operator; determines that EPGs in distinct pairs are associated with different network contexts and, for each pair, which network context(s) contains associated policies; creates first data representing the pair, operator, and traffic selector; when only one network context contains the associated policies, creates second data representing a network model portion associated with the only network context and determines whether the first data is contained in the second data to yield a first check; when both network contexts contain the associated policies, also creates third data representing a network model portion associated with a second network context, and determines whether the first data is contained in the second and/or third data to yield a second check; and determines whether policies for the pairs comply with the requirement based on the checks.

公开(公告)号：US20200007582A1

公开(公告)日：2020-01-02

申请号：US16217500

申请日：2018-12-12

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Navneet Yadav ,  Navjyoti Sharma ,  Ramana Rao Kompella ,  Kartik Mohanram

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for configuring and verifying compliance requirements in a network. An example method can include receiving, via a user interface, endpoint group (EPG) inclusion rules defining which EPGs on a network should be included in specific EPG selectors; selecting EPGs that satisfy the EPG inclusion rules for inclusion in the specific EPG selectors; creating the specific EPG selectors based on the selected EPGs; creating a traffic selector including parameters identifying traffic corresponding to the traffic selector; creating a compliance requirement based on a first and second EPG selector from the specific EPG selectors, the traffic selector, and a communication operator defining a communication condition for traffic associated with the first and second EPG selectors and the traffic selector; determining whether policies on the network comply with the compliance requirement; and generating compliance events indicating whether the policies comply with the compliance requirement.