公开(公告)号：US20200099589A1

公开(公告)日：2020-03-26

申请号：US16698387

申请日：2019-11-27

Applicant: Cisco Technology, Inc.

Inventor： Divjyot Sethi ,  Chandra Nagarajan ,  Ramana Rao Kompella ,  Gaurav Gupta ,  Sundar Iyer

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media for discovering a network's topology and health. In some examples, a system can obtain, from at least one of a plurality of controllers on a network, a logical model of the network, the logical model including configurations of one or more objects defined for the network. Based on the logical model, the system can identify a respective location of the plurality of controllers in the network and a plurality of nodes in a fabric of the network. Based on the respective location of the plurality of controllers and plurality of nodes, the system can poll the plurality of controllers and plurality of nodes for respective status information, and determine a health and topology of the network based on the logical model, the respective location, and respective status information.

公开(公告)号：US20200004742A1

公开(公告)日：2020-01-02

申请号：US16225831

申请日：2018-12-19

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Divjyot Sethi ,  Sanchay Harneja ,  Dhruv Hemchand Jain ,  Chien-Ju Lo

IPC: G06F16/248 ,  G06F16/26 ,  G06F16/28 ,  G06F16/22 ,  H04L29/06 ,  G06F9/455

Abstract: Systems, methods, and computer-readable media for identifying and categorizing changes in epoch policies between a first epoch and a second epoch. Epoch network policy data for a first epoch and a second epoch is retrieved. The retrieved epoch network policy data is used to generate hierarchically structured documents to perform epoch network policy comparisons. Epoch diffs products from the epoch network policy comparisons are provided to a user through a searchable aggregated interface.

公开(公告)号：US20180351791A1

公开(公告)日：2018-12-06

申请号：US15663233

申请日：2017-07-28

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Kartik Mohanram ,  Sundar Iyer ,  Ramana Rao Kompella

IPC: H04L12/24 ,  H04L12/46 ,  H04L29/06

CPC classification number: H04L41/08 ,  H04L12/4641 ,  H04L41/0873 ,  H04L41/0893 ,  H04L63/101 ,  H04L63/20

Abstract: Systems, methods, and computer-readable media for performing network assurance in a traditional network. In some examples, a system can collect respective sets of configurations programmed at network devices in a network and, based on the respective sets of configurations, determine a network-wide configuration of the network, the network-wide configuration including virtual local area networks (VLANs), access control lists (ACLs) associated with the VLANs, subnets, and/or a topology. Based on the network-wide configuration of the network, the system can compare the ACLs for each of the VLANs to yield a VLAN consistency check, compare respective configurations of the subnets to yield a subnet consistency check, and perform a topology consistency check based on the topology. Based on the VLAN consistency check, the subnet consistency check, and the topology consistency check, the system can determine whether the respective sets of configurations programmed at the network devices contain a configuration error.

公开(公告)号：US20180309640A1

公开(公告)日：2018-10-25

申请号：US15693299

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Kartik Mohanram ,  Ramana Rao Kompella ,  Divjyot Sethi ,  Sundar Iyer

IPC: H04L12/24

Abstract: Systems, methods, and computer-readable media for assurance of quality-of-service configurations in a network. In some examples, a system obtains a logical model of a software-defined network, the logical model including rules specified for the software-defined network, the logical model being based on a schema defining manageable objects and object properties for the software-defined network. The system also obtains, for each node in the software-defined network, a respective hardware model, the respective hardware model including rules rendered at the node based on a respective node-specific representation of the logical model. Based on the logical model and the respective hardware model, the system can perform an equivalency check between the rules in the logical model and the rules in the respective hardware model to determine whether the logical model and the respective hardware model contain configuration inconsistencies.

公开(公告)号：US11824728B2

公开(公告)日：2023-11-21

申请号：US17112854

申请日：2020-12-04

Applicant: Cisco Technology, Inc.

Inventor： Divjyot Sethi ,  Chandra Nagarajan ,  Advait Dixit ,  John Thomas Monk ,  Gabriel Cheukbun Ng ,  Ramana Rao Kompella ,  Sundar Iyer

IPC: H04L41/14 ,  H04W24/04 ,  H04W24/06 ,  H04L41/5019 ,  H04L43/50 ,  G06F9/455 ,  H04L43/55

CPC classification number: H04L41/145 ,  H04L41/5019 ,  H04W24/04 ,  H04W24/06 ,  G06F9/45533 ,  H04L43/50 ,  H04L43/55

Abstract: Systems, methods, and computer-readable media for emulating a state of a network environment for purposes of re-executing a network assurance appliance in the emulated state of the network environment. In some embodiments, a method can include receiving snapshot data for a network environment corresponding to a specific time in the network environment and including network events occurring in the network environment generated by a network assurance appliance. A state of the network environment at the specific time can be emulated using the snapshot data to create an emulated state of the network environment. Subsequently, the network assurance appliance can be re-executed in the emulated state of the network environment corresponding to the specific time and the network assurance appliance can be debugged outside of the network environment based on re-execution of the network assurance appliance in the emulated state of the network environment.

公开(公告)号：US11563645B2

公开(公告)日：2023-01-24

申请号：US17153831

申请日：2021-01-20

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Ramana Rao Kompella ,  Kartik Mohanram ,  Sundar Iyer ,  Shadab Nazar ,  Chandra Nagarajan

IPC: G06F15/173 ,  H04L41/16 ,  H04L41/14 ,  H04L41/5022 ,  H04L41/5054 ,  H04L41/0631 ,  H04L41/0866 ,  H04L41/142 ,  H04L41/147 ,  H04L41/12 ,  H04L41/0893

Abstract: Systems, methods, and computer-readable media for receiving one or more models of network intents, comprising a plurality of contracts between providers and consumers, each contract containing entries with priority values. Each contract is flattened into a listing of rules and a new priority value is calculated. The listing of rules encodes the implementation of the contract between the providers and the consumers. Each entry is iterated over and added to a listing of entries if it is not already present. For each rule, the one or more entries associated with the contract from which the rule was flattened are identified, and for each given entry a flat rule comprising the combination of the rule and the entry is generated, wherein a flattened priority is calculated based at least in part on the priority value of the given one of given entry and the priority value of the rule.

公开(公告)号：US11283680B2

公开(公告)日：2022-03-22

申请号：US15661889

申请日：2017-07-27

Applicant: Cisco Technology, Inc.

Inventor： Ramana Rao Kompella ,  Chandra Nagarajan ,  John Thomas Monk ,  Purna Mani Kumar Ghantasala

IPC: H04L12/24 ,  H04L41/0853 ,  H04L41/0893 ,  H04L41/14 ,  H04L41/0813 ,  H04L45/745 ,  H04L41/12 ,  H04L49/1515 ,  H04L45/64 ,  H04L47/2441 ,  H04L49/10

Abstract: Systems, methods, and computer-readable media analyzing memory usage in a network node. A network assurance appliance may be configured to determine a hit count for a concrete level rule implemented on a node and identify one or more components of a logical model, wherein each of the one or more components are associated with the concrete level rule. The network assurance appliance may attribute the hit count for the concrete level rule to each of the components of the logical model, determine a number of hardware level entries associated with the each of the one or more components, and generate a report comprising the one or more components of the logical model, the hit count attributed to each of the one or more components of the logical model, and the number of hardware level entries associated with the one or more components of the logical model.

公开(公告)号：US11178009B2

公开(公告)日：2021-11-16

申请号：US16786349

申请日：2020-02-10

Applicant: Cisco Technology, Inc.

Inventor： Kartik Mohanram ,  Chandra Nagarajan ,  Sundar Iyer ,  Shadab Nazar ,  Ramana Rao Kompella

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media for static network policy analysis for a network. In one example, a system obtains a logical model based on configuration data stored in a controller on a software-defined network, the logical model including a declarative representation of respective configurations of objects in the software-defined network, the objects including one or more endpoint groups, bridge domains, contexts, or tenants. The system defines rules representing respective conditions of the objects according to a specification corresponding to the software-defined network, and determines whether the respective configuration of each of the objects in the logical model violates one or more of the rules associated with that object. When the respective configuration of an object in the logical model violates one or more of the rules, the system detects an error in the respective configuration associated with that object.

公开(公告)号：US11019027B2

公开(公告)日：2021-05-25

申请号：US16171771

申请日：2018-10-26

Applicant: Cisco Technology, Inc.

Inventor： Vivek Balamurugan ,  Chandra Nagarajan ,  Divjyot Sethi ,  Chaitanya Velpula ,  Manvesh Vyas ,  Ramana Rao Kompella ,  Pradhap Muthuraman

IPC: H04L29/12 ,  H04L12/715 ,  H04L12/743 ,  H04L12/24 ,  H04L12/46 ,  H04L29/06 ,  G06F9/455

Abstract: Systems, methods, and computer-readable media relate to providing a network management service. A system is configured to request first network information from a first component of a network using a public IP address for the first component, wherein the first network information includes private IP addresses for a second component in the network and translate, based on a mapping information for a private IP address space to a public IP address space, the private IP address for a second component to a public IP address for the second component. The system is further configured to request second network information from the second component using the public IP address and provide a network management service for the network based on the second network information.

公开(公告)号：US20210092023A1

公开(公告)日：2021-03-25

申请号：US17112854

申请日：2020-12-04

Applicant: Cisco Technology, Inc.

Inventor： Divjyot Sethi ,  Chandra Nagarajan ,  Advait Dixit ,  John Thomas Monk ,  Gabriel Cheukbun Ng ,  Ramana Rao Kompella ,  Sundar Iyer

IPC: H04L12/24 ,  H04W24/04 ,  H04W24/06

Abstract: Systems, methods, and computer-readable media for emulating a state of a network environment for purposes of re-executing a network assurance appliance in the emulated state of the network environment. In some embodiments, a method can include receiving snapshot data for a network environment corresponding to a specific time in the network environment and including network events occurring in the network environment generated by a network assurance appliance. A state of the network environment at the specific time can be emulated using the snapshot data to create an emulated state of the network environment. Subsequently, the network assurance appliance can be re-executed in the emulated state of the network environment corresponding to the specific time and the network assurance appliance can be debugged outside of the network environment based on re-execution of the network assurance appliance in the emulated state of the network environment.