公开(公告)号：US20210021457A1

公开(公告)日：2021-01-21

申请号：US17039688

申请日：2020-09-30

Applicant: Cisco Technology, Inc.

Inventor： Praveen Tammana ,  Chandra Nagarajan ,  Pavan Mamillapalli ,  Ramana Rao Kompella

IPC: H04L12/24

Abstract: Systems, methods, and computer-readable media for localizing faults in a network policy are disclosed. In some examples, a system or method can obtain TCAM rules across a network and use the TCAM rules to perform an equivalency check between the logical model and the hardware model of the network policy. One or more risk models are annotated with output from the equivalency check and the risk models are used to identify a set of policy objects of the network policy that are likely responsible for the faults. The identified set of policy objects are correlated with various logs of the network. Based on the correlation, specific policy objects of the set of policy objects that are associated with physical-level causes of the fault.

公开(公告)号：US10826788B2

公开(公告)日：2020-11-03

申请号：US15693299

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Kartik Mohanram ,  Ramana Rao Kompella ,  Divjyot Sethi ,  Sundar Iyer

IPC: G06F15/177 ,  H04L12/24 ,  H04L12/70 ,  H04L12/721 ,  H04L12/743

Abstract: Systems, methods, and computer-readable media for assurance of quality-of-service configurations in a network. In some examples, a system obtains a logical model of a software-defined network, the logical model including rules specified for the software-defined network, the logical model being based on a schema defining manageable objects and object properties for the software-defined network. The system also obtains, for each node in the software-defined network, a respective hardware model, the respective hardware model including rules rendered at the node based on a respective node-specific representation of the logical model. Based on the logical model and the respective hardware model, the system can perform an equivalency check between the rules in the logical model and the rules in the respective hardware model to determine whether the logical model and the respective hardware model contain configuration inconsistencies.

公开(公告)号：US10686669B2

公开(公告)日：2020-06-16

申请号：US15663582

申请日：2017-07-28

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Divjyot Sethi ,  Ramana Rao Kompella

IPC: H04L12/24 ,  H04L29/08 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media for collecting node information from a fabric and generating models based on the node information. In some examples, a system can obtain, from one or more controllers in a software-defined network (SDN), a logical model of the SDN, the logical model containing objects configured for the SDN from a hierarchical management information tree (MIT) associated with the SDN and representing configurations of the objects, the hierarchical MIT defining manageable objects and object properties for the SDN, the objects corresponding to the manageable objects. The system can obtain a topological model of a fabric associated with the SDN and, based on the topological model, poll nodes in the fabric for respective configurations at the nodes. Based on the respective configurations, the system can generate a node-specific representation of the logical model, the node-specific representation projecting the logical model on each node.

公开(公告)号：US10560328B2

公开(公告)日：2020-02-11

申请号：US15663598

申请日：2017-07-28

Applicant: Cisco Technology, Inc.

Inventor： Kartik Mohanram ,  Chandra Nagarajan ,  Sundar Iyer ,  Shadab Nazar ,  Ramana Rao Kompella

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media for static network policy analysis for a network. In one example, a system obtains a logical model based on configuration data stored in a controller on a software-defined network, the logical model including a declarative representation of respective configurations of objects in the software-defined network, the objects including one or more endpoint groups, bridge domains, contexts, or tenants. The system defines rules representing respective conditions of the objects according to a specification corresponding to the software-defined network, and determines whether the respective configuration of each of the objects in the logical model violates one or more of the rules associated with that object. When the respective configuration of an object in the logical model violates one or more of the rules, the system detects an error in the respective configuration associated with that object.

公开(公告)号：US10554493B2

公开(公告)日：2020-02-04

申请号：US15661899

申请日：2017-07-27

Applicant: Cisco Technology, Inc.

Inventor： Ramana Rao Kompella ,  Chandra Nagarajan ,  John Thomas Monk ,  Purna Mani Kumar Ghantasala

IPC: H04L12/24

Abstract: Systems, methods, and computer-readable media analyzing memory usage in a network node. A network assurance appliance may be configured to obtain reference concrete level rules for a node in the network, obtain implemented concrete level rules for the node from the node in the network, compare the reference concrete level rules with the implemented concrete level rules, and determining that the implemented concrete level rules are not appropriately configured based on the comparison.

公开(公告)号：US20200036593A1

公开(公告)日：2020-01-30

申请号：US16046798

申请日：2018-07-26

Applicant: Cisco Technology, Inc.

Inventor： Divjyot Sethi ,  Chandra Nagarajan

IPC: H04L12/24

Abstract: Systems, methods, and computer-readable media for determining a deployment model for deploying rules in a network environment in response to deployment of a contract into the network environment. In some embodiments, a method can include deploying a contract into a network environment. One or more candidate deployment configuration variables can be selected and policy configurations for deploying rules in the network environment as part of implementing policies using the contract can be determined based on the one or more candidate deployment configuration variables. Rule configuration states corresponding to the policy configuration states in the network environment can be identified based on deployment of the one or more contracts in the network environment. Subsequently, a deployment model for implementing the one or more policies in the network environment can be formed based on the policy configurations and the rule configuration states corresponding to the policy configurations.

公开(公告)号：US20190222485A1

公开(公告)日：2019-07-18

申请号：US15873204

申请日：2018-01-17

Applicant: Cisco Technology, Inc.

Inventor： Divjyot Sethi ,  Chandra Nagarajan ,  Advait Dixit ,  John Thomas Monk ,  Gabriel Cheukbun Ng ,  Ramana Rao Kompella ,  Sundar Iyer

IPC: H04L12/24 ,  H04L12/26 ,  H04W24/06 ,  H04W24/04

CPC classification number: H04L41/145 ,  G06F9/45533 ,  H04L43/50 ,  H04W24/04 ,  H04W24/06

Abstract: Systems, methods, and computer-readable media for emulating a state of a network environment for purposes of re-executing a network assurance appliance in the emulated state of the network environment. In some embodiments, a method can include receiving snapshot data for a network environment corresponding to a specific time in the network environment and including network events occurring in the network environment generated by a network assurance appliance. A state of the network environment at the specific time can be emulated using the snapshot data to create an emulated state of the network environment. Subsequently, the network assurance appliance can be re-executed in the emulated state of the network environment corresponding to the specific time and the network assurance appliance can be debugged outside of the network environment based on re-execution of the network assurance appliance in the emulated state of the network environment.

公开(公告)号：US20180367417A1

公开(公告)日：2018-12-20

申请号：US15693280

申请日：2017-08-31

Applicant: Cisco Technology, Inc.

Inventor： Advait Dixit ,  Ramana Rao Kompella ,  Kartik Mohanram ,  Sundar Iyer ,  Shadab Nazar ,  Chandra Nagarajan

IPC: H04L12/24

Abstract: Systems, methods, and computer-readable media for receiving one or more models of network intents, comprising a plurality of contracts between providers and consumers, each contract containing entries with priority values. Each contract is flattened into a listing of rules and a new priority value is calculated. The listing of rules encodes the implementation of the contract between the providers and the consumers. Each entry is iterated over and added to a listing of entries if it is not already present. For each rule, the one or more entries associated with the contract from which the rule was flattened are identified, and for each given entry a flat rule comprising the combination of the rule and the entry is generated, wherein a flattened priority is calculated based at least in part on the priority value of the given one of given entry and the priority value of the rule.

公开(公告)号：US20180351821A1

公开(公告)日：2018-12-06

申请号：US15786425

申请日：2017-10-17

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Advait Dixit

IPC: H04L12/24

CPC classification number: H04L41/0823 ,  H04L41/0233 ,  H04L41/0853 ,  H04L41/0873 ,  H04L41/145

Abstract: Systems, methods, and computer-readable media for generating a network-wide logical model of a network. In some examples, a system obtains, from a plurality of controllers in a network, respective logical model segments associated with the network, each of the respective logical model segments including configurations at a respective one of the plurality of controllers for the network, the respective logical model segments being based on a schema defining manageable objects and object properties for the network. The system determines whether the plurality of controllers are in quorum and, when the plurality of controllers are in quorum, combines the respective logical model segments associated with the network to yield a network-wide logical model of the network, the network-wide logical model including configurations across the plurality of controllers for the network.

公开(公告)号：US20180351820A1

公开(公告)日：2018-12-06

申请号：US15786411

申请日：2017-10-17

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Advait Dixit

IPC: H04L12/24 ,  H04L12/715

Abstract: Systems, methods, and computer-readable media for generating switch-level logical models of a network. In some examples, a system can obtain a logical model of a network, such as software-defined network (SDN). The logical model can represent a configuration of objects and object properties defined based on a schema associated with the network. Based on the logical model, the system can generate a rendered logical model of the network and, based on the rendered logical model, generate, for one or more network devices in the network, a respective device-specific representation of the logical model. The respective device-specific representation can project the logical model to a respective network device, such as a switch in the fabric of the network.