公开(公告)号：US20210092023A1

公开(公告)日：2021-03-25

申请号：US17112854

申请日：2020-12-04

Applicant: Cisco Technology, Inc.

Inventor： Divjyot Sethi ,  Chandra Nagarajan ,  Advait Dixit ,  John Thomas Monk ,  Gabriel Cheukbun Ng ,  Ramana Rao Kompella ,  Sundar Iyer

IPC: H04L12/24 ,  H04W24/04 ,  H04W24/06

Abstract: Systems, methods, and computer-readable media for emulating a state of a network environment for purposes of re-executing a network assurance appliance in the emulated state of the network environment. In some embodiments, a method can include receiving snapshot data for a network environment corresponding to a specific time in the network environment and including network events occurring in the network environment generated by a network assurance appliance. A state of the network environment at the specific time can be emulated using the snapshot data to create an emulated state of the network environment. Subsequently, the network assurance appliance can be re-executed in the emulated state of the network environment corresponding to the specific time and the network assurance appliance can be debugged outside of the network environment based on re-execution of the network assurance appliance in the emulated state of the network environment.

公开(公告)号：US20200186426A1

公开(公告)日：2020-06-11

申请号：US16786349

申请日：2020-02-10

Applicant: Cisco Technology, Inc.

Inventor： Kartik Mohanram ,  Chandra Nagarajan ,  Sundar Iyer ,  Shadab Nazar ,  Ramana Rao Kompella

IPC: H04L12/24 ,  H04L12/26

Abstract: Systems, methods, and computer-readable media for static network policy analysis for a network. In one example, a system obtains a logical model based on configuration data stored in a controller on a software-defined network, the logical model including a declarative representation of respective configurations of objects in the software-defined network, the objects including one or more endpoint groups, bridge domains, contexts, or tenants. The system defines rules representing respective conditions of the objects according to a specification corresponding to the software-defined network, and determines whether the respective configuration of each of the objects in the logical model violates one or more of the rules associated with that object. When the respective configuration of an object in the logical model violates one or more of the rules, the system detects an error in the respective configuration associated with that object.

公开(公告)号：US10554483B2

公开(公告)日：2020-02-04

申请号：US15663233

申请日：2017-07-28

Applicant: Cisco Technology, Inc.

Inventor： Chandra Nagarajan ,  Kartik Mohanram ,  Sundar Iyer ,  Ramana Rao Kompella

IPC: G06F15/177 ,  H04L12/24 ,  H04L12/46 ,  H04L29/06

Abstract: Systems, methods, and computer-readable media for performing network assurance in a traditional network. In some examples, a system can collect respective sets of configurations programmed at network devices in a network and, based on the respective sets of configurations, determine a network-wide configuration of the network, the network-wide configuration including virtual local area networks (VLANs), access control lists (ACLs) associated with the VLANs, subnets, and/or a topology. Based on the network-wide configuration of the network, the system can compare the ACLs for each of the VLANs to yield a VLAN consistency check, compare respective configurations of the subnets to yield a subnet consistency check, and perform a topology consistency check based on the topology. Based on the VLAN consistency check, the subnet consistency check, and the topology consistency check, the system can determine whether the respective sets of configurations programmed at the network devices contain a configuration error.