Static network policy analysis for networks

Assignee

• Cisco Technology, Inc. · US

Inventors

• Kartik Mohanram · Pittsburgh, US
• Chandra Nagarajan · Fremont, US
• Sundar Iyer · Palo Alto, US
• Shadab Nazar · Fremont, US
• Ramana Rao Kompella · Cupertino, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L43/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems, methods, and computer-readable media for static network policy analysis for a network. In one example, a system obtains a logical model based on configuration data stored in a controller on a software-defined network, the logical model including a declarative representation of respective configurations of objects in the software-defined network, the objects including one or more endpoint groups, bridge domains, contexts, or tenants. The system defines rules representing respective conditions of the objects according to a specification corresponding to the software-defined network, and determines whether the respective configuration of each of the objects in the logical model violates one or more of the rules associated with that object. When the respective configuration of an object in the logical model violates one or more of the rules, the system detects an error in the respective configuration associated with that object.