Assurance of security rules in a network

Assignee

• Cisco Technology, Inc. · US

Inventors

• Advait Dixit · Sunnyvale, US
• Navneet Yadav · Cupertino, US
• Navjyoti Sharma · Livermore, US
• Ramana Rao Kompella · Cupertino, US
• Kartik Mohanram · Pittsburgh, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1433
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems, methods, and computer-readable media for assurance of rules in a network. An example method can include creating a compliance requirement including a first endpoint group (EPG) selector, a second EPG selector, a traffic selector, and a communication operator, the first and second EPG selectors representing sets of EPGs and the communication operator defining a communication condition for traffic associated with the first and second EPG selectors and the traffic selector. The method can include creating, for each distinct pair of EPGs, a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector; creating a second respective data structure representing a logical model of the network; determining whether the first respective data structure is contained in the second respective data structure to yield a containment check; and determining whether policies on the network comply with the compliance requirement based on the containment check.