Validation of L3OUT configuration for communications outside a network

US 10,333,787 B2
Filed: 07/28/2017
Issued: 06/25/2019
Est. Priority Date: 06/19/2017
Status: Active Grant

First Claim

Patent Images

1. A system for performing a network assurance check of proper deployment of a configuration in a fabric, comprising:

at least one memory configured to store data; and

at least one processor operable to execute instructions associated with the data, which when executed by the at least one processor, causes the processor to;

receive, from a controller, a global logical model in a first format, the global logical model containing instructions on how endpoints connected to a network fabric communicate within the fabric;

receive, from one or more network devices within the fabric, a software model being at least a subset of instructions from the global logical model in a second format executable on the one or more network devices, the subset of instructions being instructions from the global logical model that are specific to operability of the one or more network devices;

create a local logical model in the first format, the local logical model being at least a portion of the received global logical model that is specific to operability of the one or more network devices;

convert at least a portion of Layer 3 out (L3out) content of the created local logical model and/or at least a portion of L3out content of the received software model into a common format; and

compare content of at least some L3out overlapping fields from the common format of the created local logical model and the common format of the received software model;

wherein a positive outcome of the comparison at least partially represents that the internal subnet has been properly leaked outside of the fabric.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems, methods, and computer-readable media for assuring tenant forwarding in a network environment. Network assurance can be determined in layer 1, layer 2 and layer 3 of the networked environment including, internal-internal (e.g., inter-fabric) forwarding and internal-external (e.g., outside the fabric) forwarding in the networked environment. The network assurance can be performed using logical configurations, software configurations and/or hardware configurations.

Citations

20 Claims

1. A system for performing a network assurance check of proper deployment of a configuration in a fabric, comprising:
- at least one memory configured to store data; and
  
  at least one processor operable to execute instructions associated with the data, which when executed by the at least one processor, causes the processor to;
  
  receive, from a controller, a global logical model in a first format, the global logical model containing instructions on how endpoints connected to a network fabric communicate within the fabric;
  
  receive, from one or more network devices within the fabric, a software model being at least a subset of instructions from the global logical model in a second format executable on the one or more network devices, the subset of instructions being instructions from the global logical model that are specific to operability of the one or more network devices;
  
  create a local logical model in the first format, the local logical model being at least a portion of the received global logical model that is specific to operability of the one or more network devices;
  
  convert at least a portion of Layer 3 out (L3out) content of the created local logical model and/or at least a portion of L3out content of the received software model into a common format; and
  
  compare content of at least some L3out overlapping fields from the common format of the created local logical model and the common format of the received software model;
  
  wherein a positive outcome of the comparison at least partially represents that the internal subnet has been properly leaked outside of the fabric.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the at least some L3out overlapping fields subject to the comparison includes network device, port and network to thereby at least partially validate that an L3out interface has been properly deployed.
  - 3. The system of claim 1, wherein the at least some L3out overlapping fields subject to the comparison includes network devices to thereby at least partially validate that an L3out loopback has been properly deployed.
  - 4. The system of claim 1, wherein the at least some L3out overlapping fields subject to the comparison includes network device, and next hop to thereby at least partially validate that L3out static routes has been properly deployed.
  - 5. The system of claim 1, wherein the at least some L3out overlapping fields subject to the comparison includes fields to thereby at least partially validate that endpoint groups has been properly deployed.
  - 6. The system of claim 1, wherein the system further comprises instructions, which when executed by the at least one processor, causes the at least one processor to validate each leaked internal subnet in the longest prefix match (LPM) table of the software model has a next hop that identifies which border network device leaked the internal subnet, wherein a positive outcome of the validating at least partially represents that the internal subnet has been properly leaked outside of the fabric.
  - 7. The system of claim 1, wherein the network device is a border network device that leaked the internal subnet to the network device, and the memory further comprises instructions, which when executed by the at least one processor, causes the at least one processor validate that an LPM table of the border network device has a next hop for the leaked internal subnet that identifies the network device, wherein a positive outcome of the validating at least partially represents that the internal subnet has been properly leaked outside of the fabric.

8. A method for performing a network assurance check of lack of overlapping subnets deployed in a fabric, comprising:
- receiving from a controller, a global logical model in a first format, the global logical model containing instructions on how endpoints connected to a network fabric communicate within the fabric;
  
  receiving from one or more network devices within the fabric, a software model being at least a subset of instructions from the global logical model in a second format executable on the one or more network devices, the subset of instructions being instructions from the global logical model that are specific to operability of the one or more network devices;
  
  creating a local logical model in the first format, the local logical model being at least a portion of the received global logical model that is specific to operability of the one or more of the network devices;
  
  converting at least a portion of Layer 3 out (L3out) content of the created local logical model and/or at least a portion of L3out content of the received software model into a common format; and
  
  comparing content of at least some L3out overlapping fields from the common format of the created local logical model and the common format of the received software model;
  
  wherein a positive outcome of the comparing at least partially represents that the internal subnet has been properly leaked outside of the fabric.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the at least some L3out overlapping fields subject to the comparing includes network device, port and network to thereby at least partially validate that L3out interface has been properly deployed.
  - 10. The method of claim 8, wherein the at least some L3out overlapping fields subject to the comparing includes network devices to thereby at least partially validate that L3out loopback has been properly deployed.
  - 11. The method of claim 8, wherein the at least some L3out overlapping fields subject to the comparing includes network device and next hop to thereby at least partially validate that L3out static routes has been properly deployed.
  - 12. The method of claim 8, wherein the at least some L3out overlapping fields subject to the comparing includes fields that at least partially validate that endpoint groups has been properly deployed.
  - 13. The method of claim 8, wherein the system further comprises that the system is programmed for validating that each leaked internal subnet in the LPM table of the software model has a next hop that identifies which border network device leaked the internal subnet, wherein a positive outcome of the validating at least partially represents that the internal subnet has been properly leaked outside of the fabric.
  - 14. The method of claim 8, wherein the one or more network devices is a border network device that leaked the internal subnet to the network device, and the memory further comprises that the system is programmed for validating that an LPM table of the border network device has a next hop for the leaked internal subnet that identifies the network device, wherein a positive outcome of the validating at least partially represents that the internal subnet has been properly leaked outside of the fabric.

15. At least one non-transitory computer readable medium in non-transitory media that includes code for performing a network assurance check of lack of overlapping subnets deployed in a fabric, and when executed by a processor is operable to perform operations comprising:
- receive, from a controller, a global logical model in a first format, the global logical model containing instructions on how endpoints connected to a network fabric communicate within the fabric;
  
  receive, from one or more network devices within the fabric, a software model being at least a subset of instructions from the global logical model in a second format executable on the one or more network devices, the subset of instructions being instructions from the global logical model that are specific to operability of the one or more network devices;
  
  create a local logical model in the first format, the local logical model being at least a portion of the received global logical model that is specific to operability of the network device;
  
  convert at least a portion of Layer 3 out (L3out) content of the created local logical model and/or at least a portion of L3out content of the received software model into a common format; and
  
  compare content of at least some L3out overlapping fields from the common format of the created local logical model and the common format of the received software model;
  
  wherein a positive outcome of the comparison at least partially represents that the internal subnet has been properly leaked outside of the fabric.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The at least one non-transitory computer readable medium of claim 15, wherein the at least some L3out overlapping fields subject to the comparison includes network device, port and network to thereby at least partially validate that an L3out interface has been properly deployed.
  - 17. The at least one non-transitory computer readable medium of claim 15, wherein the at least some L3out overlapping fields subject to the comparison includes network devices to thereby at least partially validate that an L3out loopback has been properly deployed.
  - 18. The at least one non-transitory computer readable medium of claim 15, wherein the at least some L3out overlapping fields subject to the comparison includes network device and next hop to thereby at least partially validate that L3out static routes has been properly deployed.
  - 19. The at least one non-transitory computer readable medium of claim 15, wherein the at least some L3out overlapping fields subject to the comparing includes fields to thereby at least partially validate that endpoint groups has been properly deployed.
  - 20. The at least one non-transitory computer readable medium of claim 15, wherein the memory further comprises instructions to validate that each leaked internal subnet in the LPM table of the software model has a next hop that identifies which border network device leaked the internal subnet, wherein a positive outcome of the validating at least partially represents that the internal subnet has been properly leaked outside of the fabric.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Harneja, Sanchay, Sundaresan, Sanjay
Primary Examiner(s)
Nguyen, Kim T

Application Number

US15/663,649
Publication Number

US 20180367395A1
Time in Patent Office

697 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/2289   by configuration test

H04L 41/0681   Configuration of triggering...

H04L 41/0866   Checking the configuration

H04L 41/0873   Checking configuration conf...

H04L 41/145   involving simulating, desig...

Validation of L3OUT configuration for communications outside a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Validation of L3OUT configuration for communications outside a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links