Identifying mismatches between a logical model and node implementation
First Claim
Patent Images
1. A computer-implemented method comprising:
- obtaining reference concrete level rules for a node in a network, comprising;
receiving a global logical model containing instructions on how endpoints connected to the network communicate within the network;
creating the reference concrete level rules from the global logical model, the reference concrete rules being specific to operability of the node;
obtaining, from the node in the network, implemented concrete level rules for the node;
comparing the reference concrete level rules with the implemented concrete level rules; and
determining that the implemented concrete level rules are not appropriately configured based on the comparing;
wherein;
concrete rules are (a) allow rules that define conditions to allow data flow and (b) deny rules that define conditions to deny data flow;
the reference concrete level rules are the correct allow and deny rules of the node; and
the implemented concrete level rules are the actual allow and deny rules being executed by the node.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media analyzing memory usage in a network node. A network assurance appliance may be configured to obtain reference concrete level rules for a node in the network, obtain implemented concrete level rules for the node from the node in the network, compare the reference concrete level rules with the implemented concrete level rules, and determining that the implemented concrete level rules are not appropriately configured based on the comparison.
174 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
obtaining reference concrete level rules for a node in a network, comprising; receiving a global logical model containing instructions on how endpoints connected to the network communicate within the network; creating the reference concrete level rules from the global logical model, the reference concrete rules being specific to operability of the node; obtaining, from the node in the network, implemented concrete level rules for the node; comparing the reference concrete level rules with the implemented concrete level rules; and determining that the implemented concrete level rules are not appropriately configured based on the comparing; wherein; concrete rules are (a) allow rules that define conditions to allow data flow and (b) deny rules that define conditions to deny data flow; the reference concrete level rules are the correct allow and deny rules of the node; and the implemented concrete level rules are the actual allow and deny rules being executed by the node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
one or more processors; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the system to perform operations comprising; obtaining reference concrete level rules for a node in a network, comprising; receiving a global logical model containing instructions on how endpoints connected to the network communicate within the network; creating the reference concrete level rules from the global logical model, the reference concrete rules being specific to operability of the node; obtaining, from the node in the network, implemented concrete level rules for the node; comparing the reference concrete level rules with the implemented concrete level rules; and determining that the implemented concrete level rules are not appropriately configured based on the comparing; wherein; concrete rules are (a) allow rules that define conditions to allow data flow and (b) deny rules that define conditions to deny data flow; the reference concrete level rules are the correct allow and deny rules of the node; and the implemented concrete level rules are the actual allow and deny rules being executed by the node. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium having stored therein instructions which, when executed, cause a system to perform operations comprising:
-
obtaining reference concrete level rules for a node in a network, comprising; receiving a global logical model containing instructions on how endpoints connected to the network communicate within the network; creating the reference concrete level rules from the global logical model, the reference concrete rules being specific to operability of the node; obtaining, from the node in the network, implemented concrete level rules for the node; comparing the reference concrete level rules with the implemented concrete level rules; and determining that the implemented concrete level rules are not appropriately configured based on the comparing; wherein; concrete rules are (a) allow rules that define conditions to allow data flow and (b) deny rules that define conditions to deny data flow; the reference concrete level rules are the correct allow and deny rules of the node; and the implemented concrete level rules are the actual allow and deny rules being executed by the node. - View Dependent Claims (17, 18, 19, 20)
-
Specification