Validation of cross logical groups in a network
First Claim
Patent Images
1. A system for performing a network assurance check of proper deployment of a configuration in a fabric, the system comprising:
- at least one memory configured to store data; and
at least one processor operable to execute instructions associated with the data which, when executed by the at least one processor, cause the at least one processor to;
receive a global logic model, a plurality of software models, and/or a plurality of hardware models, the global logic model including a virtual routing and forwarding instance (VRF), the VRF having under it at least one bridge domain (BD) and at least one associated endpoint group (EPG);
create a plurality of local logical models from the global logical model;
create, for the VRF of the global logical model, a VRF container;
populate the VRF container with a subset, the subset being of the plurality of software models, the plurality of hardware models, and/or the plurality of local logical models, the subset defined by leafs in the fabric on which the VRF is deployed;
determine whether a security contract exists between any of the at least one EPG in the VRF container and an EPG not in the VRF container to yield a determination; and
validate, in response to a positive result of the determination, that one or more subnets of the at least one EPG in the VRF container and the EPG not in the VRF container do not clash.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems, methods, and computer-readable media for assuring tenant forwarding in a network environment. Network assurance can be determined in layer 1, layer 2 and layer 3 of the networked environment including, internal-internal (e.g., inter-fabric) forwarding and internal-external (e.g., outside the fabric) forwarding in the networked environment. The network assurance can be performed using logical configurations, software configurations and/or hardware configurations.
185 Citations
20 Claims
-
1. A system for performing a network assurance check of proper deployment of a configuration in a fabric, the system comprising:
-
at least one memory configured to store data; and at least one processor operable to execute instructions associated with the data which, when executed by the at least one processor, cause the at least one processor to; receive a global logic model, a plurality of software models, and/or a plurality of hardware models, the global logic model including a virtual routing and forwarding instance (VRF), the VRF having under it at least one bridge domain (BD) and at least one associated endpoint group (EPG); create a plurality of local logical models from the global logical model; create, for the VRF of the global logical model, a VRF container; populate the VRF container with a subset, the subset being of the plurality of software models, the plurality of hardware models, and/or the plurality of local logical models, the subset defined by leafs in the fabric on which the VRF is deployed; determine whether a security contract exists between any of the at least one EPG in the VRF container and an EPG not in the VRF container to yield a determination; and validate, in response to a positive result of the determination, that one or more subnets of the at least one EPG in the VRF container and the EPG not in the VRF container do not clash. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for performing a network assurance check of proper deployment of a configuration in a fabric, the method comprising:
-
receiving a global logic model, a plurality of software models, and/or a plurality of hardware models, the global logic model including virtual routing instance (VRF), the VRF having under it at least one bridge domain (BD) and at least one associated endpoint group (EPG); creating a plurality of local logical models from the global logical model; creating, for the VRF of the global logical model, a VRF container; populating the VRF container with a subset, the subset being of the plurality of software models, the plurality of hardware models, and/or the plurality of local logical models, the subset defined by leafs in the fabric on which the VRF is deployed; determining whether a security contract exists between any of the at least one EPG in the VRF container and an EPG not in the VRF container; and validating, in response to a positive result of the determining, that one or more subnets of the at least one EPG in the VRF container and the EPG not in the VRF container do not clash. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. At least one non-transitory computer readable medium storing instructions which, when executed by a processor, cause the processor to:
-
receiving a global logic model, a plurality of software models, and/or a plurality of hardware models, the global logic model including virtual routing instance (VRF), the VRF having under it at least one bridge domain (BD) and at least one associated endpoint group (EPG); create a plurality of local logical models from the global logical model; create, for the VRF of the global logical model, a VRF container; populate the VRF container with a subset, the subset being of the plurality of software models, the plurality of hardware models, and/or the plurality of local logical models, the subset defined by leafs in a fabric on which the VRF is deployed; determine whether a security contract exists between any of the at least one EPG in the VRF container and an EPG not in the VRF container to yield a determination; and validating, in response to a positive result of the determination, that one or more subnets of the at least one EPG in the VRF container and the EPG not in the VRF container do not clash. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification