Intent driven network policy platform
First Claim
1. A computer-implemented method comprising:
- receiving configuration data for a set of network entities in a network;
generating an inventory store comprising records associated with the configuration data, each network entity in the set of network entities associated with one of the records in the inventory store, the configuration data stored in the inventory store;
receiving a user intent statement sent by a user to affect a plurality of network policies for a plurality of network entities, in the set of network entities, managed by the user, the user intent statement being an expression of one or more network rules to be translated into the plurality of network policies for the plurality of network entities, the user intent statement including a filter and an action;
querying, based on the filter, the inventory store to identify the plurality of network entities in the set of network entities to which the user intent statement applies;
generating the plurality of network policies that apply the action to the plurality of network entities; and
enforcing the plurality of network policies.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.
660 Citations
17 Claims
-
1. A computer-implemented method comprising:
-
receiving configuration data for a set of network entities in a network; generating an inventory store comprising records associated with the configuration data, each network entity in the set of network entities associated with one of the records in the inventory store, the configuration data stored in the inventory store; receiving a user intent statement sent by a user to affect a plurality of network policies for a plurality of network entities, in the set of network entities, managed by the user, the user intent statement being an expression of one or more network rules to be translated into the plurality of network policies for the plurality of network entities, the user intent statement including a filter and an action; querying, based on the filter, the inventory store to identify the plurality of network entities in the set of network entities to which the user intent statement applies; generating the plurality of network policies that apply the action to the plurality of network entities; and enforcing the plurality of network policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable medium comprising instructions, the instructions, when executed by a computing system, cause the computing system to:
-
receive a user intent statement sent by a user to affect a plurality of network policies for a plurality of network entities managed by the user, the user intent statement being an expression of one or more network rules to be translated into the plurality of network policies for the plurality of network entities, the user intent statement including a filter and an action; query, based on the filter, an inventory store to identify the plurality of network entities to which to apply the action, the inventory store including configuration data for the plurality of network entities, the configuration data received by and stored in the inventory store; generating the plurality of network policies that apply the action to the plurality of network entities; and enforcing the plurality of network policies. - View Dependent Claims (13, 14)
-
-
15. A system comprising:
-
a processor; and a non-transitory computer-readable medium storing instructions that, when executed by the system, cause the system to; receive configuration data for a set of network entities in a network; maintain an inventory store comprising records associated with the configuration data, each network entity in the set of network entities associated with one of the records in the inventory store, the configuration data stored in the inventory store; receive a user intent statement sent by a user to affect a plurality of network policies for a plurality of network entities, in the set of network entities, managed by the user, the user intent statement being an expression of one or more network rules to be translated into the plurality of network policies for the plurality of network entities, the user intent statement including an action and a flow filter representing network data flows on which the action is to be applied; query, based on the flow filter, the inventory store to identify the plurality of network entities in the set of network entities to which the user intent statement applies; generate the plurality of network policies that implement the user intent statement based on the plurality of network entities and the action; and enforce the plurality of network policies. - View Dependent Claims (16, 17)
-
Specification