Method and apparatus for network wide policy-based analysis of configurations of devices
First Claim
1. A method, using an analysis platform, for analyzing a network having a plurality of network devices, the method comprising the steps of:
- receiving a network policy pertaining to said network;
receiving a topology of said network devices in said network;
receiving configuration data from at least a portion of said network devices;
creating a network configuration model for said network based on said topology and said configuration data received; and
analyzing said network configuration model in accordance with said network policy to determine the existence of a violation of said network policy.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and an apparatus for analyzing a network configuration against a corporate network policy and determining violation(s) against the corporate network policy. A report indicating the violation(s) can be generated indicating instances of the violation(s). An analysis platform reads in a network policy. The analysis platform collects configuration files from the relevant network devices in the network and builds up an internal instance of a network configuration model based on the configuration files and the network topology. The analysis platform analyzes this network configuration model according to the network policy and adds an entry to its final report each time that it detects a violation against the network policy in the network configuration model. The data in the entries pinpoints the cause of the deviation(s) from the network policy.
171 Citations
62 Claims
-
1. A method, using an analysis platform, for analyzing a network having a plurality of network devices, the method comprising the steps of:
-
receiving a network policy pertaining to said network;
receiving a topology of said network devices in said network;
receiving configuration data from at least a portion of said network devices;
creating a network configuration model for said network based on said topology and said configuration data received; and
analyzing said network configuration model in accordance with said network policy to determine the existence of a violation of said network policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. In a network having a plurality of network devices, a method, using an analysis platform, for analyzing a proposed change to a configuration file of one of said network devices, the method comprising the steps of:
-
receiving a network policy pertaining to said network;
receiving a network configuration model for said network, wherein said network configuration model is based on a topology of said network and configuration data pertaining to at least a portion of said network devices;
receiving said proposed change to said configuration file;
creating an updated network configuration model based on said proposed change; and
analyzing said updated network configuration model in accordance with said network policy to determine the existence of a violation of said network policy. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method, using an analysis platform, for analyzing a proposed change to a network policy pertaining to a network, the method comprising the steps of:
-
receiving a network configuration model for said network, wherein said network configuration model is based on a topology of said network and configuration data pertaining to at least a portion of network devices in said network;
receiving said proposed change;
analyzing said network configuration model in accordance with a new network policy that incorporates said proposed change to determine the existence of a violation of said new network policy. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A computer program, performed by a computer, for analyzing a network having a plurality of network devices, the computer program comprising:
-
instructions for parsing a network policy file containing a network policy pertaining to said network;
instructions for parsing a network topology file containing a topology of said network devices in said network;
instructions for parsing configuration files of selected ones of said network devices to obtain configuration data for said selected ones of said network devices, wherein said instructions for parsing said network policy file, said instructions for parsing said network topology file and said instructions for parsing said configuration files cooperate to create a network configuration model for said network based on said topology and said configuration data;
instructions for generating a query for analyzing said network; and
instructions for using said query to determine the existence of a violation of said network policy. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 57, 58, 59, 60, 61, 62)
-
-
56. A computer program for processing data, comprising:
-
instructions for receiving a network policy pertaining to a network;
instructions for receiving a topology of a plurality of network devices in said network;
instructions for receiving configuration data from at least a portion of said plurality of network devices;
instructions for creating a network configuration model for said network based on said topology and said configuration data received;
instructions for analyzing said network configuration model in accordance with said network policy to determine the existence of a violation of said network policy; and
instructions for generating a report specifying said violation if said violation exists.
-
Specification