Virtualized Policy Tester
First Claim
1. A method of testing policy changes associated with a production network comprising:
- generating a virtual network representing at least a portion of the production network;
obtaining a first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network;
obtaining a second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network, the second set of policies including a policy that blocks broadcasts from traversing an interface of a firewall and a policy that blocks traffic from a private address from being forwarded over an Internet access circuit; and
determining an effect that the second set of policies has on the virtual network based on a comparison of the first and second transaction logs.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention are directed to testing policy changes associated with a production network. A virtual network that represents at least a portion of the production network can be generated. A first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network can be obtained. A second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network can be obtained. Based on a comparison of the first and second transaction logs, it can be determined whether the second set of policies has a desired effect in the virtual network.
8 Citations
20 Claims
-
1. A method of testing policy changes associated with a production network comprising:
-
generating a virtual network representing at least a portion of the production network; obtaining a first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network; obtaining a second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network, the second set of policies including a policy that blocks broadcasts from traversing an interface of a firewall and a policy that blocks traffic from a private address from being forwarded over an Internet access circuit; and determining an effect that the second set of policies has on the virtual network based on a comparison of the first and second transaction logs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system to test policy changes associated with a production network comprising:
a processing device configured to generate a virtual network representing at least a portion of the production network, the processing device being further configured to obtain a first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network, the processing device being further configured to obtain a second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network, the processing device being further configured to determine an effect that the second set of policies has on the virtual network based on a comparison of the first and second transaction logs, the second set of policies including a policy that blocks broadcasts from traversing an interface of a firewall and a policy that prevents traffic from a private address from being forwarded over an Internet access circuit. - View Dependent Claims (10, 11, 12, 13)
-
14. A computer-readable medium comprising instructions, wherein execution of the instructions by at least one computing device performs a computer process that facilitates testing policy changes associated with a production network, the computer process comprising:
-
generating a virtual network representing at least a portion of the production network; obtaining a first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network; obtaining a second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network; and determining an effect that the second set of policies has on the virtual network based on a comparison of the first and second transaction logs, the second set of policies including a policy that blocks broadcasts from traversing an interface of a firewall and a policy that prevents traffic from a private address from being forwarded over an Internet access circuit. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification