SYSTEMS AND METHODS FOR NETWORK MANAGEMENT

US 20160036636A1
Filed: 07/30/2015
Published: 02/04/2016
Est. Priority Date: 07/30/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving state information from a plurality of network devices in a network;

parsing, by a plurality of network device-specific parsers, the network information to create parsed network information;

generating a network model based on the parsed network information, wherein the network model describes how data is processed by the network;

computing one or more flow paths using the network model; and

analyzing the one or more flow paths to identify network properties.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments relate generally to network hardware, network software and methods for network management and testing. In some embodiments, state information (e.g., configuration data, forwarding states, IP tables, rules, network topology information, etc.) can be received from devices in a network. The state information can be parsed and used to generate a network model, which describes how data is processed by the network. Using the model, possible flow paths of data through the network can be identified and used to analyze the network and identify network behavior, such as types of traffic, frequency of rule matches, what kind of transformation occurs as traffic flows through the network, and where the traffic gets dropped, etc. Policies can be verified against the network model to ensure compliance, and in the event of non-compliance, a report or interface can indicate the cause and/or allow a user to explore specific details about the cause.

Citations

20 Claims

1. A computer-implemented method, comprising:
- receiving state information from a plurality of network devices in a network;
  
  parsing, by a plurality of network device-specific parsers, the network information to create parsed network information;
  
  generating a network model based on the parsed network information, wherein the network model describes how data is processed by the network;
  
  computing one or more flow paths using the network model; and
  
  analyzing the one or more flow paths to identify network properties.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein the state information includes one or more of forwarding states, configuration files, internet protocol (IP) tables, and rules received from the plurality of network devices.
  - 3. The computer-implemented method of claim 1, wherein the state information further includes network topology data received from a user.
  - 4. The computer-implemented method of claim 1, wherein analyzing the one or more flow paths to identify network properties further comprises:
    - verifying network correctness invariants.
  - 5. The computer-implemented method of claim 1, further comprising:
    - storing the one or more flow paths in a data store.detecting, using at least one of the plurality of parsers, a change to the state information associated with at least one network device in the network;
      
      updating the one or more flow paths based on the change; and
      
      storing the updated one or more flow paths in the data store.
  - 6. The computer-implemented method of claim 1, further comprising:
    - storing the one or more flow paths in a data store; and
      
      wherein analyzing the one or more flow paths to identify network properties further comprises;
      
      querying the data store based on at least one network property;
      
      receiving a subset of the one or more flow paths from the data store in response to the query; and
      
      comparing the subset of the one or more flow paths to at least one rule associated with the at least one network property.
  - 7. The computer-implemented method of claim 6, further comprising:
    - generating a report based on the comparison of the subset of the one or more flow paths to the at least one rule, the report including one or more suggested network configuration changes.
  - 8. The computer-implemented method of claim 1, further comprising:
    - analyzing the one or more flow paths to identify one or more violations of at least one network property.
  - 9. The computer-implemented method of claim 8, further comprising:
    - generating a report identifying a configuration of a network device associated with the one or more identified violations.

10. A system, comprising:
- one or more processors; and
  
  one or more memory devices including instructions that, when executed by the one or more processors, cause the system to;
  
  receive state information from a plurality of network devices in a network;
  
  parse, by a plurality of network device-specific parsers, the network information to create parsed network information;
  
  generate a network model based on the parsed network information, wherein the network model describes how data is processed by the network;
  
  compute one or more flow paths using the network model; and
  
  analyze the one or more flow paths to identify network characteristics.
- View Dependent Claims (11, 12, 13, 14, 15, 20)
- - 11. The system of claim 10, wherein the state information includes one or more of forwarding states, configuration files, internet protocol (IP) tables, and rules received from the plurality of network devices.
  - 12. The system of claim 10, wherein the state information further includes network topology data received from a user.
  - 13. The system of claim 10, further comprising:
    - storing the one or more flow paths in a data store;
      
      detecting, using at least one of the plurality of parsers, a change to the state information associated with at least one network device in the network;
      
      updating the one or more flow paths based on the change; and
      
      storing the updated one or more flow paths in the data store.
  - 14. The system of claim 10, further comprising:
    - storing the one or more flow paths in a data store; and
      
      wherein analyzing the one or more flow paths to identify network characteristics further comprises;
      
      querying the data store based on at least one network property;
      
      receiving a subset of the one or more flow paths from the data store in response to the query; and
      
      comparing the subset of the one or more flow paths to at least one rule associated with at least one network property.
  - 15. The system of claim 14, further comprising:
    - generating a report based on the comparison of the subset of the one or more flow paths to the at least one rule, the report including one or more suggested network configuration changes.
  - 20. The non-transitory computer readable storage medium of claim 13, further comprising:
    - generating a report based on the comparison of the subset of the one or more flow paths to the at least one rule, the report including one or more suggested network configuration changes.

16. A non-transitory computer readable storage medium including instructions that, when executed by one or more processors, cause the system to:
- receive state information from a plurality of network devices in a network;
  
  parse, by a plurality of network device-specific parsers, the network information to create parsed network information;
  
  generate a network model based on the parsed network information, wherein the network model describes how data is processed by the network;
  
  compute one or more flow paths using the network model; and
  
  analyze the one or more flow paths to identify network characteristics.
- View Dependent Claims (17, 18, 19)
- - 17. The non-transitory computer readable storage medium of claim 16, wherein the state information includes:
    - one or more of forwarding states, configuration files, internet protocol (IP) tables, rules received from the plurality of network devices; and
      
      network topology data received from a user.
  - 18. The non-transitory computer readable storage medium of claim 17, further comprising:
    - storing the one or more flow paths in a data store;
      
      detecting, using at least one of the plurality of parsers, a change to the state information associated with at least one network device in the network;
      
      updating the one or more flow paths based on the change; and
      
      storing the updated one or more flow paths in the data store.
  - 19. The non-transitory computer readable storage medium of claim 17, further comprising:
    - storing the one or more flow paths in a data store; and
      
      wherein analyzing the one or more flow paths to identify network characteristics further comprises;
      
      querying the data store based on at least one network property;
      
      receiving a subset of the one or more flow paths from the data store in response to the query; and
      
      comparing the subset of the one or more flow paths to at least one rule associated with at least one network property.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forward Networks, Inc.
Original Assignee
Forward Networks, Inc.
Inventors
Radhakrishnan, Sivasankar, Erickson, David, Heller, Brandon, Handigol, Nikhil, Kazemian, Peyman

Granted Patent

US 9,929,915 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0631   using root cause analysis; ...

H04L 41/0853   by actively collecting conf...

H04L 41/0893   Assignment of logical group...

H04L 41/12   Discovery or management of ...

H04L 41/145   involving simulating, desig...

SYSTEMS AND METHODS FOR NETWORK MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR NETWORK MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links