Virtualized policy tester
First Claim
1. A method of testing policy changes associated with a production network comprising:
- generating a virtual network representing a portion of the production network;
obtaining a first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network;
obtaining a second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network, the second set of policies including a policy that blocks broadcasts from traversing an interface of a firewall and a policy that blocks traffic from a private address from being forwarded over an Internet access circuit; and
determining an effect that the second set of policies has on the virtual network based on a comparison of the first and second transaction logs.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention are directed to testing policy changes associated with a production network. A virtual network that represents at least a portion of the production network can be generated. A first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network can be obtained. A second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network can be obtained. Based on a comparison of the first and second transaction logs, it can be determined whether the second set of policies has a desired effect in the virtual network.
6 Citations
20 Claims
-
1. A method of testing policy changes associated with a production network comprising:
-
generating a virtual network representing a portion of the production network; obtaining a first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network; obtaining a second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network, the second set of policies including a policy that blocks broadcasts from traversing an interface of a firewall and a policy that blocks traffic from a private address from being forwarded over an Internet access circuit; and determining an effect that the second set of policies has on the virtual network based on a comparison of the first and second transaction logs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system to test policy changes associated with a production network comprising:
-
a processing device; and a memory to store instructions that, when executed by the processing device perform operations comprising; generating a virtual network representing a portion of the production network; obtaining a first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network; obtaining a second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network; and determining an effect that the second set of policies has on the virtual network based on a comparison of the first and second transaction logs, the second set of policies including a policy that blocks broadcasts from traversing an interface of a firewall and a policy that prevents traffic from a private address from being forwarded over an Internet access circuit. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium comprising instructions that, when executed by a computing device, causes the computing device to perform operations comprising:
-
generating a virtual network representing a portion of a production network; obtaining a first transaction log based on a first execution of the virtual network using test traffic and a first set of policies that are implemented in the production network; obtaining a second transaction log based on a second execution of the virtual network using the test traffic and a second set of policies to be implemented in the production network; and determining an effect that the second set of policies has on the virtual network based on a comparison of the first and second transaction logs, the second set of policies including a policy that blocks broadcasts from traversing an interface of a firewall and a policy that prevents traffic from a private address from being forwarded over an Internet access circuit. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification