Policy block creation with context-sensitive policy line classification
First Claim
1. A method comprising:
- at a management entity in communication with a plurality of network devices;
uploading from a network that includes the plurality of network devices, data representing policy rules configured on the plurality of network devices obtained from configuration files for the plurality of network devices;
comparing the data representing the policy rules for similarities in order to group together policy rules based on their similarities, wherein comparing comprises comparing pairs of policy rules across configuration files for the plurality of network devices to generate a similarity score indicating similarity between two rules of a given pair of policy rules, the comparing further including generating a plurality of sub-classifications, each containing a set of policy rule statements from a first configuration file and a set of policy rule statements from a second configuration file whose similarity score is above a threshold;
storing data representing a plurality of clusters, each cluster representing a group of policy rules that have been grouped together;
generating one or more configuration policies to be applied across the plurality of network devices using the data representing each of the plurality of clusters, while maintaining context of policy rule processing; and
sending data to the network to deploy the one or more configuration policies on the plurality of network devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Presented herein are techniques for creating a policy block comprised of a group of lines of rules/statements across configuration files for network devices. An algorithm is provided that determines when multiple policies are to be merged together into one policy. In one embodiment, data is uploaded from a network that includes a plurality of network devices. The data represents policy rules configured on the plurality of network devices. The data representing the policy rules is compared for similarities in order to group together policy rules based on their similarities. Data is stored representing a plurality of clusters, each cluster representing a group of policy rules that have been grouped together. One or more configuration policies are generated to be applied across the plurality of network devices using the data representing each of the plurality of clusters, while maintaining context of policy rule processing.
-
Citations
20 Claims
-
1. A method comprising:
-
at a management entity in communication with a plurality of network devices; uploading from a network that includes the plurality of network devices, data representing policy rules configured on the plurality of network devices obtained from configuration files for the plurality of network devices; comparing the data representing the policy rules for similarities in order to group together policy rules based on their similarities, wherein comparing comprises comparing pairs of policy rules across configuration files for the plurality of network devices to generate a similarity score indicating similarity between two rules of a given pair of policy rules, the comparing further including generating a plurality of sub-classifications, each containing a set of policy rule statements from a first configuration file and a set of policy rule statements from a second configuration file whose similarity score is above a threshold; storing data representing a plurality of clusters, each cluster representing a group of policy rules that have been grouped together; generating one or more configuration policies to be applied across the plurality of network devices using the data representing each of the plurality of clusters, while maintaining context of policy rule processing; and sending data to the network to deploy the one or more configuration policies on the plurality of network devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a network interface unit configured to enable communications over a network that includes a plurality of network devices; a processor coupled to the network interface unit, wherein the processor is configured to; upload from the network, data representing policy rules configured on the plurality of network devices obtained from configuration files for the plurality of network devices; compare the data representing the policy rules for similarities in order to group together policy rules based on their similarities by comparing pairs of policy rules across configuration files for the plurality of network devices to generate a similarity score indicating similarity between two rules of a given pair of policy rules, including generating a plurality of sub-classifications, each containing a set of policy rule statements from a first configuration file and a set of policy rule statements from a second configuration file whose similarity score is above a threshold; store data representing a plurality of clusters, each cluster representing a group of policy rules that have been grouped together; generate one or more configuration policies to be applied across the plurality of network devices using the data representing each of the plurality of clusters, while maintaining context of policy rule processing; and send, via the network interface unit, data to the network to deploy the one or more configuration policies on the plurality of network devices. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. One or more computer readable storage media encoded with software comprising computer executable instructions and when the software is executed by a processor of a management entity in communication with a plurality of network devices, wherein the instructions are operable to cause the processor to perform operations comprising:
-
uploading from a network that includes a plurality of network devices, data representing policy rules configured on the plurality of network devices obtained from configuration files for the plurality of network devices; comparing the data representing the policy rules for similarities in order to group together policy rules based on their similarities, wherein comparing comprises comparing pairs of policy rules across configuration files for the plurality of network devices to generate a similarity score indicating similarity between two rules of a given pair of policy rules, the comparing including generating a plurality of sub-classifications, each containing a set of policy rule statements from a first configuration file and a set of policy rule statements from a second configuration file whose similarity score is above a threshold; storing data representing a plurality of clusters, each cluster representing a group of policy rules that have been grouped together; generating one or more configuration policies to be applied across the plurality of network devices using the data representing each of the plurality of clusters, while maintaining context of policy rule processing; and sending data to the network to deploy the one or more configuration policies on the plurality of network devices. - View Dependent Claims (17, 18, 19, 20)
-
Specification