End-to-end network access analysis
First Claim
1. A computer-implemented method, comprising:
- populating instances of router models with configuration data from real-world devices that serve as routers in a network and populating instances of filter models with configuration data from real-world devices that serve as filters in the network;
deriving a route advertising graph from the router model instances, wherein the route advertising graph indicates propagation of routes between the ones of the real-world devices serving as routers according to routing protocols implemented by the ones of the real-world devices serving as routers;
determining consolidated routing data for the ones of the real-world devices serving as routers;
for a destination node in the network, constructing from the consolidated routing data a respective route graph indicating available paths to the destination node from each source node in the network; and
classifying services between each source node and the destination node based on a full traversal of the route graph,wherein the constructing comprisesbuilding for the destination node a destination graph that comprises a respective node for each of the real-world devices and a respective directed edge between each pair of the nodes in the destination graph that is traversable by a packet destined for the destination node,removing from the destination graph all filter nodes corresponding to respective ones of the real-world devices serving as filters to produce a set of disconnected sub-graphs,within each of the sub-graphs, replacing each strongly connected component with a respective supernode that has all external incoming and outgoing edges of the component, andconstructing the route graph by interconnecting the supernodes and non-replaced ones of the nodes in the sub-graphs with the filter nodes that were removed from the destination graph.
4 Assignments
0 Petitions
Accused Products
Abstract
Instances of router models and filter models respectively are populated with configuration data from routers and filters in a network. A route advertising graph is derived from the router model instances. The route advertising graph indicates propagation of routes between the ones of the real-world devices serving as routers according to routing protocols implemented by the ones of the real-world devices serving as routers. Consolidated routing data is determined for the ones of the real-world devices serving as routers. In this process, the propagation of routes indicated by the route advertising graph is iterated to stability. For a destination node in the network, a respective route graph indicating available paths to the destination node from each source node in the network is constructed from the consolidated routing data. Services between each source node and the destination node are classified based on a full traversal of the route advertising graph.
-
Citations
16 Claims
-
1. A computer-implemented method, comprising:
-
populating instances of router models with configuration data from real-world devices that serve as routers in a network and populating instances of filter models with configuration data from real-world devices that serve as filters in the network; deriving a route advertising graph from the router model instances, wherein the route advertising graph indicates propagation of routes between the ones of the real-world devices serving as routers according to routing protocols implemented by the ones of the real-world devices serving as routers; determining consolidated routing data for the ones of the real-world devices serving as routers; for a destination node in the network, constructing from the consolidated routing data a respective route graph indicating available paths to the destination node from each source node in the network; and classifying services between each source node and the destination node based on a full traversal of the route graph, wherein the constructing comprises building for the destination node a destination graph that comprises a respective node for each of the real-world devices and a respective directed edge between each pair of the nodes in the destination graph that is traversable by a packet destined for the destination node, removing from the destination graph all filter nodes corresponding to respective ones of the real-world devices serving as filters to produce a set of disconnected sub-graphs, within each of the sub-graphs, replacing each strongly connected component with a respective supernode that has all external incoming and outgoing edges of the component, and constructing the route graph by interconnecting the supernodes and non-replaced ones of the nodes in the sub-graphs with the filter nodes that were removed from the destination graph. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Apparatus, comprising:
- a non-transitory computer-readable medium storing computer-readable instructions; and
a processor coupled to the computer-readable medium, operable to execute the instructions, and based at least in part on the execution of the instructions operable to perform operations comprising populating instances of router models with configuration data from real-world devices that serve as routers in a network and populating instances of filter models with configuration data from real-world devices that serve as filters in the network; deriving a route advertising graph from the router model instances, wherein the route advertising graph indicates propagation of routes between the ones of the real-world devices serving as routers according to routing protocols implemented by the ones of the real-world devices serving as routers; determining consolidated routing data for the ones of the real-world devices serving as routers; for a destination node in the network, constructing from the consolidated routing data a respective route graph indicating available paths to the destination node from at least one source node in the network; and classifying services between the source node and the destination node based on a full traversal of the route graph, wherein in the classifying, the processor is operable to perform operations comprising, for each of the services; classifying the service into a first class in response to a determination that every path in the route graph from the source node to the destination node is open for the service; classifying the service into a second class in response to a determination that every path in the route graph from the source node to the destination node is blocked for the service; and classifying the service into a third class in response to a determination that one or more paths in the route graph from the source node to the destination node are open for the service and one or more paths in the route graph from the source node to the destination node are blocked for the service. - View Dependent Claims (12, 13)
- a non-transitory computer-readable medium storing computer-readable instructions; and
-
14. At least one non-transitory computer-readable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed by a computer to implement a method comprising:
-
populating instances of router models with configuration data from real-world devices that serve as routers in a network and populating instances of filter models with configuration data from real-world devices that serve as filters in the network; deriving a route advertising graph from the router model instances, wherein the route advertising graph indicates propagation of routes between the ones of the real-world devices serving as routers according to routing protocols implemented by the ones of the real-world devices serving as routers; determining consolidated routing data for the ones of the real-world devices serving as routers; for a destination node in the network, constructing from the consolidated routing data a respective route graph indicating available paths to the destination node from each source node in the network; and classifying services between each source node and the destination node based on a full traversal of the route graph, wherein the classifying comprises, for each of the services; classifying the service into a first class in response to a determination that every path in the route graph from the source node to the destination node is open for the service; classifying the service into a second class in response to a determination that every path in the route graph from the source node to the destination node is blocked for the service; and classifying the service into a third class in response to a determination that one or more paths in the route graph from the source node to the destination node are open for the service and one or more paths in the route graph from the source node to the destination node are blocked for the service. - View Dependent Claims (15, 16)
-
Specification