Abstract: In some examples, a system creates a requirement including EPG selectors representing EPG pairs, a traffic selector, and a communication operator; determines that EPGs in distinct pairs are associated with different network contexts and, for each pair, which network context(s) contains associated policies; creates first data representing the pair, operator, and traffic selector; when only one network context contains the associated policies, creates second data representing a network model portion associated with the only network context and determines whether the first data is contained in the second data to yield a first check; when both network contexts contain the associated policies, also creates third data representing a network model portion associated with a second network context, and determines whether the first data is contained in the second and/or third data to yield a second check; and determines whether policies for the pairs comply with the requirement based on the checks.

Abstract: Systems, methods, and computer-readable media for providing cross-domain assurance for networks in different network domains. In some embodiments, a method can include collecting first fabric data for a first network in a first network domain and second fabric data for a second network in a second network domain. The second fabric data for the second network can be normalized based on the first network domain to create normalized second fabric data. The first fabric data can then be correlated with the normalized second fabric data to create correlated fabric data. Subsequently, assurance can be provided across the first network in the first network domain and the second network in the second network domain using the correlated fabric data.

Abstract: A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

Abstract: Systems, methods, and computer-readable media for providing cross-domain assurance for networks in different network domains. In some embodiments, a method can include collecting first fabric data for a first network in a first network domain and second fabric data for a second network in a second network domain. The second fabric data for the second network can be normalized based on the first network domain to create normalized second fabric data. The first fabric data can then be correlated with the normalized second fabric data to create correlated fabric data. Subsequently, assurance can be provided across the first network in the first network domain and the second network in the second network domain using the correlated fabric data.

Abstract: Systems, methods, and devices are disclosed for generating an interface configured to display status information for network elements on a network. In embodiments, one or more logical models of the network are obtained from at least one of a plurality of controllers on a network. Network statistics are determined based on network traffic. Based on the one or more logical models and the network statistics, a topology of the network and respective status information of one or more network elements during an epoch is identified, the epoch defining a time interval. A user interface is generated that displays the respective status information in a timeline comprising one or more of the epochs.

Abstract: Systems, methods, and computer-readable media for migrating to and maintaining a white-list network security model. Network traffic identified from permit-all access logs can be analyzed to determine whether it should be white-listed, and if so, a specific permit-access, without logging, policy is generated for the identified network traffic. The addition of specific permit-access policies is repeated on permit-all access logs, at which point, permit-all access policy is converted into deny-all access. In some examples, a system or method can obtain hit counts, from both hardware (eg: TCAM) and software tables, for the specific permit-access policy to determine existence of identified network traffic over a period of time. After analyzing hit counts, the specific permit-access policy can either continue to exist or be removed to maintain a white-list network security model.

Abstract: A method includes receiving from a networked spoke device information describing network flows to and from an application, analyzing the information to characterize the application in at least one dimension selected from the group consisting of bi-directional bandwidth usage, network response times, application response times, a number of idle and active application sessions and a maximum number of concurrent application sessions and transmitting the dimensions to at least one networked spoke device as traffic profile information.

Abstract: Systems, methods, and computer-readable media for aggregating and presenting network events in a network environment. In some embodiments, a system can maintain event correlation rules for aggregating \network events occurring in a network based on characteristics of previously occurring network events. Network events occurring in the specific network environment can be identified. The network events can be aggregated to form an aggregated network event using the event correlation rules maintained based on the characteristics of previously occurring network events. The aggregated network event can subsequently be presented to a user.

Abstract: A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

Abstract: Disclosed are systems, methods, and computer-readable media for assuring tenant forwarding in a network environment. Network assurance can be determined in layer 1, layer 2 and layer 3 of the networked environment including, internal-internal (e.g., inter-fabric) forwarding and internal-external (e.g., outside the fabric) forwarding in the networked environment. The network assurance can be performed using logical configurations, software configurations and/or hardware configurations.

Abstract: Systems, methods, and computer-readable media for configuring and verifying compliance requirements in a network.

Abstract: Systems, methods, and computer-readable media for assurance of rules in a network. An example method can include creating a compliance requirement including a first endpoint group (EPG) selector, a second EPG selector, a traffic selector, and a communication operator, the first and second EPG selectors representing sets of EPGs and the communication operator defining a communication condition for traffic associated with the first and second EPG selectors and the traffic selector. The method can include creating, for each distinct pair of EPGs, a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector; creating a second respective data structure representing a logical model of the network; determining whether the first respective data structure is contained in the second respective data structure to yield a containment check; and determining whether policies on the network comply with the compliance requirement based on the containment check.

Abstract: In some examples, a system creates a requirement including EPG selectors representing EPG pairs, a traffic selector, and a communication operator; determines that EPGs in distinct pairs are associated with different network contexts and, for each pair, which network context(s) contains associated policies; creates first data representing the pair, operator, and traffic selector; when only one network context contains the associated policies, creates second data representing a network model portion associated with the only network context and determines whether the first data is contained in the second data to yield a first check; when both network contexts contain the associated policies, also creates third data representing a network model portion associated with a second network context, and determines whether the first data is contained in the second and/or third data to yield a second check; and determines whether policies for the pairs comply with the requirement based on the checks.

Abstract: Systems, methods, and computer-readable media for providing cross-domain assurance for networks in different network domains. In some embodiments, a method can include collecting first fabric data for a first network in a first network domain and second fabric data for a second network in a second network domain. The second fabric data for the second network can be normalized based on the first network domain to create normalized second fabric data. The first fabric data can then be correlated with the normalized second fabric data to create correlated fabric data. Subsequently, assurance can be provided across the first network in the first network domain and the second network in the second network domain using the correlated fabric data.

Abstract: Systems, methods, and computer-readable media for performing semantic analysis to identify shadowing events. One or more models of network intents, based at least in part on a priority-ordered listing of rules representing network intents, is received. Each rule comprises a Boolean function of one or more packet characteristics and network fabric conditions, and a corresponding network action. For each given rule of the priority-ordered listing of rules, partial and complete shadowing events are detected based on semantic analysis. The semantic analysis comprises calculating an inverse set that comprises the inverse of the set comprising all rules with a higher or equal priority to the given rule, and then calculating a shadowing parameter that comprises the intersection between the inverse set and the given rule. If the shadowing parameter is equal to zero, a complete shadowing event is detected.

Abstract: A method includes determining a network requirement for at least one application, dynamically determining a link suitable for data transmission in accordance with a policy based at least in part on a current network condition to meet the network requirement and routing one or more application network data flows associated with the at least one application over the link.

Abstract: Systems, methods, and computer-readable media for providing network assurance. In some embodiments, a method can include receiving input used to identify an endpoint. At least one logical object associated with the endpoint of logical objects in a network environment is identified based on the input. A health of the at least one logical object associated with the endpoint is determined. Additionally, a health of the network environment with respect to the endpoint operating to provide services through the network environment is determined based on the determined health of the at least one logical object associated with the endpoint.

Abstract: Systems, methods, and computer-readable media for providing network assurance. In some embodiments, a method can include receiving input used to identify an endpoint. At least one logical object associated with the endpoint of logical objects in a network environment is identified based on the input. A health of the at least one logical object associated with the endpoint is determined. Additionally, a health of the network environment with respect to the endpoint operating to provide services through the network environment is determined based on the determined health of the at least one logical object associated with the endpoint.

Abstract: Systems, methods, and computer-readable media for aggregating and presenting network events in a network environment. In some embodiments, a system can maintain event correlation rules for aggregating \network events occurring in a network based on characteristics of previously occurring network events. Network events occurring in the specific network environment can be identified. The network events can be aggregated to form an aggregated network event using the event correlation rules maintained based on the characteristics of previously occurring network events. The aggregated network event can subsequently be presented to a user.

Abstract: Disclosed are systems, methods, and computer-readable media for assuring tenant forwarding in a network environment. Network assurance can be determined in layer 1, layer 2 and layer 3 of the networked environment including, internal-internal (e.g., inter-fabric) forwarding and internal-external (e.g., outside the fabric) forwarding in the networked environment.