Abstract: A controller device manages a plurality of network devices. The controller device includes a memory comprising a configuration database including a set of stored network device configurations, wherein each stored network device configuration of the set of stored network device configurations corresponds to a network device of the set of network devices. Additionally, the controller device includes processing circuitry configured to receive an intent file corresponding to an intended configuration for the set of network devices; receive a message from a network device of the set of network devices indicating an out-of-band configuration change at the network device; and determine, based on a stored network device configuration corresponding to the network device and an actual configuration of the network device, whether the intent file is compatible with the out-of-band configuration change.

Abstract: Job management solutions often involve a controller distributing tasks to worker nodes or worker nodes in an efficient manner. In one example, this disclosure describes a method that includes receiving, by a controller, a first set of tasks; assigning, by the controller, each of the tasks in the first set of tasks to worker nodes for processing by the worker nodes; receiving, by the controller and for at least some of the tasks in the first set of tasks, feedback information; determining, by the controller and based on the feedback information, an expected amount of processing associated with each task type in the plurality of task types; receiving, by the controller, a second set of tasks; and assigning, by the controller and based on the expected amount of processing associated with each task type, each of the tasks in the second set of tasks to the worker nodes for processing.

Abstract: In some implementations, a system may receive an extensible markup language (XML) configuration stream that indicates one or more resource configurations. The system may maintain a data model that includes metadata that describes the XML configuration stream. The system may process the data model to generate a metadata tree. The system may generate, based on the XML configuration stream and the metadata tree, one or more XML configuration sub-streams that are respectively associated with a subset of the one or more resource configurations. The system may process, using respective resource processing modules of the system, the one or more XML configuration sub-streams to generate respective information associated with the subset of the one or more resource configurations.

Abstract: A controller device manages a plurality of network devices. The controller device includes a memory comprising a configuration database including a set of stored network device configurations, wherein each stored network device configuration of the set of stored network device configurations corresponds to a network device of the set of network devices. Additionally, the controller device includes processing circuitry configured to receive an intent file corresponding to an intended configuration for the set of network devices; receive a message from a network device of the set of network devices indicating an out-of-band configuration change at the network device; and determine, based on a stored network device configuration corresponding to the network device and an actual configuration of the network device, whether the intent file is compatible with the out-of-band configuration change.

Abstract: In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

Abstract: A controller device includes a memory configured to store a tree structure comprising a plurality of nodes, wherein the tree structure comprises a set of sub-structures, and wherein the tree structure defines a configuration of a network device of a set of network devices such that each node of the plurality of nodes corresponds to a respective resource of the network device. Additionally, the controller device includes processing circuitry configured to receive an instruction to update the configuration of the network device, wherein the instruction to update the configuration of the network device indicates a node of the set of nodes corresponding to the update; and verify, based on a sub-structure of the set of sub-structures corresponding to the node indicated by the instruction, the instruction to update the configuration of the network device.

Abstract: A network management system may discover a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of N network devices, generate a bulk activation configuration for the N network devices and commit the bulk activation configuration on a seed network device. The network management system may receive a request for a first connection from a first neighboring network device and may connect to the first neighboring network device. The first neighboring network device may have received the bulk activation configuration from the seed device. The network management system may determine whether the first neighboring network device is one of the N network devices and commit a second activation configuration on the first neighboring network device if it is one of the N network devices. A plurality of neighboring network device may be configured in this fashion.

Abstract: A controller device manages a plurality of network devices. The controller device includes a memory comprising a configuration database including a set of stored network device configurations, wherein each stored network device configuration of the set of stored network device configurations corresponds to a network device of the set of network devices. Additionally, the controller device includes processing circuitry configured to receive an intent file corresponding to an intended configuration for the set of network devices; receive a message from a network device of the set of network devices indicating an out-of-band configuration change at the network device; and determine, based on a stored network device configuration corresponding to the network device and an actual configuration of the network device, whether the intent file is compatible with the out-of-band configuration change.

Abstract: In an example, a method includes receiving, by a network management system (NMS), a configuration request comprising first configuration data for a network device, the first configuration data defining a data structure comprising a first property/value pair; generating, by the NMS from the first configuration data, a corresponding first path/value pair for the first property/value pair, wherein a path of the first path/value pair uniquely identifies the first path/value pair in an associative data structure; modifying, by the NMS, the associative data structure based on the first path/value pair; generating, by the NMS, from the associative data structure, a configuration resource comprising second configuration data for the network device, the second configuration data comprising a second property/value pair that corresponds to the first path/value pair; and sending, by the NMS, the second configuration data to the network device to modify a configuration of the network device.

Abstract: In an example, a method includes receiving, by a network management system (NMS), a configuration request comprising first configuration data for a network device, the first configuration data defining a data structure comprising a first property/value pair; generating, by the NMS from the first configuration data, a corresponding first path/value pair for the first property/value pair, wherein a path of the first path/value pair uniquely identifies the first path/value pair in an associative data structure; modifying, by the NMS, the associative data structure based on the first path/value pair; generating, by the NMS, from the associative data structure, a configuration resource comprising second configuration data for the network device, the second configuration data comprising a second property/value pair that corresponds to the first path/value pair; and sending, by the NMS, the second configuration data to the network device to modify a configuration of the network device.

Abstract: A controller device includes a memory configured to store a tree structure comprising a plurality of nodes, wherein the tree structure comprises a set of sub-structures, and wherein the tree structure defines a configuration of a network device of a set of network devices such that each node of the plurality of nodes corresponds to a respective resource of the network device. Additionally, the controller device includes processing circuitry configured to receive an instruction to update the configuration of the network device, wherein the instruction to update the configuration of the network device indicates a node of the set of nodes corresponding to the update; and verify, based on a sub-structure of the set of sub-structures corresponding to the node indicated by the instruction, the instruction to update the configuration of the network device.

Abstract: A controller device manages a plurality of network devices. The controller device includes a memory comprising a configuration database including a set of stored network device configurations, wherein each stored network device configuration of the set of stored network device configurations corresponds to a network device of the set of network devices. Additionally, the controller device includes processing circuitry configured to receive an intent file corresponding to an intended configuration for the set of network devices; receive a message from a network device of the set of network devices indicating an out-of-band configuration change at the network device; and determine, based on a stored network device configuration corresponding to the network device and an actual configuration of the network device, whether the intent file is compatible with the out-of-band configuration change.

Abstract: A controller device includes a memory configured to store a tree structure comprising a plurality of nodes, wherein the tree structure comprises a set of sub-structures, and wherein the tree structure defines a configuration of a network device of a set of network devices such that each node of the plurality of nodes corresponds to a respective resource of the network device. Additionally, the controller device includes processing circuitry configured to receive an instruction to update the configuration of the network device, wherein the instruction to update the configuration of the network device indicates a node of the set of nodes corresponding to the update; and verify, based on a sub-structure of the set of sub-structures corresponding to the node indicated by the instruction, the instruction to update the configuration of the network device.

Abstract: In an example, a method includes receiving, by a network management system (NMS), a configuration request comprising first configuration data for a network device, the first configuration data defining a data structure comprising a first property/value pair; generating, by the NMS from the first configuration data, a corresponding first path/value pair for the first property/value pair, wherein a path of the first path/value pair uniquely identifies the first path/value pair in an associative data structure; modifying, by the NMS, the associative data structure based on the first path/value pair; generating, by the NMS, from the associative data structure, a configuration resource comprising second configuration data for the network device, the second configuration data comprising a second property/value pair that corresponds to the first path/value pair; and sending, by the NMS, the second configuration data to the network device to modify a configuration of the network device.

Abstract: In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

Abstract: In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

Abstract: In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

Abstract: A network management system may discover a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of N network devices, generate a bulk activation configuration for the N network devices and commit the bulk activation configuration on a seed network device. The network management system may receive a request for a first connection from a first neighboring network device and may connect to the first neighboring network device. The first neighboring network device may have received the bulk activation configuration from the seed device. The network management system may determine whether the first neighboring network device is one of the N network devices and commit a second activation configuration on the first neighboring network device if it is one of the N network devices. A plurality of neighboring network device may be configured in this fashion.

Abstract: An example management device includes memory to store a current set of values and a candidate set of values representing a final state of the current set of values after one or more operations on the current set of values have been performed on the current set of values. The management device also includes a processor to generate operations to be executed by a network device to transform the current set of values into the candidate set of values. The elements may represent collections of objects for which order matters, such as ordering of policies to be enforced by a firewall. The management device generates the operations in an efficient manner, e.g., to reduce the number of steps required to generate the operations, and to reduce the number of operations generated.

Abstract: Techniques are described for initializing a plurality of network devices with similar network configurations, such as a common management device, platform, operating system, and network hostname. In one example, a management device comprises a computer-readable medium encoded with instructions for a configlet generator module and a device manager module and a processor to execute modules stored in the computer-readable medium of the management device. The processor executes the configlet generator module to generate a bulk configlet for a plurality of network devices, wherein the bulk configlet comprises a bulk identifier. The processor also executes the device manager module to receive a network session request from one of the plurality of network devices, wherein the network session request includes the bulk identifier, and to send specific configuration data to the one of the plurality of network devices in response to the network session request.