Network policy graphs
US-10992520-B2 · Apr 27, 2021 · US
Intent driven network policy platform
US11646940B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11646940-B2 |
| Application number | US-202117482411-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 22, 2021 |
| Priority date | Mar 27, 2017 |
| Publication date | May 9, 2023 |
| Grant date | May 9, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving a user intent statement including an action that is capable of being performed in a network environment through one or more network policies for the network environment; querying an inventory store to identify a network entity associated with the user intent statement; generating the one or more network policies that apply the action to the network entity based on the action included in the user intent statement; and enforcing the one or more network policies on the network entity; wherein the network entity associated with the user intent statement is identified from the inventory store based on an inventory filter that is included in the user intent statement and indicative of the network entity. 2. The method of claim 1 , wherein the one or more network policies are implemented on the network entity by transmitting the one or more network policies to a network agent configured to implement the one or more network policies on the network entity. 3. The method of claim 1 , wherein the user intent statement is indicative of a plurality of network entities including the network entity. 4. The method of claim 1 , wherein the action is an enforcement action associated with the network entity. 5. The method of claim 1 , wherein the action is a configuration action for configuring the network entity. 6. The method of claim 1 , wherein the inventory store is generated based on observed data associated with the network entity. 7. The method of claim 1 , wherein the inventory store is generated based on configuration data associated with the network entity. 8. The method of claim 1 , further comprising: identifying a position of the user intent statement in an enforcement hierarchy of a plurality of user intent statements; and applying the user intent statement from the plurality of user intent statements based on the position of the user intent statement in the enforcement hierarchy. 9. A system comprising: one or more processors; and a computer-readable medium comprising instructions stored therein, which when executed by the one or more processors, cause the one or more processors to: receive a user intent statement including an action that is capable of being performed in a network environment through one or more network policies for the network environment; query an inventory store to identify a network entity associated with the user intent statement; generate the one or more network policies that apply the action to the network entity based on the action included in the user intent statement; and enforce the one or more network policies on the network entity; wherein the network entity associated with the user intent statement is identified from the inventory store based on an inventory filter that is included in the user intent statement and indicative of the network entity. 10. The system of claim 9 , wherein the one or more network policies are implemented on the network entity by transmitting the one or more network policies to a network agent configured to implement the one or more network policies on the network entity. 11. The system of claim 9 , wherein the user intent statement is indicative of a plurality of network entities including the network entity. 12. The system of claim 9 , wherein the action is an enforcement action associated with the network entity. 13. The system of claim 9 , wherein the action is a configuration action for configuring the network entity. 14. The system of claim 9 , wherein the inventory store is generated based on observed data associated with the network entity. 15. The system of claim 9 , wherein the inventory store is generated based on configuration data associated with the network entity. 16. The system of claim 9 , wherein the instructions, which when executed by the one or more processors, further cause the one or more processors to: identify a position of the user intent statement in an enforcement hierarchy of a plurality of user intent statements; and apply the user intent statement from the plurality of user intent statements based on the position of the user intent statement in the enforcement hierarchy. 17. A non-transitory computer-readable storage medium comprising instructions stored therein, which when executed by one or more processors, cause the one or more processors to: receive a user intent statement including an action that is capable of being performed in a network environment through one or more network policies for the network environment; query an inventory store to identify a network entity associated with the user intent statement; generate the one or more network policies that apply the action to the network entity based on the action included in the user intent statement; and enforce the one or more network policies on the network entity; wherein the network entity associated with the user intent statement is identified from the inventory store based on an inventory filter that is included in the user intent statement and indicative of the network entity. 18. The non-transitory computer-readable storage medium of claim 17 , wherein the instructions, which when executed by the one or more processors, further cause the one or more processors to: identify a position of the user intent statement in an enforcement hierarchy of a plurality of user intent statements; and apply the user intent statement from the plurality of user intent statements based on the position of the user intent statement in the enforcement hierarchy.
Assignees
Inventors
Classifications
Policy-based network configuration management · CPC title
- H04L41/0893Primary
Assignment of logical groups to network elements · CPC title
- H04L41/0856Primary
by backing up or archiving configuration information · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11646940B2 cover?
- The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing net…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/0893. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 09 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).