Fault localization in large-scale network policy deployment

What is claimed is: 1 . A method for associating faults in a network comprising: identifying, using at least one processing device, a failure in a network comprising a plurality of network devices and a controller for managing a network policy deployed throughout the network, the network policy associated with a plurality of objects, wherein each object of the plurality of objects is a manageable component that impacts how network traffic is treated by at least one network device of the plurality of network devices; determining from the plurality of objects, using the at least one processing device, a set of objects that are indicative of the failure in the network; and generating for display, using the at least one processing device, output indicating the set of objects are indicative of the failure. 2 . The method of claim 1 , wherein identifying the failure in the network comprises: obtaining ternary content addressable memory (TCAM) rules corresponding to the plurality of network devices; performing an equivalency check between the TCAM rules and the network policy to identify at least one missing TCAM rule; and storing an indication that the at least one missing TCAM rule represents the failure. 3 . The method of claim 2 , wherein determining the set of objects that are indicative of the failure in the network comprises: generating a first risk model based on the failure and the network policy, wherein the first risk model determines a risk for a particular network device of the plurality of network devices. 4 . The method of claim 3 , wherein determining the set of objects that are indicative of the failure in the network further comprises: generating a second risk model based on based on the failure and the network policy, wherein the second risk model determines a risk between the plurality of network devices and the controller. 5 . The method of claim 4 , wherein determining the set of objects that are indicative of the failure in the network further comprises: based on the risk for the particular network device and the risk between the plurality of network devices and the controller, identify the set of objects. 6 . The method of claim 5 , further comprising augmenting the first risk model with the at least one missing TCAM rule. 7 . The method of claim 1 , wherein the network policy includes a wherein the network is a large-scale network and wherein the plurality of network devices include a plurality of switches. 8 . The method of claim 1 , wherein the plurality of objects comprise at least one of tenant objects, context objects, endpoint groups, contracts, filters, application profiles, bridge domains, and network fabric access objects. 9 . A system for associating faults in a network comprising: one or more computing devices; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more computing devices, cause the one or more computing devices to: identify a failure in a network comprising a plurality of network devices and a controller for managing a network policy deployed throughout the network, the network policy associated with a plurality of objects, wherein each object of the plurality of objects defines a component that impacts how network traffic is treated by at least one network device of the plurality of network devices; determine from the plurality of objects, a set of objects that are indicative of the failure in the network; and generate for display output indicating the set of objects are indicative of the failure. 10 . The system of claim 9 , wherein identifying the failure in the network comprises: obtaining ternary content addressable memory (TCAM) rules corresponding to the plurality of network devices; performing an equivalency check between the TCAM rules and the network policy to identify at least one missing TCAM rule; and storing an indication that the at least one missing TCAM rule represents the failure. 11 . The system of claim 10 , wherein determining the set of objects that are indicative of the failure in the network comprises: generating a first risk model based on the failure and the network policy, wherein the first risk model determines a risk for a particular network device of the plurality of network devices. 12 . The system of claim 11 , wherein determining the set of objects that are indicative of the failure in the network further comprises: generating a second risk model based on based on the failure and the network policy, wherein the second risk model determines a risk between the plurality of network devices and the controller. 13 . The system of claim 12 , wherein determining the set of objects that are indicative of the failure in the network further comprises: based on the risk for the particular network device and the risk between the plurality of network devices and the controller, identify the set of objects. 14 . The system of claim 13 , wherein the instructions further cause the one or more computing devices to augment the first risk model with the at least one missing TCAM rule. 15 . The system of claim 9 , wherein the network policy includes a wherein the network is a large-scale network and wherein the plurality of network devices include a plurality of switches. 16 . The system of claim 9 , wherein the plurality of objects comprise at least one of tenant objects, context objects, endpoint groups, contracts, filters, application profiles, bridge domains, and network fabric access objects. 17 . A non-transitory computer readable medium encoded with instructions for associating faults in a network, the instructions executable by one or more computing devices, comprising: identifying a failure in a network comprising a plurality of network devices and a controller for managing a network policy deployed throughout the network, the network policy associated with a plurality of objects, wherein each object of the plurality of objects is a manageable component that impacts how network traffic is treated by at least one network device of the plurality of network devices; determining from the plurality of objects a set of objects that are indicative of the failure in the network; and generating for display output indicating the set of objects are indicative of the failure. 18 . The non-transitory computer readable medium of claim 17 , wherein identifying the failure in the network comprises: obtaining ternary content addressable memory (TCAM) rules corresponding to the plurality of network devices; performing an equivalency check between the TCAM rules and the network policy to identify at least one missing TCAM rule; and storing an indication that the at least one missing TCAM rule represents the failure. 19 . The non-transitory computer readable medium of claim 18 , wherein determining the set of objects that are indicative of the failure in the network comprises: generating a first risk model based on the failure and the network policy, wherein the first risk model determines a risk for a particular network device of the plurality of network devices. 20 . The non-transitory computer readable medium of claim 19 , wherein determining the set of objects that are indicative of the failure in the network further comprises: generating a second risk model based on based on the failure and the network policy, wherein the second risk model determines a risk between the plurality of network devices and the controller.