Identifying mismatches between a logical model and node implementation

What is claimed is: 1 . A computer-implemented method comprising: first obtaining reference concrete level rules for a node in a network, comprising: second obtaining a local logical model for a node from a global logical model, the global logical model containing instructions on how endpoints connected to the network communicate within the network, and the local logical model being a device specific portion of the global logical model that is specific to how the node communicates to the network; creating the reference concrete level rules for the node from the local logical model and software parameters of the node; third obtaining, from the node in the network, implemented concrete level rules for the node; comparing the reference concrete level rules with the implemented concrete level rules; and determining that the implemented concrete level rules are not appropriately configured based on the comparing; wherein the reference concrete level rules are specific to expected operability of the node, and the implemented concrete level rules are specific to actual operability of the node. 2 . The computer-implemented method of claim 1 , the second obtaining comprising generating, based on the global logical model, the local logical model for the node. 3 . The computer-implemented method of claim 1 , wherein the third obtain further comprising querying the node in the network for the implemented concrete level rules for the node. 4 . The computer-implemented method of claim 1 , the comparing comprises comparing a number of the reference concrete level rules with a number of the implemented concrete level rules. 5 . The computer-implemented method of claim 1 , wherein the network is a leaf-spine network and the node is a leaf node in the leaf-spine network. 6 . The computer-implemented method of claim 1 , wherein the reference concrete level rules are access control rules. 7 . The computer-implemented method of claim 1 , further comprising restarting the node in response to a positive result of the determining. 8 . A system comprising: one or more processors; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the system to perform operations comprising: first obtaining reference concrete level rules for a node in a network, comprising: second obtaining a local logical model for a node from a global logical model, the global logical model containing instructions on how endpoints connected to the network communicate within the network, and the local logical model being a device specific portion of the global logical model that is specific to how the node communicates to the network; creating the reference concrete level rules for the node from the local logical model and software parameters of the node; third obtaining, from the node in the network, implemented concrete level rules for the node; comparing the reference concrete level rules with the implemented concrete level rules; and determining that the implemented concrete level rules are not appropriately configured based on the comparing; wherein the reference concrete level rules are specific to expected operability of the node, and the implemented concrete level rules are specific to actual operability of the node. 9 . The system of claim 8 , the second obtaining comprising generating, based on the global logical model, the local logical model for the node. 10 . The system of claim 8 , wherein the third obtain further comprising querying the node in the network for the implemented concrete level rules for the node. 11 . The system of claim 8 , the comparing comprises comparing a number of the reference concrete level rules with a number of the implemented concrete level rules. 12 . The system of claim 8 , wherein the network is a leaf-spine network and the node is a leaf node in the leaf-spine network. 13 . The system of claim 8 , wherein the reference concrete level rules are access control rules. 14 . The system of claim 8 , the operations further comprising restarting the node in response to a positive result of the determining. 15 . A non-transitory computer-readable storage medium having stored therein instructions which, when executed, cause a system to perform operations comprising: first obtaining reference concrete level rules for a node in a network, comprising: second obtaining a local logical model for a node from a global logical model, the global logical model containing instructions on how endpoints connected to the network communicate within the network, and the local logical model being a device specific portion of the global logical model that is specific to how the node communicates to the network; creating the reference concrete level rules for the node from the local logical model and software parameters of the node; third obtaining, from the node in the network, implemented concrete level rules for the node; comparing the reference concrete level rules with the implemented concrete level rules; and determining that the implemented concrete level rules are not appropriately configured based on the comparing; wherein the reference concrete level rules are specific to expected operability of the node, and the implemented concrete level rules are specific to actual operability of the node. 16 . The non-transitory computer-readable storage medium of claim 15 , the second obtaining comprising generating, based on the global logical model, the local logical model for the node. 17 . The non-transitory computer-readable storage medium of claim 15 , wherein the third obtain further comprising querying the node in the network for the implemented concrete level rules for the node. 18 . The non-transitory computer-readable storage medium of claim 15 , the comparing comprises comparing a number of the reference concrete level rules with a number of the implemented concrete level rules. 19 . The non-transitory computer-readable storage medium of claim 15 , wherein the network is a leaf-spine network and the node is a leaf node in the leaf-spine network. 20 . The non-transitory computer-readable storage medium of claim 15 , wherein the reference concrete level rules are access control rules.