NETWORK POLICY VALIDATION

Organization Name

Juniper Networks, Inc.

Inventor(s)

Prasad Miriyala of San Jose CA (US)

FNU Nadeem of Fremont CA (US)

Sayali Mane of Milpitas CA (US)

Ankur Tandon of San Francisco CA (US)

Sajeesh Mathew of Saratoga CA (US)

Pranav Cherukupalli of Milpitas CA (US)

Khushi Vaidya of Berkeley CA (US)

NETWORK POLICY VALIDATION - A simplified explanation of the abstract

This abstract first appeared for US patent application 18313131 titled 'NETWORK POLICY VALIDATION

The abstract describes a validation system that processes flow records to determine if packet flows among workloads in a computing cluster comply with a network policy.

• The system obtains flow records indicating allowed or denied packet flows in the cluster.
• It receives an updated network policy and compares it with the existing flow records.
• If a discrepancy is found between a flow record and the updated policy, an error indication is output.

Potential Applications: - Network security monitoring - Policy compliance verification in cloud computing environments

Problems Solved: - Ensuring network traffic adheres to specified policies - Detecting and alerting on policy violations in real-time

Benefits: - Enhanced network security - Improved compliance with network policies - Early detection of unauthorized network activity

Commercial Applications: Title: Network Policy Compliance Validation System This technology can be utilized by cloud service providers, data centers, and network security companies to ensure network traffic compliance and enhance overall security measures.

Questions about Network Policy Compliance Validation System: 1. How does the validation system handle discrepancies between flow records and updated network policies? The system compares the flow records with the updated policy and outputs an error indication if a discrepancy is found.

2. What are the potential benefits of using this validation system in a cloud computing environment? The system can enhance network security, improve policy compliance, and provide early detection of unauthorized network activity.

Original Abstract Submitted

In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.