Mind the Semantic Gap: Policy Intent Inference from Network Metadata

Abstract

Network Policy management is a tedious and laborious task because of scale and dynamic changes in the network. The advent of Softwarized Networks has led to a renewed interest in intent-based network policy management. Intent-based Networking provides a structured way of specifying the intent of policies which are automatically translated and compiled into network device configuration. While this top-down approach of policy intent to policy configuration has worked well for cloud-native infrastructures such as data centers, it has not seen much adoption in legacy networks. We believe one of the primary reasons for this is the semantic gap between policy intents and policy configurations. The problem is further exacerbated by the heterogeneity, scale-on-the-fly, fragmentation, and lack of structure in non-intent native networks. We introduce Policy Intent Inference (PII) System to bridge the semantic gap with its advanced inference layer that extracts the policy intents from policy configurations fragmented over disparate network devices. We adopt a bottom-up approach to extract all policies within network devices, abstract them into a structured data model, and with the use of clustering and information retrieval techniques, build an optimal solution to extract network-wide policy intents from the underlying network that eases policy management especially policy troubleshooting, reducing the configuration clutter and reducing the time taken to compile and resolve conflicts in policies.