Object oriented networks

摘要

An approach is provided in which a system creates a network application model that includes network policy objects and connection rules corresponding to sending data between the network policy objects. The system converts the network application model to network configuration information, which links the network policy objects to the connection rules. In turn, a network control plane is configured based upon the network configuration information to map the network application model to a physical infrastructure.

主权项

1. An information handling system comprising:
one or more processors; a memory coupled to at least one of the processors; a set of computer program instructions stored in the memory and executed by at least one of the processors in order to perform actions of:
defining an object-oriented network modeling language that includes one or more network policy object requirements and one or more language primitives;creating a plurality of network policy objects based upon the one or more network policy object requirements;extending a first network policy object to a second network policy object according to one of the language primitives, the first network policy object and the second network policy object included in the plurality of network policy objects;creating, by one or more processors, a network application model that includes the plurality of network policy objects and a plurality of connection rules corresponding to sending data between a plurality of endpoints assigned to the plurality of network policy objects;converting the network application model to network configuration information, the network configuration information linking the plurality of network policy objects to the plurality of connection rules, wherein the converting further comprises:
generating one or more first table entries in a first rules table corresponding to the first network policy object, wherein the first rules table includes one or more first destination network policy object identifiers and one or more first connection rules;generating one or more second table entries in a second rules table corresponding to the second network policy object, wherein the second rules table includes one or more second destination network policy object identifiers and one or more second connection rules, wherein:
one of the second connection rules overrides one of the first connection rules when the second connection rule's corresponding second destination network policy object identifier matches one of the first connection rule's corresponding first network policy object identifier; andone of the second connection rules adds to the first connection rules when the second connection rule's corresponding second destination network policy object identifier fails to match one of the first network policy object identifiers:configuring a network control plane, based upon the network configuration information, to map the network application model to a physical infrastructure;receiving a policy resolution request, from a requestor, corresponding to a source endpoint that includes a source network policy object identifier and a destination virtual address;identifying a destination network policy object identifier that corresponds to the destination virtual address;determining that the source network policy object identifier corresponds to the second network policy object;searching the second rules table for the destination network policy object identifier; andin response to locating the destination network policy object identifier in the second rules table:
extracting one of the second rules from the second rules table corresponding to the located destination network policy object identifier:identifying an action corresponding to the extracted second rule;including the action in a policy resolution response; andsending the policy resolution response the requestor, wherein the requestor re-configures the network control plane according to the policy resolution response.