Large network maintenance typically is an ongoing, error prone, arduous process, where changes in the network require substantial planning and voluminous configuration changes spanning the devices that support the network. Examples of such changes include, but are not limited to the addition of new hardware or software, new hosts or users to the network, or similarly, network changes associated with hosts and/or users leaving the network.
Indeed, with the increase in the network size and complexity, it is increasingly difficult to configure and maintain the switches, routers and other network devices that manage the data network. The network administrator must take into account not only how the network is designed, and its configuration, but also, how the network devices that support the network interact with each other.
Existing approaches for setting up of Switched Port Analyzer (SPAN) sessions in the network are generally limited in functionality as they are implemented as add-ons to the network. A SPAN session is an association of a destination interface with a set of source interfaces and is used for network traffic monitoring. For example, one approach includes the examination of the configuration files on network devices, and by snooping packets. A limitation of this approach is that the configuration files on the network devices are not a substitute for the know-how of the administrator that initially configured the network. While the configuration files in the network devices provide the properties of the network configuration, they do not typically provide the reasons behind the properties for the configuration in the network. Thus, any reconfiguration of the network without fully comprehending the reasons behind the properties for the configuration of the network devices may not yield the correct or optimum configuration.
Furthermore, with respect to the challenge of the network configuration changes over time, network add-ons may not be configured to be fully integrated into every network device in the network, and thus, cannot reliably track the users and hosts as they migrate within the network, changing the network topology. Moreover, existing approaches cannot track users or groups of users because of their dynamic nature—that is, users can migrate from machine to machine within the network, while hosts can migrate from port to port.
In view of the foregoing, it would be desirable to have methods and systems for data network monitoring and management based on dynamically defining and applying one or more intents associated with network policies to one or more network entities.