Skip to Content

1.4- Network Provisioning Verification

In data center networks, configuration inconsistencies and abnormal traffic patterns can lead to service disruptions if not identified early. Continuous monitoring is essential to reduce this risk. NCE-FabricInsight, a dedicated component separate from NCE-Fabric, was developed specifically for this purpose.

NCE-Fabric is responsible for planning, provisioning, and configuring network systems, while NCE-FabricInsight is focused on monitoring and conducting operational risk analysis. It evaluates the network through device configurations and real-time telemetry data, analyzing risk across five dimensions: reliability, consistency, performance, capacity, and stability. This approach enables the early detection of potential issues and offers continuous insight into the overall health of the data center network.

Initially, NCE-FabricInsight reported zero risks, as shown in Figure 11. This was expected since the network was operating exactly as provisioned by NCE-Fabric, and no traffic had yet been generated into the network.

1747819799405-313.png

Figure 11: Initial Zero-Risk Status

To test the NCE-FabricInsight's ability to detect configuration-related risks, we intentionally introduced a mismatch in the VXLAN Tunnel Ingress Replication List between two leaf switches. On Leaf1, we added an extra VNI entry (vni 100 head-end peer-list protocol bgp) that was not present on Leaf2. This resulted in an inconsistency between the two devices' Nve1 interface configurations.

NCE-FabricInsight successfully identified the issue as a VXLAN tunnel ingress replication list inconsistency. It highlighted the mismatch between Leaf1 and Leaf2, showing the exact configuration difference, and flagged it as a risk under the configuration check.

1747821328855-611.png

Figure 12: M-LAG inconsistency Risk

NCE-FabricInsight compared both devices ' configurations side-by-side, showing their IP addresses, interface names, MAC addresses, and the complete VNI configuration under interface Nve1. It clearly identified the VXLAN tunnel ingress replication list as inconsistent and highlighted the specific configuration difference. In the Risk Analysis section, NCE-FabricInsight recommended a resolution to the issue. It advised adding missing commands or removing redundant entries to ensure consistent VXLAN configurations between the two M-LAG peers. After applying the recommended change, the inconsistency was resolved successfully.

The network verification and risk evaluation features provided by NCE-FabricInsight meet the Level 4 requirements for verification capability, as defined in the ETSI GR ENI 049 document.