US Patent 12081395 Formal verification of network changes

A network insight system that performs intent verification of network changes is provided. The system generates a first model of a network comprising a first set of one or more rule tables, each rule table described by one or more flow nodes. The system generates a second model of the network comprising a second set of one or more rule tables. Each rule table is described by one or more flow nodes. Each flow node specifies a set of packets and an action to be taken on the specified set of packets. They system determines a set of differential flow nodes for the second model based on the flow nodes of the first model and the flow nodes of the second model. Each differential flow node is classified as being one of (i) newly removed, (ii) newly added, and (iii) unaffected. The system verifies a network change based on the determined differential flow nodes.