Operational feedback on policy redundancy

[manwar--- via NANOG <nanog () lists nanog org>]

Hello,

I am a PhD student currently looking at the long-term management of network policies and intents. In studying a 
large-scale production dataset from a service provider, I found that over 95% of the operational intents were 
semantically redundant (meaning they were completely shadowed or subsumed by broader, older rules).

I am trying to understand if this high level of policy bloat matches the actual experience of operators in the field:

Redundancy: Is cleaning up shadowed or redundant rules a regular part of your workflow, or do they just tend to stay in 
the system for years once they're active?
Conflicts: How often do you run into cases where multiple goals (which all seem fine on their own) accidentally create 
a conflict when they are enforced together over the same traffic?
Resolutions: Is there a standard way you "relax" or prioritize these goals when you find they are fighting each other?

Thank you for any operational insights you can share.

Best regards,
Mubashir Anwar
University of Illinois Urbana-Champaign
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/3RJ45WJJ63KNKUCNT7A5BCVQXBVONJ3V/