Re: Operational feedback on policy redundancy

[Tom Beecher via NANOG <nanog () lists nanog org>]

> I found that over 95% of the operational intents were semantically
> redundant (meaning they were completely shadowed or subsumed by broader,
> older rules).

I also find it very difficult to believe that 95% of things were redundant
or duplicative, be it ACLs / BGP policies , or really anything. There are
absolutely cases, say with ACLs, that you apply less permissive filtering
at different network layers; however, this is usually an intentional design
choice, not a bug.

Conflicts: How often do you run into cases where multiple goals (which all
> seem fine on their own) accidentally create a conflict when they are
> enforced together over the same traffic?
> Resolutions: Is there a standard way you "relax" or prioritize these goals
> when you find they are fighting each other?


Again assuming you're talking about ACLs / protocol policies, these are
pretty binary. Either they work or they don't. Conflicting ACLs would
almost by definition only mean traffic is blocked where it shouldn't be.
Conflicting protocol policies means routes don't show up where/how they
should, so something isn't working right.

Agree with the other comments, without more context I'm not sure you're
going to get helpful feedback.



On Fri, Apr 3, 2026 at 3:48 PM manwar--- via NANOG <nanog () lists nanog org>
wrote:

> Hello,
>
> I am a PhD student currently looking at the long-term management of
> network policies and intents. In studying a large-scale production dataset
> from a service provider, I found that over 95% of the operational intents
> were semantically redundant (meaning they were completely shadowed or
> subsumed by broader, older rules).
>
> I am trying to understand if this high level of policy bloat matches the
> actual experience of operators in the field:
>
> Redundancy: Is cleaning up shadowed or redundant rules a regular part of
> your workflow, or do they just tend to stay in the system for years once
> they're active?
> Conflicts: How often do you run into cases where multiple goals (which all
> seem fine on their own) accidentally create a conflict when they are
> enforced together over the same traffic?
> Resolutions: Is there a standard way you "relax" or prioritize these goals
> when you find they are fighting each other?
>
> Thank you for any operational insights you can share.
>
> Best regards,
> Mubashir Anwar
> University of Illinois Urbana-Champaign
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/3RJ45WJJ63KNKUCNT7A5BCVQXBVONJ3V/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/5VCKKMVZVMZCS66DKRQK43BC3MQGLXEE/