Policy Engine Overview

Itential Policy Engine is a service that provides IP/Network address information, network math functions, and traffic policy analysis and tools.

This guide introduces Policy Engine while the related information in this guide takes you through installation and configuration.

Key Features

IP Address and Network Validation and Normalization

Itential Policy Engine provides functions for validating strings passed in as IP addresses or Network addresses. In addition to reporting validity, it also returns the IP version of the address and a canonical form that represents the same endpoint address or network. For IPv4 networks, CIDR notation is canonical. Whereas for IPv6 the shortest representation is canonical, eliminating zeroes where possible.

Best effort parsing means that all common formats for IPv4 and IPv6 endpoint addresses and network notations are recognized, and even uncommon or noisy ones are often accepted.

Registered Port Information

Itential Policy Engine provides lookups for registered ports by port number or registered name, with optional restriction to a single Layer 4 protocol (TCP, UDP, etc.). This can be used to translate between port numbers and IANA names for various use cases.

MAC Address Validation and Information

Itential Policy Engine provides functions for validating MAC addresses and deriving various information from them, such as version (48 vs 64), the converted EUI64 value of an EUI48 address, the issuing organization, and other useful information.

Traffic Policy Analysis

Policy Analysis is the namesake use case for Policy Engine, and it provides functions for analyzing a device's traffic policy for certain use cases, such as identifying redundancies in a policy and checking proposed rules against a policy for redundancy and conflict.