Propagating network configuration policies using a publish-subscribe messaging system

US 10,447,815 B2
Filed: 03/08/2017
Issued: 10/15/2019
Est. Priority Date: 03/08/2017
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

subscribing a node in a network to one or more topics associated with a configuration policy in a publish-subscribe messaging system, wherein said subscribing comprises selecting the one or more topics in the publish-subscribe messaging system based on a state of the node;

receiving, by the node in the network through the publish-subscribe messaging system, one or more messages comprising a first representation of the configuration policy from a policy server;

using a data model to convert, by the node, the first representation into a second representation of the configuration policy; and

using the second representation to apply the configuration policy during processing of network traffic at the node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments provide a system for propagating network configuration policies using a publish-subscribe messaging system. During operation, the system receives, through the publish-subscribe messaging system, one or more messages containing a first representation of a configuration policy from a policy server. Next, the system uses a data model to convert the first representation into a second representation of the configuration policy. The system then uses the second representation to apply the configuration policy during processing of network traffic.

31 Citations

17 Claims

1. A method, comprising:
- subscribing a node in a network to one or more topics associated with a configuration policy in a publish-subscribe messaging system, wherein said subscribing comprises selecting the one or more topics in the publish-subscribe messaging system based on a state of the node;
  
  receiving, by the node in the network through the publish-subscribe messaging system, one or more messages comprising a first representation of the configuration policy from a policy server;
  
  using a data model to convert, by the node, the first representation into a second representation of the configuration policy; and
  
  using the second representation to apply the configuration policy during processing of network traffic at the node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the state of the node is associated with at least one of:
    - a position of the node in a topology of the network; and
      
      network telemetry data captured by the node.
  - 3. The method of claim 1, wherein the one or more topics are associated with a type of the configuration policy.
  - 4. The method of claim 3, wherein the type of the configuration policy is at least one of:
    - an access control list;
      
      a routing policy;
      
      a hardware configuration;
      
      a prefix list;
      
      a network telemetry configuration; and
      
      a message to be transmitted over the network.
  - 5. The method of claim 1, wherein the first representation is included in the one or more messages using a serialization format.
  - 6. The method of claim 1, wherein the second representation comprises a format that can be used by a processing layer associated with the configuration policy in the node.
  - 7. The method of claim 1, wherein the configuration policy comprises:
    - a policy name; and
      
      an instruction.
  - 8. The method of claim 7, wherein the instruction comprises at least one of:
    - a rule;
      
      a condition;
      
      a parameter; and
      
      a value.

9. A method, comprising:
- obtaining, at a policy server;
  
  a first configuration policy for a first subset of nodes in a network; and
  
  a second configuration policy for a second subset of nodes in the network;
  
  generating, by the policy server;
  
  a first message comprising the first configuration policy for receipt by the first subset of nodes through a publish-subscribe messaging system; and
  
  a second message comprising the second configuration policy for receipt by the second subset of nodes through the publish-subscribe messaging system; and
  
  transmitting, by the policy server, the first message and the second message to the publish-subscribe messaging system.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein generating the first message for receipt by the first subset of nodes through the publish-subscribe messaging system comprises:
    - assigning the first message to a topic associated with the first subset of nodes in the publish-subscribe messaging system.
  - 11. The method of claim 10, wherein the topic represents at least one of:
    - a state of a node in the network; and
      
      a type of the configuration policy.
  - 12. The method of claim 9, wherein generating the first message comprising the first configuration policy for receipt by the first subset of nodes through the publish-subscribe messaging system comprises:
    - using a serialization format to include a representation of the first configuration policy in the first message.
  - 13. The method of claim 9, wherein the configuration policy comprises at least one of:
    - an access control list;
      
      a routing policy;
      
      a hardware configuration;
      
      a prefix list;
      
      a network telemetry configuration; and
      
      a message to be transmitted over the network.

14. A system, comprising:
- a policy server comprising a non-transitory computer-readable medium comprising instructions that, when executed, cause the system to;
  
  obtain a first configuration policy for a first subset of nodes in a network and a second configuration policy for a second subset of nodes in the network;
  
  generate a first message comprising the first configuration policy for receipt by the first subset of nodes through a publish-subscribe messaging system;
  
  generate a second message comprising the second configuration policy for receipt by the second subset of nodes through the publish-subscribe messaging system; and
  
  transmit the first and second messages to the publish-subscribe messaging system; and
  
  the first and second subsets of nodes, wherein each node in the first and second subsets comprises a non-transitory computer-readable medium comprising instructions that, when executed, cause the system to;
  
  receive, through the publish-subscribe messaging system, one or more messages comprising a first representation of a configuration policy from the policy server, wherein the configuration policy is at least one of the first and second configuration policies;
  
  use a data model to convert the first representation into a second representation of the configuration policy; and
  
  using the second representation to apply the configuration policy during processing of network traffic.
- View Dependent Claims (15, 16, 17)
- - 15. The system of claim 14, wherein:
    - the first message is assigned to a first topic associated with the first subset of nodes in the publish-subscribe messaging system, andthe second message is assigned to a second topic associated with the second subset of nodes in the publish-subscribe messaging system.
  - 16. The system of claim 15, wherein the first and second topics represent at least one of:
    - a state of the node in the network; and
      
      a type of the configuration policy.
  - 17. The system of claim 14, wherein:
    - the first representation is included in the one or more messages using a serialization format; and
      
      the second representation comprises a format that can be used by a processing layer associated with the configuration policy in the node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Zandi, Shafagh, White, Russell I., Kahn, Zaid A., Kumar, Vikas
Primary Examiner(s)
Walsh, John B

Application Number

US15/453,271
Publication Number

US 20180262592A1
Time in Patent Office

951 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/08   Configuration management of...

H04L 41/0806   for initial configuration o...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 67/34   involving the movement of s...

H04L 67/55   Push-based network services

Propagating network configuration policies using a publish-subscribe messaging system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Propagating network configuration policies using a publish-subscribe messaging system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links