Identifying network management policies

US 20030023711A1
Filed: 07/30/2001
Published: 01/30/2003
Est. Priority Date: 07/30/2001
Status: Active Grant

First Claim

Patent Images

1. A method comprising providing a capability to perform operations on a computer system, the operations comprising:

identifying one or more policies associated with a network component;

generating a list of one or more groups to which the network component belongs; and

identifying one or more policies associated with each of the groups in the generated list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A policy based network management (PBNM) system may identify one or more policies associated with a network component (e.g., a network device, a device group, a device subgroup, a user, an application, an end-host, etc.) by identifying one or more policies directly associated with the network component, generating a list of one or more groups to which the network component belongs, and identifying one or more policies associated with each of the groups in the generated list. An aggregated data set (e.g., a hash table or a balanced tree) may be used to store network component identity elements, one or more pointers to a deployed policy tree, and one or more pointers to a network configuration tree. Each identity element in the data set identifies a network component and has an associated network configuration tree pointer and one or more associated deployed policy tree pointers.

Citations

39 Claims

1. A method comprising providing a capability to perform operations on a computer system, the operations comprising:
- identifying one or more policies associated with a network component;
  
  generating a list of one or more groups to which the network component belongs; and
  
  identifying one or more policies associated with each of the groups in the generated list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 in which the network component comprises one or more of the following:
    - a network device, a device group, a device subgroup, a user, a group of users, an application, a group of applications, an end-host, a group of end-hosts, and one or more time conditions.
  - 3. The method of claim 2 in which at least one of the identified policies associated with the network component is currently deployed.
  - 4. The method of claim 2 in which at least one of the identified policies associated with the network component is currently undeployed.
  - 5. The method of claim 1 in which identifying one or more policies associated with the network component comprises:
    - searching an entry associated with the network component in an aggregated data set to identify one or more pointers to a deployment policy tree; and
      
      based on the identified one or more pointers, searching the deployment policy tree to identify one or more policies directly associated with the network component.
  - 6. The method of claim 1 in which generating the list of one or more groups to which the network component belongs comprises:
    - searching an entry associated with the network component in an aggregated data set to identify a pointer to a network configuration tree; and
      
      based on the identified pointer, searching the configuration tree to identify a parent node corresponding to a group to which the network component belongs.
  - 7. The method of claim 6 further comprising recursively searching the aggregated data set and the configuration tree until a non-group node is encountered in the configuration tree.
  - 8. The method of claim 7 in which the recursive searching generates a group chain list.
  - 9. The method of claim 1 in which identifying one or more policies associated with each of the groups in the generated list comprises, for each group in the list:
    - searching an entry associated with the group in an aggregated data set to identify one or more pointers to a deployment policy tree; and
      
      based on the identified one or more pointers, searching the deployment policy tree to identify one or more policies directly associated with the group.
  - 10. The method of claim 1 in which one or more of the operations is performed at least in part using an aggregated data set.
  - 11. The method of claim 10 in which the aggregated data set comprises a hash table.
  - 12. The method of claim 10 in which the aggregated data set comprises a red-black tree.
  - 13. The method of claim 10 in which the aggregated data set comprises a plurality of entries, each entry corresponding to a network component and including a network component identifier, one or more pointers to a deployment policy tree, and a pointer to a network configuration tree.
  - 14. The method of claim 1 in which providing a capability to perform operations on a computer system comprises providing at a network management policy decision point a policy based network management software application capable of performing the operations.

15. An article comprising:
- a storage medium having a plurality of machine readable instructions, wherein execution of the instructions causes a machine to perform operations comprising;
  
  identify one or more policies associated with a network component;
  
  generate a list of one or more groups to which the network component belongs; and
  
  identify one or more policies associated with each of the groups in the generated list.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The article of claim 15 in which the network component comprises one or more of the following:
    - a network device, a device group, a device subgroup, a user, a group of users, an application, a group of applications, an end-host, a group of end-hosts, and one or more time conditions.
  - 17. The article of claim 15 in which the instructions to identify one or more policies associated with the network component comprise instructions to:
    - search an entry associated with the network component in an aggregated data set to identify one or more pointers to a deployment policy tree; and
      
      based on the identified one or more pointers, search the deployment policy tree to identify one or more policies directly associated with the network component.
  - 18. The article of claim 15 in which the instructions to generate the list of one or more groups to which the network component belongs comprise instructions to:
    - search an entry associated with the network component in an aggregated data set to identify a pointer to a network configuration tree; and
      
      based on the identified pointer, search the configuration tree to identify a parent node corresponding to a group to which the network component belongs.
  - 19. The article of claim 18 further comprising instructions to recursively search the aggregated data set and the configuration tree until a non-group node is encountered in the configuration tree.
  - 20. The article of claim 19 in which the recursive searching generates a group chain list.
  - 21. The article of claim 15 in which the instructions to identify one or more policies associated with each of the groups in the generated list comprises instructions to perform the following for each group in the list:
    - search an entry associated with the group in an aggregated data set to identify one or more pointers to a deployment policy tree; and
      
      based on the identified one or more pointers, search the deployment policy tree to identify one or more policies directly associated with the group.
  - 22. The article of claim 15 in which one or more of the operations is performed at least in part using an aggregated data set.
  - 23. The article of claim 22 in which the aggregated data set comprises a hash table or a red-black tree.
  - 24. The article of claim 22 in which the aggregated data set comprises a plurality of entries, each entry corresponding to a network component and including a network component identifier, one or more pointers to a deployment policy tree, and a pointer to a network configuration tree.

25. A policy based network management (PBNM) system comprising:
- a network configuration tree configured to store a tree representation of a network configuration, the tree representation being formed of a plurality of nodes, each node corresponding to a network component;
  
  a deployed policy tree configured to store a tree representation of policies associated with network components;
  
  an aggregated data set configured to store a plurality of data elements including one or more identity elements, one or more pointers to the deployed policy tree, and one or more pointers to the network configuration tree, each identity element identifying a network component and having an associated network configuration tree pointer and one or more associated deployed policy tree pointers; and
  
  one or more software components configured to identify one or more policies associated with a network component;
  
  generate a list of one or more groups to which the network component belongs; and
  
  identify one or more policies associated with each of the groups in the generated list.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The system of claim 25 in which the network component comprises one or more of the following:
    - a network device, a device group, a device subgroup, a user, a group of users, an application, a group of applications, an end-hosts, a group of end-hosts, and one or more time conditions.
  - 27. The system of claim 25 in which the one or more software components configured to identify one or more policies associated with the network component are configured to perform the following:
    - search an entry associated with the network component in the aggregated data set to identify the network component'"'"'s one or more associated deployed policy tree pointers; and
      
      based on the identified one or more deployed policy tree pointers, search the deployment policy tree to identify one or more policies directly associated with the network component.
  - 28. The system of claim 25 in which the one or more software components configured to generate the list of one or more groups to which the network component belongs are configured to perform the following:
    - search an entry associated with the network component in the aggregated data set to identify the network component'"'"'s associated network configuration tree pointer; and
      
      based on the identified network configuration tree pointer, search the network configuration tree to identify a parent node corresponding to a group to which the network component belongs.
  - 29. The system of claim 28 in which the one or more software components recursively search the aggregated data set and the network configuration tree until a non-group node is encountered in the configuration tree.
  - 30. The system of claim 25 in which the one or more software components configured to identify one or more policies associated with each of the groups in the generated list are configured to perform the following for each group in the list:
    - search an entry associated with the group in the aggregated data set to identify the group'"'"'s one or more associated deployed policy tree pointers; and
      
      based on the identified one or more deployed policy tree pointers, search the deployed policy tree to identify one or more policies directly associated with the group.
  - 31. The system of claim 25 in which the aggregated data set comprises a hash table.
  - 32. The system of claim 25 in which the aggregated data set comprises a balanced tree.

33. A method comprising providing a capability to perform operations on a computer system, the operations comprising:
- receiving a request to identify one or more policies associated with a specified subject;
  
  identifying one or more policies directly associated with the specified subject;
  
  generating a list of one or more groups to which the specified subject belongs; and
  
  identifying one or more policies associated with each of the groups in the generated list.
- View Dependent Claims (34, 35, 36, 37, 38, 39)
- - 34. The method of claim 33 in which the specified subject comprises one or more of the following:
    - a network device, a device group, a device subgroup, a user, a group of users, an application, a group of applications, an end-hosts, a group of end-hosts, and one or more time conditions.
  - 35. The method of claim 33 in which identifying one or more policies directly associated with the specified subject comprises:
    - searching an entry associated with the specified subject in an aggregated data set to identify one or more pointers to a deployment policy tree; and
      
      based on the identified one or more pointers, searching the deployment policy tree to identify one or more policies directly associated with the specified subject.
  - 36. The method of claim 33 in which generating the list of one or more groups to which the specified subject belongs comprises:
    - searching an entry associated with the specified subject in an aggregated data set to identify a pointer to a network configuration tree; and
      
      based on the identified pointer, searching the configuration tree to identify a parent node corresponding to a group to which the specified subject belongs.
  - 37. The method of claim 36 further comprising recursively searching the aggregated data set and the configuration tree until a non-group node is encountered in the configuration tree.
  - 38. The method of claim 33 in which identifying one or more policies associated with each of the groups in the generated list comprises, for each group in the list:
    - searching an entry associated with the group in an aggregated data set to identify one or more pointers to a deployment policy tree; and
      
      based on the identified one or more pointers, searching the deployment policy tree to identify one or more policies directly associated with the group.
  - 39. The method of claim 33 in which providing a capability to perform operations on a computer system comprises providing at a network management policy decision point a policy based network management software application capable of performing the operations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Durham, David M., Parmar, Pankaj N.

Granted Patent

US 7,072,958 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 41/0893 Assignment of logical group...

H04L 41/0894 Policy-based network config...

Identifying network management policies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying network management policies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links