Method for synchronization of policy cache with various policy-based applications

US 20030135603A1
Filed: 02/07/2003
Published: 07/17/2003
Est. Priority Date: 12/17/1998
Status: Active Grant

First Claim

Patent Images

1. A hardware-based policy engine to manage traffic over a computer network, comprising:

an input data path to receive packets of network traffic constituting at least one stream;

means for providing at least a portion of each stream to a host processor executing a policy-based software application and for receiving from the host processor at least one action specification associated with said each stream;

means for maintaining a policy binding database based on the at least one action specification received from the policy application processor;

at least one action processor configured to act on the packets of network traffic; and

a stream classifier that determines an association of each packet with at least one action processor based on data in the packet that uniquely identifies the stream to which the packet belongs, the classification determination being made in cooperation with the policy-binding database and without the involvement of the host processor wherein the at least one action processor acts on the packets of network traffic based on the classification association determined by the stream classifier.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hardware-based policy engine that employs a policy cache to process packets of network traffic. The policy engine includes a stream classifier that associates each packet with at least one action processor based on data in the packet, and the action processor further acts on the packets based on the association determined by the stream classifier.

32 Citations

View as Search Results

15 Claims

1. A hardware-based policy engine to manage traffic over a computer network, comprising:
- an input data path to receive packets of network traffic constituting at least one stream;
  
  means for providing at least a portion of each stream to a host processor executing a policy-based software application and for receiving from the host processor at least one action specification associated with said each stream;
  
  means for maintaining a policy binding database based on the at least one action specification received from the policy application processor;
  
  at least one action processor configured to act on the packets of network traffic; and
  
  a stream classifier that determines an association of each packet with at least one action processor based on data in the packet that uniquely identifies the stream to which the packet belongs, the classification determination being made in cooperation with the policy-binding database and without the involvement of the host processor wherein the at least one action processor acts on the packets of network traffic based on the classification association determined by the stream classifier.
- View Dependent Claims (2, 3)
- - 2. The policy engine of claim 1, wherein the policy binding database maintaining means includes means for maintaining in the policy finding database a plurality of database records, each record including an entry for a stream specification and an indication of one or more action specifications.
  - 3. The policy engine of claim 2, wherein the stream classifier includes:
    - means for determining, for each packet, which record of the policy binding database includes a stream specification that corresponds to the unique identification information in the packet; and
      
      means for determining the association of that packet with the at least one action processor based on the indication of at least one action processor in the determined record.

12. (New) The system of claim 11, wherein the stream classifier computes a hash value from a field in the packet and uses the hash value to select one action specification.

13. (New) The system of claim 11, wherein the policy cache has a plurality of stream classifications and each stream classification being associated with multiple action specifications.

14. (New) The system of claim 11, wherein the policy engine stores the action specifications into the policy cache.

15. (New) The system of claim 11, wherein the policy engine provides a few packets of the flow to a flow classifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WatchGuard Technologies Incorporated (Gladiator Corporation)
Original Assignee
WatchGuard Technologies Incorporated (Gladiator Corporation)
Inventors
Lin, YeeJang James

Granted Patent

US 7,006,502 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/20   Traffic policing

H04L 47/2441   relying on flow classificat...

H04L 47/2483   involving identification of...

H04L 63/02   for separating internal fro...

H04L 63/0272   Virtual private networks

H04L 69/12   Protocol engines

Method for synchronization of policy cache with various policy-based applications

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for synchronization of policy cache with various policy-based applications

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links