Creating, modifying and storing service abstractions and role abstractions representing one or more packet rules

US 20030152035A1
Filed: 02/08/2002
Published: 08/14/2003
Est. Priority Date: 02/08/2002
Status: Active Grant

First Claim

Patent Images

1. A method of controlling usage of network resources on a communications network, the method comprising acts of:

(A) creating one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and

(B) creating one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Usage of network resources on a communications network is controlled by creating one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition, and creating one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules. Further, one or more role abstractions may be created, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more packet rules, and possibly one or more service abstractions. These role abstractions and service abstractions may be stored and distributed to network devices on the communications network. Role abstractions and service abstractions ease the configuration, implementation, and administration of packet rules and network policy by enabling the reuse, storage, and modification of an aggregation of one or more packet rules. Instead of configuring each existing or new device in a network individually, roles and service abstractions can be used to simultaneously configure a number of devices, regardless of location in the network. Role abstractions and service abstractions allow a network administrator to aggregate complex technological configuration parameters providing translation between the languages of technical and non-technical members of an organization.

Citations

40 Claims

1. A method of controlling usage of network resources on a communications network, the method comprising acts of:
- (A) creating one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and
  
  (B) creating one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising an act of:
    - (C) configuring a network device of the communications network with one or more packet rules according to at least one of the service abstractions.
  - 3. The method of claim 2, wherein the act (C) comprises:
    - configuring a port module of a switching device of the communications network with one or more packet rules according to at least one of the service abstractions.
  - 4. The method of claim 2, wherein the act (C) comprises:
    - configuring a firewall of a network device of the communications network with one or more packet rules according to at least one of the service abstractions.
  - 5. The method of claim 1, further comprising an act of:
    - (C) distributing the one or more service abstractions to one or more network devices residing on the communications network.
  - 6. The method of claim 1, further comprising an act of:
    - (C) associating one or more of the service abstractions with a user of the communications network.
  - 7. The method of claim 1, further comprising an act of:
    - (C) creating one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more service abstractions.
  - 8. The method of claim 7, further comprising an act of:
    - (D) configuring a network device of the communications network with one or more packet rules according to one of the role abstractions.
  - 9. The method of claim 8, wherein act (D) comprises:
    - configuring a port module of a switching device of the communications network with one or more packet rules according to one of the role abstractions.
  - 10. The method of claim 8, wherein act (D) comprises:
    - configuring a firewall of a network device of the communications network with one or more packet rules according to one of the role abstractions.
  - 11. The method of claim 7, further comprising an act of:
    - (D) distributing the one or more role abstractions to one or more network devices residing on the communications network.
  - 12. The method of claim 7, further comprising an act of:
    - (D) assigning one of the role abstractions to at least a first user of the communications network.

13. A system for controlling usage of network resources on a communications network, the system comprising:
- a rule editing module to create one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and
  
  a service editing module to create one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13, further comprising:
    - logic to configure a network device with one or more packet rules according to at least one of the service abstractions.
  - 15. The system of claim 14, wherein the logic comprises:
    - port configuration logic to configure a port module of a switching device with one or more packet rules according to at least one of the service abstractions.
  - 16. The system of claim 14, wherein the logic comprises:
    - firewall logic to configure a firewall of a network device with one or more packet rules according to at least one of the service abstractions.
  - 17. The system of claim 13, further comprising:
    - a distribution module to distribute the one or more service abstractions to one or more network devices residing on the communications network.
  - 18. The system of claim 13, further comprising:
    - assigning logic to associate one or more of the service abstractions with a user of the communications network.
  - 19. The system of claim 13, further comprising:
    - a role editing module to create one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more service abstractions.
  - 20. The system of claim 19, further comprising:
    - logic to configure a network device with one or more packet rules according to one of the role abstractions.
  - 21. The system of claim 20, wherein the logic comprises:
    - port configuration logic to configure a port module of a switching device with one or more packet rules according to one of the role abstractions.
  - 22. The system of claim 20, wherein the logic comprises:
    - firewall logic to configure a firewall of a network device with one or more packet rules according to one of the role abstractions.
  - 23. The system of claim 19, further comprising:
    - a distribution module to distribute the one or more role abstractions to one or more network devices residing on the communications network.
  - 24. The system of claim 19, further comprising:
    - assigning logic to assign one of the role abstractions to at least a first user of the communications network.

25. A system for controlling usage of network resources on a communications network, the system comprising:
- a rule editing module to create one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and
  
  means for creating one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules.

26. A computer program product, comprising:
- a computer readable medium; and
  
  computer readable signals stored on the computer readable medium that define instructions that, as a result of being executed by a computer, instruct the computer to perform a process of controlling usage of network resources on a communications network, the process comprising acts of;
  
  (A) creating one or more packet rules for analyzing packets received at one or more devices of the communication network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and
  
  (B) creating one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules.

27. A method of controlling usage of network resources on a communications network, the method comprising acts of:
- (A) creating one or more packet rules for analyzing packets received at one or more devices of the communication network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and
  
  (B) creating one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more packet rules.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The method of claim 27, further comprising an act of:
    - (C) configuring a network device of the communications network with one or more packet rules according to one of the role abstractions.
  - 29. The method of claim 28, wherein act (C) comprises:
    - configuring a port module of a switching device of the communications network with one or more packet rules according to one of the role abstractions.
  - 30. The method of claim 28, wherein act (C) comprises:
    - configuring a firewall of a network device of the communications network with one or more packet rules according to one of the role abstractions.
  - 31. The method of claim 27, further comprising an act of:
    - (C) distributing the one or more role abstractions to one or more network devices residing on the communications network.
  - 32. The method of claim 27, further comprising an act of:
    - (C) assigning one of the role abstractions to at least a first user of the communications network.

33. A system for controlling usage of network resources on a communications network, the system comprising:
- a rule editing module to create one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and
  
  a role editing module to create one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more packet rules.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The system of claim 33, further comprising:
    - logic to configure a port module of a network device with one or more packet rules according to one of the role abstractions.
  - 35. The system of claim 34, wherein the logic comprises:
    - port configuration logic to configure a port module of a switching device with one or more packet rules according to one of the role abstractions.
  - 36. The system of claim 34, wherein the logic comprises:
    - firewall logic to configure a firewall of a network device with one or more packet rules according to one of the role abstractions.
  - 37. The system of claim 33, further comprising:
    - a distribution module to distribute the one or more role abstractions to one or more network devices residing on the communications network.
  - 38. The system of claim 33, further comprising:
    - assigning logic to assign one of the role abstractions to at least a first user of the communications network.

39. A system for controlling usage of network resources on a communications network, the system comprising:
- a rule editing module to create one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and
  
  means for creating one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more service abstractions.

40. A computer program product, comprising:
- a computer readable medium; and
  
  computer readable signals stored on the computer readable medium that define instructions that, as a result of being executed by a computer, instruct the computer to perform a process of controlling usage of network resources on a communications network, the process comprising acts of;
  
  (A) creating one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and
  
  (B) creating one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more service abstractions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Enterasys Networks Incorporated (Extreme Networks, Inc.)
Inventors
Dunigan, Paul Jane, Richmond, James, Roese, John, Pettit, Steven A.

Granted Patent

US 7,855,972 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Creating, modifying and storing service abstractions and role abstractions representing one or more packet rules

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Creating, modifying and storing service abstractions and role abstractions representing one or more packet rules

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links