Establishment and enforcement of policies in packet-switched networks
First Claim
1. A system for synchronizing a plurality of network policies amongst a plurality of network nodes, the plurality of network policies operative of the plurality of nodes to regulate data traffic through the plurality of nodes, the system comprising:
- an ordered plurality of classifications of the plurality of network policies, the ordered plurality of classifications including a first one or more classifications identifying policies enabling collusion between the plurality of network nodes to support a common database of network policies, a second one or more classifications identifying policies for compressing or expanding information passed amongst the plurality of nodes, a third one or more classifications including policies for route distribution and selection in the plurality of nodes;
a plurality of local policy databases, each of the plurality of local policy databases residing on a respective node in the plurality of nodes, each of the local policy databases further including a plurality of policy instances operative on the respective node; and
a plurality of synchronization processes resident on the plurality of nodes, the plurality of synchronization processes operative to minimize a convergence time between the plurality of local databases and the common database of network policies, wherein the plurality of synchronization processes are further operative to map network policies received at the respective node to the ordered plurality of classifications.
2 Assignments
0 Petitions
Accused Products
Abstract
Policy domains are introduced, which include methods and algorithms for ensuring policy consistency within defined regions of one or more communications networks. Examples of such policies include network functions such as routing, filtering, security, authentication, information summarization and expansion. These policies may be organized into hierarchies of policy categories. The policy domains include mechanisms for adding and deleting policies while preserving consistency, as well a mechanisms for allowing fast synchronization and convergence of policies between local databases resident different nodes/peers in the networks. Policy domains may be delineated by pre-existing logical topologies, such as autonomous systems, or may have evolving boundaries.
-
Citations
39 Claims
-
1. A system for synchronizing a plurality of network policies amongst a plurality of network nodes, the plurality of network policies operative of the plurality of nodes to regulate data traffic through the plurality of nodes, the system comprising:
-
an ordered plurality of classifications of the plurality of network policies, the ordered plurality of classifications including a first one or more classifications identifying policies enabling collusion between the plurality of network nodes to support a common database of network policies, a second one or more classifications identifying policies for compressing or expanding information passed amongst the plurality of nodes, a third one or more classifications including policies for route distribution and selection in the plurality of nodes;
a plurality of local policy databases, each of the plurality of local policy databases residing on a respective node in the plurality of nodes, each of the local policy databases further including a plurality of policy instances operative on the respective node; and
a plurality of synchronization processes resident on the plurality of nodes, the plurality of synchronization processes operative to minimize a convergence time between the plurality of local databases and the common database of network policies, wherein the plurality of synchronization processes are further operative to map network policies received at the respective node to the ordered plurality of classifications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. In an inter-network including a plurality of interconnected communications nodes, a method of colluding between the plurality of nodes, the method comprising:
-
at a first node in the plurality of nodes, receiving a network policy instance from a second node in the plurality of nodes, the network policy instance regulating processing of data traversing the inter-network;
determining consistency of the network policy instance with a local policy database resident in the first node, the local policy database regulating network processing in the first node, determining consistency of the network policy instance further including identifying the network policy instance in a hierarchy of network policies to determine a rank for the network policy instance; and
if and only if the network policy is consistent with the local policy database, adding the network policy to the local policy database. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification