Method and apparatus for controlled access of requests from virtual private network devices to managed information objects using simple network management protocol and multi-topology routing
First Claim
1. A method of controlling access of network management requests directed to one or more network devices that participate in a virtual private network, the method comprising the computer-implemented steps of:
- receiving a request to carry out a management protocol operation;
determining an identifier of a virtual private network in the request and a context name;
determining, based on the context name, one or more sub-contexts that are either explicitly or implicitly specified in the context name;
identifying, among a plurality of instances of managed objects that are associated with one or more routing topologies of a multi-topology routing system, a subset of object instances that requests associated with the virtual private network are permitted to access; and
providing the request with access to only the subset of object instances.
1 Assignment
0 Petitions
Accused Products
Abstract
Access control approaches are disclosed wherein managed object in Simple Network Management Protocol (SNMP) Management Information Bases (MIBs) are accessed on a per- Virtual Private Network (VPN)-basis, taking into account multiple topologies that may exist under multi-topology routing (MTR) deployments, with no modifications to existing MIBs. One approach involves determining an identifier of a virtual private network in the request and a context name; determining, based on the context name, one or more sub-contexts that are either explicitly or implicitly specified in the context name; identifying, among a plurality of instances of managed objects that are associated with one or more routing topologies of a multi-topology routing system, a subset of object instances that requests associated with the virtual private network are permitted to access; and providing the request with access to only the subset of object instances.
70 Citations
17 Claims
-
1. A method of controlling access of network management requests directed to one or more network devices that participate in a virtual private network, the method comprising the computer-implemented steps of:
-
receiving a request to carry out a management protocol operation;
determining an identifier of a virtual private network in the request and a context name;
determining, based on the context name, one or more sub-contexts that are either explicitly or implicitly specified in the context name;
identifying, among a plurality of instances of managed objects that are associated with one or more routing topologies of a multi-topology routing system, a subset of object instances that requests associated with the virtual private network are permitted to access; and
providing the request with access to only the subset of object instances. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium carrying one or more sequences of instructions for controlling access of network management requests directed to one or more network devices that participate in a virtual private network, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
determining an identifier of a virtual private network in the request and a context name;
determining, based on the context name, one or more sub-contexts that are either explicitly or implicitly specified in the context name;
identifying, among a plurality of instances of managed objects that are associated with one or more routing topologies of a multi-topology routing system, a subset of object instances that requests associated with the virtual private network are permitted to access; and
providing the request with access to only the subset of object instances. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An apparatus for controlling access of network management requests directed to one or more network devices that participate in a virtual private network, comprising:
-
means for determining an identifier of a virtual private network in the request and a context name;
means for determining, based on the context name, one or more sub-contexts that are either explicitly or implicitly specified in the context name;
means for identifying, among a plurality of instances of managed objects that are associated with one or more routing topologies of a multi-topology routing system, a subset of object instances that requests associated with the virtual private network are permitted to access; and
means for providing the request with access to only the subset of object instances.
-
-
17. An apparatus controlling access of network management requests directed to one or more network devices that participate in a virtual private network, comprising:
-
a network interface that is coupled to the data network for receiving one or more packet flows therefrom;
a processor;
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
determining an identifier of a virtual private network in the request and a context name;
determining, based on the context name, one or more sub-contexts that are either explicitly or implicitly specified in the context name;
identifying, among a plurality of instances of managed objects that are associated with one or more routing topologies of a multi-topology routing system, a subset of object instances that requests associated with the virtual private network are permitted to access; and
providing the request with access to only the subset of object instances.
-
Specification