Template access control lists
First Claim
Patent Images
1. A method of producing a template Access Control List (ACL) comprising:
- obtaining a first ACL having a first rule set, said first rule set including a peer Internet Protocol (IP) address;
copying said first rule set into the template ACL;
determining the occurrence of a peer'"'"'s IP address within the rule set of said template ACL; and
replacing the occurrence of a peer'"'"'s IP address within the rule set of said template ACL with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when said ACL is evaluated.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and computer program product for producing and processing template access control lists (ACLs) is presented. The method, apparatus and computer program product obtain a first ACL having a first rule set, the first rule set including a peer Internet Protocol (IP) address. The first rule set is copied into the template ACL. The occurrences of a peer'"'"'s IP address within the rule set of the template ACL are determined and are replaced with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when the ACL is evaluated.
69 Citations
27 Claims
-
1. A method of producing a template Access Control List (ACL) comprising:
-
obtaining a first ACL having a first rule set, said first rule set including a peer Internet Protocol (IP) address;
copying said first rule set into the template ACL;
determining the occurrence of a peer'"'"'s IP address within the rule set of said template ACL; and
replacing the occurrence of a peer'"'"'s IP address within the rule set of said template ACL with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when said ACL is evaluated.
-
-
2. A method of processing template Access Control Lists (ACLs) comprising:
-
receiving an ACL;
determining a checksum for the received ACL;
checking a data structure of ACL checksums for a checksum which matches the checksum of the received ACL;
when the checksum of the received ACL does not match a checksum in said data structure, then adding the checksum of the received ACL to the data structure of ACL checksums and compiling the changed ACL;
when the checksum of the received ACL does match a checksum in said data structure, then determining if a template for the ACL exists;
when a template for the ACL does not exist then producing a new template; and
pointing the received ACL to the template. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
9. A computer readable medium having computer readable code thereon for producing a template Access Control List (ACL), the medium comprising:
-
instructions for obtaining a first ACL having a first rule set, said first rule set including a peer Internet Protocol (IP) address;
instructions for copying said first rule set into the template ACL;
instructions for determining the occurrence of a peer'"'"'s IP address within the rule set of said template ACL; and
instructions for replacing the occurrence of a peer'"'"'s IP address within the rule set of said template ACL with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when said ACL is evaluated.
-
-
10. A computer readable medium having computer readable code thereon for processing a template Access Control List (ACL), the medium comprising:
-
instructions for receiving an ACL;
instructions for determining a checksum for the received ACL;
instructions for checking a data structure of ACL checksums for a checksum which matches the checksum of the received ACL;
instructions for when the checksum of the received ACL does not match a checksum in said data structure, then adding the checksum of the received ACL to the data structure of ACL checksums and compiling the changed ACL;
instructions for when the checksum of the received ACL does match a checksum in said data structure, then determining if a template for the ACL exists;
instructions for when a template for the ACL does not exist then producing a new template; and
instructions for pointing the received ACL to the template. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17-26. -26. (canceled)
-
27. A method of using a template ACL comprising:
-
receiving a packet;
identifying an IP address in a header of said packet; and
matching said IP address of said packet to a rule set of said template ACL, said rule set including at least one rule wherein an indicator is used to indicate a list of peer IP addresses to use when evaluating said ACL.
-
Specification