Template access control lists

US 20060156018A1
Filed: 12/30/2004
Published: 07/13/2006
Est. Priority Date: 12/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method of producing a template Access Control List (ACL) comprising:

obtaining a first ACL having a first rule set, said first rule set including a peer Internet Protocol (IP) address;

copying said first rule set into the template ACL;

determining the occurrence of a peer'"'"'s IP address within the rule set of said template ACL; and

replacing the occurrence of a peer'"'"'s IP address within the rule set of said template ACL with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when said ACL is evaluated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and computer program product for producing and processing template access control lists (ACLs) is presented. The method, apparatus and computer program product obtain a first ACL having a first rule set, the first rule set including a peer Internet Protocol (IP) address. The first rule set is copied into the template ACL. The occurrences of a peer'"'"'s IP address within the rule set of the template ACL are determined and are replaced with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when the ACL is evaluated.

69 Citations

View as Search Results

27 Claims

1. A method of producing a template Access Control List (ACL) comprising:
- obtaining a first ACL having a first rule set, said first rule set including a peer Internet Protocol (IP) address;
  
  copying said first rule set into the template ACL;
  
  determining the occurrence of a peer'"'"'s IP address within the rule set of said template ACL; and
  
  replacing the occurrence of a peer'"'"'s IP address within the rule set of said template ACL with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when said ACL is evaluated.

2. A method of processing template Access Control Lists (ACLs) comprising:
- receiving an ACL;
  
  determining a checksum for the received ACL;
  
  checking a data structure of ACL checksums for a checksum which matches the checksum of the received ACL;
  
  when the checksum of the received ACL does not match a checksum in said data structure, then adding the checksum of the received ACL to the data structure of ACL checksums and compiling the changed ACL;
  
  when the checksum of the received ACL does match a checksum in said data structure, then determining if a template for the ACL exists;
  
  when a template for the ACL does not exist then producing a new template; and
  
  pointing the received ACL to the template.
- View Dependent Claims (3, 4, 5, 6, 7, 8)
- - 3. The method of claim 2 wherein said producing a new template comprises:
    - obtaining a first ACL having a first rule set, said first rule set including a peer Internet Protocol (IP) address;
      
      copying said first rule set into a template ACL;
      
      determining the occurrence of a peer'"'"'s IP address within the rule set of said template ACL; and
      
      replacing the occurrence of a peer'"'"'s IP address within the rule set of said template ACL with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when said ACL is evaluated.
  - 4. The method of claim 2 wherein said determining a checksum comprises determining a 32-bit checksum.
  - 5. The method of claim 2 wherein said determining a checksum comprises determining a 128-bit checksum.
  - 6. The method of claim 2 wherein said data structure comprises an RBtree.
  - 7. The method of claim 4 wherein said adding the checksum of the received ACL to the data structure of ACL checksums further comprises adding the ACL to a list of ACLs having the same checksum.
  - 8. The method of claim 4 wherein said determining if a template for the ACL exists comprises:
    - comparing the ACL to other ACLs having the same checksum and determining if said ACL matches any of said other ACLs having the same checksum;
      
      when said ACL does not match any of the other ACLs having the same checksum then adding the checksum of the received ACL to the data structure of ACL checksums and compiling the changed ACL; and
      
      when said ACL does match another of said ACLs having the same checksum then determining that said ACL has already been encountered.

9. A computer readable medium having computer readable code thereon for producing a template Access Control List (ACL), the medium comprising:
- instructions for obtaining a first ACL having a first rule set, said first rule set including a peer Internet Protocol (IP) address;
  
  instructions for copying said first rule set into the template ACL;
  
  instructions for determining the occurrence of a peer'"'"'s IP address within the rule set of said template ACL; and
  
  instructions for replacing the occurrence of a peer'"'"'s IP address within the rule set of said template ACL with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when said ACL is evaluated.

10. A computer readable medium having computer readable code thereon for processing a template Access Control List (ACL), the medium comprising:
- instructions for receiving an ACL;
  
  instructions for determining a checksum for the received ACL;
  
  instructions for checking a data structure of ACL checksums for a checksum which matches the checksum of the received ACL;
  
  instructions for when the checksum of the received ACL does not match a checksum in said data structure, then adding the checksum of the received ACL to the data structure of ACL checksums and compiling the changed ACL;
  
  instructions for when the checksum of the received ACL does match a checksum in said data structure, then determining if a template for the ACL exists;
  
  instructions for when a template for the ACL does not exist then producing a new template; and
  
  instructions for pointing the received ACL to the template.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer readable medium of claim 10 wherein said instructions for producing a new template comprises:
    - instructions for obtaining a first ACL having a first rule set, said first rule set including a peer Internet Protocol (IP) address;
      
      instructions for copying said first rule set into a template ACL;
      
      instructions for determining the occurrence of a peer'"'"'s IP address within the rule set of said template ACL; and
      
      instructions for replacing the occurrence of a peer'"'"'s IP address within the rule set of said template ACL with an indicator indicating that the peer'"'"'s IP address is used in place of the indicator when said ACL is evaluated.
  - 12. The computer readable medium of claim 10 wherein said instructions for determining a checksum comprises instructions for determining a 32-bit checksum.
  - 13. The computer readable medium of claim 10 wherein said instructions for determining a checksum comprises instructions for determining a 128-bit checksum.
  - 14. The computer readable medium of claim 10 wherein said instructions for checking a data structure comprises instructions for checking an RBtree.
  - 15. The computer readable medium of claim 12 wherein said instructions for adding the checksum of the received ACL to the data structure of ACL checksums further comprises instructions for adding the ACL to a list of ACLs having the same checksum.
  - 16. The computer readable medium of claim 12 wherein said instructions for determining if a template for the ACL exists comprises:
    - instructions for comparing the ACL to other ACLs having the same checksum and determining if said ACL matches any of said other ACLs having the same checksum;
      
      instructions for when said ACL does not match any of the other ACLs having the same checksum then adding the checksum of the received ACL to the data structure of ACL checksums and compiling the changed ACL; and
      
      instructions for when said ACL does match another of said ACLs having the same checksum then determining that said ACL has already been encountered.

17-26. -26. (canceled)

27. A method of using a template ACL comprising:
- receiving a packet;
  
  identifying an IP address in a header of said packet; and
  
  matching said IP address of said packet to a rule set of said template ACL, said rule set including at least one rule wherein an indicator is used to indicate a list of peer IP addresses to use when evaluating said ACL.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Lauer, Craig, Paiement, Thierry

Granted Patent

US 7,647,643 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/101   Access control lists [ACL]

Template access control lists

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

69 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Template access control lists

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links