Establishment and enforcement of policies in packet-switched networks
First Claim
1. In an inter-network including a plurality of interconnected communications nodes, a method of colluding between the plurality of nodes, the method comprising:
- at a first node in the plurality of nodes, receiving a network policy instance from a second node in the plurality of nodes, the network policy instance regulating processing of data traversing the inter-network;
determining consistency of the network policy instance with a local policy database resident in the first node, the local policy database regulating network processing in the first node, determining consistency of the network policy instance further including identifying the network policy instance in a hierarchy of network policies to determine a rank for the network policy instance; and
if and only if the network policy is consistent with the local policy database, adding the network policy to the local policy database.
0 Assignments
0 Petitions
Accused Products
Abstract
Policy domains are introduced, which include methods and algorithms for ensuring policy consistency within defined regions of one or more communications networks. Examples of such policies include network functions such as routing, filtering, security, authentication, information summarization and expansion. These policies may be organized into hierarchies of policy categories. The policy domains include mechanisms for adding and deleting policies while preserving consistency, as well as mechanisms for allowing fast synchronization and convergence of policies between local databases resident different nodes/peers in the networks. Policy domains may delineated by pre-existing logical topologies, such as autonomous systems, or may have evolving boundaries.
-
Citations
22 Claims
-
1. In an inter-network including a plurality of interconnected communications nodes, a method of colluding between the plurality of nodes, the method comprising:
-
at a first node in the plurality of nodes, receiving a network policy instance from a second node in the plurality of nodes, the network policy instance regulating processing of data traversing the inter-network;
determining consistency of the network policy instance with a local policy database resident in the first node, the local policy database regulating network processing in the first node, determining consistency of the network policy instance further including identifying the network policy instance in a hierarchy of network policies to determine a rank for the network policy instance; and
if and only if the network policy is consistent with the local policy database, adding the network policy to the local policy database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification
-
- Resources
-
Current AssigneeSusan Hares
-
Original AssigneeSusan Hares
-
InventorsHares, Susan
-
Application NumberUS11/881,231Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/1CPC Class CodesH04L 41/0893 Assignment of logical group...H04L 41/0894 Policy-based network config...H04L 45/02 Topology update or discoveryH04L 45/021 Ensuring consistency of rou...H04L 45/033 by updating distance vector...H04L 45/04 Interdomain routing, e.g. h...H04L 45/308 Route determination based o...H04L 63/102 Entity profilesH04L 63/20 for managing network securi...
