SYSTEMS AND METHODS FOR CONFIGURING POLICY BANK INVOCATIONS
First Claim
1. A method for configuring flow control among policy groups used in a network device processing a packet stream, the method comprising:
- (a) providing a configuration interface for configuring a plurality of policy groups for a network device;
(b) identifying, by the configuration interface, a first policy of a first policy group, the first policy specifying a rule comprising a first expression; and
(c) receiving, via the interface, information identifying a second policy group to be processed based on an evaluation of the rule.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
112 Citations
38 Claims
-
1. A method for configuring flow control among policy groups used in a network device processing a packet stream, the method comprising:
-
(a) providing a configuration interface for configuring a plurality of policy groups for a network device; (b) identifying, by the configuration interface, a first policy of a first policy group, the first policy specifying a rule comprising a first expression; and (c) receiving, via the interface, information identifying a second policy group to be processed based on an evaluation of the rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of flow control among policy groups used in a network device processing a packet stream, the method comprising:
-
(a) identifying, by an appliance, a first policy group to apply to a received packet stream; (b) processing, by the appliance, a first policy of the first policy group, the first policy identifying (i) a rule comprising a first expression, and (ii) information identifying a second policy group; (c) evaluating, by the appliance, the rule; and (d) processing, by the appliance in response to the evaluation of the rule, the identified second policy group. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. An appliance providing flow control among policy groups used in processing a packet stream, the appliance comprising:
-
a packet processor which receives a packet stream; and a policy engine which identifies a first policy group to apply to a received packet stream;
processes a first policy of the first policy group, the first policy identifying (i) a rule comprising a first expression and (ii) information identifying a second policy group;
evaluates the rule; and
processes, in response to the evaluation of the rule, the identified second policy group. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification