SYSTEMS AND METHODS FOR CONFIGURING POLICY BANK INVOCATIONS

US 20100095018A1
Filed: 10/09/2009
Published: 04/15/2010
Est. Priority Date: 03/12/2007
Status: Active Grant

First Claim

Patent Images

1. A method for configuring flow control among policy groups used in a network device processing a packet stream, the method comprising:

(a) providing a configuration interface identifying a plurality of policy groups for configuring a network device, each policy group of the plurality of policy groups comprising one or more policies to be processed consecutively;

(b) identifying, by the configuration interface, a policy of a first policy group of the plurality of policy groups, the policy specifying a rule comprising an expression; and

(c) receiving, via the configuration interface, information identifying a second policy group of the plurality of policy groups to be processed based on an evaluation of the expression of the rule of the policy in the first policy group.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.

166 Citations

20 Claims

1. A method for configuring flow control among policy groups used in a network device processing a packet stream, the method comprising:
- (a) providing a configuration interface identifying a plurality of policy groups for configuring a network device, each policy group of the plurality of policy groups comprising one or more policies to be processed consecutively;
  
  (b) identifying, by the configuration interface, a policy of a first policy group of the plurality of policy groups, the policy specifying a rule comprising an expression; and
  
  (c) receiving, via the configuration interface, information identifying a second policy group of the plurality of policy groups to be processed based on an evaluation of the expression of the rule of the policy in the first policy group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein step (a) comprises providing a command-line configuration interface.
  - 3. The method of claim 1, wherein step (a) comprises providing a configuration interface comprising one or more of a drag-and-drop interface, a list-selection interface, and a syntax-highlighting interface.
  - 4. The method of claim 1, wherein step (a) comprises executing the configuration interface on a device in communication with the network device.
  - 5. The method of claim 1, wherein step (a) comprises executing the configuration interface on the network device.
  - 6. The method of claim 1, wherein step (a) comprises creating by a user via the configuration interface the plurality of policy groups.
  - 7. The method of claim 1, further comprising specifying the rule of the policy to have an object-oriented expression that evaluates a portion of a network packet.
  - 8. The method of claim 1, wherein the policy specifies a flow instruction to be taken based on an evaluation of the rule.
  - 9. The method of claim 1, wherein the policy specifies an action to be taken if the rule evaluates to true, the action comprising performing one of:
    - load balancing, content switching, application security, application delivery, network acceleration, and application acceleration.
  - 10. The method of claim 1, wherein the policy specifies a second policy of the second policy group to be processed after the first policy group is processed.
  - 11. The method of claim 1, wherein step (c) comprises receiving, via the configuration interface, information identifying the second policy group to be processed if the expression of the rule evaluates to true.
  - 12. The method of claim 1, wherein step (c) comprises receiving, via the configuration interface, a label of the second policy group to be processed based on an evaluation of the expression of the rule.

13. A system for configuring flow control among policy groups used in a network device processing a packet stream, the system comprising:
- a configuration interface executing on a computing device, the configuration interfaceidentifying a first policy of a first policy group of a plurality of policy groups configured for a network device, each policy group of the plurality of policy groups comprising one or more policies to be processed consecutively, the first policy specifying a rule comprising a first expression; and
  
  wherein the configuration interface receives information identifying a second policy group of the plurality of policy groups to be processed based on an evaluation of the first expression of the rule of the first policy group.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, wherein the configuration interface provides an interface for creating the plurality of policy groups.
  - 15. The system of claim 13, wherein the configuration interface identifies the first policy specifying the rule having an object-oriented expression that evaluates a portion of a network packet.
  - 16. The system of claim 13, wherein the configuration interface identifies the first policy specifying an action to be taken based on the evaluation of the first expression of the rule.
  - 17. The system of claim 13, wherein the configuration interface identifies the first policy specifying an action to be taken if the rule evaluates to true, the action comprising performing one of load balancing, content switching, application security, application delivery, network acceleration, and application acceleration.
  - 18. The system of claim 13, wherein the first policy specifies a second policy of the second policy group to be processed after the first policy group is processed.
  - 19. The system of claim 13, wherein the configuration interface receives information identifying the second policy group to be processed if the first expression of the rule evaluates to true.
  - 20. The system of claim 13, wherein the configuration interface receives a label of the second policy group to be processed based on the evaluation of the first expression of the rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Bandekar, Vishal, Khemani, Prakash

Granted Patent

US 8,341,287 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/232
CPC Class Codes

H04L 41/50 Network service management,...

H04L 63/20 for managing network securi...

SYSTEMS AND METHODS FOR CONFIGURING POLICY BANK INVOCATIONS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

166 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR CONFIGURING POLICY BANK INVOCATIONS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

166 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links