TRACKING POLICY DECISIONS IN A NETWORK
First Claim
Patent Images
1. A data processing apparatus, comprising:
- policy component logic and configured to;
inspect one or more data packets which are received from one or more of said interfaces; and
make a networking policy decision based, at least in part, on;
one or more available policy rules; and
information contained in the one or more inspected data packets;
policy data collection logic coupled to the policy component logic and configured to;
create one or more policy data records based, at least in part, on the network policy decision; and
store said policy data records, wherein each of the policy data records comprises data identifying the networking policy decision.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus is disclosed for creating and storing policy data records comprising data identifying network policy decisions. After a data packet is received, a network policy decision is made based on information in the packet and one or more network policies. A policy data record identifying the network policy decision is created, and the policy data record is stored.
-
Citations
20 Claims
-
1. A data processing apparatus, comprising:
-
policy component logic and configured to; inspect one or more data packets which are received from one or more of said interfaces; and make a networking policy decision based, at least in part, on; one or more available policy rules; and information contained in the one or more inspected data packets; policy data collection logic coupled to the policy component logic and configured to; create one or more policy data records based, at least in part, on the network policy decision; and store said policy data records, wherein each of the policy data records comprises data identifying the networking policy decision. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A data processing apparatus, comprising:
-
one or more processors; one or more interfaces coupled to the one or more processors; query component logic coupled to the one or more processors and configured to receive a policy decision query comprising a query context which comprises hypothetical network state information from said one or more interfaces and to determine, based, at least in part, on said query, one or more associated policy record collection points; policy component logic coupled to the query component logic and configured to forward the query to one or more policy record collection points; and policy trace logic coupled to the one or more processors and configured to receive one or more policy data records that describe one or more policy decisions based, at least in part, on said query context, performed by said one or more policy record collection points. - View Dependent Claims (11, 12, 13, 18, 19, 20)
-
-
14. A computer-readable medium carrying one or more sequences of instructions for processing policy based network related data, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
inspecting one or more data packets which are received from one or more interfaces; making a networking policy decision based, at least in part, on; one or more available policy rules; and information contained in the one or more inspected data packets; creating one or more policy data records based, at least in part, on the network policy decision; and storing said policy data records in a volatile or non-volatile storage device, wherein each of the policy data records comprises data identifying the networking policy decision. - View Dependent Claims (15, 16, 17)
-
Specification