FILTER SELECTION AND RESUSE
First Claim
1. A method comprising:
- receiving, by a computing device, a network access request from a first user;
selecting, by the computing device, a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane of the computing device and are being applied by the forwarding plane of the computing device to network traffic associated with a second user;
installing, by the computing device, a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within the forwarding plane of the computing device; and
applying, by the computing device, each rule of the new rule group to network traffic associated with the first user.
2 Assignments
0 Petitions
Accused Products
Abstract
In general, techniques are described for selectively applying and reusing filters stored in a router. In one example, a method includes receiving a network access request from a first user. The method also includes selecting a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane and are being applied by the forwarding plane to network traffic associated with a second user. The method also includes installing a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within a forwarding plane. The method also includes applying each rule of the new rule group to network traffic associated with the first user.
82 Citations
33 Claims
-
1. A method comprising:
-
receiving, by a computing device, a network access request from a first user; selecting, by the computing device, a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane of the computing device and are being applied by the forwarding plane of the computing device to network traffic associated with a second user; installing, by the computing device, a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within the forwarding plane of the computing device; and applying, by the computing device, each rule of the new rule group to network traffic associated with the first user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A network device comprising:
-
one or more network interfaces to receive a network access request from a first user; a manager module that detects the first packet flow, wherein the manager module selects a candidate rule group associated with the packet flow, wherein the candidate rule group comprises one or more currently deployed rules of an existing rule group on the computing device that are currently installed within a forwarding plane of the computing device and are being applied by the forwarding plane of the computing device to network traffic associated with a second user; wherein the manager module installs a new rule group comprising the one or more currently deployed rules of the existing rule group and one or more new rules associated with the first user and not currently installed within the forwarding plane of the computing device; and wherein the manager module applies each rule of the new rule group to network traffic associated with the first user. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification