Policy Processing Method and Network Device
First Claim
1. A network device, comprising:
- a mixed orchestrator configured to;
perform a mixed orchestration on all service rules corresponding to multiple service applications running on the network device so as to extract conditions of all the service rules, wherein each service rule comprises a condition and an action;
use the extracted conditions to construct at least one condition set; and
generate mapping relationship data for recording a mapping relationship between each service rule and the condition in the condition set;
a condition matcher configured to;
perform, according to each condition set constructed by the mixed orchestrator, condition matching on packet feature information of a network data packet received by the network device; and
output a condition matching result set, wherein the condition matching result set is used to record the condition that is matched successfully; and
a rule matcher configured to;
determine, according to the condition matching result set and the mapping relationship data generated by the mixed orchestrator, a service rule that is matched successfully; and
trigger a service application corresponding to the successfully matched service rule to execute an action corresponding to the successfully matched service rule.
1 Assignment
0 Petitions
Accused Products
Abstract
A policy processing method and network device. The method includes: performing a mixed orchestration on all service rules corresponding to multiple services, so as to construct multiple condition sets; performing, according to the constructed multiple condition sets, unified condition matching on packet feature information of a received network packet, and outputting a condition matching result set; and calling, a service application to execute a policy action corresponding to each condition identifier in the condition matching result set. In solutions of the embodiments of the present invention, by performing a mixed orchestration on multiple service rules, all service rules are organized in a unified manner, information required by all services is extracted in one packet scanning process, and only one matching and rule verification process is required. Thereby, redundant operations between multiple services are reduced, and device integration and performance are improved.
156 Citations
20 Claims
-
1. A network device, comprising:
-
a mixed orchestrator configured to; perform a mixed orchestration on all service rules corresponding to multiple service applications running on the network device so as to extract conditions of all the service rules, wherein each service rule comprises a condition and an action; use the extracted conditions to construct at least one condition set; and generate mapping relationship data for recording a mapping relationship between each service rule and the condition in the condition set; a condition matcher configured to; perform, according to each condition set constructed by the mixed orchestrator, condition matching on packet feature information of a network data packet received by the network device; and output a condition matching result set, wherein the condition matching result set is used to record the condition that is matched successfully; and a rule matcher configured to; determine, according to the condition matching result set and the mapping relationship data generated by the mixed orchestrator, a service rule that is matched successfully; and trigger a service application corresponding to the successfully matched service rule to execute an action corresponding to the successfully matched service rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A multi-service policy processing method, comprising:
-
performing a mixed orchestration on all service rules corresponding to multiple service applications to extract conditions of all the service rules, wherein each service rule comprises a condition and an action; using the extracted conditions to construct at least one condition set; generating mapping relationship data for recording a mapping relationship between each service rule and the condition in the condition set; performing, according to each constructed condition set, condition matching on packet feature information of a received network data packet; outputting a condition matching result set, wherein the condition matching result set is used to record the condition that is matched successfully; determining, according to the condition matching result set and the generated mapping relationship data, the service rule that is matched successfully; and triggering the service application corresponding to the successfully matched service rule to execute the action corresponding to the successfully matched service rule. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A network device, comprising:
-
a processor; and a memory, wherein the processor and the memory are connected through a bus, wherein the memory is configured to store an executable program code, wherein the processor is configured to read the executable program code stored in the memory to run the program corresponding to the executable program code so as to; perform a mixed orchestration on all service rules corresponding to multiple service applications to extract conditions of all the service rules, wherein each service rule comprises a condition and an action; use the extracted conditions to construct at least one condition set; generate mapping relationship data for recording a mapping relationship between each service rule and the condition in the condition set; perform, according to each constructed condition set, condition matching on packet feature information of a received network data packet; output a condition matching result set, wherein the condition matching result set is used to record the condition that is matched successfully; determine, according to the condition matching result set and the generated mapping relationship data, a service rule that is matched successfully; trigger the service application corresponding to the successfully matched service rule to execute an action corresponding to the successfully matched service rule.
-
-
20. A non-transitory computer readable medium including operations stored thereon that when processed by at least one processing unit cause a system to perform the acts of:
-
performing a mixed orchestration on all service rules corresponding to multiple service applications to extract conditions of all the service rules, wherein each service rule comprises a condition and an action; using the extracted conditions to construct at least one condition set; generating mapping relationship data for recording a mapping relationship between each service rule and the condition in the condition set; performing, according to each constructed condition set, condition matching on packet feature information of a received network data packet; outputting the condition matching result set, wherein the condition matching result set is used to record a condition that is matched successfully; determining, according to the condition matching result set and the generated mapping relationship data, a service rule that is matched successfully; and triggering a service application corresponding to the successfully matched service rule to execute an action corresponding to the successfully matched service rule.
-
Specification