DATAPATH PROCESSING OF SERVICE RULES WITH QUALIFIERS DEFINED IN TERMS OF TEMPLATE IDENTIFIERS AND/OR TEMPLATE MATCHING CRITERIA
First Claim
1. A method of performing a service on a data message having a set of attributes, the method comprising:
- selecting a service rule associated with a template for deploying multi-tier applications in a network, said service rule comprising a service parameter for performing a service on data messages;
determining that the selected service rule is applicable to the data message, said determining comprising determining that at least a first attribute of the data message is associated with a network element that was deployed by using the template; and
in response to the determination, performing the service on the data message based on the service parameter.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.
24 Citations
19 Claims
-
1. A method of performing a service on a data message having a set of attributes, the method comprising:
-
selecting a service rule associated with a template for deploying multi-tier applications in a network, said service rule comprising a service parameter for performing a service on data messages; determining that the selected service rule is applicable to the data message, said determining comprising determining that at least a first attribute of the data message is associated with a network element that was deployed by using the template; and in response to the determination, performing the service on the data message based on the service parameter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory machine readable medium storing a program for performing a service on a data message having a set of attributes, the program comprising sets of instructions for:
-
selecting a service rule including (1) a service parameter for performing a service on data messages, and (2) a rule identifier for matching to data message attribute set, said rule identifier defined by reference to at least one template identifier that specifies a template for deploying multi-tier applications in a datacenter; determining whether the data message'"'"'s attribute set matches the rule'"'"'s identifier, said determining comprising determining whether the data message is associated with a network node that was deployed by using the template specified by the template identifier; when the data message'"'"'s attribute set matches the rule'"'"'s identifier, performing the service on the data message based on the service parameter. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification