Recognizing and processing conflicts in network management policies
First Claim
1. A method of recognizing and resolving a conflict among at least a first policy and a second policy that govern a policy-based system, comprising the computer-implemented steps of:
- receiving the first policy and the second policy, wherein the first policy and the second policy are defined according to a formal policy definition;
verifying that the first policy and the second policy each conform to the formal policy definition by performing the steps of;
verifying that the first policy and the second policy each contain exactly one condition; and
verifying that each condition expresses one or more Boolean relations among one or more condition categories and one or more condition elements;
testing whether the first policy and the second policy conflict, according to a set of conflict tests; and
when the first policy and the second policy conflict, resolving the conflict among the policies.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for recognizing and processing conflicts in policies that govern a policy-based system. The method and apparatus may be implemented as a policy verifier that acts upon one or more policies. Each policy is formally defined and comprises a condition and a consequent, each of which are further formally defined in terms of component elements. A conflict among two or more policies is formally defined to occur when the condition of a first policy and the condition of a second policy may be simultaneously true, and when the consequent of the first policy and the consequent of the second policy may not be carried out simultaneously. When a policy conflict is detected, the conflict is resolved by bringing it to the attention of a user or external system, and receiving information that corrects one of the policies or specifies a precedence relationship among the policies.
205 Citations
39 Claims
-
1. A method of recognizing and resolving a conflict among at least a first policy and a second policy that govern a policy-based system, comprising the computer-implemented steps of:
-
receiving the first policy and the second policy, wherein the first policy and the second policy are defined according to a formal policy definition;
verifying that the first policy and the second policy each conform to the formal policy definition by performing the steps of;
verifying that the first policy and the second policy each contain exactly one condition; and
verifying that each condition expresses one or more Boolean relations among one or more condition categories and one or more condition elements;
testing whether the first policy and the second policy conflict, according to a set of conflict tests; and
when the first policy and the second policy conflict, resolving the conflict among the policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
identifying the conflict when a first condition of the first policy and a second condition of the second policy may be simultaneously true and when a first consequent of the first policy and a second consequent of the second policy may not be carried out simultaneously.
-
-
9. The method recited in claim 1, wherein the step of resolving comprises the steps of:
-
displaying information that describes the conflict; and
receiving modification information that modifies the first policy or the second policy so as to eliminate the conflict.
-
-
10. The method recited in claim 1, wherein the step of resolving comprises the steps of:
-
displaying information that describes the conflict; and
receiving precedence information that identifies whether the first policy or the second policy shall take precedence over the other.
-
-
11. The method recited in claim 1, further comprising the steps of:
when either the first policy or the second policy is not defined according to the formal policy definition, generating an error.
-
12. In a network management system, a method of recognizing and resolving a conflict among at least a first network management policy and a second network management policy that govern operation of a network, comprising the computer-implemented steps of:
-
receiving the first network management policy and the second network management policy, wherein the first network management policy and the second network management policy are defined according to a formal policy definition;
verifying that the first network management policy and the second network management policy each conform to the formal policy definition by performing the steps of;
verifying that the first network management policy and the second network management policy each contain exactly one condition; and
verifying that each condition expresses one or more Boolean relations among one or more condition categories and one or more condition elements;
testing whether the first network management policy and the second network management policy conflict, according to a set of conflict tests; and
when the first network management policy and the second network management policy conflict, resolving the conflict among the network management policies. - View Dependent Claims (13, 14, 15)
identifying the conflict when a first condition of the first network management policy and a second condition of the second network management policy may be simultaneously true and when a first consequent of the first network management policy and a second consequent of the second network management policy may not be carried out simultaneously.
-
-
15. The method recited in claim 12, wherein the step of resolving comprises the steps of:
-
displaying information that describes the conflict; and
receiving modification information that modifies the first network management policy or the second network management policy so as to eliminate the conflict, or receiving precedence information that identifies whether the first network management policy or the second network management policy shall take precedence over the other.
-
-
16. A computer-readable medium carrying one or more sequences of instructions for recognizing and resolving a conflict among at least a first policy and a second policy that govern a policy-based system, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
receiving the first policy and the second policy, wherein the first policy and the second policy are defined according to a formal policy definition;
verifying that the first policy and the second policy each conform to the formal policy definition by performing the steps of;
verifying that the first policy and the second policy each contain exactly one condition; and
verifying that each condition expresses one or more Boolean relations among one or more condition categories and one or more condition elements;
testing whether the first policy and the second policy conflict, according to a set of conflict tests; and
when the first policy and the second policy conflict, resolving the conflict among the policies. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
identifying the conflict when a first condition of the first policy and a second condition of the second policy may be simultaneously true and when a first consequent of the first policy and a second consequent of the second policy may not be carried out simultaneously.
-
-
22. The computer-readable medium recited in claim 16, wherein the step of resolving comprises instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
displaying information that describes the conflict; and
receiving modification information that modifies the first policy or the second policy so as to eliminate the conflict.
-
-
23. The computer-readable medium recited in claim 16, wherein the step of resolving comprises instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
displaying information that describes the conflict; and
receiving precedence information that identifies whether the first policy or the second policy shall take precedence over the other.
-
-
24. An apparatus for recognizing and resolving a conflict among at least a first policy and a second policy that govern a policy-based system, comprising:
-
means for receiving the first policy and the second policy, wherein the first policy and the second policy are defined according to a formal policy definition;
means for verifying that the first policy and the second policy each conform to the formal policy definition, wherein the means for verifying comprise;
means for verifying that the first policy and the second policy each contain exactly one condition; and
means for verifying that each condition expresses one or more Boolean relations among one or more condition categories and one or more condition elements;
means for testing whether the first policy and the second policy conflict, according to a set of conflict tests; and
means for resolving the conflict among the policies, when the first policy and the second policy conflict. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
means for identifying the conflict when a first condition of the first policy and a second condition of the second policy may be simultaneously true and when a first consequent of the first policy and a second consequent of the second policy may not be carried out simultaneously.
-
-
30. The apparatus recited in claim 24, wherein the means for resolving comprises:
-
means for displaying information that describes the conflict; and
means for receiving modification information that modifies the first policy or the second policy so as to eliminate the conflict.
-
-
31. The apparatus recited in claim 24, wherein the means for resolving comprises:
-
means for displaying information that describes the conflict; and
means for receiving precedence information that identifies whether the first policy or the second policy shall take precedence over the other.
-
-
32. An apparatus for recognizing and resolving a conflict in a network management system among at least a first network management policy and a second network management policy that govern operation of a network, comprising the computer-implemented steps of:
-
means for receiving the first network management policy and the second network management policy, wherein the first network management policy and the second network management policy are defined according to a formal policy definition;
means for verifying that the first network management policy and the second network management policy each conform to the formal policy definition, wherein the means for verifying comprises;
means for verifying that the first network management policy and the second network management policy each contain exactly one condition; and
means for verifying that each condition expresses one or more Boolean relations among one or more condition categories and one or more condition elements;
means for testing whether the first network management policy and the second network management policy conflict, according to a set of conflict tests; and
means for resolving the conflict among the network management policies, when the first network management policy and the second network management policy conflict. - View Dependent Claims (33, 34, 35)
means for identifying the conflict when a first condition of the first network management policy and a second condition of the second network management policy may be simultaneously true and when a first consequent of the first network management policy and a second consequent of the second network management policy may not be carried out simultaneously.
-
-
35. The apparatus recited in claim 32, wherein the means for resolving comprises:
-
means for displaying information that describes the conflict; and
means for receiving modification information that modifies the first network management policy or the second network management policy so as to eliminate the conflict, or receiving precedence information that identifies whether the first network management policy or the second network management policy shall take precedence over the other.
-
-
36. An apparatus for recognizing and resolving a conflict in a network management system among at least a first network management policy and a second network management policy that govern operation of a network, comprising the computer-implemented steps of:
-
a network interface;
a processor coupled to the network interface and receiving information from the network interface;
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
receiving the first network management policy and the second network management policy, wherein the first network management policy and the second network management policy are defined according to a formal policy definition;
verifying that the first network management policy and the second network management policy each conform to the formal policy definition by performing the steps of;
verifying that the first network management policy and the second network management policy each contain exactly one condition; and
verifying that each condition expresses one or more Boolean relations among one or more condition categories and one or more condition elements;
testing whether the first network management policy and the second network management policy conflict, according to a set of conflict tests; and
when the first network management policy and the second network management policy conflict, resolving the conflict among the network management policies. - View Dependent Claims (37, 38, 39)
identifying the conflict when a first condition of the first network management policy and a second condition of the second network management policy may be simultaneously true and when a first consequent of the first network management policy and a second consequent of the second network management policy may not be carried out simultaneously.
-
-
39. The apparatus recited in claim 36, wherein the instructions for resolving further comprise instructions which, when executed by the processor, cause the processor to carry out the steps of:
-
displaying information that describes the conflict; and
receiving modification information that modifies the first network management policy or the second network management policy so as to eliminate the conflict, or receiving precedence information that identifies whether the first network management policy or the second network management policy shall take precedence over the other.
-
Specification