Dynamic policy management apparatus and method using active network devices
First Claim
1. A process for dynamic policy management in a network comprising the steps of:
- defining, in a management node, a policy rule for allocation of resources of a device in the network, the device having a behavior, and utilizing said resources according to the behavior;
incorporating information in a packet, the information comprising
1) data, and
2) either code a reference to code or both;
transmitting the packet through the network to the device on the network, the code in the packet being executed in the particular device either;
a) unconditionally in response to being received at the device;
or b) conditionally, in response to a process in the device that responds to the data in the packet;
the code being executable by the device to detect events and to modify the behavior so that the allocation of resources of the device changes in response to said events according to the defined policy rule.
5 Assignments
0 Petitions
Accused Products
Abstract
A system for providing policy management in a network that includes nodes operating in multiple protocol layers and having enforcement functions. Multiple network devices, such as routers, remote access equipment, switches, repeaters and network cards, and end system processes having security functions are configured to contribute to implementation of policy enforcement in the network. By distributing policy enforcement functionality to a variety of network devices and end systems, a pervasive policy management system is implemented. The policy management system includes a policy implementation component that accepts policy, i.e. instructions or rules, that define how the network device should behave when confronted with a particular situation. The management system further includes a management station interface operating pursuant to a first process capable of providing an object to the network, the object including variables and one of a method or instructions to locate a method, executable on the network to set up a second process to enforce a portion of the policy.
-
Citations
7 Claims
-
1. A process for dynamic policy management in a network comprising the steps of:
-
defining, in a management node, a policy rule for allocation of resources of a device in the network, the device having a behavior, and utilizing said resources according to the behavior;
incorporating information in a packet, the information comprising
1) data, and
2) either code a reference to code or both;
transmitting the packet through the network to the device on the network, the code in the packet being executed in the particular device either;
a) unconditionally in response to being received at the device;
orb) conditionally, in response to a process in the device that responds to the data in the packet;
the code being executable by the device to detect events and to modify the behavior so that the allocation of resources of the device changes in response to said events according to the defined policy rule.- View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
-
Current AssigneeHewlett-Packard Development Company, L.P. (HP Inc.)
-
Original Assignee3Com Corporation (HP Inc.)
-
InventorsEichert, Stuart, Luo, Wenjun, Lusher, Elaine, Nessett, Danny M.
-
Primary Examiner(s)Rinehart, Mark H.
-
Assistant Examiner(s)Thompson, Marc D.
-
Application NumberUS09/223,829Time in Patent Office1,237 DaysField of Search709/201, 709/223, 709/224, 709/226, 709/244, 709/245, 709/300, 709/303, 709/208, 709/209, 709/221, 370/231, 370/242, 370/464, 370/465US Class Current709/223CPC Class CodesH04L 41/0893 Assignment of logical group...H04L 41/0894 Policy-based network config...
