Policy verification methods and apparatus
First Claim
Patent Images
1. A computer implemented method for verifying service policies of routing network traffic in a network element, the method comprising:
- receiving a number of classes of network traffic, each class having a number of classification rules;
outputting a result indicating a first class of the number of classes conflicts with a second class of the number of classes upon determining that at least one of classification rules of the first class overlaps with one of the classification rules of the second class, wherein the outputting of the result indicating the first class conflicts with the second class upon determining that the at least one of the classification rules of the first class is nested overlapped with one of the classification rules of the second class;
in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and
routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes.
4 Assignments
0 Petitions
Accused Products
Abstract
A number of classes are received. Each class has a number of classification rules. A result is output indicating a first class of the number of classes conflicts with a second class of the number of classes upon determining that at least one of classification rules of the first class overlaps with one of the classification rules of the second class.
-
Citations
32 Claims
-
1. A computer implemented method for verifying service policies of routing network traffic in a network element, the method comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating a first class of the number of classes conflicts with a second class of the number of classes upon determining that at least one of classification rules of the first class overlaps with one of the classification rules of the second class, wherein the outputting of the result indicating the first class conflicts with the second class upon determining that the at least one of the classification rules of the first class is nested overlapped with one of the classification rules of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes. - View Dependent Claims (2, 3)
-
-
4. A computer implemented method for verifying service policies of routing network traffic in a network element, the method comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating a first class of the number of classes conflicts with a second class of the number of classes upon determining that at least one of classification rules of the first class overlaps with one of the classification rules of the second class, wherein the outputting of the result indicating the first class conflicts with the second class upon determining that the at least one of the classification rules of the first class is cyclic nested overlapped with one of the classification rules of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routine network traffic associated with the first and second classes according to the modified classification rules of the first and second classes.
-
-
5. A computer implemented method for verifying service policies of routing network traffic in a network element, the method comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating a first class of the number of classes conflicts with a second class of the number of classes upon determining that at least one of classification rules of the first class overlaps with one of the classification rules of the second class, wherein the number of classification rules of each class include a number of dimensions, each dimension including a number of rule terms, wherein the method comprises merging the number of rule terms for each dimension; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes. - View Dependent Claims (6)
-
-
7. A computer implemented method for verifying service policies of routing network traffic in a network element, the method comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating whether a first class of the number of classes conflicts with a second class of the number of classes based on whether the classification rules of the first class overlap with the classification rules of the second class, wherein the number of classification rules of each class include a number of dimensions, each dimension including a number of rule terms, wherein the method comprises merging the number of rule terms for each dimension; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes. - View Dependent Claims (8, 9, 10)
-
-
11. A computer implemented method for verifying service policies of routing network traffic in a network element, the method comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating whether a first class of the number of classes conflicts with a second class of the number of classes based on whether the classification rules of the first class overlap with the classification rules of the second class, wherein the outputting the result indicating whether the first class conflicts with the second class is based on whether the classification rules of the first class nested overlap with the classification rules of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes.
-
-
12. A computer implemented method for verifying service policies of routing network traffic in a network element, the method comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating whether a first class of the number of classes conflicts with a second class of the number of classes based on whether the classification rules of the first class overlap with the classification rules of the second class, wherein the outputting the result indicating whether the first class conflicts with the second class is based on whether the classification rules of the first class cyclic nested overlap with the classification rules of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes.
-
-
13. A computer implemented method for verifying service policies of routing network traffic in a network element, the method comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; for each classification rule of a first class of the number of classes, performing the following; determining whether a classification rule of the first class partially overlaps a classification rule of a second class of the number of classes; determining whether a classification rule of the first class nested overlaps a classification rule of the second class; determining whether a classification rule of the first class is a duplicate of a classification rule of the second class; outputting a result indicating the first class conflicts with the second class upon determining that a classification rule of the first class partially overlaps, nested overlaps, or is a duplicate of a classification rule of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes. - View Dependent Claims (14, 15, 16)
-
-
17. A machine-readable storage medium that provides instructions, which when executed by a machine, causes the machine to perform operations for verifying service policies of routing network traffic in a network element, the operations comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating a first class of the number of classes conflicts with a second class of the number of classes upon determining that at least one of classification rules of the first class overlaps with one of the classification rules of the second class, wherein the outputting of the result indicating the first class conflicts with the second class upon determining that the at least one of the classification rules of the first class is nested overlapped with one of the classification rules of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes. - View Dependent Claims (18, 19)
-
-
20. A machine-readable storage medium that provides instructions, which when executed by a machine, causes the machine to perform operations for verifying service policies of routing network traffic in a network element, the operations comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating a first class of the number of classes conflicts with a second class of the number of classes upon determining that at least one of classification rules of the first class overlaps with one of the classification rules of the second class, wherein the outputting of the result indicating the first class conflicts with the second class upon determining that the at least one of the classification rules of the first class is cyclic nested overlapped with one of the classification rules of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes.
-
-
21. A machine-readable storage medium that provides instructions, which when executed by a machine, causes the machine to perform operations for verifying service policies of routing network traffic in a network element, the operations comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating a first class of the number of classes conflicts with a second class of the number of classes upon determining that at least one of classification rules of the first class overlaps with one of the classification rules of the second class, wherein the number of classification rules of each class include a number of dimensions, each dimension including a number of rule terms, wherein the method comprises merging the number of rule terms for each dimension; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes. - View Dependent Claims (22)
-
-
23. A machine-readable storage medium that provides instructions, which when executed by a machine, causes the machine to perform operations for verifying service policies of routing network traffic in a network element the operations comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating whether a first class of the number of classes conflicts with a second class of the number of classes based on whether the classification rules of the first class overlap with the classification rules of the second class, wherein the number of classification rules of each class include a number of dimensions, each dimension including a number of rule terms, wherein the method comprises merging the number of rule terms for each dimension; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes. - View Dependent Claims (25, 26)
-
-
24. A machine-readable storage medium that provides instructions, which when executed by a machine, causes the machine to perform operations for verifying service policies of routing network traffic in a network element, the operations comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating whether a first class of the number of classes conflicts with a second class of the number of classes based on whether the classification rules of the first class overlap with the classification rules of the second class, wherein the merging of the number of rule terms for each dimension comprises merging adjacent, overlapping and duplicate ranges of the number of rule terms for each dimension and wherein outputting the result indicating whether the first class conflicts with the second class is based on whether the number of rule terms for each dimension of the classification rules of the first class overlap with the number of rule terms for each dimension of the classification rules of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes.
-
-
27. A machine-readable storage medium that provides instructions, which when executed by a machine, causes the machine to perform operations for verifying service policies or routing network traffic in a network element, the operations comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating whether a first class of the number of classes conflicts with a second class of the number of classes based on whether the classification rules of the first class overlap with the classification rules of the second class, wherein the outputting the result indicating whether the first class conflicts with the second class is based on whether the classification rules of the first class nested overlap with the classification rules of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second; and routine network traffic associated with the first and second classes according to the modified classification rules of the first and second classes.
-
-
28. A machine-readable storage medium that provides instructions, which when executed by a machine, causes the machine to perform operations for verifying service policies of routing network traffic in a network element, the operations comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; outputting a result indicating whether a first class of the number of classes conflicts with a second class of the number of classes based on whether the classification rules of the first class overlap with the classification rules of the second class, wherein the outputting the result, indicating whether the first class conflicts with the second class is based on whether the classification rules of the first class cyclic nested overlap with the classification rules of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes.
-
-
29. A machine-readable storage medium that provides instructions, which when executed by a machine, causes the machine to perform operations for verifying service policies of routing network traffic in a network element, the operations comprising:
-
receiving a number of classes of network traffic, each class having a number of classification rules; for each classification rule of a first class of the number of classes, performing the following; determining whether a classification rule of the first class partially overlaps a classification rule of a second class of the number of classes; determining whether a classification rule of the first class nested overlaps a classification rule of the second class; determining whether a classification rule of the first class is a duplicate of a classification rule of the second class; outputting a result indicating the first class conflicts with the second class upon determining that a classification rule of the first class partially overlaps, nested overlaps, or is a duplicate of a classification rule of the second class; in response to the result, modifying at least a portion of the classification rules of the first and second classes to reduce the conflicts between the first and second classes; and routing network traffic associated with the first and second classes according to the modified classification rules of the first and second classes. - View Dependent Claims (30, 31, 32)
-
Specification