Method and apparatus providing policy-based determination of network addresses

US 7,337,224 B1
Filed: 10/24/2002
Issued: 02/26/2008
Est. Priority Date: 10/24/2002
Status: Active Grant

First Claim

Patent Images

1. A method of policy-based determination of a network address for a client in a network that includes a gateway, the method comprising the computer-implemented steps of:

receiving, from the client, a request to assign a network address to the client;

sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client;

receiving a policy response that identifies the address scope of network addresses for the client;

modifying a request source address value in the client request based on the policy response;

sending the modified client request to a server that can assign network addresses within the identified scope;

receiving a network address for the client that has been assigned by the server within the identified scope;

in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client from the policy response in association with a media access control (MAC) address of the client;

providing the network address to the client; and

modifying a second request source address value in a second request for a network address from the client without requesting a policy response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for policy-based determination of a network address for a client in a network. A request for a network address is received from a client. A policy response is received that identifies a scope of network addresses for the client. A request source address value in the client request is modified, based on the policy response. The modified client request is sent to a server that can assign network addresses within the identified scope. A network address for the client is received, which has been assigned by the server within the identified scope. The network address is provided to the client. A specific embodiment modifies a “giaddr” field value in a DHCP request, before relaying the request to a DHCP server, based on a policy decision that specifies a scope to be used for the network address of the client.

61 Citations

View as Search Results

36 Claims

1. A method of policy-based determination of a network address for a client in a network that includes a gateway, the method comprising the computer-implemented steps of:
- receiving, from the client, a request to assign a network address to the client;
  
  sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client;
  
  receiving a policy response that identifies the address scope of network addresses for the client;
  
  modifying a request source address value in the client request based on the policy response;
  
  sending the modified client request to a server that can assign network addresses within the identified scope;
  
  receiving a network address for the client that has been assigned by the server within the identified scope;
  
  in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client from the policy response in association with a media access control (MAC) address of the client;
  
  providing the network address to the client; and
  
  modifying a second request source address value in a second request for a network address from the client without requesting a policy response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein the client request is a Dynamic Host Control Protocol (DHCP) request.
  - 3. A method as recited in claim 1, wherein the client request is a Dynamic Host Control Protocol (DHCP) request, and wherein the request source address is a “
    - giaddr”
      
      field value in the DHCP request.
  - 4. A method as recited in claim 1, wherein the step of receiving a policy response further comprises the steps of:
    - sending a policy request to determine a scope of network addresses for the client, wherein the policy request includes a client control address that is uniquely associated with the client;
      
      receiving a policy response that identifies a scope of network addresses for the client.
  - 5. A method as recited in claim 1, wherein the step of receiving a policy response further comprises the steps of:
    - sending a policy request to determine an address scope of network addresses for the client, wherein the policy request includes a client control address that is uniquely associated with the client;
      
      receiving a policy response that identifies an address scope of network addresses for the client, wherein the policy response is based on a first mapping of client control addresses to scope identifiers.
  - 6. A method as recited in claim 5, wherein the step of modifying a request source address value in the client request based on the policy response further comprises the steps of:
    - looking up an identifier of the scope in a second mapping of scope identifiers to request source address values;
      
      selecting, from the second mapping, a request source address value that corresponds to the scope identifier.
  - 7. A method as recited in claim 1, further comprising the steps of:
    - creating and storing a mapping of network address values to scope at a DHCP relay agent;
      
      creating and storing a mapping of client control addresses to scope at the DHCP relay agent.
  - 8. A method as recited in claim 3, wherein the mapping of client control addresses to scope is stored in a column of an Address Resolution Protocol (ARP) table, and wherein an entry in the ARP table is marked invalid for purposes of address resolution until a network address is assigned to the client.

9. A method of dynamically assigning an Internet Protocol (IP) address to a client that participates in a network having a gateway, a DHCP relay agent and a Dynamic Host Control Protocol (DHCP) server, the method comprising the computer-implemented steps of:
- receiving from the client, a DHCP Discover message;
  
  sending to a policy server a policy request message, wherein the policy request message includes a media access control (MAC) address of the client and information requesting the policy server to determine a network address scope applicable to the client;
  
  receiving, from the policy server, a policy response, wherein the policy response includes the address scope;
  
  in response to receiving the policy response, caching, at the gateway, the address scope in association with the media access control (MAC) address of the client;
  
  modifying a gateway interface address (“
  
  giaddr”
  
  ) value in the client request based on the address scope;
  
  forwarding the modified client request to the DHCP server;
  
  receiving a DHCP offer message from the DHCP server that offers an address that is within a scope associated with the address scope;
  
  forwarding the offer message to the client; and
  
  modifying a second giaddr value in a second DHCP Discover message from the client without requesting a policy response.

10. A method of dynamically assigning an Internet Protocol (IP) address to a client that participates in a network having a gateway, a DHCP relay agent and a Dynamic Host Control Protocol (DHCP) server, the method comprising the computer-implemented steps of:
- receiving from the client at the DHCP relay agent, a DHCP Discover message;
  
  receiving from the DHCP relay agent at the gateway, the DHCP Discover message destined for the DHCP server;
  
  sending from the gateway a policy request message to a policy server in the network, wherein the policy request message includes a media access control (MAC) address of the client and information requesting the policy server to determine a network address scope applicable to the client;
  
  receiving at the gateway, a policy response from the policy server, wherein the policy response includes the address scope;
  
  in response to receiving the policy response, caching, at the gateway, the address scope in association with the media access control (MAC) address of the client;
  
  modifying at the gateway, a gateway interface address (“
  
  giaddr”
  
  ) value in the client request based on the address scope;
  
  forwarding the modified client request to the DHCP server;
  
  receiving at the DHCP relay agent via the gateway a DHCP offer message from the DHCP server that offers an address that is within a scope associated with the address scope;
  
  forwarding the offer message to the client; and
  
  modifying a second giaddr value in a second DHCP Discover message from the client without requesting a policy response.
- View Dependent Claims (11)
- - 11. A method as recited in claim 10, wherein the step of receiving a policy response further comprises the steps of:
    - sending, to the policy server, a policy request to determine an address scope of network addresses for the client, wherein the policy request includes a MAC address that is uniquely associated with the client;
      
      receiving, from the policy server, a policy response that identifies an address scope of network addresses for the client, wherein the policy response is based on a first mapping of MAC addresses to scope identifiers.

12. A method of dynamically assigning an Internet Protocol (IP) address to a client that participates in a network having a gateway, a DHCP relay agent and a Dynamic Host Control Protocol (DHCP) server, the method comprising the computer-implemented steps of:
- receiving, from the client, a DHCP Discover message;
  
  sending, to a policy server, a policy request to determine a scope of network addresses for the client, wherein the policy request message includes a media access control (MAC) address of the client and information requesting the policy server to determine a network address scope applicable to the client;
  
  receiving, from the policy server, a policy response that includes an address scope identifier that identifies the network address scope applicable to the client, wherein the policy response is based on a first mapping of MAC addresses to scope identifiers;
  
  in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client in association with the media access control (MAC) address of the client;
  
  looking up an identifier of the scope in a second mapping of scope names to gateway interface address values;
  
  selecting, from the second mapping, a gateway interface address value that corresponds to the scope identifier;
  
  modifying the client request to include the selected gateway interface address value;
  
  forwarding the modified client request to the DHCP server;
  
  receiving a DHCP offer message from the DHCP server that offers an address that is within a scope associated with the address scope identifier;
  
  forwarding the offer message to the client; and
  
  modifying a second client request to include the selected gateway interface address value without requesting a policy response.

13. A computer-readable storage medium carrying one or more sequences of instructions for policy-based determination of a network address for a client in a network that has a gateway, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- receiving, from the client, a request to assign a network address to the client;
  
  sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client;
  
  receiving a policy response that identifies the address scope of network addresses for the client;
  
  in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client in association with the media access control (MAC) address of the client;
  
  modifying a request source address value in the client request based on the policy response;
  
  sending the modified client request to a server that can assign network addresses within the identified scope;
  
  receiving a network address for the client that has been assigned by the server within the identified scope;
  
  providing the network address to the client; and
  
  modifying a second request source address value in a second request for a network address from the client without requesting a policy response.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. A computer-readable storage medium as recited in claim 13, wherein the client request is a Dynamic Host Control Protocol (DHCP) request.
  - 15. A computer-readable storage medium as recited in claim 13, wherein the client request is a Dynamic Host Control Protocol (DHCP) request, and wherein the request source address is a “
    - giaddr”
      
      field value in the DHCP request.
  - 16. A computer-readable storage medium as recited in claim 13, wherein the step of receiving a policy response further comprises the steps of:
    - sending a policy request to determine a scope of network addresses for the client, wherein the policy request includes a client control address that is uniquely associated with the client;
      
      receiving a policy response that identifies a scope of network addresses for the client.
  - 17. A computer-readable storage medium as recited in claim 13, wherein the step of receiving a policy response further comprises the steps of:
    - sending a policy request to determine an address scope of network addresses for the client, wherein the policy request includes a client control address that is uniquely associated with the client;
      
      receiving a policy response that identifies an address scope of network addresses for the client, wherein the policy response is based on a first mapping of client control addresses to scope identifiers.
  - 18. A computer-readable storage medium as recited in claim 17, wherein the step of modifying a request source address value in the client request based on the policy response further comprises the steps of:
    - looking up an identifier of the scope in a second mapping of scope identifiers to request source address values;
      
      selecting, from the second mapping, a request source address value that corresponds to the scope identifier.
  - 19. A computer-readable storage medium as recited in claim 13, further comprising the steps of:
    - creating and storing a mapping of network address values to scope at a DHCP relay agent;
      
      creating and storing a mapping of client control addresses to scope at the DHCP relay agent.
  - 20. A computer-readable storage medium as recited in claim 19, wherein the mapping of client control addresses to scope is stored in a column of an Address Resolution Protocol (ARP) table, and wherein an entry in the ARP table is marked invalid for purposes of address resolution until a network address is assigned to the client.

21. An apparatus for policy-based determination of a network address for a client in a network that has a gateway, comprising:
- means for receiving, from the client, a request to assign a network address to the client;
  
  means for sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client;
  
  means for receiving a policy response that identifies the address scope of network addresses for the client;
  
  means for caching, at the gateway, the scope of network addresses for the client in association with the media access control (MAC) address of the client, in response to the means for receiving the policy response;
  
  means for modifying a request source address value in the client request based on the policy response;
  
  means for sending the modified client request to a server that can assign network addresses within the identified scope;
  
  means for receiving a network address for the client that has been assigned by the server within the identified scope;
  
  means for providing the network address to the client; and
  
  means for modifying a second request source address value in a second request for a network address from the client without requesting a policy response.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. An apparatus as recited in claim 21, wherein the client request is a Dynamic Host Control Protocol (DHCP) request.
  - 23. An apparatus as recited in claim 21, wherein the client request is a Dynamic Host Control Protocol (DHCP) request, and wherein the request source address is a “
    - giaddr”
      
      field value in the DHCP request.
  - 24. An apparatus as recited in claim 21, wherein the means for receiving a policy response further comprises:
    - means for sending a policy request to determine a scope of network addresses for the client, wherein the policy request includes a client control address that is uniquely associated with the client;
      
      means for receiving a policy response that identifies a scope of network addresses for the client.
  - 25. An apparatus as recited in claim 21, wherein the means for receiving a policy response further comprises:
    - means for sending a policy request to determine an address scope of network addresses for the client, wherein the policy request includes a client control address that is uniquely associated with the client;
      
      means for receiving a policy response that identifies an address scope of network addresses for the client, wherein the policy response is based on a first mapping of client control addresses to scope identifiers.
  - 26. An apparatus as recited in claim 25, wherein the means for modifying a request source address value in the client request based on the policy response further comprises:
    - means for looking up an identifier of the scope in a second mapping of scope identifiers to request source address values;
      
      means for selecting, from the second mapping, a request source address value that corresponds to the scope identifier.
  - 27. An apparatus as recited in claim 21, further comprising:
    - means for creating and storing a mapping of network address values to scope at a DHCP relay agent;
      
      means for creating and storing a mapping of client control addresses to scope at the DHCP relay agent.
  - 28. An apparatus as recited in claim 27, wherein the mapping of client control addresses to scope is stored in a column of an Address Resolution Protocol (ARP) table, and wherein an entry in the ARP table is marked invalid for purposes of address resolution until a network address is assigned to the client.

29. An apparatus for policy-based determination of a network address for a client in a network that has a gateway, comprising:
- a network interface that is coupled to the data network for receiving one or more packet flows therefrom;
  
  a processor;
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  receiving, from the client, a request to assign a network address to the client;
  
  sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client;
  
  receiving a policy response that identifies the address scope of network addresses for the client;
  
  in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client in association with the media access control (MAC) address of the client;
  
  modifying a request source address value in the client request based on the policy response;
  
  sending the modified client request to a server that can assign network addresses within the identified scope;
  
  receiving a network address for the client that has been assigned by the server within the identified scope;
  
  providing the network address to the client; and
  
  modifying a second request source address value in a second request of a network address from the client without requesting a policy response.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
- - 30. An apparatus as recited in claim 29, wherein the client request is a Dynamic Host Control Protocol (DHCP) request.
  - 31. An apparatus as recited in claim 29, wherein the client request is a Dynamic Host Control Protocol (DHCP) request, and wherein the request source address is a “
    - giaddr”
      
      field value in the DHCP request.
  - 32. An apparatus as recited in claim 29, wherein the step of receiving a policy response further comprises the steps of:
    - sending a policy request to determine a scope of network addresses for the client, wherein the policy request includes a client control address that is uniquely associated with the client;
      
      receiving a policy response that identifies a scope of network addresses for the client.
  - 33. An apparatus as recited in claim 29, wherein the step of receiving a policy response further comprises the steps of:
    - sending a policy request to determine an address scope of network addresses for the client, wherein the policy request includes a client control address that is uniquely associated with the client;
      
      receiving a policy response that identifies an address scope of network addresses for the client, wherein the policy response is based on a first mapping of client control addresses to scope identifiers.
  - 34. An apparatus as recited in claim 33, wherein the step of modifying a request source address value in the client request based on the policy response further comprises the steps of:
    - looking up an identifier of the scope in a second mapping of scope identifiers to request source address values;
      
      selecting, from the second mapping, a request source address value that corresponds to the scope identifier.
  - 35. An apparatus as recited in claim 29, further comprising the steps of:
    - creating and storing a mapping of network address values to scope at a DHCP relay agent;
      
      creating and storing a mapping of client control addresses to scope at the DHCP relay agent.
  - 36. An apparatus as recited in claim 35, wherein the mapping of client control addresses to scope is stored in a column of an Address Resolution Protocol (ARP) table, and wherein an entry in the ARP table is marked invalid for purposes of address resolution until a network address is assigned to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
King, Matthew, Van Horne, Edwin J. III, Bendelac, Chaim
Primary Examiner(s)
Burgess; Glenton B.
Assistant Examiner(s)
Higa; Brendan Y.

Application Number

US10/280,545
Time in Patent Office

1,951 Days
Field of Search

709223-226, 726/1
US Class Current

709/225
CPC Class Codes

H04L 61/5014   using dynamic host configur...

H04L 61/5061   Pools of addresses

H04L 61/59   using proxies for addressing

Method and apparatus providing policy-based determination of network addresses

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus providing policy-based determination of network addresses

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links