Method and apparatus providing policy-based determination of network addresses
First Claim
1. A method of policy-based determination of a network address for a client in a network that includes a gateway, the method comprising the computer-implemented steps of:
- receiving, from the client, a request to assign a network address to the client;
sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client;
receiving a policy response that identifies the address scope of network addresses for the client;
modifying a request source address value in the client request based on the policy response;
sending the modified client request to a server that can assign network addresses within the identified scope;
receiving a network address for the client that has been assigned by the server within the identified scope;
in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client from the policy response in association with a media access control (MAC) address of the client;
providing the network address to the client; and
modifying a second request source address value in a second request for a network address from the client without requesting a policy response.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is disclosed for policy-based determination of a network address for a client in a network. A request for a network address is received from a client. A policy response is received that identifies a scope of network addresses for the client. A request source address value in the client request is modified, based on the policy response. The modified client request is sent to a server that can assign network addresses within the identified scope. A network address for the client is received, which has been assigned by the server within the identified scope. The network address is provided to the client. A specific embodiment modifies a “giaddr” field value in a DHCP request, before relaying the request to a DHCP server, based on a policy decision that specifies a scope to be used for the network address of the client.
-
Citations
36 Claims
-
1. A method of policy-based determination of a network address for a client in a network that includes a gateway, the method comprising the computer-implemented steps of:
-
receiving, from the client, a request to assign a network address to the client; sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client; receiving a policy response that identifies the address scope of network addresses for the client; modifying a request source address value in the client request based on the policy response; sending the modified client request to a server that can assign network addresses within the identified scope; receiving a network address for the client that has been assigned by the server within the identified scope; in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client from the policy response in association with a media access control (MAC) address of the client; providing the network address to the client; and modifying a second request source address value in a second request for a network address from the client without requesting a policy response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of dynamically assigning an Internet Protocol (IP) address to a client that participates in a network having a gateway, a DHCP relay agent and a Dynamic Host Control Protocol (DHCP) server, the method comprising the computer-implemented steps of:
-
receiving from the client, a DHCP Discover message; sending to a policy server a policy request message, wherein the policy request message includes a media access control (MAC) address of the client and information requesting the policy server to determine a network address scope applicable to the client; receiving, from the policy server, a policy response, wherein the policy response includes the address scope; in response to receiving the policy response, caching, at the gateway, the address scope in association with the media access control (MAC) address of the client; modifying a gateway interface address (“
giaddr”
) value in the client request based on the address scope;forwarding the modified client request to the DHCP server; receiving a DHCP offer message from the DHCP server that offers an address that is within a scope associated with the address scope; forwarding the offer message to the client; and modifying a second giaddr value in a second DHCP Discover message from the client without requesting a policy response.
-
-
10. A method of dynamically assigning an Internet Protocol (IP) address to a client that participates in a network having a gateway, a DHCP relay agent and a Dynamic Host Control Protocol (DHCP) server, the method comprising the computer-implemented steps of:
-
receiving from the client at the DHCP relay agent, a DHCP Discover message; receiving from the DHCP relay agent at the gateway, the DHCP Discover message destined for the DHCP server; sending from the gateway a policy request message to a policy server in the network, wherein the policy request message includes a media access control (MAC) address of the client and information requesting the policy server to determine a network address scope applicable to the client; receiving at the gateway, a policy response from the policy server, wherein the policy response includes the address scope; in response to receiving the policy response, caching, at the gateway, the address scope in association with the media access control (MAC) address of the client; modifying at the gateway, a gateway interface address (“
giaddr”
) value in the client request based on the address scope;forwarding the modified client request to the DHCP server; receiving at the DHCP relay agent via the gateway a DHCP offer message from the DHCP server that offers an address that is within a scope associated with the address scope; forwarding the offer message to the client; and modifying a second giaddr value in a second DHCP Discover message from the client without requesting a policy response. - View Dependent Claims (11)
-
-
12. A method of dynamically assigning an Internet Protocol (IP) address to a client that participates in a network having a gateway, a DHCP relay agent and a Dynamic Host Control Protocol (DHCP) server, the method comprising the computer-implemented steps of:
-
receiving, from the client, a DHCP Discover message; sending, to a policy server, a policy request to determine a scope of network addresses for the client, wherein the policy request message includes a media access control (MAC) address of the client and information requesting the policy server to determine a network address scope applicable to the client; receiving, from the policy server, a policy response that includes an address scope identifier that identifies the network address scope applicable to the client, wherein the policy response is based on a first mapping of MAC addresses to scope identifiers; in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client in association with the media access control (MAC) address of the client; looking up an identifier of the scope in a second mapping of scope names to gateway interface address values; selecting, from the second mapping, a gateway interface address value that corresponds to the scope identifier; modifying the client request to include the selected gateway interface address value; forwarding the modified client request to the DHCP server; receiving a DHCP offer message from the DHCP server that offers an address that is within a scope associated with the address scope identifier; forwarding the offer message to the client; and modifying a second client request to include the selected gateway interface address value without requesting a policy response.
-
-
13. A computer-readable storage medium carrying one or more sequences of instructions for policy-based determination of a network address for a client in a network that has a gateway, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
receiving, from the client, a request to assign a network address to the client; sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client; receiving a policy response that identifies the address scope of network addresses for the client; in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client in association with the media access control (MAC) address of the client; modifying a request source address value in the client request based on the policy response; sending the modified client request to a server that can assign network addresses within the identified scope; receiving a network address for the client that has been assigned by the server within the identified scope; providing the network address to the client; and modifying a second request source address value in a second request for a network address from the client without requesting a policy response. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus for policy-based determination of a network address for a client in a network that has a gateway, comprising:
-
means for receiving, from the client, a request to assign a network address to the client; means for sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client; means for receiving a policy response that identifies the address scope of network addresses for the client; means for caching, at the gateway, the scope of network addresses for the client in association with the media access control (MAC) address of the client, in response to the means for receiving the policy response; means for modifying a request source address value in the client request based on the policy response; means for sending the modified client request to a server that can assign network addresses within the identified scope; means for receiving a network address for the client that has been assigned by the server within the identified scope; means for providing the network address to the client; and means for modifying a second request source address value in a second request for a network address from the client without requesting a policy response. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. An apparatus for policy-based determination of a network address for a client in a network that has a gateway, comprising:
-
a network interface that is coupled to the data network for receiving one or more packet flows therefrom; a processor; one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; receiving, from the client, a request to assign a network address to the client; sending to a policy server a policy decision request comprising a MAC address of the client and information requesting the policy server to determine a network address scope applicable to the client; receiving a policy response that identifies the address scope of network addresses for the client; in response to receiving the policy response, caching, at the gateway, the scope of network addresses for the client in association with the media access control (MAC) address of the client; modifying a request source address value in the client request based on the policy response; sending the modified client request to a server that can assign network addresses within the identified scope; receiving a network address for the client that has been assigned by the server within the identified scope; providing the network address to the client; and modifying a second request source address value in a second request of a network address from the client without requesting a policy response. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
-
Specification