Rule set conflict resolution
First Claim
1. A method, comprising:
- receiving a plurality of packet flow rules from multiple network services, wherein each packet flow rule comprises a packet filter and an action list including one or more prioritized actions, wherein each network service has a priority, and wherein the packet flow rules from each network service comprise a priority expressed either by longest prefix, or ordered precedence;
generating a unified rule set according to the received packet flow rules, wherein said generating comprises;
identifying conflicts between rule pairs, wherein each rule pair includes a higher priority rule and a lower priority rule; and
resolving the identified conflicts according to a priority relationship between the higher priority rule and the lower priority rule.
2 Assignments
0 Petitions
Accused Products
Abstract
A flow manager may receive prioritized packet flow rules from multiple prioritized network services where each flow rule may comprise a packet filter and a prioritized action list. The priority for the flow rules from each network service may be expressed as either longest prefix or ordered precedence. The flow manager may generate a unified rule set according to the received packet flow rules by identifying conflict between pairs of rules and resolving the identified conflicts according the priority relationship two rules of each pair. When resolving conflicts between rules, the flow manager may append the action list of one rule to the action list of another rule, and may also create a new rule by combining the packet filters and actions lists of the conflicting rules.
200 Citations
43 Claims
-
1. A method, comprising:
-
receiving a plurality of packet flow rules from multiple network services, wherein each packet flow rule comprises a packet filter and an action list including one or more prioritized actions, wherein each network service has a priority, and wherein the packet flow rules from each network service comprise a priority expressed either by longest prefix, or ordered precedence; generating a unified rule set according to the received packet flow rules, wherein said generating comprises; identifying conflicts between rule pairs, wherein each rule pair includes a higher priority rule and a lower priority rule; and resolving the identified conflicts according to a priority relationship between the higher priority rule and the lower priority rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A device, comprising:
-
a processor; and a memory coupled to the processor, wherein the memory comprises program instructions configured to; receive a plurality of packet flow rules from multiple network services, wherein each packet flow rule comprises a packet filter and an action list including one or more prioritized actions, wherein each network service has a priority, and wherein the packet flow rules from each network service comprise a priority expressed either by longest prefix, or ordered precedence; generate a unified rule set according to the received packet flow rules, wherein said generating comprises; identify conflicts between rule pairs, wherein each rule pair includes a higher priority rule and a lower priority rule; and resolve the identified conflicts according to a priority relationship between the higher priority rule and the lower priority rule. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system comprising:
-
a plurality of network services; a flow enforcement device; and a flow manager configured to; receive a plurality of packet flow rules from the plurality of network services, wherein each packet flow rule comprises a packet filter and an action list including one or more prioritized actions, wherein each network service has a priority, and wherein the packet flow rules from each network service comprise a priority expressed either by longest prefix, or ordered precedence; generate a unified rule set according to the packet flow rules, wherein in said generating the flow manager if configured to; identify conflicts between rule pairs, wherein each rule pair includes a higher priority rule and a lower priority rule; and resolve the identified conflicts according to a priority relationship between the higher priority rule and the lower priority rule; and install the unified rule set to the flow enforcement device.
-
-
30. A computer accessible medium, comprising program instructions configured to implement:
-
receiving a plurality of packet flow rules from multiple network services, wherein each packet flow rule comprises a packet filter and an action list including one or more prioritized actions, wherein each network service has a priority, and wherein the packet flow rules from each network service comprise a priority expressed either by longest prefix, or ordered precedence; generating a unified rule set according to the received packet flow rules, wherein said generating comprises; identifying conflicts between rule pairs, wherein each rule pair includes a higher priority rule and a lower priority rule; and resolving the identified conflicts according to a priority relationship between the higher priority rule and the lower priority rule. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
Specification