Generating accounting data based on access control list entries

US 7,689,485 B2
Filed: 07/29/2003
Issued: 03/30/2010
Est. Priority Date: 08/10/2002
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

configuring a mechanism for accumulating information based on an access control list including a plurality of access control list entries, with one or more of the plurality of access control list entries identifying network accounting data collection requests;

said configuring the mechanism including;

associating network accounting data collection mechanisms with each of said one or more of the plurality of access control list entries identifying network accounting data collection requests; and

wherein the access control list identifies to a bridge or a router information for allowing and denying flows of packet traffic, with at least one of the plurality of access control list entries identifies a deny operation and at least one of the plurality of access control list entries identifies a permit operation; and

employing the bridge or the router to perform the following operations;

for each particular item of a plurality of items;

identifying a particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item based on matching the particular item with said one or more of the plurality of access control list entries; and

in response, updating the particular network accounting data collection mechanism corresponding to the particular item;

wherein each item of the plurality of items includes one or more fields of a corresponding received packet; and

wherein said operation of identifying the particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item includes;

performing a lookup operation in an associative memory based on the lookup value including the particular item to identify an associative memory result; and

performing a lookup operation on an adjunct memory based on the associative memory result to identify the particular network accounting data collection mechanism of said network accounting data collection mechanisms.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, and other mechanisms are disclosed for generating accounting or other data based on that indicated in access control lists or other specifications, and typically using associative memory entries in one or more associative memory banks and/or memory devices. One implementation identifies an access control list including multiple access control list entries, with a subset of these access control list entries identifying accounting requests. Accounting mechanisms are associated with each of said access control list entries in the subset of access control list entries identifying accounting requests. An item is identified, and a corresponding accounting mechanism is updated. In one implementation, the item includes at least one autonomous system number. In one implementation, at least one of the accounting mechanisms is associated with at least two different access control list entries in the subset of access control list entries identifying accounting requests.

Citations

9 Claims

1. A method, comprising:
- configuring a mechanism for accumulating information based on an access control list including a plurality of access control list entries, with one or more of the plurality of access control list entries identifying network accounting data collection requests;
  
  said configuring the mechanism including;
  
  associating network accounting data collection mechanisms with each of said one or more of the plurality of access control list entries identifying network accounting data collection requests; and
  
  wherein the access control list identifies to a bridge or a router information for allowing and denying flows of packet traffic, with at least one of the plurality of access control list entries identifies a deny operation and at least one of the plurality of access control list entries identifies a permit operation; and
  
  employing the bridge or the router to perform the following operations;
  
  for each particular item of a plurality of items;
  
  identifying a particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item based on matching the particular item with said one or more of the plurality of access control list entries; and
  
  in response, updating the particular network accounting data collection mechanism corresponding to the particular item;
  
  wherein each item of the plurality of items includes one or more fields of a corresponding received packet; and
  
  wherein said operation of identifying the particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item includes;
  
  performing a lookup operation in an associative memory based on the lookup value including the particular item to identify an associative memory result; and
  
  performing a lookup operation on an adjunct memory based on the associative memory result to identify the particular network accounting data collection mechanism of said network accounting data collection mechanisms.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein each item of the plurality of items further includes at least one autonomous system number, said at least one autonomous system number identifying a set of communication devices under a single administrative authority.
  - 3. The method of claim 1, wherein at least one of said network accounting data collection mechanisms is associated with at least two different access control list entries in said one or more of the plurality of access control list entries identifying network accounting data collection requests.

4. An apparatus, comprising:
- one or more processors and memory, wherein the memory stores one or more instructions that, when executed by said one or more processors, perform operations comprising;
  
  configuring a mechanism for accumulating information based on an access control list including a plurality of access control list entries, with one or more of the plurality of access control list entries identifying network accounting data collection requests;
  
  said configuring the mechanism including;
  
  associating network accounting data collection mechanisms with each of said one or more of the plurality of access control list entries identifying network accounting data collection requests; and
  
  wherein the access control list identifies to a bridge or router information for allowing and denying flows of packet traffic, with at least one of the plurality of access control list entries identifies a deny operation and at least one of the plurality of access control list entries identifies a permit operation; and
  
  means for;
  
  for each particular item of a plurality of items;
  
  identifying a particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item based on matching the particular item with said one or more of the plurality of access control list entries; and
  
  in response, updating the particular network accounting data collection mechanism corresponding to the particular item;
  
  wherein the apparatus is the bridge or the router; and
  
  wherein each item of the plurality of items includes one or more fields of a corresponding received packet; and
  
  wherein said means for identifying the particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item includes;
  
  means for performing a lookup operation in an associative memory based on the lookup value including the particular item to identify an associative memory result; and
  
  means for performing a lookup operation on an adjunct memory based on the associative memory result to identify the particular network accounting data collection mechanism of said network accounting data collection mechanisms.
- View Dependent Claims (5, 6)
- - 5. The apparatus of claim 4, wherein each item of the plurality of items further includes at least one autonomous system number, said at least one autonomous system number identifying a set of communication devices under a single administrative authority.
  - 6. The apparatus of claim 4, wherein at least one of said network accounting data collection mechanisms is associated with at least two different access control list entries in said one or more of the plurality of access control list entries identifying network accounting data collection requests.

7. An apparatus, comprising:
- means for configuring a mechanism for accumulating information based on an access control list including a plurality of access control list entries, with one or more of the plurality of access control list entries identifying network accounting data collection requests;
  
  said means for configuring the mechanism including;
  
  means for associating network accounting data collection mechanisms with each of said one or more of the plurality of access control list entries identifying network accounting data collection requests; and
  
  wherein the access control list identifies to a bridge or router information for allowing and denying flows of packet traffic, with at least one of the plurality of access control list entries identifies a deny operation and at least one of the plurality of access control list entries identifies a permit operation; and
  
  means for;
  
  for each particular item of a plurality of items;
  
  identifying and a particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item based on matching the particular item with said one or more of the plurality of access control list entries; and
  
  in response, updating the particular network accounting data collection mechanism corresponding to the particular item;
  
  wherein the apparatus is the bridge or the router; and
  
  wherein each item of the plurality of items includes one or more fields of a corresponding received packet; and
  
  wherein said means for identifying the particular network accounting data collection mechanism of said network accounting data collection mechanisms corresponding to the particular item includes;
  
  means for performing a lookup operation in an associative memory based on the lookup value including the particular item to identify an associative memory result; and
  
  means for performing a lookup operation on an adjunct memory based on the associative memory result to identify the particular network accounting data collection mechanism of said network accounting data collection mechanisms.
- View Dependent Claims (8, 9)
- - 8. The apparatus of claim 7, wherein each item of the plurality of items further includes at least one autonomous system number, said at least one autonomous system number identifying a set of communication devices under a single administrative authority.
  - 9. The apparatus of claim 7, wherein at least one of said network accounting data collection mechanisms is associated with at least two different access control list entries in said one or more of the plurality of access control list entries identifying network accounting data collection requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Rawat, Atul, Saharia, Gyaneshwar S., Gurajapu, Suresh, Kanekar, Bhushan Mangesh, Devireddy, Dileep Kumar, Pullela, Venkateshwar Rao
Primary Examiner(s)
Cheung; Mary
Assistant Examiner(s)
Badii; Behrang

Application Number

US10/630,178
Publication Number

US 20040172346A1
Time in Patent Office

2,436 Days
Field of Search

718/104, 399/79, 399/1, 705/1, 707/9
US Class Current

705/35
CPC Class Codes

G06F 16/90339   by using parallel associati...

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/12   Accounting

Generating accounting data based on access control list entries

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Generating accounting data based on access control list entries

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links