Dynamic service activation using COPS-PR to support outsourcing and configuration models for policy control

US 7,734,784 B1
Filed: 09/22/2006
Issued: 06/08/2010
Est. Priority Date: 09/22/2006
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a service activation engine (SAE) including;

a policy information base (PIB) file that defines a plurality of attachments that correspond to a plurality of network policies;

a server to;

receive a request, using common open policy service for policy provisioning (COPS-PR), for a network service related to an interface handle associated with a network interface created for a subscriber device,determine which one or more of the network policies correspond to the network service, andsend, using COPS-PR, a provisioning instance (PRI) including a first of the attachments to implement the one or more of the network policies to the interface handle based on the attachments; and

a routing device including;

network interface logic to apply the one or more of the network policies to data packets associated with the interface handle,policy management logic to maintain a shared configuration context, in which the one or more of the network policies are contained as a set of policies, between the network interface and at least one other network interface created for another subscriber device, anda service activation engine (SAE) interface module to communicate with the SAE.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device may include a service activation engine (SAE) including: a policy information base (PIB) file that defines a plurality of attachments that correspond to a plurality of network policies; and a server. The server may receive a request, using common open policy service for policy provisioning (COPS-PR), for a network service related to an interface handle associated with a subscriber device; determine which ones of the network policies correspond to the network service; and send, using COPS-PR, a provisioning instance (PRI) including a first of the attachments to implement the ones of the network policies to the interface handle based on the attachments.

Citations

21 Claims

1. A system comprising:
- a service activation engine (SAE) including;
  
  a policy information base (PIB) file that defines a plurality of attachments that correspond to a plurality of network policies;
  
  a server to;
  
  receive a request, using common open policy service for policy provisioning (COPS-PR), for a network service related to an interface handle associated with a network interface created for a subscriber device,determine which one or more of the network policies correspond to the network service, andsend, using COPS-PR, a provisioning instance (PRI) including a first of the attachments to implement the one or more of the network policies to the interface handle based on the attachments; and
  
  a routing device including;
  
  network interface logic to apply the one or more of the network policies to data packets associated with the interface handle,policy management logic to maintain a shared configuration context, in which the one or more of the network policies are contained as a set of policies, between the network interface and at least one other network interface created for another subscriber device, anda service activation engine (SAE) interface module to communicate with the SAE.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, where the network interface logic is to delete the interface handle without modification to the one or more of the network policies in the shared configuration context.
  - 3. The system of claim 2, where the SAE interface is to not notify the SAE of the deleted interface handle.
  - 4. The system of claim 2, where the SAE interface module is to notify the SAE of the deleted interface handle and the SAE is to not respond to the notification.
  - 5. The system of claim 1, where the network interface logic is to apply the set of policies to another interface handle associated with the at least one other network interface created for the other subscriber device.
  - 6. The system of claim 1, where the server is to receive a subsequent request, using COPS-PR, to deactivate the network service and send a subsequent PRI to the routing device via the SAE interface module, and the policy management logic is to modify the set of policies associated with the interface handle while retaining the ones of the network policies in the shared configuration context.
  - 7. The system of claim 1, where the set of policies comprises rule sets including identifiers of actions to be performed on at least some of the data packets to activate the network service.
  - 8. The system of claim 7, where the policy management logic is to compare the identifiers of the actions to identifiers associated with existing actions in the shared configuration context without accessing contents of existing actions.
  - 9. The system of claim 8, where the comparison is made based on a precedence order associated with each of the existing actions.
  - 10. The device of claim 8, where the comparison is made based on the existing actions as members of the rule sets and not as a linked list.
  - 11. The system of claim 8, where when the comparison results in a match, the set of policies is shared between the interface handle and at least one other interface handle associated with the at least one other network interface.
  - 12. The system of claim 8, where when the comparison results in a partial match, additional actions are created in the shared configuration context and the rules sets are renamed to point to the existing actions and the additional actions.

13. A method comprising:
- defining, by a policy decision point (PDP), a plurality of attachments that correspond to a plurality of policy services;
  
  receiving, by the PDP a service activation request associated with a handle interface associated with a network interface created for a subscriber device, the service activation request comprising common open policy service for provisioning (COPS-PR);
  
  identifying, by the PDP, a set of the policy services that correspond to the service activation request;
  
  generating, by the PDP, a policy decision using COPS-PR that includes a set of attachments corresponding to the identified set of policies;
  
  maintaining by a policy enforcement point (PEP), a shared configuration context, that includes policy lists, between the network interface and at least one other network interface created for another subscriber device;
  
  comparing the set of attachments to at least some of the policy lists; and
  
  applying, when the set of attachments matches a first policy list, the set of policy services associated with the first policy list to the handle interface.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, further comprising:
    - creating, when the set of attachments does not match any of the policy lists, actions in the shared configuration context that correspond to the policy services.
  - 15. The method of claim 13, where the policy lists comprise rule sets, and the comparing the set of attachments to the at least some of the policy lists includes determining whether the rule sets are in the policy lists irrespective of an order of the respective policy services in the policy lists.
  - 16. The method of claim 13, where the policy lists comprise rule sets that include identifiers, and comparing the set of attachments to the at least some of the policy lists includes comparing the rule sets identifiers to identifiers associated with the respective policy services in the policy lists without accessing the contents of the policy services.
  - 17. The method of claim 13, where the first policy list comprises a rule set, the method further comprising:
    - receiving a service deactivation request associated with the handle interface; and
      
      modifying the rule set to achieve the service deactivation without deleting actions in the shared configuration context that are associated with the first policy list.
  - 18. The method of claim 17, where the service deactivation request comprises a deletion of the interface handle.

19. One or more memory device that store instructions executable by a processing device, comprising:
- instructions for dynamically creating an interface connection in a policy enforcement point (PEP), the interface connection being identified by a handle and associated with a network interface created for a subscriber device;
  
  instructions for generating a common open policy service for provisioning (COPS-PR) message notifying a policy decision point (PDP) of the handle;
  
  instructions for creating an attachment at the PDP including a set of rules for provisioning the handle with a set of policies corresponding to services associated with the subscriber device;
  
  instructions for searching shared configuration context, between the network interface and at least one other network interface created for another subscriber device, maintained by the PEP for a policy list that matches the set of rules irrespective of how the rules are ordered within the set; and
  
  instructions for creating actions within the shared configuration context when the searching does not produce a match.

20. A device comprising:
- means for dynamically creating an interface handle, associated with a network interface created for a subscriber device, in a policy enforcement point (PEP) in a network;
  
  means for notifying a policy decision point (PDP) in the network of the interface handle using common open policy service for provisioning (COPS-PR);
  
  means for defining a plurality of attachments representing a plurality of policies corresponding to network services; and
  
  means for statically configuring a shared context of the PEP, between the network interface and at least one other network interface created for another subscriber device, to provision the attachments to the interface handle via policy decisions from the PDP to the PEP using COPS-PR, where the shared context is not modifiable from within the PEP.
- View Dependent Claims (21)
- - 21. The device of claim 20, further comprising:
    - means for scheduling received transactions according to rules of dependency for two or more received transactions involving operations to be performed on one or more common atoms of the shared context.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Sajedi, Mohammad H., Araujo, Wladimir, Ali, Altaf H.
Primary Examiner(s)
BAROT, BHARAT

Application Number

US11/534,460
Time in Patent Office

1,355 Days
Field of Search

709202-203, 709223-226, 709238-239, 709/250
US Class Current

709/226
CPC Class Codes

H04W 12/084 using delegated authorisati...

H04W 4/50 Service provisioning or rec...

Dynamic service activation using COPS-PR to support outsourcing and configuration models for policy control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic service activation using COPS-PR to support outsourcing and configuration models for policy control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links