Systems and methods for configuring flow control of policy expressions
First Claim
1. A method of configuring a network device to specify flow control among policies used in processing a packet stream, the method comprising:
- (a) providing a configuration interface for configuring a plurality of policies of a network device, at least one policy of the plurality of policies comprising a policy identifier; and
(b) receiving, via the configuration interface, information identifying a first policy of the plurality of policies, the first policy identifying (i) a rule comprising a first expression and (ii) a first action to be taken based on an evaluation of the rule; and
(c) receiving, via the configuration interface, information identifying a second policy of the plurality of policies to apply subsequent to the first policy if the rule evaluates to true.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
-
Citations
38 Claims
-
1. A method of configuring a network device to specify flow control among policies used in processing a packet stream, the method comprising:
-
(a) providing a configuration interface for configuring a plurality of policies of a network device, at least one policy of the plurality of policies comprising a policy identifier; and (b) receiving, via the configuration interface, information identifying a first policy of the plurality of policies, the first policy identifying (i) a rule comprising a first expression and (ii) a first action to be taken based on an evaluation of the rule; and (c) receiving, via the configuration interface, information identifying a second policy of the plurality of policies to apply subsequent to the first policy if the rule evaluates to true. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of flow control among policies used in a network device processing a packet stream, the method comprising:
-
(a) identifying, by an appliance, a plurality of policies to apply to a received packet stream, at least one policy of the plurality of policies comprising a policy identifier; (b) processing, by the appliance, a first policy of the plurality of policies, the first policy identifying (i) a rule comprising a first expression and (ii) a first action to be taken based on an evaluation of the rule, and (iii) a second policy of the plurality of policies; (c) determining, by the appliance based on an evaluation of the expression, the rule evaluates to true; and (d) processing, by the appliance in response to the determination, the identified second policy. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An appliance providing flow control among policies used in a network device processing a packet stream, the appliance comprising:
-
a packet processor which receives a packet stream; and a policy engine which identifies a plurality of policies to apply to a received packet stream, at least one policy of the plurality of policies comprising a policy identifier;
processes a first policy of the plurality of policies, the first policy identifying (i) a rule comprising a first expression and (ii) a first action to be taken based on an evaluation of the rule, and (iii) a second policy of the plurality of policies;
determines, based on an evaluation of the expression, the rule evaluates to true; and
processes, by the appliance in response to the determination, the identified second policy. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification