Systems and methods for providing structured policy expressions to represent unstructured data in a network appliance
First Claim
1. A method of configuring a policy of a network device with an object-oriented expression to specify structure in a payload of a packet stream received by a network device, the method comprising:
- (a) providing a configuration interface for configuring a policy for a network device;
(b) receiving, via the configuration interface, an expression for the policy, the expression identifying (i) an object class to apply to a portion of the payload of a packet stream, and (ii) a member of the object class; and
(c) receiving, via the configuration interface, information identifying an action for the policy, the action to be taken based on an evaluation of the expression.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
-
Citations
63 Claims
-
1. A method of configuring a policy of a network device with an object-oriented expression to specify structure in a payload of a packet stream received by a network device, the method comprising:
-
(a) providing a configuration interface for configuring a policy for a network device; (b) receiving, via the configuration interface, an expression for the policy, the expression identifying (i) an object class to apply to a portion of the payload of a packet stream, and (ii) a member of the object class; and (c) receiving, via the configuration interface, information identifying an action for the policy, the action to be taken based on an evaluation of the expression. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. In an appliance, a method of applying object-oriented expressions in a policy to specify structure in a payload of a packet stream received by the appliance, the method comprising:
-
(a) identifying, by an appliance, a policy to evaluate with respect to a payload of a received packet stream, the policy specifying (i) an object class to apply to a portion of the payload of a packet stream, (ii) a member of the object class and (iii) an action; (b) selecting, by the appliance, a portion of the payload identified by the object class; (c) determining, by the appliance, a value for the member of the object class; and (d) taking, in response to the determined value, the action. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. An appliance for applying object-oriented expressions in a policy to specify structure in a payload of a packet stream received by the appliance, the appliance comprising:
-
a packet processor which receives a packet stream; and a policy engine which identifies a policy to evaluate with respect to a payload of a received packet stream, the policy specifying (i) an object class to apply to a portion of the payload of a packet stream, (ii) a member of the object class and (iii) an action;
selects a portion of the payload identified by the object class;
determines a value for the member of the object class; and
takes, in response to the determined value, the action. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
-
-
60. In an appliance, a method of applying object-oriented expressions in a policy to specify structure in a payload of a packet stream received by the appliance, the method comprising:
-
(a) identifying, by an appliance, a policy comprising an object-oriented expression to evaluate with respect to a payload of a received packet stream; (b) assigning, by the appliance, values to a data structure specified by the object-oriented expression based on a portion of the payload; (c) performing, by the appliance, an evaluation of the expression based on the assigned values; and (d) taking, in response to the evaluation, an action specified by the policy. - View Dependent Claims (61)
-
-
62. An appliance for applying object-oriented expressions in a policy to specify structure in a payload of a packet stream received by the appliance, the appliance comprising:
-
a packet processor which receives a packet stream; and a policy engine which identifies a policy comprising an object-oriented expression to evaluate with respect to a payload of the packet stream;
assigns values to a data structure specified by the object-oriented expression based on a portion of the payload;
performs an evaluation of the expression based on the assigned values; and
takes, in response to the evaluation, an action specified by the policy. - View Dependent Claims (63)
-
Specification