Method and apparatus for creating a network topograph that includes all select objects that are in a network

US 8,001,475 B2
Filed: 02/14/2006
Issued: 08/16/2011
Est. Priority Date: 07/15/2002
Status: Active Grant

First Claim

Patent Images

1. An apparatus for creating a network topograph that includes all selected objects that are in a network, the apparatus comprising:

one or more processors; and

one or more stored sequences of instructions, which, when executed by the one or more processors, cause the one or more processors to carry out steps of;

establishing a plurality of network objects in the network to be the selected objects, wherein the selected objects are key firewall objects selected from a plurality of firewall objects based on one or more user-specified criteria, wherein the selected objects completely surround one or more non-selected objects;

in response to the establishing, determining a first set of one or more of the non-selected objects in the network that partition the network into one or more perimeters, wherein a perimeter in the one or more perimeters is a set of one or more non-selected objects and is completely surrounded by one or more of the selected objects, and wherein a particular first perimeter in the one or more perimeters is the first set of one or more non-selected objects;

in response to the determining, creating a network topograph that represents individually only each selected object in the network, and in which all the non-selected objects of the first set are represented collectively as a single non-selected object;

displaying the network topograph in a graphical user interface of a network management application in which only each particular selected object is displayed individually as a single object and all non-selected objects that the particular selected object completely surrounds are displayed collectively as a single object;

receiving input from a user, wherein the input specifies a first non-selected object in the network topograph; and

displaying information about the first non-selected object, wherein the information was not displayed prior to the input being received.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for creating a network topograph that includes all select objects that are in a network. A set of one or more non-select objects in the network is determined. A network topograph is created. Each select object in the network is included in the network topograph. Elements of the set are collectively represented as a single non-select object.

22 Citations

View as Search Results

24 Claims

1. An apparatus for creating a network topograph that includes all selected objects that are in a network, the apparatus comprising:
- one or more processors; and
  
  one or more stored sequences of instructions, which, when executed by the one or more processors, cause the one or more processors to carry out steps of;
  
  establishing a plurality of network objects in the network to be the selected objects, wherein the selected objects are key firewall objects selected from a plurality of firewall objects based on one or more user-specified criteria, wherein the selected objects completely surround one or more non-selected objects;
  
  in response to the establishing, determining a first set of one or more of the non-selected objects in the network that partition the network into one or more perimeters, wherein a perimeter in the one or more perimeters is a set of one or more non-selected objects and is completely surrounded by one or more of the selected objects, and wherein a particular first perimeter in the one or more perimeters is the first set of one or more non-selected objects;
  
  in response to the determining, creating a network topograph that represents individually only each selected object in the network, and in which all the non-selected objects of the first set are represented collectively as a single non-selected object;
  
  displaying the network topograph in a graphical user interface of a network management application in which only each particular selected object is displayed individually as a single object and all non-selected objects that the particular selected object completely surrounds are displayed collectively as a single object;
  
  receiving input from a user, wherein the input specifies a first non-selected object in the network topograph; and
  
  displaying information about the first non-selected object, wherein the information was not displayed prior to the input being received.
- View Dependent Claims (2, 3, 4, 5, 6, 11, 12)
- - 2. An apparatus as recited in claim 1, wherein the stored sequences of instructions which cause the one or more processors to carry out the step of creating the network topograph comprises stored sequences of instructions which cause the one or more processors to carry out a step of representing, in the network topograph, a link in the network only if the link is a direct link between a selected object and another object in the network.
  - 3. An apparatus as recited in claim 1, wherein the stored sequences of instructions which cause the one or more processors to carry out the step of determining the first set of one or more non-selected objects in the network comprise stored sequences of instructions which cause the one or more processors to carry out a step of determining the one or more non-selected objects based on a location of those one or more non-selected objects relative to a selected object.
  - 4. An apparatus as recited in claim 1, wherein the stored sequences of instructions which cause the one or more processors to carry out the step of displaying information about the first non-selected object comprise stored sequences of instructions which cause the one or more processors to carry out a step of displaying one or more elements of a set of objects that are collectively represented by the first non-selected object.
  - 5. An apparatus as recited in claim 1, wherein the stored sequences of instructions which cause the one or more processors to carry out the step of determining the first set comprise stored sequences of instructions which cause the one or more processors to carry out steps of:
    - identifying a plurality of selected objects that collectively define a security domain that comprises one or more other objects; and
      
      placing all the other objects, which are in the security domain, in the first set.
  - 6. An apparatus as recited in claim 1, wherein the stored sequences of instructions which cause the one or more processors to carry out the step of determining the first set comprise stored sequences of instructions which cause the one or more processors to carry out recursive steps of:
    - including a first non-selected object in the first set; and
      
      for each element in a set that includes all non-selected objects that (a) directly link to the first non-selected object and that (b) are not included in the first set, performing the recursive steps with that element being the first non-selected object.
  - 11. An apparatus as recited in claim 4, wherein the means for determining the first set comprise:
    - means for identifying a plurality of selected objects that collectively define a security domain that comprises one or more other objects; and
      
      means for placing all the other objects, which are in the security domain, in the first set.
  - 12. An apparatus as recited in claim 4, wherein the means for determining the first set comprise means for carrying out recursive steps of:
    - including a first non-selected object in the first set; and
      
      for each element in a set that includes all non-selected objects that (a) directly link to the first non-selected object and that (b) are not included in the first set, performing the recursive steps with that element being the first non-selected object.

7. An apparatus for creating a network topograph that includes all selected objects that are in a network, the apparatus comprising:
- one or more processors;
  
  means for establishing a plurality of network objects in the network to be the selected objects, wherein the selected objects are key firewall objects selected from a plurality of firewall objects based on one or more user-specified criteria, wherein the selected objects completely surround one or more non-selected objects;
  
  means responsive to the establishing means for determining a first set of one or more non-selected objects in the network that partition the network into one or more perimeters, wherein a perimeter in the one or more perimeters is a set of one or more non-selected objects and is completely surrounded by one or more of the selected objects, and wherein a particular first perimeter in the one or more perimeters is the first set of one or more non-selected objects;
  
  means responsive to the determining means for creating a network topograph that represents individually only each selected object in the network, and in which all the non-selected objects of the first set are represented collectively as a single non-selected object;
  
  means for displaying the network topograph in a graphical user interface of a network management application in which only each particular selected object is displayed individually as a single object and all non-selected objects that the particular selected object completely surrounds are displayed as collectively a single object;
  
  means for receiving input from a user, wherein the input specifies a first non-selected object in the network topograph; and
  
  means for displaying information about the first non-selected object, wherein the information was not displayed prior to the input being received.
- View Dependent Claims (8, 9, 10)
- - 8. An apparatus as recited in claim 7, wherein the means for creating the network topograph comprise means for representing, in the network topograph, a link in the network only if the link is a direct link between a selected object and another object in the network.
  - 9. An apparatus as recited in claim 7, wherein the means for determining the first set of one or more non-selected objects in the network comprise means for determining the one or more non-selected objects based on a location of those one or more non-selected objects relative to a selected object.
  - 10. An apparatus as recited in claim 7, wherein the means for displaying information about the first non-selected object comprise means for displaying one or more elements of a set of objects that are collectively represented by the first non-selected object.

13. A volatile or non-volatile computer-readable medium carrying one or more sequences of instructions for creating a network topograph that includes all selected objects that are in a network, which instructions, when executed by one or more processors, cause the one or more processors to carry out steps of:
- establishing a plurality of network objects in the network to be the selected objects, wherein the selected objects are key firewall objects selected from a plurality of firewall objects based on one or more user-specified criteria, wherein the selected objects completely surround one or more non-selected objects;
  
  in response to the establishing, determining a first set of one or more non-selected objects in the network that partition the network into one or more perimeters, wherein a perimeter in the one or more perimeters is a set of one or more non-selected objects and is completely surrounded by one or more of the selected objects, and wherein a particular first perimeter in the one or more perimeters is the first set of one or more non-selected objects;
  
  in response to the determining, creating a network topograph that represents individually only each selected object in the network, and in which all the non-selected objects of the first set are represented collectively as a single non-selected object;
  
  displaying the network topograph in a graphical user interface of a network management application in which only each particular selected object is displayed individually as a single object and all non-selected objects that the particular selected object completely surrounds are displayed collectively as a single object;
  
  receiving input from a user, wherein the input specifies a first non-selected object in the network topograph; and
  
  displaying information about the first non-selected object, wherein the information was not displayed prior to the input being received.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A volatile or non-volatile computer-readable medium as recited in claim 13, wherein the step of creating the network topograph comprises a step of representing, in the network topograph, a link in the network only if the link is a direct link between a selected object and another object in the network.
  - 15. A volatile or non-volatile computer-readable medium as recited in claim 13, wherein the step of determining the first set of one or more non-selected objects in the network comprises a step of determining the one or more non-selected objects based on a location of those one or more non-selected objects relative to a selected object.
  - 16. A volatile or non-volatile computer-readable medium as recited in claim 13, wherein the step of displaying information about the first non-selected object comprises a step of displaying one or more elements of a set of objects that are collectively represented by the first non-selected object.
  - 17. A volatile or non-volatile computer-readable medium as recited in claim 13, wherein the step of determining the first set comprises steps of:
    - identifying a plurality of selected objects that collectively define a security domain that comprises one or more other objects; and
      
      placing all the other objects, which are in the security domain, in the first set.
  - 18. A volatile or non-volatile computer-readable medium as recited in claim 13, wherein the step of determining the first set comprises recursive steps of:
    - including a first non-selected object in the first set; and
      
      for each element in a set that includes all non-selected objects that (a) directly link to the first non-selected object and that (b) are not included in the first set, performing the recursive steps with that element being the first non-selected object.

19. A method, comprising the computer-implemented steps of:
- establishing a plurality of network objects in the network to be the selected objects, wherein the selected objects are key firewall objects selected from a plurality of firewall objects based on one or more user-specified criteria, wherein the selected objects completely surround one or more non-selected objects;
  
  in response to the establishing, determining a first set of one or more of the non-selected objects in the network that partition the network into one or more perimeters, wherein a perimeter in the one or more perimeters is a set of one or more non-selected objects and is completely surrounded by one or more of the selected objects, and wherein a particular first perimeter in the one or more perimeters is the first set of one or more non-selected objects;
  
  in response to the determining, creating a network topograph that represents individually only each selected object in the network, and in which all the non-selected objects of the first set are represented collectively as a single non-selected object;
  
  displaying the network topograph in a graphical user interface of a network management application in which only each particular selected object is displayed individually as a single object and all non-selected objects that the particular selected object completely surrounds are displayed collectively as a single object;
  
  receiving input from a user, wherein the input specifies a first non-selected object in the network topograph; and
  
  displaying information about the first non-selected object, wherein the information was not displayed prior to the input being received;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. A method as recited in claim 19, further comprising representing, in the network topograph, a link in the network only if the link is a direct link between a selected object and another object in the network.
  - 21. A method as recited in claim 19, further comprising determining the one or more non-selected objects based on a location of those one or more non-selected objects relative to a selected object.
  - 22. A method as recited in claim 19, further comprising displaying one or more elements of a set of objects that are collectively represented by the first non-selected object.
  - 23. A method as recited in claim 19, further comprising:
    - identifying a plurality of selected objects that collectively define a security domain that comprises one or more other objects; and
      
      placing all the other objects, which are in the security domain, in the first set.
  - 24. A method as recited in claim 19, further comprising:
    - including a first non-selected object in the first set; and
      
      for each element in a set that includes all non-selected objects that (a) directly link to the first non-selected object and that (b) are not included in the first set, performing the recursive steps with that element being the first non-selected object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Chen, Shigang, Lee, Imin, Liker, Branimir, Bhattacharya, Partha
Primary Examiner(s)
Hailu; Tadeese
Assistant Examiner(s)
Riegler; Patrick F

Application Number

US11/354,796
Publication Number

US 20060156280A1
Time in Patent Office

2,009 Days
Field of Search

715/734, 715/735, 715/736, 715/737
US Class Current

715/734
CPC Class Codes

H04L 41/12 Discovery or management of ...

Method and apparatus for creating a network topograph that includes all select objects that are in a network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for creating a network topograph that includes all select objects that are in a network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links