Integrating security server policies with optimized routing control

US 8,023,504 B2
Filed: 08/27/2008
Issued: 09/20/2011
Est. Priority Date: 08/27/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a first set of one or more control policies, from a control server of a network domain, at a routing master controller of the network domain, the routing master controller having a second set of one or more traffic policies used to determine optimal paths for directing traffic through the network domain;

generating a third set of one or more integrated policies at the routing master controller based on the first and second sets of policies;

classifying one or more traffic classes at the routing master controller; and

associating at least one optimal path with each of the one or more traffic classes at the routing master controller based on the third set of integrated policies.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a first set of one or more control policies at a control server of a network domain may be transmitted to a routing master controller of the network domain, which uses a second set of one or more traffic policies to determine optimal paths for directing traffic through the domain. The routing master controller may then generate a third set of one or more integrated policies based on the first and second sets of policies, e.g., based on the knowledge and policies of both the control server and the routing master controller.

Citations

21 Claims

1. A method, comprising:
- receiving a first set of one or more control policies, from a control server of a network domain, at a routing master controller of the network domain, the routing master controller having a second set of one or more traffic policies used to determine optimal paths for directing traffic through the network domain;
  
  generating a third set of one or more integrated policies at the routing master controller based on the first and second sets of policies;
  
  classifying one or more traffic classes at the routing master controller; and
  
  associating at least one optimal path with each of the one or more traffic classes at the routing master controller based on the third set of integrated policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - notifying one or more routers in the network domain of the at least one optimal path associated with each of the one or more traffic classes.
  - 3. The method of claim 2, further comprising:
    - receiving traffic at one of the routers;
      
      determining the traffic class of the traffic at the router; and
      
      routing the traffic at the router based on the traffic class and the associated optimal path received from the routing master controller.
  - 4. The method of claim 3, further comprising:
    - defining markings at the control server for traffic classes based on the first set of policies;
      
      transmitting the defined markings to one or more control agents; and
      
      marking traffic at the one or more control agents of the network domain based on the defined markings, wherein determining the traffic class at the router further comprises identifying the markings of the traffic.
  - 5. The method of claim 1, further comprising:
    - defining the traffic classes at the control server; and
      
      informing the routing master controller of the traffic classes for classification by the routing master controller.
  - 6. The method of claim 1, wherein the at least one optimal path conforms to the third set of integrated policies.
  - 7. The method of claim 1, wherein the optimal path is to a particular egress of the network domain.
  - 8. The method of claim 1, further comprising:
    - mapping one or more application streams to respective traffic classes at the routing master controller.
  - 9. The method of claim 8, further comprising:
    - transmitting information of one or more of the application streams from the control server to the routing master controller.
  - 10. The method of claim 9, wherein the information identifies the one or more application streams.
  - 11. The method of claim 8, further comprising:
    - learning about one or more of the application streams at the routing master controller.
  - 12. The method of claim 1, further comprising:
    - associating one or more policies based on hosts of traffic with the first set of control policies, wherein the generated third set of integrated policies comprise the one or more policies based on the hosts of traffic.

13. A method, comprising:
- receiving a first set of one or more control policies, from a control server of a network domain, at a routing master controller of the network domain, the routing master controller having a second set of one or more traffic policies used to determine optimal paths for directing traffic through the network domain; and
  
  generating a third set of one or more integrated policies at the routing master controller based on the first and second sets of policies,wherein generating the third set of integrated policies further comprises combining the first and second sets of policies.
- View Dependent Claims (14)
- - 14. The method of claim 13, further comprising:
    - determining that a particular policy of the first set of control policies conflicts with a particular policy of the second set of traffic policies; and
      
      in response, determining that the first set of control policies trump the second set of traffic policies and selecting the particular policy of the first set of control policies for use in generating the third set of integrated polices.

15. A method, comprising:
- receiving a first set of one or more control policies, from a control server of a network domain, at a routing master controller of the network domain, the routing master controller having a second set of one or more traffic policies used to determine optimal paths for directing traffic through the network domain;
  
  generating a third set of one or more integrated policies at the routing master controller based on the first and second sets of policies;
  
  detecting a security event based on the third set of integrated policies; and
  
  in response,performing a security action associated with the security event based on the third set of integrated policies.

16. A system, comprising:
- a control server of a network domain configured to determine a first set of one or more control policies;
  
  a routing master controller of the network domain configured to receive the first set of control policies from the control server, the routing master controller having a second set of one or more traffic policies used to determine optimal paths for directing traffic through the network domain, the routing master controller configured to generate a third set of one or more integrated policies based on the first and second sets of policies, classify one or more traffic classes, associate at least one optimal path with each of the one or more traffic classes based on the third set of integrated policies, and notify one or more routers in the network domain of the at least one optimal path associated with each of the one or more traffic classes; and
  
  wherein the one or more routers are configured to receive traffic, determine the traffic class of the traffic, and route the traffic based on the traffic class and the associated optimal path.

17. An apparatus, comprising:
- one or more network interfaces configured to communicate with a control server and one or more routers of a network domain;
  
  a processor coupled to the network interfaces and configured to execute one or more processes; and
  
  a memory configured to store a routing master controller process executable by the processor, the routing master controller process, when executed, operable to;
  
  receive a first set of one or more control policies from the control server, use a second set of one or more traffic policies to determine optimal paths for directing traffic through the network domain, generate a third set of one or more integrated policies based on the first and second sets of policies, classify one or more traffic classes, and associate at least one optimal path with each of the one or more traffic classes based on the third set of integrated policies.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus as in claim 17, wherein the routing master controller process, when executed, is further operable to:
    - notify the one or more routers in the network domain of the at least one optimal path associated with each of the one or more traffic classes.
  - 19. The apparatus as in claim 18, wherein the one or more routers are configured to receive traffic and to route traffic based on a traffic class and an associated optimal path.
  - 20. The apparatus as in claim 17, wherein the routing master controller process, when executed, is operable to generate the third set of one or more integrated policies based on the first and second sets of policies by combining the first and second sets of policies.

21. An apparatus, comprising:
- means for receiving a first set of one or more control policies, from a control server of a network domain;
  
  means for maintaining a second set of one or more traffic policies used to determine optimal paths for directing traffic through the network domain;
  
  means for generating a third set of one or more integrated policies based on the first and second sets of policies;
  
  means for classifying one or more traffic classes; and
  
  means for associating at least one optimal path with each of the one or more traffic classes based on the third set of integrated policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Shah, Pritam, Lynn, Kerry E., Patel, Rahul G.
Primary Examiner(s)
ABELSON, RONALD B

Application Number

US12/199,496
Publication Number

US 20100054241A1
Time in Patent Office

1,119 Days
Field of Search

370/389, 370/395.31, 370/398, 709/244
US Class Current

370/389
CPC Class Codes

H04L 45/00   Routing or path finding of ...

H04L 45/30   Routing of multiclass traffic

H04L 45/42   Centralised routing

H04L 45/70   Routing based on monitoring...

Integrating security server policies with optimized routing control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Integrating security server policies with optimized routing control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links