Policy service system architecture for sessions created using STUN
First Claim
1. A method of setting connection policies for a plurality of network paths from a first endpoint to a second endpoint, the method comprising:
- receiving, by a server, a first set of candidate network addresses of the first endpoint and a second set of candidate network addresses of the second endpoint;
generating a plurality of candidate network address pairs, wherein each of the plurality of candidate network address pairs comprises a candidate network address of the first set of candidate network addresses paired with a candidate network address of the second set of candidate network addresses;
associating a network path with each candidate network address pair of the plurality of candidate network address pairs;
setting a connection policy for each associated network path of the plurality of associated network paths;
receiving session data comprising information regarding a requested session between the first endpoint and the second endpoint;
identifying an allowable network path, comprising one of;
determining that at least one associated network path has a connection policy supporting the requested session; and
determining that none of the plurality of associated network paths has a connection policy supporting the requested session between the first endpoint and the second endpoint, wherein identifying the allowable network path further comprises;
receiving revised session data comprising revised information regarding the requested session between the first endpoint and the second endpoint, anddetermining that at least one associated network path has a connection policy supporting the requested session;
upon identifying the allowable network path, establishing the requested session between the first endpoint and the second endpoint using the allowable network path; and
monitoring the established requested session to determine compliance with the connection policy associated with the allowable network path used for the established requested session.
1 Assignment
0 Petitions
Accused Products
Abstract
Described herein are embodiments for setting, managing, and monitoring connection policies for a plurality of network paths from a first endpoint to a second endpoint. In embodiments, a set of candidate addresses from a first endpoint and a set of candidate addresses from a second endpoint are received. Each candidate address of the first endpoint is paired with each candidate address of the second endpoint to create a plurality of candidate address pairs. Each candidate address pair has an associated network path. The network path is the route by which data flows to and from the various endpoints. Once all network paths between each candidate address pair have been determined, a connection policy is set for each network address pair and the associated network path.
40 Citations
16 Claims
-
1. A method of setting connection policies for a plurality of network paths from a first endpoint to a second endpoint, the method comprising:
-
receiving, by a server, a first set of candidate network addresses of the first endpoint and a second set of candidate network addresses of the second endpoint; generating a plurality of candidate network address pairs, wherein each of the plurality of candidate network address pairs comprises a candidate network address of the first set of candidate network addresses paired with a candidate network address of the second set of candidate network addresses; associating a network path with each candidate network address pair of the plurality of candidate network address pairs; setting a connection policy for each associated network path of the plurality of associated network paths; receiving session data comprising information regarding a requested session between the first endpoint and the second endpoint; identifying an allowable network path, comprising one of; determining that at least one associated network path has a connection policy supporting the requested session; and determining that none of the plurality of associated network paths has a connection policy supporting the requested session between the first endpoint and the second endpoint, wherein identifying the allowable network path further comprises; receiving revised session data comprising revised information regarding the requested session between the first endpoint and the second endpoint, and determining that at least one associated network path has a connection policy supporting the requested session; upon identifying the allowable network path, establishing the requested session between the first endpoint and the second endpoint using the allowable network path; and monitoring the established requested session to determine compliance with the connection policy associated with the allowable network path used for the established requested session. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer storage medium not consisting of a modulated signal and encoding computer executable instructions that when executed by a processor perform a method for setting connection policies for a plurality of network paths from a first endpoint to a second endpoint, the method comprising:
-
receiving, by a server, a first set of candidate network addresses of the first endpoint and a second set of candidate network addresses of the second endpoint; generating a plurality of candidate network address pairs, wherein each of the plurality of candidate network address pairs comprises a candidate network address of the first set of candidate network addresses paired with a candidate network address of the second set of candidate network addresses; associating a network path with each candidate network address pair of the plurality of candidate network address pairs; setting a connection policy for each associated network path of the plurality of associated network paths; receiving session data comprising information regarding a requested session between the first endpoint and the second endpoint; identifying an allowable network path, comprising one of; determining that at least one associated network path has a connection policy supporting the requested session; and determining that none of the plurality of associated network paths has a connection policy supporting the requested session between the first endpoint and the second endpoint, wherein identifying the allowable network path further comprises; receiving revised session data comprising revised information regarding the requested session between the first endpoint and the second endpoint, and determining that at least one associated network path has a connection policy supporting the requested session; upon identifying the allowable network path, establishing the requested session between the first endpoint and the second endpoint using the allowable network path; and monitoring the established requested session to determine compliance with the connection policy associated with the allowable network path used for the established requested session. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer system comprising:
-
at least one processor; at least one memory, communicatively coupled to the at least one processor and containing computer-readable instructions that when executed by the at least one processor perform a method for setting connection policies for a plurality of network paths from a first endpoint to a second endpoint, the method comprising; receiving, by a server, a first set of candidate network addresses of the first endpoint and a second set of candidate network addresses of the second endpoint; generating a plurality of candidate network address pairs, wherein each of the plurality of candidate network address pairs comprises a candidate network address of the first set of candidate network addresses paired with a candidate network address of the second set of candidate network addresses; associating a network path with each candidate network address pair of the plurality of candidate network address pairs; setting a connection policy for each associated network path of the plurality of associated network paths; receiving session data comprising information regarding a requested session between the first endpoint and the second endpoint; identifying an allowable network path, comprising one of; determining that at least one associated network path has a connection policy supporting the requested session; and determining that none of the plurality of associated network paths has a connection policy supporting the requested session between the first endpoint and the second endpoint, wherein identifying the allowable network path further comprises; receiving revised session data comprising revised information regarding the requested session between the first endpoint and the second endpoint, and determining that at least one associated network path has a connection policy supporting the requested session; upon identifying the allowable network path, establishing the requested session between the first endpoint and the second endpoint using the allowable network path; and monitoring the established requested session to determine compliance with the connection policy associated with the allowable network path used for the established requested session. - View Dependent Claims (14, 15, 16)
-
Specification