Systems and methods for configuring policy bank invocations
First Claim
1. A method for configuring flow control among policy groups used in a network device processing a packet stream, the method comprising:
- (a) providing a configuration interface, executing on a device, identifying a plurality of policy groups for configuring a network device, each of the plurality of policy groups comprising policies to be processed consecutively;
(b) identifying, by the configuration interface, a first policy of a first policy group of the plurality of policy groups;
the first policy of a first policy group specifying a rule comprising an object-oriented expression that evaluates a portion of a network packet;
(c) receiving, via the configuration interface, information identifying a second policy group of the plurality of policy groups to be processed based on an evaluation of the expression of the rule of the first policy in the first policy group;
(d) evaluating the portion of the network packet using the object-oriented expression; and
;
(e) processing the second policy group based on the evaluation of the expression of the rule of the first policy in the first policy group.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups.
205 Citations
18 Claims
-
1. A method for configuring flow control among policy groups used in a network device processing a packet stream, the method comprising:
-
(a) providing a configuration interface, executing on a device, identifying a plurality of policy groups for configuring a network device, each of the plurality of policy groups comprising policies to be processed consecutively; (b) identifying, by the configuration interface, a first policy of a first policy group of the plurality of policy groups;
the first policy of a first policy group specifying a rule comprising an object-oriented expression that evaluates a portion of a network packet;(c) receiving, via the configuration interface, information identifying a second policy group of the plurality of policy groups to be processed based on an evaluation of the expression of the rule of the first policy in the first policy group; (d) evaluating the portion of the network packet using the object-oriented expression; and
;(e) processing the second policy group based on the evaluation of the expression of the rule of the first policy in the first policy group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for configuring flow control among policy groups used in a network device processing a packet stream, the system comprising:
-
a configuration interface executing on a computing device, the configuration interface to; identify a first policy of a first policy group of a plurality of policy groups configured for a network device, each of the plurality of policy groups comprising policies to be processed consecutively, the first policy specifying a rule comprising a first object-oriented expression that evaluates a portion of a network packet; and receive information identifying a second policy group of the plurality of policy groups to be processed based on an evaluation of the first expression of the rule of the first policy group; the network device to; evaluate the portion of the network packet using the object-oriented expression; and; process the second policy group based on the evaluation of the expression of the rule of the first policy in the first policy group. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification