Managing command compliance in internetworking devices
First Claim
1. An apparatus, comprising:
- one or more network interfaces configured to couple to a data network for sending and receiving one or more packets;
one or more processors;
a switching system and packet forwarding logic, wherein the switching system is coupled to the one or more processors, wherein the switching system and packet forwarding logic are configured to send and receive packets on the one or more network interfaces;
a non-transitory computer-readable storage medium storing one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform;
receiving a command to configure the apparatus;
sending, from the apparatus over a network to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes all or part of the command and wherein each compliance policy of the one or more compliance policies includes a rule specifying one or more required device commands or parameters that must be configured on the apparatus before executing the command;
sending, from the apparatus over the network to the compliance server, a copy of a then-currently running configuration for the apparatus, wherein the compliance server is configured to use the copy of the runninguration to determine whether the command would conform to the compliance policies when applied to the running configuration;
receiving, over the network at the apparatus, a compliance response from the compliance server;
in response to determining whether the compliance response indicates success, executing the command at the apparatus only when the compliance response indicates that the command conforms to the one or more compliance policies.
1 Assignment
0 Petitions
Accused Products
Abstract
In an embodiment, an internetworking device is configured with compliance proxy logic that is configured for sending, to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes the command; receiving a compliance response from the compliance server; in response to determining whether the compliance response indicates success, executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies. Thus the device can determine actively whether a proposed user command or configuration change will violate established standards or policies, before the command or change is applied to the device.
-
Citations
26 Claims
-
1. An apparatus, comprising:
-
one or more network interfaces configured to couple to a data network for sending and receiving one or more packets; one or more processors; a switching system and packet forwarding logic, wherein the switching system is coupled to the one or more processors, wherein the switching system and packet forwarding logic are configured to send and receive packets on the one or more network interfaces; a non-transitory computer-readable storage medium storing one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform; receiving a command to configure the apparatus; sending, from the apparatus over a network to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes all or part of the command and wherein each compliance policy of the one or more compliance policies includes a rule specifying one or more required device commands or parameters that must be configured on the apparatus before executing the command; sending, from the apparatus over the network to the compliance server, a copy of a then-currently running configuration for the apparatus, wherein the compliance server is configured to use the copy of the runninguration to determine whether the command would conform to the compliance policies when applied to the running configuration; receiving, over the network at the apparatus, a compliance response from the compliance server; in response to determining whether the compliance response indicates success, executing the command at the apparatus only when the compliance response indicates that the command conforms to the one or more compliance policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium storing one or more stored sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform:
-
receiving, at an internetworking device, a command to configure the internetworking device; sending, from the internetworking device over a network to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes all or part of the command and wherein each compliance policy of the one or more compliance policies includes a rule specifying one or more required device commands or parameters that must be configured on the internetworking device before executing the command; sending, from the internetworking device over the network to the compliance server, a copy of a then currently running configuration for the internetworking device, wherein the compliance server is configured to use the copy of the running configuration to determine whether the command would conform to the compliance policies when applied to the running configuration; receiving, over the network at the internetworking device a compliance response from the compliance server; in response to determining whether the compliance response indicates success, executing the command at the internetworking device only when the compliance response indicates that the command conforms to the one or more compliance policies. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
receiving, at an internetworking device, a command to configure the internetworking device; sending, from the internetworking device over a network to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes all or part of the command and wherein each compliance policy of the one or more compliance policies includes a rule specifying one or more required device commands or parameters that must be configured on the internetworking device before executing the command; sending, from the internetworking device over the network to the compliance server, a copy of a then-currently running configuration for the internetworking device, wherein the compliance server is configured to use the copy of the running configuration to determine whether the command would conform to the compliance policies when applied to the running configuration; receiving, over the network at the internetworking device a compliance response from the compliance server; in response to determining whether the compliance response indicates success, executing the command at the internetworking device only when the compliance response indicates that the command conforms to the one or more compliance policies. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification