Vendor-neutral policy based mechanism for enabling firewall service in an MPLS-VPN service network

US 8,914,868 B2
Filed: 03/03/2006
Issued: 12/16/2014
Est. Priority Date: 03/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning firewalls in one or more networks comprising:

creating a vendor-neutral firewall policy;

selecting one of the one or more networks that requires provisioning a vendor-neutral firewall;

transforming the created vendor-neutral firewall policy to a vendor-specific firewall policy as a function of the selected one of the one or more networks; and

uploading the vendor-specific firewall policy to at least one router of the selected one of the one or more networks.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique that simplifies managing and configuring firewalls by provisioning a vendor-neutral firewall in an MPLS-VPN service network. In one example embodiment, this is accomplished by creating a vendor-neutral firewall policy using a service activation tool residing in a host server. One of the one or more VPNs requiring the provisioning of the vendor-neutral firewall in the MPLS-VPN service network is then selected. The created vendor-neutral firewall policy is then transformed to form a vendor-specific firewall policy associated with the selected one of the one or more VPNs.

Citations

21 Claims

1. A method for provisioning firewalls in one or more networks comprising:
- creating a vendor-neutral firewall policy;
  
  selecting one of the one or more networks that requires provisioning a vendor-neutral firewall;
  
  transforming the created vendor-neutral firewall policy to a vendor-specific firewall policy as a function of the selected one of the one or more networks; and
  
  uploading the vendor-specific firewall policy to at least one router of the selected one of the one or more networks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein selecting one of the one or more networks comprises:
    - selecting one or more virtual private networks (VPNs) that requires provisioning a vendor-neutral firewall, wherein the one or more firewalls are associated with the one or more VPNs in a multi-protocol label switching (MPLS)-VPN service network.
  - 3. The method of claim 1, wherein transforming the created vendor-neutral firewall policy comprises:
    - transforming the created vendor-neutral firewall policy to a vendor-specific firewall policy as a function of the selected one of the one or more VPNs.
  - 4. The method of claim 3, wherein, in creating the vendor-neutral firewall policy, a service activation tool comprises:
    - a generic graphical user interface tool that facilitates in configuring the vendor-neutral firewall policy.
  - 5. The method of claim 3, wherein creating the vendor-neutral firewall policy comprises:
    - forming one or more access control lists (ACLs) in a vendor-neutral format using a service activation tool for each firewall; and
      
      configuring one or more fix-up rules associated with the formed one or more ACLs in a vendor-neutral format using the service activation tool for each firewall.
  - 6. The method of claim 5, wherein, in forming the one or more ACLs, each of the ACLs comprises one or more access control entries (ACEs).
  - 7. The method of claim 6, further comprising:
    - rearranging the sequence of processing each of the formed one or more ACEs associated with an ACL as a function of a customer specified order of firewall processing using a simple user friendly graphical user interface tool.
  - 8. The method of claim 3, wherein, in transforming the created vendor-neutral firewall policy to a vendor-specific firewall policy, the vendor-specific firewall policy comprises vendor-specific commands.
  - 9. The method of claim 3, further comprising:
    - uploading the formed vendor-specific firewall policy into a provider edge (PE) router associated with the selected one of the one or more VPNs.
  - 10. The method of claim 1, wherein creating the vendor-neutral firewall policy comprises:
    - creating the vendor-neutral firewall policy using a service activation tool.

11. A computer-readable storage medium having instructions stored thereon such that said instructions, when executed by a computing platform, result in execution of a method for provisioning one or more firewalls associated with one or more Virtual Private Networks (VPNs) in a Multi-Protocol Label Switching-Virtual Private Network (MPLS-VPN) service network comprising:
- creating a vendor-neutral firewall policy;
  
  selecting one of the one or more VPNs that requires provisioning a vendor-neutral firewall; and
  
  transforming the created vendor-neutral firewall policy to a vendor-specific firewall policy as a function of the selected one of the one or more VPNs.

12. A Multi-Protocol Label Switching-Virtual Private Network (MPLS-VPN) service network comprising:
- a service activation tool residing in a host computer; and
  
  one or more Virtual Private Networks (VPNs) that comprise;
  
  one or more provider edge routers (PEs) that are coupled to a MPLS-VPN network; and
  
  one or more associated customer edge routers (CEs) that are coupled to the associated PEs, wherein the service activation tool is coupled to the one or more PEs that create a vendor-neutral firewall policy, wherein the service activation tool selects one or more VPNs that require provisioning a vendor-neutral firewall, and wherein the service activation tool transforms the created vendor-neutral firewall policy to a vendor-specific firewall policy as a function of the selected one of the one or more VPNs.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The service network of claim 12, wherein the service activation tool comprises:
    - a generic graphical user interface tool that facilitates in creating the vendor-neutral firewall policy.
  - 14. The service network of claim 13, wherein the service activation tool forms one or more Access Control Lists (ACLs) in a vendor-neutral format using the service activation tool for each firewall, and wherein the service activation tool configures one or more fix-up rules associated with the one or more ACLs in a vendor-neutral format for each firewall.
  - 15. The service network of claim 14, wherein each ACL comprises one or more one or more Access Control Entries (ACEs).
  - 16. The service network of claim 15, wherein the service activation tool rearranges sequence of processing of each formed ACE as a function of a customer specified order of firewall processing.
  - 17. The service network of claim 12, wherein the network configuration management tool uploads the formed vendor-specific firewall policy into one or more PEs associated with the selected VPN.

18. A computer system comprising:
- a computer network, wherein the computer network has a plurality of network elements, and wherein the plurality of network elements has a plurality of network interfaces;
  
  a network interface;
  
  an input module coupled to the network interface that receives topology data via the network interface;
  
  a processing unit; and
  
  a memory coupled to the processor, the memory having stored therein code associated with provisioning one or more firewalls associated with one or more Virtual Private Networks (VPNs) in a Multi-Protocol Label Switching-Virtual Private Network (MPLS-VPN) service network, the code causes the processor to perform a method comprising;
  
  creating a vendor-neutral firewall policy;
  
  selecting one of the one or more VPNs that requires provisioning a vendor-neutral firewall; and
  
  transforming the created vendor-neutral firewall policy to a vendor-specific firewall policy as a function of the selected one of the one or more VPNs.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18, wherein, in creating the vendor-neutral firewall policy, a service activation tool comprises:
    - a generic graphical user interface tool that facilitates in configuring the vendor-neutral firewall policy.
  - 20. The system of claim 18, wherein creating the vendor-neutral firewall policy comprises:
    - forming one or more access control lists (ACLs) in a vendor-neutral format using a service activation tool for each firewall; and
      
      configuring one or more fix-up rules associated with the formed one or more ACLs in a vendor-neutral format using the service activation tool for each firewall.
  - 21. The system of claim 20, wherein, in forming the one or more ACLs, each of the ACLs comprises one or more access control entries (ACEs).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Anantharamiah, Prasanna, Skaria, Jimmi, Chekka, Venkata Raghavan, Kumar, Vinodh T K
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US11/367,653
Publication Number

US 20070209058A1
Time in Patent Office

3,210 Days
Field of Search

726/1, 726/4, 726/6, 726 11- 15, 713153-154, 705/79, 709238-244, 370/254, 370/338
US Class Current

726/11
CPC Class Codes

H04L 41/0806   for initial configuration o...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

Vendor-neutral policy based mechanism for enabling firewall service in an MPLS-VPN service network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Vendor-neutral policy based mechanism for enabling firewall service in an MPLS-VPN service network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links