DNS or network metadata policy for network control

US 9,736,185 B1
Filed: 07/22/2015
Issued: 08/15/2017
Est. Priority Date: 04/21/2015
Status: Active Grant

First Claim

Patent Images

1. A system for a Domain Name System (DNS) or network metadata policy for network control, comprising:

a processor of a DNS or an IP Address Management (IPAM) server configured to;

receive a DNS or network metadata update at the DNS or IPAM server, wherein the DNS or network metadata update is determined to be relevant to the DNS or network metadata policy for network control, and wherein the DNS or network metadata policy for network control includes a policy based on Domain Name System (DNS) zones, subzones, DNS wildcards, or any combination thereof or metadata associated with network configuration data including network CIDR blocks, network ranges, IP addresses, DNS records, or any combination thereof;

send the DNS or network metadata update to a network controller for a network, wherein the network controller configures a plurality of network devices on the network based on the DNS or network metadata policy for network control, and wherein the sending of the DNS or network metadata update to the network controller to;

perform one or more of the following;

add an IP address to a set of IP addresses relevant to the policy or the metadata;

remove an IP address from the set of IP addresses relevant to the policy or the metadata;

add the set of IP addresses relevant to the policy or the metadata to an access control list;

ormove an IP address from a first set of IP addresses relevant to the policy or the metadata to a second set of IP addresses relevant to the policy or the metadata; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for configuring a network based on a Domain Name System (DNS) or network metadata policy for network control are disclosed. In some embodiments, a system, process, and/or computer program product for a DNS or network metadata policy for network control includes receiving a DNS or network metadata update at a DNS server (e.g., an authoritative or recursive DNS server) or an IP Address Management (IPAM) server, in which the DNS or network metadata update is determined to be relevant to the DNS or network metadata policy for network control; and sending the DNS or network metadata update to a network controller for a network, in which the network controller configures a plurality of network devices on the network based on the DNS or network metadata policy for network control.

52 Citations

View as Search Results

19 Claims

1. A system for a Domain Name System (DNS) or network metadata policy for network control, comprising:
- a processor of a DNS or an IP Address Management (IPAM) server configured to;
  
  receive a DNS or network metadata update at the DNS or IPAM server, wherein the DNS or network metadata update is determined to be relevant to the DNS or network metadata policy for network control, and wherein the DNS or network metadata policy for network control includes a policy based on Domain Name System (DNS) zones, subzones, DNS wildcards, or any combination thereof or metadata associated with network configuration data including network CIDR blocks, network ranges, IP addresses, DNS records, or any combination thereof;
  
  send the DNS or network metadata update to a network controller for a network, wherein the network controller configures a plurality of network devices on the network based on the DNS or network metadata policy for network control, and wherein the sending of the DNS or network metadata update to the network controller to;
  
  perform one or more of the following;
  
  add an IP address to a set of IP addresses relevant to the policy or the metadata;
  
  remove an IP address from the set of IP addresses relevant to the policy or the metadata;
  
  add the set of IP addresses relevant to the policy or the metadata to an access control list;
  
  ormove an IP address from a first set of IP addresses relevant to the policy or the metadata to a second set of IP addresses relevant to the policy or the metadata; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the network controller is a Software Defined Networking (SDN) network controller, and wherein the plurality of network devices includes physical, virtual, or SDN based routers and/or switches.
  - 3. The system of claim 1, wherein the plurality of network devices includes physical, virtual, or Software Defined Networking (SDN) based routers and/or switches, and wherein the network includes network devices from a plurality of different vendors.
  - 4. The system of claim 1, wherein the DNS server is an authoritative DNS server or a recursive DNS server.
  - 5. The system of claim 1, wherein the network controller subscribes to DNS or network metadata updates from the DNS or IPAM server.
  - 6. The system of claim 1, wherein the DNS or IPAM server publishes DNS or network metadata updates to the network controller.
  - 7. The system of claim 1, wherein the DNS or IPAM server communicates with the network controller via an Application Programming Interface (API).
  - 8. The system of claim 1, wherein the DNS or IPAM server communicates with the network controller via a messaging protocol.
  - 9. The system of claim 1, wherein the processor is further configured to:
    - determine whether the DNS or network metadata update is relevant to the DNS or network metadata policy for network control.
  - 10. The system of claim 1, wherein the sending of the DNS or network metadata update to the network controller to:
    - perform two or more of the following;
      
      add an IP address to a set of IP addresses relevant to the policy or the metadata;
      
      remove an IP address from the set of IP addresses relevant to the policy or the metadata;
      
      add the set of IP addresses relevant to the policy or the metadata to an access control list;
      
      ormove an IP address from a first set of IP addresses relevant to the policy or the metadata to a second set of IP addresses relevant to the policy or the metadata.
  - 11. The system of claim 1, wherein the sending of the DNS or network metadata update to the network controller to:
    - perform three or more of the following;
      
      add an IP address to a set of IP addresses relevant to the policy or the metadata;
      
      remove an IP address from the set of IP addresses relevant to the policy or the metadata;
      
      add the set of IP addresses relevant to the policy or the metadata to an access control list;
      
      ormove an IP address from a first set of IP addresses relevant to the policy or the metadata to a second set of IP addresses relevant to the policy or the metadata.

12. A method for a Domain Name System (DNS) or network metadata policy for network control, comprising:
- receiving a DNS or network metadata update at a DNS or IP Address Management (IPAM) server, wherein the DNS or network metadata update is determined to be relevant to the DNS or network metadata policy for network control, and wherein the DNS or network metadata policy for network control includes a policy based on Domain Name System (DNS) zones, subzones, DNS wildcards, or any combination thereof or metadata associated with network configuration data including network CIDR blocks, network ranges, IP addresses, DNS records, or any combination thereof;
  
  sending the DNS or network metadata update to a network controller for a network, wherein the network controller configures a plurality of network devices on the network based on the DNS or network metadata policy for network control, and wherein the sending of the DNS or network metadata update to the network controller to;
  
  perform one or more of the following;
  
  add an IP address to a set of IP addresses relevant to the policy or the metadata;
  
  remove an IP address from the set of IP addresses relevant to the policy or the metadata;
  
  add the set of IP addresses relevant to the policy or the metadata to an access control list;
  
  ormove an IP address from a first set of IP addresses relevant to the policy or the metadata to a second set of IP addresses relevant to the policy or the metadata.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein the DNS server is an authoritative DNS server or a recursive DNS server.
  - 14. The method of claim 12, wherein the network controller is a Software Defined Networking (SDN) network controller, wherein the plurality of network devices includes physical, virtual, or SDN based routers and/or switches, and wherein the network includes network devices from a plurality of different vendors.
  - 15. The method of claim 12, further comprising:
    - determining whether the DNS or network metadata update is relevant to the DNS or network metadata policy for network control.

16. A computer program product for a Domain Name System (DNS) or network metadata policy for network control, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
- receiving a DNS or network metadata update for a DNS or IP Address Management (IPAM) server, wherein the DNS or network metadata update is determined to be relevant to the DNS or network metadata policy for network control, and wherein the DNS or network metadata policy for network control includes a policy based on Domain Name System (DNS) zones, subzones, DNS wildcards, or any combination thereof or metadata associated with network configuration data including network CIDR blocks, network ranges, IP addresses, DNS records, or any combination thereof;
  
  sending the DNS or network metadata update to a network controller for a network, wherein the network controller configures a plurality of network devices on the network based on the DNS or network metadata policy for network control, and wherein the sending of the DNS or network metadata update to the network controller to;
  
  perform one or more of the following;
  
  add an IP address to a set of IP addresses relevant to the policy or the metadata;
  
  remove an IP address from the set of IP addresses relevant to the policy or the metadata;
  
  add the set of IP addresses relevant to the policy or the metadata to an access control list;
  
  ormove an IP address from a first set of IP addresses relevant to the policy or the metadata to a second set of IP addresses relevant to the policy or the metadata.
- View Dependent Claims (17, 18, 19)
- - 17. The computer program product recited in claim 16, wherein the DNS server is an authoritative DNS server or a recursive DNS server.
  - 18. The computer program product recited in claim 16, wherein the network controller is a Software Defined Networking (SDN) network controller, wherein the plurality of network devices includes physical, virtual, or SDN based routers and/or switches, and wherein the network includes network devices from a plurality of different vendors.
  - 19. The computer program product recited in claim 16, further comprising computer instructions for:
    - determining whether the DNS or network metadata update is relevant to the DNS or network metadata policy for network control.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infoblox Incorporated
Original Assignee
Infoblox Incorporated
Inventors
Belamaric, John Dominic, Voss, John Charles, Eizadi, Soheil
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Sanders, Stephen

Application Number

US14/806,476
Time in Patent Office

755 Days
Field of Search

726 1
US Class Current
CPC Class Codes

H04L 41/20   Network management software...

H04L 61/4511   using domain name system [DNS]

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

DNS or network metadata policy for network control

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

DNS or network metadata policy for network control

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links