Processing data packets using a policy based network path
First Claim
1. A computer-implemented method for processing a data packet using a policy based network path, the method comprising:
- receiving from a client, by a first policy enforcing point of a plurality of policy enforcing points, a data packet associated with a service session, each of the plurality of policy enforcing points being in communication with at least one network appliance of a plurality of network appliances, wherein each of the plurality of policy enforcing points is configured to send the data packet to the at least one network appliance of the plurality of network appliances, wherein each of the plurality of network appliances receives, from one of the plurality of policy enforcing points, the data packet processed by the one of the plurality of policy enforcing points, performs one or more operations on the data packet, and sends, upon the performing of the one or more operations, the data packet to the one of the plurality of policy enforcing points, the one or more operations including at least a network inspection, a load balancing, and a network control operation;
determining, by the first policy enforcing point, data packet information associated with the data packet;
determining, by the first policy enforcing point, the policy based network path for the data packet based on the determined data packet information and one or more packet processing criteria;
applying, by the first policy enforcing point, the one or more packet processing criteria to the data packet information to determine one or more further segments of a remaining portion of the policy based network path, the one or more further segments comprising at least one further policy enforcing point of the plurality of policy enforcing points; and
routing, based on the determination of the remaining portion of the policy based network path, by the first policy enforcing point, the data packet along the policy based network path via the at least one further policy enforcing point, wherein each of the plurality of policy enforcing points is configured to determine at least one segment of the policy based network path by applying the one or more packet processing criteria to the data packet information associated with the packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems are provided for processing data packets in a data network using a policy based network path. A policy enforcing point receives a data packet associated with a service session and routes it toward its destination along a network path which is determined according to data packet information and one or more packet processing criteria. The data packet information may include one or more of information associated with the packet, information associated with prior packets, and information obtained from a network computer. The network path may be selected from a database of network paths. The network path may include an order list of further policy enforcing points and corresponding network application appliances. The policy enforcing point may generate a new data packet based on the data packet and the policy based network path and send the new data packet to a next policy enforcing point.
-
Citations
20 Claims
-
1. A computer-implemented method for processing a data packet using a policy based network path, the method comprising:
-
receiving from a client, by a first policy enforcing point of a plurality of policy enforcing points, a data packet associated with a service session, each of the plurality of policy enforcing points being in communication with at least one network appliance of a plurality of network appliances, wherein each of the plurality of policy enforcing points is configured to send the data packet to the at least one network appliance of the plurality of network appliances, wherein each of the plurality of network appliances receives, from one of the plurality of policy enforcing points, the data packet processed by the one of the plurality of policy enforcing points, performs one or more operations on the data packet, and sends, upon the performing of the one or more operations, the data packet to the one of the plurality of policy enforcing points, the one or more operations including at least a network inspection, a load balancing, and a network control operation; determining, by the first policy enforcing point, data packet information associated with the data packet; determining, by the first policy enforcing point, the policy based network path for the data packet based on the determined data packet information and one or more packet processing criteria; applying, by the first policy enforcing point, the one or more packet processing criteria to the data packet information to determine one or more further segments of a remaining portion of the policy based network path, the one or more further segments comprising at least one further policy enforcing point of the plurality of policy enforcing points; and routing, based on the determination of the remaining portion of the policy based network path, by the first policy enforcing point, the data packet along the policy based network path via the at least one further policy enforcing point, wherein each of the plurality of policy enforcing points is configured to determine at least one segment of the policy based network path by applying the one or more packet processing criteria to the data packet information associated with the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for processing a data packet using a policy based network path, the system comprising:
-
a database operable to store one or more policy based network paths, the one or more policy based network paths comprising one or more segments including a plurality of policy enforcing points, wherein each of the plurality of policy enforcing points is in communication with at least one network appliance of a plurality of network appliances, wherein each of the plurality of policy enforcing points is configured to send the data packet to the at least one network appliance of the plurality of network appliances, wherein each of the plurality of network appliances receives, from one of the plurality of policy enforcing points, the data packet processed by the one of the plurality of policy enforcing points, performs one or more operations on the data packet, and sends, upon the performing of the one or more operations, the data packet to the one of the plurality of policy enforcing points, the one or more operations including at least a network inspection, a load balancing, and a network control operation; and a first policy enforcing point of the plurality of policy enforcing points operable to; receive the data packet associated with a service session; determine data packet information associated with the data packet; determine the policy based network path from the one or more policy based network paths stored in the database for the data packet based on the data packet information and one or more packet processing criteria; apply the one or more packet processing criteria to the data packet information to determine one or more further segments of a remaining portion of the policy based network path, the one or more further segments comprising at least one further policy enforcing point of the plurality of policy enforcing points; and route, based on the determination of the remaining portion of the policy based network path, the data packet along the policy based network path via the at least one further policy enforcing point, wherein each of the plurality of policy enforcing points is configured to determine at least one segment of the policy based network path by applying the one or more packet processing criteria to the data packet information associated with the packet. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising computer readable code, which when executed by one or more processors, implements a method for processing a data packet using a policy based network path, the method comprising:
-
receiving from a client, by a first policy enforcing point of a plurality of policy enforcing points, a data packet associated with a service session, each of the plurality of policy enforcing points being in communication with at least one network appliance of a plurality of network appliances, wherein each of the plurality of policy enforcing points is configured to send the data packet to the at least one network appliance of the plurality of network appliances, wherein each of the plurality of network appliances receives, from one of the plurality of policy enforcing points, the data packet processed by the one of the plurality of policy enforcing points, performs one or more operations on the data packet, and sends, upon the performing of the one or more operations, the data packet to the one of the plurality of policy enforcing points, the one or more operations including at least a network inspection, a load balancing, and a network control operation; determining, by the first policy enforcing point, data packet information associated with the packet and the policy based network path based on the data packet information and one or more packet processing criteria; applying, by the first policy enforcing point, the one or more packet processing criteria to the data packet information to determine one or more further segments of a remaining portion of the policy based network path, the one or more further segments comprising at least one further policy enforcing point of the plurality of policy enforcing points; and routing, based on the determination of the remaining portion of the policy based network path, by the first policy enforcing point, the data packet along the policy based network path via the at least one further policy enforcing point, wherein each of the plurality of policy enforcing points is configured to determine at least one segment of the policy based network path by applying the one or more packet processing criteria to the data packet information associated with the packet.
-
Specification