Processing data packets using a policy based network path
First Claim
1. A system for processing a data packet using a policy-based network path, the system comprising:
- a policy enforcing point that;
receives, from a client, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets;
determines data packet information associated with the data packet;
based on the data packet information and one or more packet processing criteria, selects the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, the policy-based network path including an order list of the plurality of network application appliances associated with a plurality of policy enforcing points;
based on the order list of the plurality of network application appliances, sends the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point;
receives the data packet back from the first network application appliance upon processing the data packet by the network application appliance;
based on the determination of the policy-based network path, generates a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; and
routes the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet; and
the database configured to store the plurality of policy-based network paths.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are methods and systems for processing data packets in a data network using a policy-based network path. The method may commence with receiving the data packet associated with a service session from a client. The method may continue with determining data packet information associated with the data packet. The method may further include determining the policy-based network path for the data packet based on the data packet information and one or more packet processing criteria. The method may continue with routing, based on the determination of the policy-based network path, the data packet along the policy-based network path.
1 Citation
19 Claims
-
1. A system for processing a data packet using a policy-based network path, the system comprising:
-
a policy enforcing point that; receives, from a client, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets; determines data packet information associated with the data packet; based on the data packet information and one or more packet processing criteria, selects the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, the policy-based network path including an order list of the plurality of network application appliances associated with a plurality of policy enforcing points; based on the order list of the plurality of network application appliances, sends the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point; receives the data packet back from the first network application appliance upon processing the data packet by the network application appliance; based on the determination of the policy-based network path, generates a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; and routes the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet; and the database configured to store the plurality of policy-based network paths. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for processing a data packet using a policy-based network path, the method comprising:
-
receiving from a client, by a policy enforcing point, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets; determining, by the policy enforcing point, data packet information associated with the data packet; based on the data packet information and one or more packet processing criteria, selecting, by the policy enforcing point, the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, the policy-based network path including an order list of the plurality of network application appliances associated with a plurality of policy enforcing points; based on the order list of the plurality of network application appliances, sending, by the policy enforcing point, the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point; receiving, by the policy enforcing point, the data packet back from the first network application appliance upon processing the data packet by the network application appliance; based on the determination of the policy-based network path, generating a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; and routing, by the policy enforcing point, the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for processing a data packet using a policy-based network path, the system comprising:
-
a policy enforcing point that; receives, from a client, the data packet associated with a service session, the policy enforcing point being associated with a plurality of network application appliances configured to process data packets; determines data packet information associated with the data packet; based on the data packet information and one or more packet processing criteria, selects the policy-based network path for the data packet from a database storing the one or more packet processing criteria and a plurality of policy-based network paths, wherein the policy-based network path includes an order list of the plurality of network application appliances associated with a plurality of policy enforcing points, each of the plurality of policy enforcing points being in communication with at least one network application appliance of the plurality of network application appliances; based on the order list of the plurality of network application appliances, sends the data packet to a first network application appliance of the order list of the plurality of network application appliances, the first network application appliance being associated with the policy enforcing point; receives the data packet back from the first network application appliance upon processing the data packet by the network application appliance; and based on the determination of the policy-based network path, generates a further data packet by encapsulating the data packet and the policy-based network path into the further data packet; and routes the further data packet to a further policy enforcing point of the plurality of policy enforcing points in the policy-based network path, the further data packet being routed through the plurality of policy enforcing points according to the order list, wherein the further policy enforcing point determines the policy-based network path by retrieving the policy-based network path from the further data packet; and the database configured to store the plurality of policy-based network paths.
-
Specification