Systems and methods for configuring policy bank invocations
First Claim
1. A method of processing groups of policies, the method comprising:
- (a) establishing, by a device, a first group of policies and a second group of policies to apply to packets received by the device, a policy of the first group of policies identifying an action to apply the second group of policies subsequent to processing of the policy of the first group of policies, wherein the establishing step comprises receiving, by the device, configuration of the policy of the first group of policies to have the action of the policy to apply the second group of policies upon evaluation to true of an expression of the policy;
(b) applying, by the device, one or more policies of the first group of policies to a packet in an execution order;
(c) determining, by the device, to apply the second group of policies to the packet responsive to evaluation of the policy of the first group of policies identifying the action to apply the second group of policies, wherein the determining step further comprises evaluating an expression of the policy of the first group of policies to the packet, a result of the evaluation identifying to take the action of applying the second group of policies; and
(d) applying, by the device, responsive to the determination and after processing of the policy of the first group of policies, one or more policies of the second group of policies to the packet.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
208 Citations
14 Claims
-
1. A method of processing groups of policies, the method comprising:
-
(a) establishing, by a device, a first group of policies and a second group of policies to apply to packets received by the device, a policy of the first group of policies identifying an action to apply the second group of policies subsequent to processing of the policy of the first group of policies, wherein the establishing step comprises receiving, by the device, configuration of the policy of the first group of policies to have the action of the policy to apply the second group of policies upon evaluation to true of an expression of the policy; (b) applying, by the device, one or more policies of the first group of policies to a packet in an execution order; (c) determining, by the device, to apply the second group of policies to the packet responsive to evaluation of the policy of the first group of policies identifying the action to apply the second group of policies, wherein the determining step further comprises evaluating an expression of the policy of the first group of policies to the packet, a result of the evaluation identifying to take the action of applying the second group of policies; and (d) applying, by the device, responsive to the determination and after processing of the policy of the first group of policies, one or more policies of the second group of policies to the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system of processing groups of policies, the system comprising:
-
a device configured to establish a first group of policies and a second group of policies to apply to packets received by the device, a policy of the first group of policies identifying an action to apply the second group of policies subsequent to processing of the policy of the first group of policies, wherein the device is further configured to receive configuration of the policy of the first group of policies to have the action of the policy to apply the second group of policies upon evaluation to true of an expression of the policy; wherein the device is configured to apply one or more policies of the first group of policies to a packet in an execution order; and wherein the device is configured to determine to apply the second group of policies to the packet responsive to evaluation of the policy of the first group of policies identifying the action to apply the second group of policies, wherein the device is further configured to evaluate an expression of the policy of the first group of policies to the packet, a result of the evaluation identifying to take the action of applying the second group of policies; and wherein the device is configured to apply, responsive to the determination and after processing of the policy of the first group of policies, one or more policies of the second group of policies to the packet. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification