Systems and methods for configuring policy bank invocations

US 9,450,837 B2
Filed: 12/16/2013
Issued: 09/20/2016
Est. Priority Date: 03/12/2007
Status: Active Grant

First Claim

Patent Images

1. A method of processing groups of policies, the method comprising:

(a) establishing, by a device, a first group of policies and a second group of policies to apply to packets received by the device, a policy of the first group of policies identifying an action to apply the second group of policies subsequent to processing of the policy of the first group of policies, wherein the establishing step comprises receiving, by the device, configuration of the policy of the first group of policies to have the action of the policy to apply the second group of policies upon evaluation to true of an expression of the policy;

(b) applying, by the device, one or more policies of the first group of policies to a packet in an execution order;

(c) determining, by the device, to apply the second group of policies to the packet responsive to evaluation of the policy of the first group of policies identifying the action to apply the second group of policies, wherein the determining step further comprises evaluating an expression of the policy of the first group of policies to the packet, a result of the evaluation identifying to take the action of applying the second group of policies; and

(d) applying, by the device, responsive to the determination and after processing of the policy of the first group of policies, one or more policies of the second group of policies to the packet.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.

208 Citations

14 Claims

1. A method of processing groups of policies, the method comprising:
- (a) establishing, by a device, a first group of policies and a second group of policies to apply to packets received by the device, a policy of the first group of policies identifying an action to apply the second group of policies subsequent to processing of the policy of the first group of policies, wherein the establishing step comprises receiving, by the device, configuration of the policy of the first group of policies to have the action of the policy to apply the second group of policies upon evaluation to true of an expression of the policy;
  
  (b) applying, by the device, one or more policies of the first group of policies to a packet in an execution order;
  
  (c) determining, by the device, to apply the second group of policies to the packet responsive to evaluation of the policy of the first group of policies identifying the action to apply the second group of policies, wherein the determining step further comprises evaluating an expression of the policy of the first group of policies to the packet, a result of the evaluation identifying to take the action of applying the second group of policies; and
  
  (d) applying, by the device, responsive to the determination and after processing of the policy of the first group of policies, one or more policies of the second group of policies to the packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein step (a) further comprises receiving, by the device, configuration of the first group of policies and the second group of policies.
  - 3. The method of claim 1, wherein step (d) further comprises changing, by the device responsive to the determination, a flow of execution of applying the first group of policies to applying the second group of policies.
  - 4. The method of claim 1, further comprising determining, by the device, that evaluation of a second policy of the second group identifies a second action to apply a third group of policies to the packet.
  - 5. The method of claim 1, further comprising determining, by the device, that evaluation of a second policy of the second group identifies a section action to apply a third policy of the first group of policies to apply to the packet.
  - 6. The method of claim 1, further comprising determining, by the device, that evaluation of a second policy of the second group identifies a second action to halt execution of applying policies to the packet.
  - 7. The method of claim 1, further comprising executing, by the device, a plurality of actions collected in a list resulting from evaluation of policies from the first group and the second group of policies to the packet.

8. A system of processing groups of policies, the system comprising:
- a device configured to establish a first group of policies and a second group of policies to apply to packets received by the device, a policy of the first group of policies identifying an action to apply the second group of policies subsequent to processing of the policy of the first group of policies, wherein the device is further configured to receive configuration of the policy of the first group of policies to have the action of the policy to apply the second group of policies upon evaluation to true of an expression of the policy;
  
  wherein the device is configured to apply one or more policies of the first group of policies to a packet in an execution order; and
  
  wherein the device is configured to determine to apply the second group of policies to the packet responsive to evaluation of the policy of the first group of policies identifying the action to apply the second group of policies, wherein the device is further configured to evaluate an expression of the policy of the first group of policies to the packet, a result of the evaluation identifying to take the action of applying the second group of policies; and
  
  wherein the device is configured to apply, responsive to the determination and after processing of the policy of the first group of policies, one or more policies of the second group of policies to the packet.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the device is further configured to receive configuration of the first group of policies and the second group of policies.
  - 10. The system of claim 8, wherein the device is further configured to change, responsive to the determination, a flow of execution of applying the first group of policies to applying the second group of policies.
  - 11. The system of claim 8, wherein the device is further configured to determine that evaluation of a second policy of the second group identifies a second action to apply a third group of policies to the packet.
  - 12. The system of claim 8, wherein the device is further configured to determine that evaluation of a second policy of the second group identifies a section action to apply a third policy of the first group of policies to apply to the packet.
  - 13. The system of claim 8, wherein the device is further configured to determine that evaluation of a second policy of the second group identifies a second action to halt execution of applying policies to the packet.
  - 14. The system of claim 8, wherein the device is further configured to execute a plurality of actions collected in a list resulting from evaluation of policies from the first group and the second group of policies to the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Khemani, Prakash, Bandekar, Vishal
Primary Examiner(s)
Nguyen, Quang N

Application Number

US14/107,386
Publication Number

US 20140108635A1
Time in Patent Office

1,009 Days
Field of Search

709/203, 709/204, 709/217, 709/219, 709/223, 709/224, 709/225, 709/226, 709/232, 709/238, 707/600, 707/648, 716/1, 716/153
US Class Current

1/1
CPC Class Codes

H04L 41/50 Network service management,...

H04L 63/20 for managing network securi...

Systems and methods for configuring policy bank invocations

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

208 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for configuring policy bank invocations

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

208 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others