Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS20030067874 A1
Publication typeApplication
Application numberUS 10/127,167
Publication date10 Apr 2003
Filing date22 Apr 2002
Priority date10 Oct 2001
Also published asDE60217253D1, DE60217253T2, DE60224629D1, EP1303079A2, EP1303079A3, EP1303079B1, EP1303087A2, EP1303087A3, EP1303087B1, US7339942, US20030076849
Publication number10127167, 127167, US 2003/0067874 A1, US 2003/067874 A1, US 20030067874 A1, US 20030067874A1, US 2003067874 A1, US 2003067874A1, US-A1-20030067874, US-A1-2003067874, US2003/0067874A1, US2003/067874A1, US20030067874 A1, US20030067874A1, US2003067874 A1, US2003067874A1
InventorsMichael See, David Morgan, Stephen Clawson, L. Goodwin
Original AssigneeSee Michael B., David Morgan, Stephen Clawson, Goodwin L. Michele
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Central policy based traffic management
US 20030067874 A1
Abstract
A switching node configuring different traffic management protocols via a single centralized set of policies. The switching node includes a central policy repository, a central policy engine, and a central management engine. The central policy repository stores a single set of policies used to manage a plurality of different traffic management protocols in a consistent and predictable manner. The different traffic management protocols may include QoS, NAT, ACL, and the like. The central policy engine evaluates inbound traffic flows based on the policies in the central policy repository, and configures one or more traffic management protocol entities based on a selected policy. The management engine configures and manages the single set of policies via a common set of commands helping to eliminate the danger of creating conflicting policies that may lead to unpredictable results.
Images(8)
Previous page
Next page
Claims(26)
What is claimed is:
1. A switching node in a data communications network, the switching node comprising:
an input receiving an inbound packet;
a repository storing a single set of policies for controlling a plurality of different traffic management protocols;
a policy engine coupled to the input and the repository, the policy engine evaluating the packet based on a policy selected from the single set of policies and configuring one or more traffic management protocol entities based on the selected policy; and
a management engine coupled to the repository and the policy engine, the management engine configuring and managing the single set of policies via a common set of commands.
2. The switching node of claim 1, wherein the single set of policies includes a policy identifying two or more actions for controlling two or more traffic management protocols.
3. The switching node of claim 1, wherein the single set of policies includes a first policy identifying a first action for controlling a first traffic management protocol and a second policy identifying a second action for controlling a second traffic management protocol.
4. The switching node of claim 1, wherein one of the traffic management protocols is quality of service.
5. The switching node of claim 1, wherein one of the traffic management protocols is access control.
6. The switching node of claim 1, wherein one of the traffic management protocols is address translation.
7. The switching node of claim 1 further comprising a policy cache coupled to the repository and the policy engine for storing a plurality of cached policies.
8. The switching node of claim 7, wherein the policy engine is configured to evaluate the packet based on the plurality of cached policies prior to evaluating the packet based on the policies in the repository.
9. The switching node of claim 8, wherein the central policy engine selects a cached policy as applicable to the packet if no other policies are stored in the repository that are also applicable to the packet but are different from the selected cached policy.
10. The switching node of claim 8, wherein if no match of a policy is found in the repository, the policy engine is configured to store in the policy cache a policy having a destination address of the packet and a default action.
11. The switching node of claim 8, wherein if a partial match of a policy is found in the repository, the policy engine is configured to store in the policy cache a policy having condition fields of the policy in the repository where the values of the condition fields are obtained from the packet, and a default action.
12. The switching node of claim 8, wherein if a complete match of a policy is found in the repository, the policy engine is configured to store in the policy cache a policy having condition fields of the policy in the repository where the values of the condition fields are obtained from the packet, and an action indicated by the policy in the repository.
13. A method for policy based traffic management comprising:
storing in a repository a single set of policies for controlling a plurality of different traffic management protocols;
receiving a first packet;
retrieving a first policy from the repository, the first policy identifying a first action for configuring a traffic management protocol entity of a first protocol type;
configuring the traffic management protocol of the first protocol type based on the first action;
receiving a second packet;
retrieving a second policy from the repository, the second policy identifying a second action for configuring a traffic management protocol entity of a second protocol type; and
configuring the traffic management protocol entity of the second protocol type based on the second action.
14. The method of claim 13, wherein one of the traffic management protocols is quality of service.
15. The method of claim 13, wherein one of the traffic management protocols is access control.
16. The method of claim 13, wherein one of the traffic management protocols is address translation.
17. The method of claim 13 further comprising managing the single set of policies via a common set of commands.
18. A method for policy based traffic management comprising:
storing in a repository a single set of policies for controlling a plurality of different traffic management protocols;
receiving a packet;
retrieving a policy from the repository, the policy identifying a first and second action for controlling a first and second traffic management protocol entity, respectively, of a first and second protocol type, respectively;
configuring the first traffic management protocol entity based on the first action; and
configuring the second traffic management protocol entity based on the second action.
19. The method of claim 18, wherein one of the traffic management protocols is quality of service.
20. The method of claim 18, wherein one of the traffic management protocols is access control.
21. The method of claim 18, wherein one of the traffic management protocols is address translation.
22. The method of claim 18 further comprising managing the single set of policies via a common set of commands.
23. A method for policy based traffic management comprising:
storing in a repository a single set of policies for controlling a plurality of different traffic management protocols;
receiving a packet;
searching a policy cache for a policy applicable to the packet;
searching the repository if the policy cache does not include an applicable policy; and
generating and storing a new policy in the policy cache, wherein if the new policy is selected as applicable to a future packet, no policies are stored in the repository that are also applicable to the future packet but are different from the new policy.
24. The method of claim 23, wherein if no match of a policy is found in the repository, the policy generated and stored in the policy cache includes a destination address of the packet and a default action.
25. The method of claim 23, wherein if a partial match of a policy is found in the repository, the policy generated and stored in the policy cache includes condition fields of the policy in the repository where the values of the condition fields are obtained from the packet, and a default action.
26. The method of claim 23, wherein if a complete match of a policy is found in the repository, the policy generated and stored in the policy cache includes condition fields of the policy in the repository where the values of the condition fields are obtained from the packet, and an action indicated by the policy in the repository.
Description
    CROSS-REFERENCE TO RELATED APPLICATION(S)
  • [0001]
    This application claims the benefit of U.S. provisional application No. 60/328,159, filed on Oct. 10, 2001, the content of which is incorporated herein by reference.
  • FIELD OF THE INVENTION
  • [0002]
    The present invention relates generally to traffic control in a data communications network, and more particularly, to configuring different network protocols associated with traffic management via a single centralized set of policies.
  • BACKGROUND OF THE INVENTION
  • [0003]
    Policy based traffic control has become increasingly important in data communication networks as data traffic competes for limited bandwidth. Policy based traffic control generally involves separate, independent interfaces for configuring different traffic management protocols.
  • [0004]
    [0004]FIG. 1 is a schematic block diagram of a switching node 9 for policy based traffic control according to conventional mechanisms. The switching node includes separate, independent policy engines 11, 13, 15 and associated interfaces 17, 19, 21 for managing and configuring different traffic management protocols. For example, a switching node may include a separate policy engine for controlling quality of service (QoS), IP filtering via access control lists (ACL), network address translation (NAT), and the like. Each policy engine is associated with a control interface used by a network administrator to configure and manage the associated policies for a discrete traffic management protocol.
  • [0005]
    In general terms, an inbound packet is processed by a first policy engine, such as, a QoS policy engine, for a matching policy. If a match is found, the matching policy is enforced and the packet is generally not processed by the other policy engines. If a match is not found, the packet is processed by a next policy engine for a match. Under existing technology, therefore, multiple actions from different policy engines are either impossible or difficult to perform for a specific traffic flow. It is often desirable, however, to be able to perform such multiple actions. For example, it may be desirable to invoke a NAT policy engine for address translation based on a source IP address while simultaneously invoking the QoS policy engine for assigning a QoS priority to the flow based on the same source address.
  • [0006]
    Another problem with the current policy based traffic control is that the use of separate, independent interfaces for configuring the policies generally requires the network administrator to learn and use different command sequences for configuring and managing different policy engines. This may result in the configuration of conflicting policy rules that may lead to unpredictable results, especially if the configurations are done by different administrators or the same administrator at different times.
  • [0007]
    Accordingly, there is a need for a mechanism for providing and applying a common and consistent set of policies to traffic flowing through a data communications network. The mechanism should allow a switching node to enforce a singe policy with multiple actions in a consistent manner.
  • SUMMARY OF THE INVENTION
  • [0008]
    The present invention is directed to traffic management via a single centralized set of policies. According to one embodiment, the invention is directed to a switching node in a data communications network that includes an input, a repository, a policy engine, and a management engine. The repository stores a single set of policies for controlling a plurality of different traffic management protocols. The policy engine is coupled to the input and the repository, and is configured to evaluate an inbound packet based on a policy selected from the single set of policies, and configure one or more traffic management protocol entities based on the selected policy. The management engine is coupled to the repository and the policy engine. The management engine configures and manages the single set of policies via a common set of commands.
  • [0009]
    According to another embodiment, the invention is directed to a method for policy based traffic management where the method includes storing in a repository a single set of policies for controlling a plurality of different traffic management protocols. The method includes receiving a first packet, retrieving a first policy from the repository where the first policy identifies a first action for configuring a traffic management protocol entity of a first protocol type, and configuring the traffic management protocol entity based on the first action. The method also includes receiving a second packet, retrieving a second policy from the repository where the second policy identifies a second action for configuring a traffic management protocol entity of a second protocol type, and configuring the traffic management protocol entity based on the second action.
  • [0010]
    According to a further embodiment, the invention is directed to a method for policy based traffic management where the method includes storing in a repository a single set of policies for controlling a plurality of different traffic management protocols, receiving a packet, and retrieving a policy from the repository which identifies a first and second action for controlling traffic management protocol entities of a first and second protocol type. The method includes configuring the traffic management protocol entity of the first protocol type based on the first action and configuring the traffic management protocol of the second protocol type based on the second action.
  • [0011]
    In an additional embodiment, the invention is directed to a method for policy based traffic management where the method includes storing in a repository a single set of policies for controlling a plurality of different traffic management protocols, receiving a packet, and searching a policy cache for a policy applicable to the packet. If the policy cache does not include an applicable policy, the method includes searching the repository for a match, and generating and storing a new policy in the policy cache. The new policy is selected as applicable to a future packet if the repository contains no other policies that are also applicable to a future packet but are different from the new policy.
  • [0012]
    It should be appreciated, therefore, that the evaluation of traffic via a central policy engine allows the configuration of traffic management protocol entities of different protocol types, such as quality of service, access control, network address translation, and the like, in a consistent and predictable manner. The management of the policies via a common set of commands and the storage of the policies in a central repository help eliminate the creation and application of conflicting policies that could result in unpredictable results.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • [0013]
    These and other features, aspects and advantages of the present invention will be more fully understood when considered with respect to the following detailed description, appended claims, and accompanying drawings where:
  • [0014]
    [0014]FIG. 1 is a schematic block diagram of a switching node for policy based traffic management according to conventional mechanisms;
  • [0015]
    [0015]FIG. 2 is a schematic block diagram of a network environment including a packet switching node according to one embodiment of the invention;
  • [0016]
    [0016]FIG. 3 is a block diagram of a switching interface in one embodiment of the present invention;
  • [0017]
    [0017]FIG. 4 is a schematic block diagram of the packet switching controller providing and applying a common, centralized set of simple policies for controlling a plurality of traffic management protocols according to one embodiment of the invention;
  • [0018]
    [0018]FIG. 5 is a more detailed diagram of the switching controller of FIG. 4 according to one embodiment of the invention;
  • [0019]
    [0019]FIG. 6 is a conceptual layout diagram of various types of policy objects provided by a central management engine for creating a centralized set of policies according to one embodiment of the invention;
  • [0020]
    [0020]FIG. 7 is a conceptual layout diagram of a central policy repository according to one embodiment of the invention; and
  • [0021]
    [0021]FIG. 8 is a flow diagram of a central policy based traffic management according to one embodiment of the invention.
  • DETAILED DESCRIPTION
  • [0022]
    [0022]FIG. 2 is a schematic block diagram of a network environment including a packet switching node 10 according to one embodiment of the invention. The packet switching node may also be referred to as a switch, a data communication node or a data communication switch. The packet switching node 10 includes switching interfaces 14, 16 and 18 interconnected to respective groups of LANs 30, 32, 34, and interconnected to one another over data paths 20, 22, 24 via switching backplane 12. The switching backplane 12 preferably includes switching fabric. The switching interfaces may also be coupled to one another over control paths 26 and 28.
  • [0023]
    The switching interfaces 14, 16, 18 preferably forward packets to and from their respective groups of LANs 30, 32, 34 in accordance with one or more operative communication protocols, such as, for example, media access control (MAC) bridging and Internet Protocol (IP) routing. The switching node 10 is shown for illustrative purposes only. In practice, packet switching nodes may include more or less than three switching interfaces.
  • [0024]
    [0024]FIG. 3 is a block diagram of a switching interface 50 in one embodiment of the present invention. The switching interface 50 may be similar, for example, to the switching interfaces 14, 16, 18 of FIG. 2. The switching interface 50 includes an access controller 54 coupled between LANs and a packet switching controller 52. The access controller 54, which may, for example, include a media access controller (MAC), preferably receives inbound packets off LANs, performs flow-independent physical and MAC layer operations on the inbound packets and transmits the inbound packets to the packet switching controller 52 for flow-dependent processing. The access controller 54 also receives outbound packets from the packet switching controller 52 and transmits the packets on LANs. The access controller 54 may also perform physical and MAC layer operations on the outbound packets prior to transmitting them on LANs.
  • [0025]
    The packet switching controller 52 receives inbound packets, classifies the packets, modifies the packets in accordance with flow information and transmits the modified packets on switching backplane, such as the switching backplane 12 of FIG. 2. The packet switching controller 52 preferably also receives packets modified by other packet switching controllers via the switching backplane and transmits them to the access controller 54 for forwarding on LANs. The packet switching controller 52 may also subject selected ones of the packets to egress processing prior to transmitting them to the access controller 54 for forwarding on LANs.
  • [0026]
    [0026]FIG. 4 is a schematic block diagram of the packet switching controller 52 providing and applying a common, centralized set of simple policies for coordinating a plurality of traffic management protocols, such as, for example, access control, address translation, server load balancing, quality of service, and the like. The switching controller 52 includes a central policy engine 56 coupled to a central management engine 58. The central policy engine 56 evaluates the traffic flow against the centralized set of policies to perform, from a central location, one or more policy actions typically performed by separate, independent policy engines. The centralized set of policies include, but are not limited to system policies, network policies, access policies, services policies, and the like. The one or more actions include, but are not limited to packet filtering, packet prioritizing, address translation, server load balance group assignment, and assignment of 802.1p. TOS, or DSCP values.
  • [0027]
    The central management engine 58 may include software and/or hardware components to enable a network administrator to configure and manage the centralized set of policies. With the central management engine 58, the network administrator may, from a single location and using a common set of commands, create policies that manage different traffic management protocols.
  • [0028]
    [0028]FIG. 5 is a more detailed diagram of the switching controller 52 according to one embodiment of the invention. The switching controller includes a packet buffer 102, packet classification engine 104, central policy engine 106, central policy enforcement engine 120, central policy repository 100, and central management engine 107. The packet classification engine 104, central policy engine 106, central policy enforcement engine 120, and central policy management engine 107 are logical devices that may be implemented in software, hardware, firmware (e.g. ASIC), or any combination thereof. It is understood, of course, that FIG. 5 illustrates a block diagram of the packet switching controller without obfuscating inventive aspects of the present invention with additional elements and/or components that may be required for creating the controller. These additional elements and/or components, which are not shown in FIG. 5 are well known to those skilled in the art.
  • [0029]
    The switching controller 52 receives inbound packets 108. The packets may include, but are not limited to, Ethernet frames, ATM cells, TCP/IP and/or UDP/IP packets, and may also include other Layer 2 (Data Link/MAC Layer), Layer 3 (Network Layer) or Layer 4 (Transport Layer) data units.
  • [0030]
    The received packets are stored in the packet buffer 102. The packet buffer 102 provides via output signal 110 the stored packets or portions thereof to the packet classification engine 104 for processing.
  • [0031]
    The packet classification engine 104 may include one or more of a data extractor and a data cache. In an alternative embodiment, the data extractor and data cache are provided within the packet buffer 102.
  • [0032]
    The data extractor is used to extract one or more fields from the packets, and to store the extracted fields in the data cache as extracted data. The extracted data may include, but is not limited to, some or all of the packet header. For example, the extracted data may include, but are not limited to, one or more of Layer 2 MAC addresses, 802.1P/Q tag status, Layer 2 encapsulation type, Layer 3 protocol type, Layer 3 addresses, ToS (type of service) values, Layer 4 port numbers, portions of the packet body, and/or any other data used for determining a policy.
  • [0033]
    The extracted data is transmitted to the central policy engine 106 via an output signal 112. The central policy engine 106 may be similar to the central policy engine 56 of FIG. 4.
  • [0034]
    The central policy engine 106 accesses either an internal policy cache 116 or the central policy repository 100 for selecting a policy applicable to the packet. In accessing the central policy repository 100, the central policy engine 106 communicates with the repository using protocols such as, for example, LDAP.
  • [0035]
    According to one embodiment of the invention, the policy cache 116 includes sufficient information for applying policies to existing traffic flows without having to process the entire list of policies in the central policy repository 100 for every packet in the traffic flow. The information in the policy cache 116 is specific enough to prevent packets for which a different applicable rule may exist in the central policy repository 100 to be processed by the policy cache 116.
  • [0036]
    The central policy repository 100 may be implemented in a local memory and/or an external directory server with Lightweight Directory Access Protocol (LDAP) access. The central policy repository 100 includes a list of policies that are based on the contents of a packet and/or other elements such as, for example, time information, port information, and the like. In general terms, policies are rules composed of one or more conditions that describe a packet and one or more actions defining how the packet is to be processed if the condition is satisfied.
  • [0037]
    The central policy engine 106 compares the extracted packet data with either the policies in the policy cache 116 or central policy repository 100. If a match is found between the condition(s) in the policy and the extracted data, the policy engine determines the action(s) to be taken on the packet. The action(s) to be taken on the packet are transmitted to the central policy enforcement engine 120 via an output signal 117.
  • [0038]
    The central policy enforcement engine 120 ensures that the packet is processed according to the parameters defined in the action(s). In this regard, the central policy enforcement engine 120 interacts with other hardware and software elements in the switching node 30 for causing a desired processing of the packet. For example, if the policy actions specify that the packet is to be transmitted at a high priority, the policy enforcement engine 120 may direct the packet buffer 102 to place the packet in a high priority queue of an egress port.
  • [0039]
    The central management engine 107 of FIG. 5 may be similar to the central management engine 58 of FIG. 4. The engine 107 may be either a dedicated console or part of a network management console. A network administrator accesses the central management engine 107 for configuring and managing the policies in the central policy repository 100 and the central policy engine 106. According to one embodiment, the central management engine 107 provides a graphical user interface that provides a common set of commands and tools for configuring and managing polices that control different network elements such as, for example, QoS, NAT, ACL, and the like. The central management engine 107 also allows a network administrator to test policies before they are applied.
  • [0040]
    [0040]FIG. 6 is a conceptual layout diagram of various types of policy objects provided by the central management engine 107 for creating the centralized set of policies according to one embodiment of the invention. In the illustrated embodiment, the policy objects include rule 200 objects, condition 202 objects, action 204 objects, service 206 objects, and group 208 objects. Rules 200 are top level objects including conditions 202 and actions 204. According to one embodiment, rules are provided precedence values indicative of an order in which the rules are to be applied.
  • [0041]
    Conditions 202 are parameters used to classify traffic, and actions 204 are parameters describing how to treat the classified traffic. A condition 202 may include a service 206 and/or a group 208. A policy service 206 may be used as a shorthand for certain parts of a condition. According to one embodiment, a policy service 206 is defined by a service name, an IP protocol, a source IP port, and/or a destination IP port. For example, a “video” service may be defined as being associated with a “UDP” protocol and destination IP port number “4500.” In another example, a “telnet” service may be defined as being associated with a “TCP” protocol and destination IP port number “23.”
  • [0042]
    A policy group 208 may be defined by a list of IP/MAC addresses, ports, or services. Policy groups allow a network administrator to define conditions for a group of address, ports, or services, instead of creating a separate condition for each address, port, or service. For example, an “engineering” group may be defined as a set of particular IP addresses. A “basic services” group may be defined as a set of particular services such as telnet, FTP, HTTP, and Sendmail.
  • [0043]
    According to one embodiment of the invention, the central management engine 107 allows the creation of policies defining multiple actions for managing different traffic management protocols. For example, a policy in the central policy repository 100 may indicate that traffic with a particular source address and a particular destination address is to have the source address translated and receive a high priority. Thus, two different actions, a NAT policy action and a QoS policy action, may be defined via a single policy rule. FIG. 7 is a conceptual layout diagram of the central policy repository 100 according to one embodiment of the invention. In this illustrated embodiment, the repository includes a policy table 300 including a list of simple policy rules 302. Associated with each policy rule are a precedence number 304, condition 306, and action 308. The precedence number 304 indicates an order in which the rules are to be applied. If traffic matches more than one rule, the central policy engine 106 uses the rule with the highest precedence. In the illustrated embodiment, rule 4 is not matched since it is a subset, or more specific, than the higher precedence rule 2. The precedence ordering of the rules helps eliminate any rule conflicts and ensures that the results of evaluating a traffic flow against the policies is predictable and consistent.
  • [0044]
    The condition 306 for each rule defines parameters used for classifying inbound packets. These parameters include but are not limited to individual source addresses or source address groups, individual destination addresses or destination groups, and individual IP protocols 306 e, individual IP ports 306 d, or policy service groups 306 c.
  • [0045]
    The action 308 for each rule defines one or more operations to be performed on the packet and/or traffic management protocol entities. The action 308 may be a filtering action, such as for example, dropping or admitting a packet. The action 308 may also be a QoS action such as, for example, assigning a priority to the packet. The action 308 may further be server load balancing, source or destination address translation, mapping or marking 802.1P, TOS, or DSCP values, or a combination of any of the discussed actions.
  • [0046]
    [0046]FIG. 8 is a flow diagram of a central policy based traffic control according to one embodiment of the invention. The process starts, and in step 400, the packet buffer 102 receives an inbound data packet and stores the packet in the buffer. In step 402, the packet classification engine 104 extracts one or more fields from the packets. In step 404, the central policy engine 106 determines whether the policy cache contains entries that match the extracted fields of the packet. If the answer in YES, the central policy enforcement engine 120 ensures that the policy action indicated in the matched entry of the policy cache is enforced.
  • [0047]
    If no match exists in the policy cache 116, the central policy engine 106 determines in step 408 whether there is an exact match of the extracted fields with conditions of a rule in the central policy repository 100. If the answer is YES, the central policy engine proceeds to program, in step 414, the policy cache 116 with the condition fields of the matched policy, the fields having the values of the corresponding extracted fields. This allows future data packets with the same extracted fields to match the newly programmed entry in the policy cache 116, avoiding another search of the central policy repository 100. In step 416, the central policy enforcement engine 120 proceeds to take the policy actions indicated in the matched policy rule.
  • [0048]
    If there is no exact match of the conditions of a rule in the central policy repository 100, a determination is made in step 410 whether a partial match exists. If the answer is YES, the central policy engine 106 proceeds to program the policy cache 116 in step 418 with the condition fields of the selected policy, the fields having the values of the corresponding extracted fields, and with a default action. In step 420, the central policy enforcement engine 120 proceeds to take the default policy action.
  • [0049]
    If the search of the central policy repository 100 does not result in even a partial match of the rules, the central policy engine 106 proceeds to program the policy cache 116, in step 412, with minimal information needed to forward the packet. According to one embodiment of the invention, such minimal information is a source address of the packet, a destination address of the packet, and a default policy action. In another embodiment of the invention, the minimal necessary information is simply the destination address and the default policy action. The default policy action is enforced by the central policy enforcement engine 120 in step 420.
  • [0050]
    The programming of the policy cache 116 will be best understood when considering the following example. Assume that the central policy repository 100 includes the rules depicted in FIG. 7.
  • [0051]
    A first packet received by the central policy engine 106 includes the following fields extracted by the classification engine 104:
  • [0052]
    Source IP—192.200.200.200
  • [0053]
    Destination IP—10.5.3.4
  • [0054]
    Protocol—TCP
  • [0055]
    Port—80 (HTTP)
  • [0056]
    The central policy engine 106 compares the extracted information with entries in the policy cache 116. Assuming for purposes of this example that this is a first packet processed by the central policy engine 106, no entries are contained in the policy cache 116.
  • [0057]
    The central policy engine 106 then proceeds to search the central policy repository 100 for a match. Upon a finding of no match in the central policy repository 100, the central policy engine programs the policy cache with a minimal amount of information needed to process and forward future similar packets. In one example, the central policy engine may program the policy cache with a source IP address, destination IP address, and a default action. The default action in this example is the assignment of a default priority. The entry placed in the policy cache is as follows:
  • [0058]
    Source IP—192.200.200.200
  • [0059]
    Destination IP—10.5.3.4
  • [0060]
    Action—0 (best effort priority)
  • [0061]
    The central policy engine 106 next receives a packet that includes the following fields:
  • [0062]
    Source IP—192.200.200.200
  • [0063]
    Destination IP—192.168.1.1
  • [0064]
    Protocol—TCP
  • [0065]
    Port—80 (HTTP)
  • [0066]
    The central policy engine 106 compares the extracted information with entries in the policy cache 116. Upon a no match, the extracted information is compared against the rules in the central policy repository 100. Rule 1 matches the packet's source IP address, destination IP address, and protocol. However, there is no match in the port information, resulting in a partial match with rule 1.
  • [0067]
    In determining an entry for the policy cache, the central policy engine 106 ensures that the entry is specific enough to prevent packets for which a different applicable rule may exist in the central policy repository 100 to be processed by the policy cache. In this regard, the central policy engine 106 determines the number of condition fields of the rule that resulted in the partial match. Rule 1 that resulted in the partial match includes four condition fields: source IP address, destination IP address, protocol and port. Thus, the entry placed in the fast path includes four condition fields although only the source IP and the destination IP are needed to forward future packets. The value of the four fields is based on the information extracted from the packet. Accordingly, the entry placed in the policy cache is as follows:
  • [0068]
    Source IP—192.200.200.200
  • [0069]
    Destination IP—192.168.1.1
  • [0070]
    Protocol—TCP
  • [0071]
    Port—80 (HTTP)
  • [0072]
    Action—0 (best effort priority)
  • [0073]
    A next packet received by the central policy engine 106 includes the following fields:
  • [0074]
    Source IP—192.200.200.200
  • [0075]
    Destination IP—192.168.1.1
  • [0076]
    Protocol—TCP
  • [0077]
    Port—21 (FTP)
  • [0078]
    The central policy engine 106 compares the extracted information with entries in the policy cache 116 and does not find a match. If, however, the policy cache had been programmed with less than four fields in processing the previous packet, a match would have resulted in the policy cache, causing the current packet to the forwarded without consulting the rules in the central policy repository.
  • [0079]
    The central policy engine 106 proceeds to search the central policy repository 100 and finds an exact match with rule 1. In determining the entry to be programmed in the policy cache, the central policy engine determines the number of condition fields in the rule that resulted in the exact match. The four condition fields of the matching rule 1 are then programmed into the policy cache. The value of the four fields is based on the information extracted from the packet. The entry placed in the policy cache is as follows:
  • [0080]
    Source IP—192.200.200.200
  • [0081]
    Destination IP—192.168.1.1
  • [0082]
    Protocol—TCP
  • [0083]
    Port—21 (FTP)
  • [0084]
    Action—7 (high priority)
  • [0085]
    The central policy engine 106 next receives a packet that includes the following fields:
  • [0086]
    Source IP—192.200.200.200
  • [0087]
    Destination IP—192.168.2.2
  • [0088]
    Protocol—UDP
  • [0089]
    Port—300
  • [0090]
    The central policy engine 106 compares the extracted information with entries in the policy cache 116 and does not find a match. The central policy engine 106 then proceeds to search the rules in the central policy repository 100 and finds an exact match with Rule 2. The fields in Rule 2 that resulted in the exact match are source IP address and destination IP address. Accordingly, the entry placed in the policy cache is as follows:
  • [0091]
    Source IP—192.200.200.200
  • [0092]
    Destination IP—192.168.2.2
  • [0093]
    Action—7 (high priority)
  • [0094]
    Although this invention has been described in certain specific embodiments, those skilled in the art will have no difficulty devising variations which in no way depart from the scope and spirit of the present invention. It is therefore to be understood that this invention may be practiced otherwise than is specifically described. Thus, the present embodiments of the invention should be considered in all respects as illustrative and not restrictive, the scope of the invention to be indicated by the appended claims and their equivalents rather than the foregoing description.
Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US6167445 *26 Oct 199826 Dec 2000Cisco Technology, Inc.Method and apparatus for defining and implementing high-level quality of service policies in computer networks
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US7269179 *18 Dec 200111 Sep 2007Intel CorporationControl mechanisms for enqueue and dequeue operations in a pipelined network processor
US7437473 *2 Sep 200514 Oct 2008Softshield, LlcPacket switch and method thereof dependent on application content
US75096747 Oct 200324 Mar 2009Alcatel LucentAccess control listing mechanism for routers
US751648720 May 20047 Apr 2009Foundry Networks, Inc.System and method for source IP anti-spoofing security
US752348531 Jul 200321 Apr 2009Foundry Networks, Inc.System and method for source IP anti-spoofing security
US756239031 Jul 200314 Jul 2009Foundry Networks, Inc.System and method for ARP anti-spoofing security
US7654121 *4 Dec 20062 Feb 2010Huawei Technologies Co., Ltd.Method for selecting QoS Policy
US7735114 *4 Sep 20038 Jun 2010Foundry Networks, Inc.Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US774803230 Sep 200429 Jun 2010Citrix Systems, Inc.Method and apparatus for associating tickets in a ticket hierarchy
US7760729 *28 May 200420 Jul 2010Citrix Systems, Inc.Policy based network address translation
US7770217 *23 Feb 20063 Aug 2010Cisco Technology, Inc.Method and system for quality of service based web filtering
US777483323 Sep 200310 Aug 2010Foundry Networks, Inc.System and method for protecting CPU against remote access attacks
US7792038 *6 May 20087 Sep 2010International Business Machines CorporationMethod for applying stochastic control optimization for messaging systems
US785367812 Mar 200714 Dec 2010Citrix Systems, Inc.Systems and methods for configuring flow control of policy expressions
US785367912 Mar 200714 Dec 2010Citrix Systems, Inc.Systems and methods for configuring handling of undefined policy events
US7861291 *2 Jun 200628 Dec 2010Freescale Semiconductor, Inc.System and method for implementing ACLs using standard LPM engine
US786558912 Mar 20074 Jan 2011Citrix Systems, Inc.Systems and methods for providing structured policy expressions to represent unstructured data in a network appliance
US78656031 Oct 20044 Jan 2011Citrix Systems, Inc.Method and apparatus for assigning access control levels in providing access to networked content files
US787027712 Mar 200711 Jan 2011Citrix Systems, Inc.Systems and methods for using object oriented expressions to configure application security policies
US78702941 Oct 200411 Jan 2011Citrix Systems, Inc.Method and apparatus for providing policy-based document control
US7882229 *17 May 20071 Feb 2011International Business Machines CorporationSecurity checking program for communication between networks
US788618014 May 20048 Feb 2011International Business Machines CorporationRecovery in a distributed stateful publish-subscribe system
US790024028 May 20041 Mar 2011Citrix Systems, Inc.Multilayer access control security system
US7912046 *11 Feb 200522 Mar 2011Microsoft CorporationAutomated NAT traversal for peer-to-peer networks
US79626466 May 200814 Jun 2011International Business Machines CorporationContinuous feedback-controlled deployment of message transforms in a distributed messaging system
US7979549 *30 Nov 200512 Jul 2011Microsoft CorporationNetwork supporting centralized management of QoS policies
US797990325 Feb 200912 Jul 2011Foundry Networks, LlcSystem and method for source IP anti-spoofing security
US798317019 Dec 200619 Jul 2011Citrix Systems, Inc.In-band quality-of-service signaling to endpoints that enforce traffic policies at traffic sources using policy messages piggybacked onto DiffServ bits
US80063044 Jun 200923 Aug 2011Foundry Networks, LlcSystem and method for ARP anti-spoofing security
US802456821 Oct 200520 Sep 2011Citrix Systems, Inc.Method and system for verification of an endpoint security scan
US8031606 *24 Jun 20084 Oct 2011Intel CorporationPacket switching
US80654231 Mar 200622 Nov 2011Citrix Systems, Inc.Method and system for assigning access control levels in providing access to networked content files
US81700216 Jan 20061 May 2012Microsoft CorporationSelectively enabled quality of service policy
US8194673 *7 Jun 20105 Jun 2012Citrix Systems, Inc.Policy based network address translation
US823992928 Apr 20107 Aug 2012Foundry Networks, LlcMultiple tiered network security system, method and apparatus using dynamic user policy assignment
US8244891 *8 Mar 200414 Aug 2012IxiaSimulating a large number of users
US82453004 Jun 200914 Aug 2012Foundry Networks LlcSystem and method for ARP anti-spoofing security
US824909626 Aug 201021 Aug 2012Foundry Networks, LlcSystem, method and apparatus for providing multiple access modes in a data communications network
US825545630 Dec 200528 Aug 2012Citrix Systems, Inc.System and method for performing flash caching of dynamically generated objects in a data communication network
US82610574 Jun 20104 Sep 2012Citrix Systems, Inc.System and method for establishing a virtual private network
US828623019 May 20109 Oct 2012Citrix Systems, Inc.Method and apparatus for associating tickets in a ticket hierarchy
US829111922 Jul 200516 Oct 2012Citrix Systems, Inc.Method and systems for securing remote access to private networks
US830183930 Dec 200530 Oct 2012Citrix Systems, Inc.System and method for performing granular invalidation of cached dynamically generated objects in a data communication network
US831226112 Aug 201113 Nov 2012Citrix Systems, Inc.Method and system for verification of an endpoint security scan
US83412879 Oct 200925 Dec 2012Citrix Systems, Inc.Systems and methods for configuring policy bank invocations
US835133330 Aug 20108 Jan 2013Citrix Systems, Inc.Systems and methods for communicating a lossy protocol via a lossless protocol using false acknowledgements
US835260623 Sep 20118 Jan 2013Citrix Systems, Inc.Method and system for assigning access control levels in providing access to networked content files
US8363650 *22 Jul 200529 Jan 2013Citrix Systems, Inc.Method and systems for routing packets from a gateway to an endpoint
US849014812 Mar 200716 Jul 2013Citrix Systems, IncSystems and methods for managing application security profiles
US849530530 Dec 200523 Jul 2013Citrix Systems, Inc.Method and device for performing caching of dynamically generated objects in a data communication network
US849905722 Feb 201130 Jul 2013Citrix Systems, IncSystem and method for performing flash crowd caching of dynamically generated objects in a data communication network
US852804731 Aug 20103 Sep 2013Citrix Systems, Inc.Multilayer access control security system
US852807124 Aug 20043 Sep 2013Foundry Networks, LlcSystem and method for flexible authentication in a data communications network
US85337422 May 200810 Sep 2013International Business Machines CorporationDistributed messaging system supporting stateful subscriptions
US853382325 Feb 200910 Sep 2013Foundry Networks, LlcSystem and method for source IP anti-spoofing security
US85338468 Nov 200610 Sep 2013Citrix Systems, Inc.Method and system for dynamically associating access rights with a resource
US854914930 Dec 20051 Oct 2013Citrix Systems, Inc.Systems and methods for providing client-side accelerated access to remote applications via TCP multiplexing
US855944931 May 201115 Oct 2013Citrix Systems, Inc.Systems and methods for providing a VPN solution
US861304830 Sep 200417 Dec 2013Citrix Systems, Inc.Method and apparatus for providing authorized remote access to application sessions
US863114712 Mar 200714 Jan 2014Citrix Systems, Inc.Systems and methods for configuring policy bank invocations
US863442025 May 201021 Jan 2014Citrix Systems, Inc.Systems and methods for communicating a lossy protocol via a lossless protocol
US865604723 Jan 201218 Feb 2014Open Invention Network, LlcIntelligent switching of client packets among a group of servers
US867549131 Aug 201118 Mar 2014Intel CorporationPacket switching
US86818001 May 201225 Mar 2014Foundry Networks, LlcSystem, method and apparatus for providing multiple access modes in a data communications network
US870069530 Dec 200515 Apr 2014Citrix Systems, Inc.Systems and methods for providing client-side accelerated access to remote applications via TCP pooling
US870687730 Dec 200522 Apr 2014Citrix Systems, Inc.Systems and methods for providing client-side dynamic redirection to bypass an intermediary
US872600621 Aug 201213 May 2014Citrix Systems, Inc.System and method for establishing a virtual private network
US873927429 Jun 200527 May 2014Citrix Systems, Inc.Method and device for performing integrated caching in a data communication network
US878858118 Jan 201322 Jul 2014Citrix Systems, Inc.Method and device for performing caching of dynamically generated objects in a data communication network
US884871025 Jul 201230 Sep 2014Citrix Systems, Inc.System and method for performing flash caching of dynamically generated objects in a data communication network
US88567772 Sep 20107 Oct 2014Citrix Systems, Inc.Systems and methods for automatic installation and execution of a client-side acceleration program
US889277814 Sep 201218 Nov 2014Citrix Systems, Inc.Method and systems for securing remote access to private networks
US889325630 Jun 201018 Nov 2014Brocade Communications Systems, Inc.System and method for protecting CPU against remote access attacks
US8897299 *11 Jan 201325 Nov 2014Citrix Systems, Inc.Method and systems for routing packets from a gateway to an endpoint
US891452222 Jul 200516 Dec 2014Citrix Systems, Inc.Systems and methods for facilitating a peer to peer route via a gateway
US891887518 Jul 201123 Dec 2014Foundry Networks, LlcSystem and method for ARP anti-spoofing security
US893434429 Jan 201413 Jan 2015Intel CorporationPacket switching
US895459530 Dec 200510 Feb 2015Citrix Systems, Inc.Systems and methods for providing client-side accelerated access to remote applications via TCP buffering
US9032090 *11 Feb 201412 May 2015Open Invention Network, LlcIntelligent switching of client packets among a group of servers
US9106682 *8 Jul 201311 Aug 2015International Business Machines CorporationMethod for directing audited data traffic to specific repositories
US911276510 Apr 201218 Aug 2015Microsoft Technology Licensing, LlcSelectively enabled quality of service policy
US9124619 *8 Dec 20121 Sep 2015International Business Machines CorporationDirecting audited data traffic to specific repositories
US91607683 Jul 201313 Oct 2015Citrix Systems, Inc.Systems and methods for managing application security profiles
US921957922 Jul 200522 Dec 2015Citrix Systems, Inc.Systems and methods for client-side application-aware prioritization of network communications
US93115027 Jan 201312 Apr 2016Citrix Systems, Inc.Method and system for assigning access control levels in providing access to networked content files
US9356877 *3 Apr 201531 May 2016Open Invention Network, LlcIntelligent switching of client packets among a group of servers
US94019063 Dec 201326 Jul 2016Citrix Systems, Inc.Method and apparatus for providing authorized remote access to application sessions
US940193119 Aug 201326 Jul 2016Citrix Systems, Inc.Method and system for dynamically associating access rights with a resource
US945083716 Dec 201320 Sep 2016Citrix Systems, Inc.Systems and methods for configuring policy bank invocations
US96740978 Dec 20146 Jun 2017Intel CorporationPacket switching
US9692705 *6 Dec 201327 Jun 2017Google Inc.System and method for measurement of flow statistics
US9712488 *16 Jul 201518 Jul 2017Brocade Communications Systems, Inc.Method and system for idle mode transfer for load balancing across distributed data plane processing entities for mobile core network
US9729500 *25 Jul 20138 Aug 2017Google Inc.IP allocation pools
US9749286 *16 Jul 201529 Aug 2017Brocade Communications Systems, Inc.Method and system for optimized load balancing across distributed data plane processing entities for mobile core network
US9800697 *19 Jan 201624 Oct 2017Palo Alto Networks, Inc.L2/L3 multi-mode switch including policy processing
US20030115347 *18 Dec 200119 Jun 2003Gilbert WolrichControl mechanisms for enqueue and dequeue operations in a pipelined network processor
US20040243835 *28 May 20042 Dec 2004Andreas TerzisMultilayer access control security system
US20040255154 *11 Jun 200316 Dec 2004Foundry Networks, Inc.Multiple tiered network security system, method and apparatus
US20050013298 *28 May 200420 Jan 2005Pyda SrisureshPolicy based network address translation
US20050025125 *1 Aug 20033 Feb 2005Foundry Networks, Inc.System, method and apparatus for providing multiple access modes in a data communications network
US20050055570 *4 Sep 200310 Mar 2005Foundry Networks, Inc.Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US20050076138 *7 Oct 20037 Apr 2005AlcatelAccess control listing mechanism for routers
US20050177869 *6 Jan 200511 Aug 2005Savage James A.Firewall permitting access to network based on accessing party identity
US20050198246 *8 Mar 20048 Sep 2005Daniel KegelSimulating a large number of users
US20050268146 *14 May 20041 Dec 2005International Business Machines CorporationRecovery in a distributed stateful publish-subscribe system
US20060070131 *30 Sep 200430 Mar 2006Citrix Systems, Inc.Method and apparatus for providing authorized remote access to application sessions
US20060174115 *21 Oct 20053 Aug 2006Goutham RaoMethod and system for verification of an endpoint security scan
US20060182100 *11 Feb 200517 Aug 2006Microsoft CorporationAutomated NAT traversal for peer-to-peer networks
US20060190455 *1 Mar 200624 Aug 2006Braddy Ricky GMethod and system for assigning access control levels in providing access to networked content files
US20060195547 *30 Dec 200531 Aug 2006Prabakar SundarrajanSystems and methods for providing client-side accelerated access to remote applications via TCP multiplexing
US20070124433 *30 Nov 200531 May 2007Microsoft CorporationNetwork supporting centralized management of QoS policies
US20070124485 *30 Nov 200531 May 2007Microsoft CorporationComputer system implementing quality of service policy
US20070160079 *6 Jan 200612 Jul 2007Microsoft CorporationSelectively enabled quality of service policy
US20070189185 *4 Dec 200616 Aug 2007Weishan ChenMethod for selecting QoS policy and system thereof
US20070199064 *23 Feb 200623 Aug 2007Pueblas Martin CMethod and system for quality of service based web filtering
US20070266158 *17 May 200715 Nov 2007International Business Machines CorporationSecurity checking program for communication between networks
US20070282982 *5 Jun 20066 Dec 2007Rhonda ChildressPolicy-Based Management in a Computer Environment
US20070283144 *2 Jun 20066 Dec 2007Kramer David BSystem and Method for Implementing ACLs Using Standard LPM Engine
US20080109912 *8 Nov 20068 May 2008Citrix Systems, Inc.Method and system for dynamically associating access rights with a resource
US20080144502 *19 Dec 200619 Jun 2008Deterministic Networks, Inc.In-Band Quality-of-Service Signaling to Endpoints that Enforce Traffic Policies at Traffic Sources Using Policy Messages Piggybacked onto DiffServ Bits
US20080209440 *2 May 200828 Aug 2008Roman GinisDistributed messaging system supporting stateful subscriptions
US20080225719 *12 Mar 200718 Sep 2008Vamsi KorrapatiSystems and methods for using object oriented expressions to configure application security policies
US20080225720 *12 Mar 200718 Sep 2008Prakash KhemaniSystems and methods for configuring flow control of policy expressions
US20080225722 *12 Mar 200718 Sep 2008Prakash KhemaniSystems and methods for configuring policy bank invocations
US20080225753 *12 Mar 200718 Sep 2008Prakash KhemaniSystems and methods for configuring handling of undefined policy events
US20080229381 *12 Mar 200718 Sep 2008Namit SikkaSystems and methods for managing application security profiles
US20080239951 *6 May 20082 Oct 2008Robert Evan StromMethod for applying stochastic control optimization for messaging systems
US20080244025 *6 May 20082 Oct 2008Roman GinisContinuous feedback-controlled deployment of message transforms in a distributed messaging system
US20090141737 *30 Nov 20074 Jun 2009Texas Instruments IncorporatedSystems and methods for prioritized channel access hardware assistance design
US20090254973 *25 Feb 20098 Oct 2009Foundry Networks, Inc.System and method for source ip anti-spoofing security
US20090260083 *25 Feb 200915 Oct 2009Foundry Networks, Inc.System and method for source ip anti-spoofing security
US20090307773 *4 Jun 200910 Dec 2009Foundry Networks, Inc.System and method for arp anti-spoofing security
US20090316711 *24 Jun 200824 Dec 2009Intel CorporationPacket switching
US20100080232 *8 Dec 20091 Apr 2010Huawei Technologies Co., LtdMETHOD FOR SELECTING QoS POLICY AND SYSTEM THEREOF
US20100229228 *19 May 20109 Sep 2010Timothy Ernest SimmonsMethod and apparatus for associating tickets in a ticket hierarchy
US20100251335 *7 Jun 201030 Sep 2010Pyda SrisureshPolicy based network address translation
US20100325697 *31 Aug 201023 Dec 2010Citrix Systems, Inc.Multilayer access control security system
US20100325700 *26 Aug 201023 Dec 2010Brocade Communications Systems, Inc.System, method and apparatus for providing multiple access modes in a data communications network
US20100333191 *30 Jun 201030 Dec 2010Foundry Networks, Inc.System and method for protecting cpu against remote access attacks
US20140044111 *8 Aug 201213 Feb 2014Broadcom CoporationFrame Chaining for Bridged Traffic
US20140129705 *17 Dec 20138 May 2014Eric David O'BrienSecurity network processor system and method
US20140165133 *8 Jul 201312 Jun 2014International Business Machines CorporationMethod for Directing Audited Data Traffic to Specific Repositories
US20140165189 *8 Dec 201212 Jun 2014International Business Machines CorporationDirecting Audited Data Traffic to Specific Repositories
US20140280902 *25 Jul 201318 Sep 2014Google Inc.IP Allocation Pools
US20150142948 *15 Nov 201321 May 2015F5 Networks, Inc.Extending policy rulesets with scripting
US20160021572 *16 Jul 201521 Jan 2016Brocade Communications Systems, Inc.Method and system for optimized load balancing across distributed data plane processing entities for mobile core network
US20160021573 *16 Jul 201521 Jan 2016Brocade Communications Systems, Inc.Method and system for idle mode transfer for load balancing across distributed data plane processing entities for mobile core network
US20160219131 *19 Jan 201628 Jul 2016Palo Alto Networks, Inc.L2/l3 multi-mode switch including policy processing
EP1523138A2 *4 Oct 200413 Apr 2005Alcatel Alsthom Compagnie Generale D'electriciteAccess control mechanism for routers
EP1523138A3 *4 Oct 200420 Apr 2005Alcatel Alsthom Compagnie Generale D'electriciteAccess control mechanism for routers
EP2430800A1 *15 May 200921 Mar 2012Hewlett-Packard Development Company, L.P.A method and apparatus for policy enforcement using a tag
EP2430800A4 *15 May 20098 Jan 2014Hewlett Packard Development CoA method and apparatus for policy enforcement using a tag
WO2004107131A2 *28 May 20049 Dec 2004Caymas Systems, Inc.Policy based network address translation
WO2004107131A3 *28 May 20047 Apr 2005Caymas Systems IncPolicy based network address translation
WO2007033782A112 Sep 200629 Mar 2007Rohde & Schwarz Gmbh & Co. KgCommunications network, network node device and method including a local transmission of encrypted service quality-relevant information
WO2010132061A115 May 200918 Nov 2010Hewlett-Packard Development Company, L. P.A method and apparatus for policy enforcement using a tag
WO2015073546A1 *12 Nov 201421 May 2015F5 Networks, Inc.Extending policy rulesets with scripting
WO2015126845A1 *17 Feb 201527 Aug 2015F5 Networks, Inc.Concurrent evaluation of large rule sets with conditions
WO2016180191A1 *20 Apr 201617 Nov 2016Huawei Technologies Co., Ltd.Localized traffic flow management in a wireless network
Classifications
U.S. Classification370/230.1, 370/395.21, 370/412
International ClassificationH04L12/46, H04L12/56, H04Q11/04, H04L12/24
Cooperative ClassificationH04L49/205, H04L47/10, H04L49/30, H04L2012/5678, H04L2012/5625, H04Q11/0478, H04L49/3027, H04L2012/5684, H04L47/76, H04L12/4625, H04L41/0893, H04L49/90, H04L47/781, H04L47/822, H04L49/254, H04L47/20, H04L47/2441, H04L47/2408, H04L47/245, H04L47/805
European ClassificationH04L47/20, H04L49/90, H04L47/76, H04L12/46B7B, H04L47/80C, H04L41/08F, H04L47/78A, H04L47/24A, H04L47/24E, H04L49/20C, H04L47/10, H04L47/82B, H04L47/24D, H04Q11/04S2
Legal Events
DateCodeEventDescription
10 May 2002ASAssignment
Owner name: ALCATEL INTERNETWORKING, INC., CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SEE, MICHAEL E.;MORGAN, DAVID;CLAWSON, STEPHEN;AND OTHERS;REEL/FRAME:012881/0127;SIGNING DATES FROM 20020329 TO 20020415
25 Feb 2003ASAssignment
Owner name: ALCATEL, FRANCE
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ALCATEL INTERNETWORKING, INC.;REEL/FRAME:013776/0827
Effective date: 20021216