Electrical computers and digital processing systems: multicomput – Network computer configuring
Reexamination Certificate
1999-07-07
2003-03-25
Coulter, Kenneth R. (Department: 2154)
Electrical computers and digital processing systems: multicomput
Network computer configuring
C709S221000, C709S222000, C709S223000
Reexamination Certificate
active
06539425
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to the field of communications networks. More particularly, the present invention relates, in one aspect, to controlling the operation of such networks pursuant to one or more network operational policies. Still more particularly, aspects of the present invention relate to networks including policy-enabled devices, such as routers, switches and the like, that are responsive to distributed policy messages for device configuration and operation.
BACKGROUND OF THE INVENTION
Modern communications networks, including private and public data networks (such as Wide Area Networks, and the Internet) comprise a (usually large) number of interconnected network nodes. These nodes each contain one or more of a variety of network devices—such as repeaters, concentrators, routers, bridges, switches and hubs—for relaying, combining, directing and otherwise handling information in its transit across the network. Each device has traditionally been configured and controlled for its intended function under the control of a human network administrator using table-driven configuration and control information. The device settings for a particular mode of operation generally depend on the type of device, and usually vary for devices of the same type when supplied by different manufacturers.
While some network nodes, and devices at such nodes, remain in one configuration and operational state for some time, others require reconfiguration frequently to reflect changing network conditions and operational preferences. Thus, for example, if traffic arriving at a particular node increases, or priorities for particular data streams through a node change, it may be necessary to adjust (configuration, filter or other) table settings at one or more network nodes. Frequently, configuration and other settings are dictated, in part, by Quality of Service (QoS) commitments made to particular users or classes of users. Other configuration changes are required to reflect network service changes, as when new or modified network applications are introduced.
To avoid the tedious and error-prone manual adjustment of configuration settings at network nodes, a number of network management tools have been developed. These tools have generally allowed centralized administration of a plurality of nodes through the sending of messages to replace or update routing and other tables at affected nodes.
More recently, a directory-based approach has been used to effect changes at nodes in some networks. In accordance with one implementation of directory-based controls, a directory server transmits information in a directory to a network node to be updated, often using the well-known Lightweight Directory Access Protocol (LDAP) adopted as a standard by the Internet Engineering Task Force (IETF). Directory contents received at the node are used to wholly or partially replace or update configuration and related operational information previously stored at the node. The same directory information may be used for updating more than one node (or all nodes) in a network. Directory information used for such updating has traditionally been supplied by a network administrator, as have the directories applicable to particular nodes and particular circumstances (such as changes of QoS or user priorities).
With the increasing diversity of network users, applications and available services, networks of even modest complexity have given rise to the need for unified policy-based control and configuration. Attempts have been made to introduce policy servers suitable for formulating directory information appropriate for delivery to network devices for effecting the policies reflected in the directory contents. In accordance with a current “pull” model, directory information is sought to be provided in response to a request by a network device upon device boot-up, or upon some change in operation of a device or network application. Such proposed pull methodology is to be contrasted with prior “push” approaches in which a central repository delivered (pushed) policy-based data to network devices.
FIG. 1
shows a simple prior art arrangement for delivery of a desired network policy to a network device using policy-based administration. There, a network manager establishes a policy for all or parts of a network using policy development tools, typically including a high level language and network and device definitions. The policy definition, including such QoS, authentication, encryption or other policy factors deemed important, is conveniently stored at a directory server, shown as
120
in
FIG. 1
, where it becomes accessible using LDAP. When a network device, such as
130
in
FIG. 1
, is booted up or receives a request by a user for some new or different service, device
130
issues a request for directions to a policy server, shown as
110
in FIG.
1
. The policy server in turn issues a request of the directory server
120
for the information in the appropriate directory. Policy server
110
in typical fashion then forwards a copy of the requested directory information to the network device
130
, often using simpler protocols—such as the Common Open Policy Service (COPS) protocol. Other well-known protocols commonly used for dealing with information transfers between network devices and a policy server include the Remote Authentication Dial-In User Service (RADIUS), and its extension, DIAMETER.
While the policy server
120
in
FIG. 1
is used to control policy behavior (relating, e.g., to security or QoS) of a network device such as
130
in
FIG. 1
, the policy server is not generally responsible for providing configuration information for individual network devices. Rather, such device configuration information is typically requested directly from the directory server (
120
in
FIG. 1
) by each particular device. Again, access to directory information is facilitated using protocols such as the LDAP protocol.
FIG. 2
shows another representation of a prior art policy-based network control arrangement with two network devices
130
-
1
and
130
-
2
connected directly to directory server
120
over LDAP links
240
and
260
for the transfer of device configuration information. These network devices are also shown connected through policy server
110
to directory server
120
. Illustratively, the connection
250
between policy server
110
and directory server
120
is also a LDAP link, while the policy-based information is transferred to representative network devices
130
-
1
and
130
-
2
over respective links
270
-
1
and
270
-
2
—illustratively using the above-mentioned COPS protocol (for device
130
-
1
) and the well-known DIAMETER protocol (for device
130
-
2
). The data store
125
providing the directory storage facilities is also shown explicitly in the
FIG. 2
network representation.
One policy-based approach to network administration, known as Directory Enabled Networks (DEN), has sought to define and relate problem domains, usage profiles, an information model and so-called “schemas” for integrating networks with directory services. Schemas are often defined in terms of classes of objects, each subject to inheritance, naming and other constraints, and each having identifiable attributes. For an example of a policy schema and illustrative class structures, see “Policy Framework Core Information Model,” by the Internet Engineering Task Force, Nov. 17, 1998, available at search.ietf.org/internet-drafts/draft-ietf-policy-core-schema-00.txt.
An important factor in the use of a DEN or other prior policy-based network control is the adherence to the strict definitions, directory organization and language by the diverse vendors of network devices. Such vendors have traditionally sought to differentiate their product and service offerings from those of competitors by including proprietary features and extensions to industry standards. Thus, particular expressions of policy can be interpreted differently by network devices incorporating such proprietary extensions and
Stevens Mark L.
Weiss Walter Johan
Avaya Technology Corp.
Coulter Kenneth R.
Ryan & Mason & Lewis, LLP
LandOfFree
Policy-enabled communications networks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Policy-enabled communications networks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Policy-enabled communications networks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3080573