Electrical computers and digital processing systems: multicomput – Computer-to-computer data routing – Least weight routing
Reexamination Certificate
1999-07-30
2003-07-29
Luu, Le Hien (Department: 2141)
Electrical computers and digital processing systems: multicomput
Computer-to-computer data routing
Least weight routing
C709S223000
Reexamination Certificate
active
06601082
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a system and method for managing a network.
BACKGROUND OF THE INVENTION
Recent innovations in conventional communication networks (e.g., the Internet and corporate networks) are transforming a network infrastructure from a “dumb, best effort” model into an “intelligent” network. The intelligent network is built around a set of new network services such as Quality of Service, multipoint communication, remote configuration and software distribution, security, and sophisticated directory services. Resulting changes in the use of network resources require major changes in how network resources are managed. In particular, network managers and service providers must be able to monitor and control network resources and services based on policies derived from a variety of criteria such as a user's identity, application type, current traffic conditions, bandwidth requirements, security considerations, time-of-day, and cost.
A conventional method of managing a network resource has a one-level logic structure. Such a structure has a number of constraints for each action requested. For instance, if user A wants to access a network X, the network X would look up user A's profile to see whether user A is authorized for such access. In addition to the authorization information, user A's profile would include other information about his privileges with respect to the network resources.
Conventional management tools use a centralized management console for configuring, monitoring, and controlling the behavior of various network devices in the network. Typically, a single logical console is responsible for a given control domain (e.g., a Windows NTO domain or an administrative domain for routing protocols), and the control domains themselves are organized into a hierarchy for the purpose of scaling to large corporate networks. Such control hierarchies also tend to reflect the organizational hierarchies within an information technology organization.
Network devices, such as switches and routers, are optimized to perform one central task—data forwarding; other tasks are secondary. As a result, these devices provide only minimal support for network management, usually by supplying performance or status data in response to polls from a management console. Thus, in the deployment of policy-based control, it is important to avoid overburdening these devices with complex processing such as policy interpretation or policy-based admission control.
Furthermore, a traffic load on corporate networks spans a wide spectrum of traffic characteristics, and network traffic related to mission-critical applications (e.g., those accessing corporate databases and other services) must compete with other, less-important traffic. The explosion in the use of web-based technologies such as subscription channels, push services, and audio/video streams that do not include congestion avoidance mechanisms, all contribute to significant increases in traffic load. Deployment of internet protocol (“IP”) multicast and associated business applications such as distance learning and corporate training adds yet another dimension to the allocation of network resources. Clearly, such unconstrained access to a local area network (“LAN”) bandwidth has the potential to saturate most enterprise networks and must be carefully controlled to avoid network bottlenecks. In addition, network communications need to be secure and protected. Furthermore, access to network resources (e.g., servers, files, etc.) must be controlled and protected.
SUMMARY OF THE INVENTION
The present invention relates to a system and method for managing a network using a policy tree that includes a plurality of levels (e.g., two levels, five levels, etc.). The policy tree may be generated/updated by the network and/or an outside system. When the network receives a request for providing an action to a particular source, the network determines if the action is available as a function of at least one level of the plurality of levels. If the action is available, then the network determines if the particular source is authorized to be provided with the action as a function of at least one rule of at least one further level of the plurality of levels. If the particular source is authorized, then the network provides the action to the particular source.
The plurality of levels of the policy may include a first level, a second level, a third level, a fourth level and a fifth level. The first level may be generated as a function of an action type which may be indicative of the action. The second level may be generated as a function of the action and linked to the first level. The third level may be generated as a function of the at least one rule. The fourth level may be generated as a function of at least one condition type of the at least one rule. The fourth level may be linked to the third level. The fifth level may be generated as a function of at least one condition of the at least one condition type. The fifth level may be linked to the fourth level.
REFERENCES:
patent: 5680530 (1997-10-01), Selfridge et al.
patent: 6003061 (1999-12-01), Jones et al.
patent: 6308163 (2001-10-01), Du et al.
patent: 6321133 (2001-11-01), Smirnov et al.
patent: 6341287 (2002-01-01), Sziklai et al.
Durham David M.
Fenger Russell J.
Yavatkar Rajendra S.
LandOfFree
System and method for managing actions provided by a network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for managing actions provided by a network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for managing actions provided by a network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3063189