Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and apparatus for network wide policy-based analysis of configurations of devices

a network device and configuration analysis technology, applied in the field of network protocol (ip) network devices, can solve the problems of invalidating the enforcement of network policies, ip traffic from the internet, and errors in configuration files that can go undetected for a long tim

Inactive Publication Date: 2006-06-15
REDSEAL NETWORKS
View PDF16 Cites 88 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Any error in the configuration file of a single network device can invalidate the enforcement of the network policy.
Furthermore, errors in the configuration files can go undetected for a long time.
For example, a router configuration error can cause IP traffic from the Internet, which is destined for a number of hosts (computers) within the corporate network (enterprise), to be lost.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for network wide policy-based analysis of configurations of devices
  • Method and apparatus for network wide policy-based analysis of configurations of devices
  • Method and apparatus for network wide policy-based analysis of configurations of devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029]FIG. 1 schematically illustrates a hardware environment of an embodiment of the present invention. A corporate network 100 is connected to a public network 110 (e.g., the Internet) via a router 120. The corporate network 100 contains a plurality of sub-networks, including a sub-network dmz 130 and a second sub-network 140. The sub-network dmz 130 is connected to the router 120 and contains a host 150 (e.g., a hardened mail server) for providing one or more services to the corporate network 100. The second sub-network 140 contains a plurality of networked computers 160. A firewall 170 filters packets between the second sub-network 140 and the public network 110 to provide security for the networked computers 160 in the corporate network 100.

[0030]FIG. 2 is a flow diagram illustrating the operation of an analysis platform (e.g., an Ontura server) in accordance with the present invention. The process starts at step 200. In step 210, the analysis platform receives a network polic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method and an apparatus for analyzing a network configuration against a corporate network policy and determining violation(s) against the corporate network policy. A report indicating the violation(s) can be generated indicating instances of the violation(s). An analysis platform reads in a network policy. The analysis platform collects configuration files from the relevant network devices in the network and builds up an internal instance of a network configuration model based on the configuration files and the network topology. The analysis platform analyzes this network configuration model according to the network policy and adds an entry to its final report each time that it detects a violation against the network policy in the network configuration model. The data in the entries pinpoints the cause of the deviation(s) from the network policy.

Description

RELATED APPLICATIONS [0001] This application is related to and claims the benefit of provisional application Ser. No. 60 / 279,190, filed Mar. 27, 2001, the contents of which are hereby incorporated by reference.FIELD OF THE INVENTION [0002] The present invention relates generally to Internet Protocol (IP) network devices, such as firewalls, routers, switches, servers, and more particularly, to a method and apparatus for policy-based analysis of the configurations of the network devices. BACKGROUND OF THE INVENTION [0003] A computer network's basic functionality is determined by the configuration of the network devices present in the network. Network devices include routers, network switches, servers, firewalls, and virtual private networks. [0004] A router is a network gateway that joins two or more IP networks and switches packets between the networks. A network administrator can implement a high-level corporate routing policy by configuring the settings of each router in the networ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): G06F15/173H04L12/24H04L29/06
CPCH04L41/0893H04L41/12H04L63/102H04L63/20H04L41/0894
Inventor MAYER, ALAIN JULES
Owner REDSEAL NETWORKS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products