Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and apparatus for network wide policy-based analysis of configurations of devices

a network device and configuration analysis technology, applied in the field of network protocol (ip) network devices, can solve the problems of invalidating the enforcement of network policies, ip traffic from the internet, and errors in configuration files that can go undetected for a long tim

Inactive Publication Date: 2006-06-15
REDSEAL NETWORKS
View PDF16 Cites 88 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

"The present invention is a method and apparatus for analyzing a network configuration against a corporate network policy and determining violations. The analysis platform reads in the network policy and collects configuration files from relevant network devices to build up an internal instance of a network configuration model. The analysis platform analyzes this model according to the network policy and adds an entry to its final report each time that it detects a violation. The data in the entries pinpoints the cause of the deviation from the network policy. The network policy describes capabilities for particular hosts in the network and limits the IP traffic from and to these hosts according to the type of service. The network administrator can determine that relevant IP traffic, and only relevant IP traffic, is able to reach the hosts. The network policy also describes routes that the IP traffic should take between different sites of the same enterprise and ensures that the routes taken by the IP traffic within the enterprise adhere to the network policy."

Problems solved by technology

Any error in the configuration file of a single network device can invalidate the enforcement of the network policy.
Furthermore, errors in the configuration files can go undetected for a long time.
For example, a router configuration error can cause IP traffic from the Internet, which is destined for a number of hosts (computers) within the corporate network (enterprise), to be lost.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for network wide policy-based analysis of configurations of devices
  • Method and apparatus for network wide policy-based analysis of configurations of devices
  • Method and apparatus for network wide policy-based analysis of configurations of devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029]FIG. 1 schematically illustrates a hardware environment of an embodiment of the present invention. A corporate network 100 is connected to a public network 110 (e.g., the Internet) via a router 120. The corporate network 100 contains a plurality of sub-networks, including a sub-network dmz 130 and a second sub-network 140. The sub-network dmz 130 is connected to the router 120 and contains a host 150 (e.g., a hardened mail server) for providing one or more services to the corporate network 100. The second sub-network 140 contains a plurality of networked computers 160. A firewall 170 filters packets between the second sub-network 140 and the public network 110 to provide security for the networked computers 160 in the corporate network 100.

[0030]FIG. 2 is a flow diagram illustrating the operation of an analysis platform (e.g., an Ontura server) in accordance with the present invention. The process starts at step 200. In step 210, the analysis platform receives a network polic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method and an apparatus for analyzing a network configuration against a corporate network policy and determining violation(s) against the corporate network policy. A report indicating the violation(s) can be generated indicating instances of the violation(s). An analysis platform reads in a network policy. The analysis platform collects configuration files from the relevant network devices in the network and builds up an internal instance of a network configuration model based on the configuration files and the network topology. The analysis platform analyzes this network configuration model according to the network policy and adds an entry to its final report each time that it detects a violation against the network policy in the network configuration model. The data in the entries pinpoints the cause of the deviation(s) from the network policy.

Description

RELATED APPLICATIONS [0001] This application is related to and claims the benefit of provisional application Ser. No. 60 / 279,190, filed Mar. 27, 2001, the contents of which are hereby incorporated by reference.FIELD OF THE INVENTION [0002] The present invention relates generally to Internet Protocol (IP) network devices, such as firewalls, routers, switches, servers, and more particularly, to a method and apparatus for policy-based analysis of the configurations of the network devices. BACKGROUND OF THE INVENTION [0003] A computer network's basic functionality is determined by the configuration of the network devices present in the network. Network devices include routers, network switches, servers, firewalls, and virtual private networks. [0004] A router is a network gateway that joins two or more IP networks and switches packets between the networks. A network administrator can implement a high-level corporate routing policy by configuring the settings of each router in the networ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): G06F15/173H04L12/24H04L29/06
CPCH04L41/0893H04L41/12H04L63/102H04L63/20H04L41/0894
Inventor MAYER, ALAIN JULES
Owner REDSEAL NETWORKS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com