The present invention relates to policy rule based operations and more particularly to policy rule based computer network systems such as computer networks.
Computer networks have grown increasingly complex with the use of distributed client/server applications, mixed platforms and multiple protocols all in a single physical backbone. The control of traffic on networks is likewise moving from centralized information systems departments to distributed work groups. The growing utilization of computer networks is not only causing a move to new, high speed technologies, but is at the same time making the operation of computer networks more critical to day to day business operations. The use of quality of service (QoS) criteria for managing and/or contracting communication service level agreements (SLAs) is becoming increasingly common in networks, such as networks supporting Internet protocol (IP) communications.
The Internet Engineering Task Force (IETF) has proposed a set of policy schemas (object oriented models of policy classes and policy attributes) and a policy framework for managing future networks. The IETF proposed policy based networking technology is described in the Internet draft entitled xe2x80x9cPolicy Core LDAP Schema,xe2x80x9d draft-IETF-policy-core-schema-07.txt, Jul. 14, 2000 (xe2x80x9cIETF proposalxe2x80x9d). Among other things, the IETF proposal includes three policy classes referred to as policy Rule, policy Action and policy Condition respectively. A policy rule (class policyRule) has the following semantics: xe2x80x9cIf Condition then Action.xe2x80x9d In other words, the actions (class policyAction) specified by a policy rule are to be performed/executed only if the policy condition (class policyCondition) evaluates to TRUE (i.e., is met).
Stated differently, the IETF proposal provides policy conditions which represent a set of criteria that are used to identify various groupings, such as host(s), routing, application(s), based on which, if the condition evaluates to TRUE, appropriate actions are performed. The application condition group, for example, includes, among other things, an attribute that is used to identify the content of the application data to be used in the policy condition evaluation. This data, for Web requests, generally represents the Universal Resource Indicator (URI) portion of the Universal Resource Locator (URL) or the directory where the object of the request is located.
In addition to the network environment, various other areas are dependent upon operations which are policy rule based. Thus, structuring procedures or methods based upon a policy expressed as xe2x80x9cIf Condition then Actionxe2x80x9d may be generalized across a broad scope of applications where similar issues of implementation may be encountered. Some of these application environments operate under conditions without time pressures. However, implementation of such policy rule based operations in time sensitive environments, such as a high speed network environment, can place time critical demands on processing capabilities of various network communication server devices. Rapid detection of the application data type or other aspects of a communication packet processed by a communication server may be critical, for example, where service differentiation by different data types is utilized to guarantee SLAs related to QoS.
As an example, in the environment of the worldwide Web (Web or Internet), each hypertext transport protocol (HTTP) type request can result in a different data type(s) being sent to a requesting client device from a server device. For example, an HTTP request may call for video/audio data streaming, transaction oriented data, FTP data, etc. Different data types may require different service levels to be assigned while the data is being transmitted to the client. For instance, File Transfer Protocol (FTP) type data generally requires low loss but is not highly sensitive to delays whereas video/audio data will typically be sensitive to delay but not to loss.
Embodiments of the present invention include methods, systems and computer program products which provide for processing an event having a classification based on associated policy rules where the policy rules are conditioned on the classification. A policy rules hash table is provided including a plurality of policy rule entries, each policy rule entry being associated with a hash index. An event is received and a hash index is generated using a classification hash length based on the classification of the event, the classification having an associated length at least equal to the classification hash length. A policy rule entry in the policy rules hash table is identified that corresponds to the generated hash index. It is determined if a classification field length associated with the identified policy rule corresponds to the classification hash length. The identified policy rule entry is executed if the hash length associated with the identified policy rule corresponds to the classification hash length.
In further embodiments of the present invention, the hash index is generated using a list identifying classification hash lengths to be used for generation of a hash index for a plurality of candidate classification lengths of the classification. The list has associated classification hash lengths corresponding to classification field lengths associated with at least one of the plurality of policy rule entries. A classification hash length is identified from the provided list for the received event which is no greater than the associated length of the classification. The hash index is generated using the identified classification hash length.
Identification of a classification hash length in various embodiments includes identifying from the provided list a classification hash length for the received event which is equal to the associated length of the classification of the received event if such a classification hash length is found in the provided list. A classification hash length which is found in the provided list is selected as a classification hash length for the received event, the selected classification hash length being a largest length not greater than the associated length of the classification of the received event, if a classification hash length which is equal to the associated length of the classification of the received event is not found in the provided list.
In other embodiments of the present invention, the identified policy rule entry has a plurality of associated conditions, the classification being one of the plurality of associated conditions. It is determined if all of the plurality of associated conditions are met and the identified policy rule entry is executed only if all of the plurality of associated conditions are met.
In yet other embodiments of the present invention, a method is provided for processing an event having a classification based on associated policy rules, the policy rules being conditioned on the classification. A policy rules hash table is provided including a plurality of policy rule entries, each policy rule entry being associated with a hash index. A list is also provided identifying classification hash lengths to be used for generation of a hash index for a plurality of candidate classification lengths of the classification, the list having associated classification hash lengths corresponding to classification field lengths found in at least one of the plurality of policy rule entries. An event is received. A classification hash length is identified from the provided list for the received event which is no greater than an associated length of the classification of the received event. A hash index is generated using the identified classification hash length. A policy rule entry is identified in the policy rules hash table that corresponds to the generated hash index and that has an associated classification field length that corresponds to the classification hash length of the event. It is determined if all conditions associated with the identified policy rule entry are met and the identified policy rule entry is executed if all conditions associated with the identified policy rule entry are met.
In other embodiments of the present invention, it is further determined if another policy rule entry in the policy rules hash table corresponds to the generated hash index and that has an associated classification field length that corresponds to the classification hash length of the event if a first policy rule entry in the policy rules hash table is identified that corresponds to the generated hash index and that has an associated classification field length that does not correspond to the classification hash length of the event. It is also determined if all conditions associated with the another policy rule entry are met and the another policy rule entry is executed if all conditions associated with the another policy rule entry are met.
It may also be determined if the identified policy rule entry includes a reference to an alternate policy rule entry in the policy rules hash table if all conditions associated with the identified policy rule entry are not met. Then it is determined if all conditions associated with the alternate policy rule entry are met and the alternate policy rule entry is executed if all conditions associated with the alternate policy rule entry are met. A next lowest classification hash length which is found in the provided list may be selected as an alternate classification hash length for the received event, the selected next lowest classification hash length being a largest length not greater than the selected classification hash length, if all conditions associated with the identified policy rule entry are not met and if the identified policy rule entry does not include a reference to an alternate policy rule entry. The hash index may then be generated using the next lowest classification entry.
In further embodiments of the present invention, a method is provided for processing a Web request having an associated classification at a communication server based on associated policy rules, the policy rules being conditioned on the classification. A policy rules hash table including a plurality of policy rule entries, each policy rule entry being associated with a hash index is provided. A list is also provided identifying classification hash lengths to be used for generation of a hash index for a plurality of candidate classification lengths of the classification, the list having associated classification hash lengths corresponding to classification field lengths found in at least one of the plurality of policy rule entries. The Web request is received at the communication server. A classification hash length is identified from the provided list for the received Web request which is no greater than an associated length of the classification of the received Web request. A hash index is generated using the identified classification hash length. A policy rule entry is identified in the policy rules hash table that corresponds to the generated hash index and that has an associated classification field length that corresponds to the classification hash length of the Web request. It is determined if all conditions associated with the identified policy rule entry are met and the identified policy rule entry is executed to process the Web request if all conditions associated with the identified policy rule entry are met. The associated classification may be a Universal Resource Indicator (URI) associated with the Web request.
In other embodiments of the present invention, systems are provided for processing an event having a classification based on associated policy rules, the policy rules being conditioned on the classification. The systems include a policy rules hash table including a plurality of policy rule entries, each policy rule entry being associated with a hash index. A hash index generator circuit generates a hash index using a classification hash length based on the classification of the event, the classification having an associated length at least equal to the classification hash length. A hash lookup circuit identifies a policy rule entry in the policy rules hash table that corresponds to the generated hash index. A comparison circuit determines if a classification field length associated with the identified policy rule corresponds to the classification hash length and executes the identified policy rule entry if the hash length associated with the identified policy rule corresponds to the classification hash length. The systems may be provided on a communication server of a computer network and the event may be a Web request received at the communication server.
While the invention has been described above primarily with respect to the method aspects of the invention, both systems and/or computer program products are also provided.