1. Field of the Invention
This invention pertains generally to internetwork router operating systems. More particularly, the invention is a method and system for verifying router configuration transactions carried out by a centralized database system.
2. The Prior Art
In a routing device, internetwork operating systems (IOS) or more commonly, router operating systems (OS), provide the basic command functions for the routing device as well as various subsystem components which provide specific functions or routines provided by the routing device.
In general, routing devices carry out the operation of reliably transferring network messages or packets between a network of coupled devices, or a collection of such networks. A reliable transfer protocol is provided by the IOS for carrying out such operation. Additionally, an interface in communication with a Configuration (config) subsystem is provided which allows a user of the routing device to configure the operations of the routing device.
The user may configure, for example, the IP address of a serial interface facility or the default route for the routing device. A config command issued by the user is received by the config subsystem and processed therein. The config subsystem determines from the config command issued by the user which client subsystem is affected by configuration information contained in the config command. The config subsystem then carries out a communication exchange with the affected client subsystem to deliver the change in configuration information.
However, router devices typically include a plurality of client subsystems which manage specific functions, requiring multiple dependencies between the config subsystem and such client subsystems. Furthermore, client subsystems often have multiple dependencies with other client subsystem. For example, the PPP subsystem is dependent upon the IP subsystem for Internet address information and the AAA subsystem for user authentication and credential information. These and other subsystem dependencies as is known in the art prevent modularity in subsystem design and implementation within the IOS of the router.
Another drawback with current subsystem implementation schemes arises when temporary configuration changes to a subsystem are to be carried out. A temporary change is desired when, for example, a user of the routing device wishes to test a particular configuration to analyze the efficiency of such configuration, but would like the opportunity to subsequently revert or xe2x80x9cback-outxe2x80x9d of the change if desired. During such a configuration sequence, multiple transactions will typically need to be carried out between various subsystems. For example, where a user configures the IP address of a serial facility port, the config subsystem will communicate the new IP address to the IP subsystem. In turn, the IP subsystem will communicate to the PPP subsystem that serial facility port has new IP address information. When the changes are to be aborted or otherwise reverted, a similar chain of communication is necessary to complete the task of reverting prior changes. Such multiple dependencies between the various subsystems of the IOS make common transactions cumbersome and unnecessarily complicated. Furthermore, design and development of the various subsystems of the IOS must take into account these multiple dependencies requiring longer design and development time.
Another situation where a temporary change is desired is when a user connects to the router via a xe2x80x9cdial-inxe2x80x9d connection port. Dial-in connections are provided by a plurality of subsystem of the IOS. Certain default settings may be configured for most users. However, specialized settings may be configured for certain users, such as network administrators who have particular access privileges, for example. Where a user connects via a dial-in connection, a dialer subsystem communicates with an AAA subsystem to provide name and password information. Responsive to this communication, the AAA subsystem determines the access credentials of the dial-in user from the name and password information and communicates with a PPP subsystem. The access credentials provide, among other things, the configurations for the user at the dial-in connection port. The PPP subsystem then sets the port configurations for the user according to the user""s access credentials thereby enabling point-to-point communication for the user.
When the user disconnects, the PPP subsystem, the AAA subsystem and the dialer subsystem need to communicate with each other to restore default settings. This situation presents another illustration where multiple dependencies between the various subsystems of the IOS make common transactions cumbersome and unnecessarily complicated.
Copending application Ser. No. 09/416,310 entitled METHOD AND SYSTEM FOR EXECUTING, TRACKING AND RESTORING TEMPORARY ROUTER CONFIGURATION CHANGE USING A CENTRALIZED DATABASE, filed Oct. 12, 1999, describes a method and system for transacting routing device configurations using a centralized information provider or database system and is incorporated herein by reference. In this copending application, a centralized database system (sysDB) is provided within the IOS which manages transactions on router configuration data. The sysDB receives configuration commands from various IOS subsystems. Such commands may include, for example, a request to change configuration data and a request to revert changes made to the configuration data. The IOS subsystems are designed to be modular and independent from each other and are normally dependent only upon the sysDB for carrying out router configuration transactions. However, certain subsystems are xe2x80x9cauthoritativexe2x80x9d for certain router configuration data and are responsible for verifying requested transaction by approving or rejecting changes to the configuration data before such changes are carried out. For example, the IP subsystem is authoritative for IP address changes to the router configuration data and approves or rejects changes to IP address modifications before such changes are made.
Accordingly, there is a need for a method and system for verifying router configuration transactions which uses a centralized information provider for router configuration information and which does not rely upon multiple dependent subsystems. The present invention satisfies these needs, as well as others, and generally overcomes the deficiencies found in the background art.
An object of the invention is to provide a method and system for verifying router configuration transactions which overcomes the prior art.
Another object of the invention is to provide a method and for verifying router configuration transactions using a centralized database.
Another object of the invention is to provide a method and system for verifying router configuration transactions which does not require multiple dependencies between subsystem applications of the router.
Another object of the invention is to provide a method and system for verifying router configuration transactions which allows the subsystem applications of the router to be modular and independent of each other.
Further objects and advantages of the invention will be brought out in the following portions of the specification, wherein the detailed description is for the purpose of fully disclosing the preferred embodiment of the invention without placing limitations thereon.
The present invention is a method and system for verifying changes to router configuration information maintained by a centralized information provider or database system. The method of the invention is provided by operating system software which is run or otherwise executed on the routing device (router). The method of present invention is implemented by software which is stored on a computer-readable medium, such as computer memory, for example.
In its most general terms, the method of the invention comprises software routines and algorithms which are generally provided as part of an operating system (OS) which is executed in a router device. The operating system software which is also known as internetwork operating system (IOS) comprises a plurality of subsystems, each of which perform functions for the router.
One of the subsystems provided by the IOS is a centralized database system (sysDB). The sysDB executes as a subsystem component in the router and provides a centralized storage and retrieval facility for configuration information required by other subsystems of the IOS. The configuration information stored on the sysDB may include, for example, Internet protocol (IP) addresses, Ethernet configurations, subnet masks, default routes, protocol configuration, name server information, user and password data, access levels, and other router data as is known in the art. As noted above, prior art router implementations have required the individual subsystems to handle storage and retrieval of configuration information related to the corresponding subsystem (i.e., IP subsystems contained IP configuration data, AAA subsystems contained user authentication information). The present invention employs a centralized sysDB which handles storage and retrieval tasks normally assigned to various subsystems. By centralizing such configuration information in a sysDB, multiple dependencies between the other individual subsystem are avoided or greatly reduced. This arrangement allows the subsystem design and implementation to be modular. Subsystems may be added and removed with greater ease due to the lack of multiple and prevalent dependencies.
The sysDB subsystem preferably employs a hierarchical name space scheme in a tree format (sysDB tree) for data storage and retrieval of configuration and other information for the router. Each branch or leaf on the tree is treated as a node or a xe2x80x9ctuplexe2x80x9d. In an illustrative example, the sysDB tree employs a naming convention analogous to the UNIX(copyright) file system where intermediate nodes of the tree are analogous to UNIX(copyright) directories and where leaf nodes are treated as files and data which are associated with the files. In the preferred embodiment, each node or tuple in the sysDB tree has a pointer to its parent node, a pointer to its next peer, and a pointer to its first child. With this arrangement, all the children of a tuple can be iterated by using the first child as the head of a link list and traversing through the corresponding peer of each child. While the sysDB described above employs a tree structure for data storage and retrieval, other data storage facilities known in the art may be utilized including, for example, a table, btree or relational table scheme without deviating from present invention disclosed herein.
According to a first aspect of the invention, the sysDB carries out the operation of registering subsystem applications for verification of configuration changes made to the router. Subsystem applications may register for verification of configuration data at one or more of the tuples within the sysDB tree maintained by the sysDB. Subsystems may also register for verification of a xe2x80x9cname spacexe2x80x9d or sub-tree of a tuple, wherein the registered subsystem verifies configuration data changes made within all the child nodes of a selected tuple. In the preferred embodiment, only one subsystem is registered for verification at a given tuple for optimum performance. However, the invention is also suitable for use with more than one subsystem registered at the same tuple.
The sysDB also carries out the operation of unregistering subsystem applications for verification. Once a subsystem is unregistered with the sysDB, the unregistered subsystem will no longer carry out router change verifications.
According to a second aspect of the invention, the sysDB and the subsystems registered for verification exchange messages to validate requested transactions to the router configuration information in the form of a verification handler sequence. Transactions which trigger a verification handler sequence may include, for example, a router configuration change, delete, create, or revert.
In operation, when the sysDB receives a transaction request, the sysDB determines whether a subsystem is registered to validate the transaction. In such case, the sysDB transmits a message to the registered subsystem for verification. In response to this message, the registered subsystem replies with one of three values: xe2x80x9caccepted and updatexe2x80x9d; xe2x80x9caccepted and do not updatexe2x80x9d; xe2x80x9crejectedxe2x80x9d. The registered subsystem replies with xe2x80x9caccept and updatexe2x80x9d when the changed value is accepted. In response to an xe2x80x9caccepted and updatexe2x80x9d response, the sysDB updates the sysDB tree with the change value to activate or set the new value provided in the transaction request. The registered subsystem replies with xe2x80x9caccepted and do not updatexe2x80x9d when the changed value is accepted, but is the same as the old value. In response to an xe2x80x9caccepted and do not updatexe2x80x9d reply from a registered subsystem, the sysDB does not update the sysDB tree since the proposed value is already active. The registered subsystem replies with xe2x80x9crejectedxe2x80x9d when the changed value is rejected. A changed value is rejected using algorithms currently known in the art. The sysDB does not update the sysDB tree in response to a xe2x80x9crejectedxe2x80x9d reply from the registered subsystem.
The sysDB subsystem is operatively coupled to the other subsystems of the IOS for receiving registration and unregistration requests and for exchanging verification messages, among other things. An illustrative IOS may include an Internet protocol (IP) subsystem, an Ethernet subsystem, a dialer subsystem, a point-to-point (PPP) subsystem, an authentication (AAA) subsystem, and a config subsystem, each subsystem operatively coupled to the sysDB subsystem, but not coupled to each other.
The method and system for carrying out router configuration transactions using the centralized database (sysDB) are described in detail in copending application Ser. No. 09/416,310 entitled METHOD AND SYSTEM FOR EXECUTING, TRACKING AND RESTORING TEMPORARY ROUTER CONFIGURATION CHANGE USING A CENTRALIZED DATABASE, filed Oct. 12, 1999, which is incorporated herein by reference.