Policy-based processing of packets

Assignee

• Cisco Technology, Inc. · US

Inventors

• Venkateshwar Rao Pullela · San Jose, US
• Ambarish Kenghe · Sunnyvale, US
• Ramesh V. N. Ponnapalli · Maluru, IN
• Dileep K. Devireddy · San Jose, US
• Suresh Gurajapu · Santa Clara, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L12/4641
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms, for policy-based processing of packets, including mechanisms for managing the policies. A user is authenticated and its user group identifier is identified. A packet is received and is associated with the user group identifier, and one or more fields (typically other than the source address field) of the packet are used to identify a second group identifier. A lookup operation is then performed on a policy based on the first and second group identifiers to identify a packet processing action to be performed on the packet. These identifiers are typically not network addresses, which disassociates the policy from physical network addresses (which often are dynamically assigned and may also vary based on the access point into the network of a user), and allows a switching device to process packets based on a policy stated using group identifiers.