Inventors:
Pankaj Parekh - Fremont CA, US
Sandeep Gupta - Delhi, IN
Vijay Mamtani - New Delhi, IN
Puneet Tutliani - New Delhi, IN
Proneet Biswas - Milpitas CA, US
Assignee:
iPolicy Networks, Inc. - Fremont CA
International Classification:
G06F 15/173
US Classification:
709223, 709224, 709229, 709232
Abstract:
An integrated policy enforcement system for a computer network implements several policies on the network traffic. A rule compiler compiles these policies and converts them into a rule tree-graph, which is then used to provide desired behavior to the network traffic comprising data packets. The rule compiler comprises three sub-modules namely—a rule input module, a rule tree generator module and a rule output module. The rule input module receives the input for the rule compiler and prepares the input for the rule tree generator module. The rule tree generator module generates the rule tree-graph. The rule tree-graph is a data structure comprising tree data structure and graph data structure. Such a data structure combines the properties of tree data structure and graph data structure, and enhances the performance of the policy enforcement systems by striking a balance between the memory requirement for storing the data structure and the processing capabilities of the system required to process the network traffic. The Output module converts the rule tree-graph to policy files, which can be downloaded to various modules of the policy enforcement systems.