Claims
- 1. A method of controlling usage of network resources on a communications network, the method comprising acts of:
(A) creating one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and (B) creating one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules.
- 2. The method of claim 1, further comprising an act of:
(C) configuring a network device of the communications network with one or more packet rules according to at least one of the service abstractions.
- 3. The method of claim 2, wherein the act (C) comprises:
configuring a port module of a switching device of the communications network with one or more packet rules according to at least one of the service abstractions.
- 4. The method of claim 2, wherein the act (C) comprises:
configuring a firewall of a network device of the communications network with one or more packet rules according to at least one of the service abstractions.
- 5. The method of claim 1, further comprising an act of:
(C) distributing the one or more service abstractions to one or more network devices residing on the communications network.
- 6. The method of claim 1, further comprising an act of:
(C) associating one or more of the service abstractions with a user of the communications network.
- 7. The method of claim 1, further comprising an act of:
(C) creating one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more service abstractions.
- 8. The method of claim 7, further comprising an act of:
(D) configuring a network device of the communications network with one or more packet rules according to one of the role abstractions.
- 9. The method of claim 8, wherein act (D) comprises:
configuring a port module of a switching device of the communications network with one or more packet rules according to one of the role abstractions.
- 10. The method of claim 8, wherein act (D) comprises:
configuring a firewall of a network device of the communications network with one or more packet rules according to one of the role abstractions.
- 11. The method of claim 7, further comprising an act of:
(D) distributing the one or more role abstractions to one or more network devices residing on the communications network.
- 12. The method of claim 7, further comprising an act of:
(D) assigning one of the role abstractions to at least a first user of the communications network.
- 13. A system for controlling usage of network resources on a communications network, the system comprising:
a rule editing module to create one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and a service editing module to create one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules.
- 14. The system of claim 13, further comprising:
logic to configure a network device with one or more packet rules according to at least one of the service abstractions.
- 15. The system of claim 14, wherein the logic comprises:
port configuration logic to configure a port module of a switching device with one or more packet rules according to at least one of the service abstractions.
- 16. The system of claim 14, wherein the logic comprises:
firewall logic to configure a firewall of a network device with one or more packet rules according to at least one of the service abstractions.
- 17. The system of claim 13, further comprising:
a distribution module to distribute the one or more service abstractions to one or more network devices residing on the communications network.
- 18. The system of claim 13, further comprising:
assigning logic to associate one or more of the service abstractions with a user of the communications network.
- 19. The system of claim 13, further comprising:
a role editing module to create one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more service abstractions.
- 20. The system of claim 19, further comprising:
logic to configure a network device with one or more packet rules according to one of the role abstractions.
- 21. The system of claim 20, wherein the logic comprises:
port configuration logic to configure a port module of a switching device with one or more packet rules according to one of the role abstractions.
- 22. The system of claim 20, wherein the logic comprises:
firewall logic to configure a firewall of a network device with one or more packet rules according to one of the role abstractions.
- 23. The system of claim 19, further comprising:
a distribution module to distribute the one or more role abstractions to one or more network devices residing on the communications network.
- 24. The system of claim 19, further comprising:
assigning logic to assign one of the role abstractions to at least a first user of the communications network.
- 25. A system for controlling usage of network resources on a communications network, the system comprising:
a rule editing module to create one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and means for creating one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules.
- 26. A computer program product, comprising:
a computer readable medium; and computer readable signals stored on the computer readable medium that define instructions that, as a result of being executed by a computer, instruct the computer to perform a process of controlling usage of network resources on a communications network, the process comprising acts of:
(A) creating one or more packet rules for analyzing packets received at one or more devices of the communication network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and (B) creating one or more service abstractions, each service abstraction representing a named set of one or more of the packet rules.
- 27. A method of controlling usage of network resources on a communications network, the method comprising acts of:
(A) creating one or more packet rules for analyzing packets received at one or more devices of the communication network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and (B) creating one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more packet rules.
- 28. The method of claim 27, further comprising an act of:
(C) configuring a network device of the communications network with one or more packet rules according to one of the role abstractions.
- 29. The method of claim 28, wherein act (C) comprises:
configuring a port module of a switching device of the communications network with one or more packet rules according to one of the role abstractions.
- 30. The method of claim 28, wherein act (C) comprises:
configuring a firewall of a network device of the communications network with one or more packet rules according to one of the role abstractions.
- 31. The method of claim 27, further comprising an act of:
(C) distributing the one or more role abstractions to one or more network devices residing on the communications network.
- 32. The method of claim 27, further comprising an act of:
(C) assigning one of the role abstractions to at least a first user of the communications network.
- 33. A system for controlling usage of network resources on a communications network, the system comprising:
a rule editing module to create one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and a role editing module to create one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more packet rules.
- 34. The system of claim 33, further comprising:
logic to configure a port module of a network device with one or more packet rules according to one of the role abstractions.
- 35. The system of claim 34, wherein the logic comprises:
port configuration logic to configure a port module of a switching device with one or more packet rules according to one of the role abstractions.
- 36. The system of claim 34, wherein the logic comprises:
firewall logic to configure a firewall of a network device with one or more packet rules according to one of the role abstractions.
- 37. The system of claim 33, further comprising:
a distribution module to distribute the one or more role abstractions to one or more network devices residing on the communications network.
- 38. The system of claim 33, further comprising:
assigning logic to assign one of the role abstractions to at least a first user of the communications network.
- 39. A system for controlling usage of network resources on a communications network, the system comprising:
a rule editing module to create one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and means for creating one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more service abstractions.
- 40. A computer program product, comprising:
a computer readable medium; and computer readable signals stored on the computer readable medium that define instructions that, as a result of being executed by a computer, instruct the computer to perform a process of controlling usage of network resources on a communications network, the process comprising acts of:
(A) creating one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and (B) creating one or more role abstractions, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one more service abstractions.
RELATED APPLICATIONS
[0001] Commonly-owned U.S. patent application entitled CONTROLLING USAGE OF NETWORK RESOURCES BY A USER AT THE USER'S ENTRY POINT TO A COMMUNICATIONS NETWORK BASED ON AN IDENTITY OF THE USER, filed on even date herewith under attorney docket no. E00378.70179/JHM/DPM, is incorporated herein by reference in its entirety.