US 9,813,420 B2
Priority resolution for access control list policies in a networking device
Claude Basso, Nice (FR); Natarajan Vaidhyanathan, Carrboro, NC (US); and Colin B. Verrilli, Apex, NC (US)
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Feb. 18, 2013, as Appl. No. 13/769,429.
Application 13/769,429 is a continuation of application No. 13/616,256, filed on Sep. 14, 2012.
Prior Publication US 2014/0082195 A1, Mar. 20, 2014
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 15/173 (2006.01); H04L 29/06 (2006.01); H04L 12/00 (2006.01)
CPC H04L 63/101 (2013.01) [H04L 12/00 (2013.01); H04L 29/06823 (2013.01)] 9 Claims
OG exemplary drawing
 
1. A method of generating an action set based on a first access control list (ACL) and a second ACL stored in a networking element, the method comprising:
comparing, using one or more computer processors, a portion of received network traffic to a first condition in the first ACL and to a second condition in the second ACL, wherein the first and second conditions are associated with respective first and second actions;
upon determining that the portion satisfies both the first and second conditions and before evaluating respective precedence values assigned to the first and second actions, evaluating the first and second actions to identify a conflict;
upon determining the first action conflicts with the second action, compare the respective precedence values assigned to the first and second actions;
upon determining that the respective precedence values are equivalent, compare respective priority scores associated with the first ACL and the second ACL, wherein the priority score ranks the first and second ACLs;
select a resolved action based on the respective priority scores;
performing the resolved action using the networking element;
comparing a different portion of the received network traffic to a third condition in the first ACL and to a fourth condition in the second ACL, wherein the third and fourth conditions are associated with respective third and fourth actions; and
upon determining that the third action does not conflict with the fourth action, selecting one of the third and fourth actions without evaluating respective precedence values assigned to the third and fourth actions.