System, apparatus and method for dynamically updating the configuration of a network device

What we claim is: 1. A computer-implemented method for configuring a network device when a change to a set of sources and destinations of network traffic is detected, comprising: storing, on a controller, a set of network addresses representing sources and destinations of network traffic, wherein storing comprises specifying a query and associating the query with a data source of one or more data sources, and wherein each of said one or more data sources is a server, a database, a network device or any other computing device providing information about sources and destinations of network traffic; associating, by the controller, a configuration of a network device with said set of network addresses representing sources and destinations of network traffic, wherein associating said configuration includes storing an identifier for identifying said configuration of said network device, and associating said identifier with said set of network addresses, and wherein a membership of said set can change over time as sources and destinations of network traffic are added, removed or migrated in a network; communicating, by the controller, with said one or more data sources to monitor automatically said one or more data sources for a change in said membership of said set; and updating automatically, by the controller, said configuration of said network device to reflect said membership of said set when said set changes, by communicating with said network device and issuing at least one command to said network device to assign said set of network addresses to said configuration of said network device, wherein if said set of network addresses is an empty set having no network addresses, said updating comprises providing at least one command to said network device to assign to said configuration of said network device a reserved network address. 2. The method of claim 1 , wherein said monitoring step comprises: associating a first query with a first data source of said one or more data sources wherein when said first query can be applied to said first data source to obtain a resulting set of network addresses representing sources and destinations of network traffic that are known to said first data source; applying said first query to said first data source to obtain a first resulting set of network addresses; and including said first resulting set of network addresses in said membership of said set. 3. The method of claim 2 , wherein said monitoring step further comprises: applying said first query to said first data source to obtain a second resulting set of network addresses; determining whether said first resulting set and said second resulting set are different; and identifying said membership of said set has changed when the first resulting set and said second resulting set are determined to be different. 4. The method of claim 3 , wherein said monitoring step further comprises: associating a filter with said first query; receiving a first result for said first query from said first data source; applying said filter to said first result to obtain said first resulting set of network addresses; receiving a second result for said first query from said first data source; and applying said filter to said second result to obtain said second resulting set of network addresses. 5. The method of claim 3 , wherein said monitoring step further comprises: associating a second query with a second data source of said one or more data sources wherein when said second query can be applied to said second data source to obtain a resulting set of network addresses representing sources and destinations of network traffic that are known to said second data source; applying said second query to said second data source to obtain a third resulting set of network addresses; including said third resulting set of network addresses in said membership of said set; applying said second query to said second data source to obtain a fourth resulting set of network addresses; determining whether said third resulting set and said fourth resulting set are different; and identifying said membership of said set has changed when the third resulting set and said fourth resulting set are determined to be different. 6. The method of claim 3 wherein said membership of said set is stored as a value of a dynamic object associated with said first data source. 7. The method of claim 5 wherein said membership of said set is stored as a value of a group object, wherein said value of said group object is based on a first dynamic object associated with said first data source and a second dynamic object associated with said second data source. 8. The method of claim 7 wherein said value of said group object is based on one or more static objects, other dynamic objects or other group objects. 9. The method of claim 1 wherein said configuration is a device-specific object and said identifier is a name of said device-specific object. 10. The method of claim 1 , further comprising: communicating with said network device periodically to determine whether said configuration reflects said membership of said set; and updating automatically said configuration of said network device to reflect said membership of said set when said configuration is determined to not reflect said membership of said set. 11. An apparatus for configuring a network device when a change to a set of sources and destinations of network traffic is detected, comprising: a processor; and instructions, which when executed on said processor, causes said apparatus to: associate a configuration of a network device with a set of network addresses representing sources and destinations of network traffic by storing an identifier for identifying said configuration of said network device and associating said identifier with said set of network addresses, and wherein a membership of said set can change over time as sources and destinations of network traffic are added, removed or migrated in a network; monitor automatically one or more data sources, said data sources containing information about sources and destinations of network traffic, for a change in said membership of said set; and update automatically said configuration of said network device to reflect said membership of said set when said set changes by issuing at least one command to said network device to reconfigure said network device with said set of network addresses, wherein if said set of network addresses is an empty set having no network addresses, the instruction to update comprises providing at least one command to said network device to assign to said configuration of said network device a reserved network address. 12. The apparatus of claim 11 wherein said instructions causing said apparatus to monitor comprises instructions, which when executed on said processor, causes said apparatus to: associate a first query with a first data source of said one or more data sources wherein when said first query can be applied to said first data source to obtain a resulting set of network addresses representing sources and destinations of network traffic that are known to said first data source; apply said first query to said first data source to obtain a first resulting set of network addresses; and include said first resulting set of network addresses in said membership of said set. 13. The apparatus of claim 12 wherein said instructions causing said apparatus to monitor comprises instructions, which when executed on said processor, causes said apparatus to: apply said first query to said first data source to obtain a second resulting set of network addresses;