What technology area does this patent fall under?

Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 05 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Resource-path-based, dynamic group membership support for membership groups

US11924166B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11924166-B2
Application number	US-202117383912-A
Country	US
Kind code	B2
Filing date	Jul 23, 2021
Priority date	Apr 25, 2019
Publication date	Mar 5, 2024
Grant date	Mar 5, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In an embodiment, a computer-implemented method for providing dynamic mechanisms for resource-path-based, dynamic group membership support for local and external membership groups is described. A method comprises: detecting, by a group resolver implemented in a management and control plane, that information about an object stored in the plane was created or updated; determining whether a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group; in response to determining that a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group: distributing the information about the object to network agents implemented in transport nodes to cause the network agents to automatically update a group membership policy associated with the membership group; and wherein the group membership policy affects packet forwarding behavior of a forwarding node.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method for providing dynamic mechanisms for resource-path-based, dynamic group membership support for local and external membership groups, the method comprising: detecting, by a group resolver implemented in at least one of a management and control plane, that information about an object was created or updated, wherein the object represents any one of a logical component, an attribute object, or an external service object; determining whether a Universal Resource Identifier (“URI”) of the object matches a URI regular expression specified in membership criteria created for a membership group; in response to determining that the URI of the object matches the URI regular expression specified in the membership criteria created for the membership group: update a group membership policy associated with the membership group. 2. The computer-implemented method of claim 1 , wherein the object is a configuration object representing a logical router created by a network administrator; and wherein the configuration object is associated with one or more IP subnets assigned to the logical router. 3. The computer-implemented method of claim 1 , wherein the attribute object is created for an external entity; wherein the object is a partner site attribute object; wherein the partner site attribute object stores one or more attributes specific to the external entity; and wherein the one or more attributes are collected using functionalities of a routing protocol and over a communications connection established between an edge transport node and the external entity. 4. The computer-implemented method of claim 1 , wherein the attribute object is created for an external entity; wherein the object is a predefined external service object corresponding to the external service provided by an external service entity; wherein the predefined external service object is updated by the external entity using an object URI; and wherein the object URI comprises a simple storage service (“S3”) prefix list. 5. The computer-implemented method of claim 1 , wherein the membership criteria specify one or more group members using a membership group name; and wherein the group resolver matches the URI of the object to the URI regular expression to determine one or more subnets that correspond to the one or more group members. 6. The computer-implemented method of claim 1 , wherein the group resolver distributes the information about the object to a network agent implemented in a hypervisor to cause the network agent implemented in an edge transport node to update the group membership policy associated with the membership group. 7. The computer-implemented method of claim 1 , wherein the group resolver distributes the information about the object to a network agent implemented in an edge transport node to cause the network agent implemented in the edge transport node to update one or more firewall rules associated with the membership group. 8. One or more non-transitory computer-readable storage media storing one or more computer instructions which, when executed by one or more processors, cause the one or more processors to perform: detecting, by a group resolver implemented in at least one of a management and control plane, that information about an object was created or updated, wherein the object represents any one of a logical component, an attribute object, or an external service object; determining whether a Universal Resource Identifier (“URI”) of the object matches a URI regular expression specified in membership criteria created for a membership group; in response to determining that the URI of the object matches the URI regular expression specified in the membership criteria created for the membership group: update a group membership policy associated with the membership group. 9. The one or more non-transitory computer-readable storage media of claim 8 , wherein the object is a configuration object representing a logical router created by a network administrator; and wherein the configuration object is associated with one or more IP subnets assigned to the logical router. 10. The one or more non-transitory computer-readable storage media of claim 8 , wherein the attribute object is created for an external entity; wherein the object is a partner site attribute object; wherein the partner site attribute object stores one or more attributes specific to the external entity; and wherein the one or more attributes are collected using functionalities of a routing protocol and over a communications connection established between an edge transport node and the external entity. 11. The one or more non-transitory computer-readable storage media of claim 8 , wherein the attribute object is created for an external entity; wherein the object is a predefined external service object corresponding to the external service provided by an external service entity; wherein the predefined external service object is updated by the external entity using an object URI; and wherein the object URI comprises a simple storage service (“S3”) prefix list. 12. The one or more non-transitory computer-readable storage media of claim 8 , wherein the membership criteria specify one or more group members using a membership group name; and wherein the group resolver matches the URI of the object to the URI regular expression to determine one or more subnets that correspond to the one or more group members. 13. The one or more non-transitory computer-readable storage media of claim 8 , wherein the group resolver distributes the information about the object to a network agent implemented in a hypervisor to cause the network agent implemented in an edge transport node to update the group membership policy associated with the membership group. 14. The one or more non-transitory computer-readable storage media of claim 8 , wherein the group resolver distributes the information about the object to a network agent implemented in an edge transport node to cause the network agent implemented in the edge transport node to update one or more firewall rules associated with the membership group. 15. A group resolver implemented in a management and control plane in a computer network and configured to provide dynamic mechanisms for resource-path-based, dynamic group membership support for local and external membership groups, the group resolver comprising: one or more processors; one or more memory units; and one or more non-transitory computer-readable storage media storing one or more computer instructions which, when executed by the one or more processors, cause the one or more processors to perform: detecting that information about an object was created or updated, wherein the object represents any one of a logical component, an attribute object, or an external service object; determining whether a Universal Resource Identifier (“URI”) of the object matches a URI regular expression specified in membership criteria created for a membership group; in response to determining that the URI of the object matches the URI regular expression specified in the membership criteria created for the membership group: update a group membership policy associated with the membership group. 16. The group resolver of claim 15 , wherein the object is a configuration object representing a logical router created by a network administrator; and wherein the configuration object is associated with one or more IP subnets assigned to the logical router. 17. The group resolver of claim 15 , wherein the at

Assignees

Inventors

Classifications

H04L63/0263Primary
Rule management · CPC title
H04L63/0236
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
H04L63/104
Grouping of entities · CPC title
H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title

Patent family

Related publications grouped by family.

View patent family 72917439

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11924166B2 cover?: In an embodiment, a computer-implemented method for providing dynamic mechanisms for resource-path-based, dynamic group membership support for local and external membership groups is described. A method comprises: detecting, by a group resolver implemented in a management and control plane, that information about an object stored in the plane was created or updated; determining whether a URI of…
Who is the assignee on this patent?: VMware LLC, Vmware Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 05 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).