Site home page
Get alerts when Linktionary is updated
Book updates and addendums
Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)
Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!
Contribute to this site
Electronic licensing info
Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.
Policy-based management provides a way to allocate network resources, primarily network bandwidth, QoS, and security (firewalls), according to defined business policies. As the requirement for QoS increases with the use of Voice over IP (VoIP) and other real-time applications, the requirement for bandwidth allocation based on policy increases. Policy definitions are a response to questions such as these:
A policy-based management system allows administrators to define rules based on these types of questions and manage them in the policy system. These rules take the form "If condition, then action." A condition may be a user or group, the time of day, the application type, or the network address. Policy rules are then distributed to network resources. Policy-based management systems are best for large networks where large numbers of devices are easier to manage from a central location. Public networks will also use a form of policy management to allocate resources, but resource allocation is based on SLAs (services level agreements) established with customers.
Resources include devices that manage network bandwidth, security, IP addresses, storage, processors, and agents, as well as systems that manage services such as billing, accounting, and service mapping (i.e., mapping an RSVP request to an ATM SVC). Locator services are also required to help resource managers find one another. See "SLP (Service Location Protocol)" and "Service Advertising and Discovery."
In the last few years, network elements such as layer 3 switches and multilayer switches have gained the intelligence and processing speed to provide QoS and policy-based decision making. These devices have the ability to monitor and evaluate traffic without delay and make QoS and policy-related decisions. See "Multilayer Switching."
The IETF Policy Framework (POLICY) Working Group has developed a policy management architecture that is considered the best approach for policy management on the Internet. It includes the following components, as pictured in Figure P-4:
A variety of protocols may be used to communicate policy information between the PDP and the PEP. COPS (Common Open Policy Service) is the usual protocol, although DIAMETER or even SNMP may be used. COPS is a client/server protocol that provides transport services for moving policy information among IP network nodes. It also provides the transport for policy queries and responses. By moving policy information to different subnets, users can log on at other locations and receive the same service they receive from their home network.
COPS was developed by the IETF RSVP Admission Policy (RAP) Working Group, which is developing a scalable policy control model for RSVP. The group is working with the IETF POLICY Working Group to ensure that COPS supports policy information exchange between PDPs and PEPs. A complete set of related drafts and RFCs is located at the RAP site listed on the related entries page. Directories have become a crucial part of policy-based management. They are used to store and retrieve policy information. The IETF is working with the DMTF (Desktop Management Task Force) to define how policies are implemented in its DEN (Directory Enabled Network) specification. DEN defines a standard directory services architecture and schema that can be used to store network policy and configuration information. It also defines a distributed database that can be replicated to other locations; a consistent data model (structure of the data-that is, how real-world objects are defined in the directory); and LDAP (Lightweight Directory Access Protocol), a protocol that applications use to access the directory. With DEN, network administrators can integrate network information and policies in a single database that is consistent across the enterprise.
A typical policy transaction starts with a resource request to some device by a user or another network device. For example, a user may request access to a router interface that leads to the Internet. The router forwards the request to the PDP in the policy server using the COPS protocol. The policy server then queries one or more directory servers (via LDAP) to determine the user's authorization. The information is then used to build a "policy lease" that is sent back to the router. The router then implements and enforces the policy via its policy enforcement point.
Cisco QoS Policy Manager (QPM) enables end-to-end quality of service for enterprise networks. Network administrators use QPM as a complete system for application- and user-based centralized policy control, and automated reliable policy deployment. The QPM Web site is listed on the related entries page.
SOCKS v5 is an IETF standard that can support policy management and border control (firewalls) for IP networks. SOCKS is interoperable with new security models such as IPSec.
The following Internet RFCs provide more information on policy management.
Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.