Policy Based Network Management

Policy Based Network Management Traditional management systems are characterized with static management decision operations that lack the ability for situation and context adaptability. With the advent of new generation networks and emerging services, vendors are reinventing network management, transforming its role from passive network monitoring to active QoS (Quality of Service) and network servicelevel-agreement provisioning. They look forward to configuring the network service as a whole by describing and implementing high-level business policies, rather than managing the network one device at a time. A sample business policy could be like “Give my traffic the guaranteed bandwidth and highest priority”. Policy Based Network Management approach, which has recently gained prominence, provides mechanisms that can be used to address this problem. The Policy Based Management (PBM) provides a way of managing network elements and services using business policies rather than managing one device at a time. Policies are high level operating rules that describe the different kind of actions or relationships between objects. When policies are explicitly defined, the devices in the network can refer to these policies. Policy management framework defined by the IETF consists of four basic elements:  Policy Management Tool (PMT)  Policy Decision Point (PDP)  Policy Enforcement Point (PEP)  Policy Repository (PR) Policy Management Tool It is a graphical user interface tool used for specifying, editing, and administering different policies to be enforced in a network. Polices contain rules to govern how resources should be used, or how applications and user services should be treated. It forms a bridge between SLA and provisioning the actual parameters on the network elements. A policy-based management system allows administrators to define rules based on certain questions and manage them in the policy system. These rules take the form "If condition, then action." A condition may be a user or group, time of day, application type, or network address. The action component specifies the action that is to be performed by the device in that situation. Policy Decision Point Policy Decision Point (PDP) also known as Policy Server retrieves the stored policies, interprets the policies, validates them and sends them to Policy Enforcement Points (PEP) such as routers and bridges to be enforced. Policy Server, in addition to retrieving, interpreting and enforcing policies, also detects policy conflicts, receives role descriptions, policy decision requests from PEPs and also returns policy decisions to them. PDPs also send asynchronous policy decisions based on updates or external requests. PDP is also responsible for handling events and making decisions based on those events (i.e., at time x do y), and updating the PEP configuration appropriately. Policy Enforcement Point Policy Enforcement Point (PEP) exists in network nodes such as routers, firewalls, and hosts. It enforces the policies based on the "if condition then action" rule sets it has received from the PDP. Policy enforcement involves the PEP applying actions according to the PDP’s decision and based on current network conditions. These conditions can be static (source or destination IP address) or dynamic (current bandwidth availability, time of the day). PEP will use different southbound interface (SNMP, XML, CLI or proprietary) to communicate with the network elements Policy repository The policies that are created by Policy Management Tool are stored in policy repositories. Policy repository is a place to store and retrieve policy information, such as an LDAP server or a DEN (Directory Enabled Network) device.

The simplification in management is obtained primarily by centralizing the definition of policies in a single repository. Policy rules are then distributed to network resources. Policy-based management systems are best for large networks where large numbers of devices are easier to manage from a central location. Protocol IETF based Common Open Policy Service (COPS) protocol is used for the communication between PDP and PEP. COPS is a client/server protocol that provides transport services for moving policy information among IP network nodes. Currently there are two versions of the COPS protocol namely COPS for dynamic QoS and COPS for device provisioning. Because COPS has a well-defined parameter set, implementing multi vendor support is much easier. Benefits of PBM Policy-based capabilities provide following business values:  Enables dynamic responsiveness to changing business needs and conditions, providing the foundational infrastructure necessary for a real time enterprise  Increases quality of service through a faster, dynamic response to changing business requirements and through the reduction in human error Significantly reduces cost through continual automation and elimination of administrator involvement