Side_1_360

(Dana P.) #1

10, the network manager edits policies through
a policy entry console. Those policies are then
stored in a policy repository. When requested, a
policy server (Policy Decision Point) retrieves
policies from the repository and makes policy
decisions that are communicated, e.g. applying
Common Open Policy Service (COPS), to the
relevant network points. These network points,
like routers, switches and firewalls, enforce the
policy decisions in the network. COPS is a query
and response TCP-based protocol that can be
used for exchanging information between Policy
Decision Point (PDP) and Policy Enforcement
Point (PEP).


In order to carry out efficient management of
the network resources a number of features of a
management system are asked for, adapted from
[ID_polreq]:



  • Centralised management view – implying the
    ability to carry out management activities
    remotely and that the management system is
    able to cope with all network resources in the
    network.

  • Abstracted management data – saying that
    simplified views of network resources should
    be possible, e.g. “hiding” details when they
    are not relevant.

  • Common and consistent views/interfaces

    • similar procedures and similar data views
      should be used for similar procedures. The
      number of views/interfaces needed should
      also be limited.



  • Automation of tasks – including less human
    intervention needed and that customers may
    serve themselves within the authorised set of
    activities.


A major key to meet such required features is
the way of giving data used for representing the
resources, customers, etc. Such data has also
been referred to as policy. When applying pol-
icy-based management the required features
listed above are addressed. So far, much effort
has been spent on the representation of such data
in a repository.


Having a policy repository, interfaces from the
management/operator side as well as the net-
work side have to be present. A way to trans-
form the policy into usable formats and inform
the network components also has to be imple-
mented. Then appropriate mechanisms in the
network elements to enforce the policies have
to be activated.


A QoS Policy Information Model(QPIM) is
described in [ID_qpim]. QPIM is a set of entities


and relationships (both modelled by classes) that
define managed objects and interactions between
managed objects that can be used to define,
manage and control IntServ- and DiffServ-
related mechanisms using policies. Policy
classes and relationships between them are
depicted in Figure 12.

QPIM is an information model in the sense that
it is independent of any specific implementation.
The model of policies can be seen similar to an
object oriented modelling in the sense that hier-
archies and reuse are present. Furthermore, poli-
cies can be “nested” such that a policy contains
another policy (possible decision strategies
defined are match-first and match-all).

Two hierarchies of object classes are seen:

i)structuralclasses representing policy informa-
tion and control of policies (entities in the
managed policy environment); and

ii)relationshipclasses that show how instances
of the structural classes are related to each
other. Both associations and aggregations can
be given as relationship classes. Containment
is a directional relationship – the containing
entity is known as the aggregate and the con-
tained entities are known as the components.

A QoS policy domain(see Figure 11) can be
viewed as a contiguous set of nodes that operate
under a common system of administration and
provide a common set of services. Each of the
nodes can contain policy rules and/or policy
information. Such a grouping is done to simplify
management and ensure consistencies. A QoS
policy domain can also be seen as a container
that provides scooping for a QoS policy con-
tainer, policy rules and other policy information.

A policy group class holds a property called pol-
icy roles. This represents the roles and combina-
tions of roles that are associated with a set of
policy rules. Each value represents one role
combination. After identifying the relevant set

Figure 11 Policy domain and
related terms


  • policy rule

  • policy information


rule = if <conditions> then <actions>

policy group


  • policy roles


policy domain

node
Free download pdf