Simplifying network administration using policy based management

• architecture 2

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=993219&tag=1

In an era of increasing technical complexity, it is becoming difficult to find trained personnel that can manage the new features that are introduced into the various servers, routers and switches.

policy-based network architecture

a means to simplify … automation

administration can be simplified by defining two levels of policies, a business level and a technology level.

algorithms that can be used to check for policy conflicts and unreachable policies.

application area

managing performance service level agreements

many pragmatic operators choose to over-engineer their networks to address any performance concerns rather than deploy bandwidth saving QoS techniques. This is because the manpower cost associated with learning the new technologies and managing them is much higher in savings in bandwidth related costs that would result from deploying these technologies.

general policy based administration architecture

an adaptation of the IETF policy framework to apply to the area of network provisioning and configuration. (IETF/DMTF framework … figure 1)

centralization

the process of defining all the device provisioning and configuration at a single point (the management tool) rather than provisioning and configuring each device itself.

business level abstraction

make the job of policy administrators simpler by defining the policies in terms of a language that is closer to the business needs of an organization rather than in terms of specific technology needed to deploy them.

depend on the business needs and the technology that all the policies are being defined for

3 policy management tools

interpret policy as a sequence of rules (condition-action pair, in a “if-then-else” format). the rules are evaluated on specific triggers.

The IETF¹ has chosen a rule-based policy representation in its specification. … for a variety of policy disciplines that arise in the field of TCP/IP networks, we have been able to use such tabular specification of policies to capture most of the practical scenarios.

3.3.1. Conflict Resolution

Business SLA policies as well as security policies are often defined in terms of classes of service (dealing with performance or security).

terms that make up the condition part of a policy (if-condition-then-action)

independent terms form independent axis in a hyper-dimensional space

each rule defines a region in the hyper-dimensional space

each region is associated with a dependent term (such as the service class) that is identified by the rule

a potential conflict

if any point in the hyper-dimensional space has multiple dependent terms that conflict with each other; i.e., if two regions overlap, the corresponding policies might have a potential conflict if the dependent terms in the policy definition can’t be done together.

resolve a conflict

to assign them (the overlapping regions) different priorities. Since the priority can be considered an independent term for conflict resolution, policies with different priorities will not result in overlapping regions in the hyper-dimensional space.

3.3.3. Discipline Specific Procedures

The translation of business level policies to a technology level policy and the feasibility checks are discipline-specific procedures. The exact method to translate the business level abstractions to a specific technology has to be defined on a per-discipline basis. However, the policy management tool provides a common framework within which the translation procedure can be performed.