Guest editorial - policy-based networking - IEEE Network - IEEE Xplore

3 downloads 23860 Views 420KB Size Report
olicy-based networking has emerged as a popular ... ments, resources, services, and user groups. ... access to particular network resources or services. Specific ...
U GUEST EDITORIAL

Policy-Based Networking

.

olicy-based networking has emerged as a popular approach to automating network management, as evidenced by numerous research and development efforts in academia and industry in addition to ongoing standardization. Policies can be seen as plans of an organization to achieve its objectives. A policy is a persistent specification of an objective to be achieved or a set of actions to be performed in the future or as an on-going regular activity. Policy-based networking is the application of these organizational policies in the context of networking using automated network operations, management, and control systems. In this context, policies are typically expressed as sets of rules governing decisions on behavior of the network, involving groups of network elements, resources, services, and user groups. For example, a bandwidth management policy may apply to all routers within a particular region o r of a particular type. An authorization policy may specify that all members of a department have access to particular network resources or services. Specific policy rule sets may be applied to automate network administration tasks including configuration, performance, security, fault and restoration, service provisioning including QoS, and traffic engineering. Recent research and standardization efforts provide a framework of policy conceptual, functional, and information models. Using common models enhances the scalability of network management and control by facilitating the distribution of network-wide policies and the span of their application to multivendor networks. However, further issues need to be addressed to extend the adoption of policy-based networking, including scalability, interoperability, and applicability to all aspects of network operations, management, and control in local and wide area networks. This special issue of IEEE Network seeks to survey, consolidate, and present the state-of-the-art research and engineering work in the area. The first article “Security and Management Policy Specification” by MSloman and E. Lupu provides an overview of security and management policy specification with an introduction to and some background on policy specification languages. It describes several approaches that a r e currently being researched in academia, industry, the IETF, and the work by the authors on the PONDER language. The article provides insights into several open research issues such as policy conflict resolution and the use of meta-policies for resolving conflicts.

8

Ritu Chadha

George Lapiotis

Steven Wrighi

“Simplifying Network Administration using Policy Based Management” by D. Verma is a general tutorial article on the policy networking approach. The article presents a general architecture to manage large IP networks. The goal is to provide a framework that can simplify and automate, to a certain degree, the management of network infrastructure in an enterprise. The proposed framework is a policy-based architecture. The idea is to define two levels of policies: a business (high) level and a technology (low) level. An administrator or experienced user specifies the policies at, a high ‘level. The main issue then is to translate and validate high-level policies to low-level ones. Some directions to solve the above problem are proposed, and two specific examples using differentiated services and IPSec technologies are discussed. The next article, “QoS and Policy Control by Means of COPS to Support SIP-Based Applications” by S. Salsano and L.Vetri, provides a description of the application of COPSbased policy outsourcing and provisioning in the context of end-to-end QoS delivery for SIP-based IP telephony. The article covers standards, newly proposed standards, and applications for QoS policy signaling using COPS. It describes a new COPS client type to support resource admission control within a DiffServ network (including resource requests) as well as dynamic signaling of admission control requests. The new COPS client type supports both outsourced as well as provisioning resource allocation models. A SIP-based IP telephony application is described where SIP signaling is combined with the new COPS messages that use DiffServ for the basic transport. This article also describes a testbed that supports the approach followed by the authors. The following article, “Policy Based Management of Content Distribution Networks” by D. Verma, S. Calo, and K. Almiri, looks at the application of the policy networking paradigm in the administration of dynamic policies affecting content distribution networks, with focus on Web content. The authors include an interesting discussion of the potential policy space in this context, outline an architecture based on the application of policy modeling and tabular if-then rule processing to content distribution, and provide performance trend insights based on queuing analysis using a model of the content network servers. “The Meta-Policy Information Base” by A. Polyrakis and R. Boutaba extends the notion of policies to include meta-policies at the policy enforcement point (PEP). This approach provides

IEEE Network

March/April2002

GUEST EDITORIAL

-

a mechanism for extending the functionality of the PEP to be more dynamic and sophisticated in the range of behaviors that can be managed in the device. The article starts with a well-presented introduction to policy-based configuration management using COPS-PR. In COPS-PR, the policies pushed to managed devices do not support automatic policy adaptation by the devices based on dynamic conditions such as network congestion, time of day, or specific user login. The article illustrates this limitation using an example, motivates the need for meta-policies, and proposes a meta-policy PIB (policy information base). Thk last article, “A Policy-Based Quality of Service Management System for IP DiffServ Networks” by P. Flegkas, P. Trimintzios, and G. Pavlou, provides an overview of the architecture the authors have developed for managing a DiffServ network. The architecture follows the tenets of the policy-based networking architecture, and provides a good example of policybased QoS management. The management system is divided into components dealing with service level specifications, and components dealing with traffic engineering, a policy repository tkat fol-

2%;.

.

Di loma from the National Technical University of AtEens, Greece, both in electrical engineeringin 1994, and 1993, respectively. He obtained a Ph.D. in electrical engineering in 1999 from Polytechnic University, Brooklyn, N e w York, for which he received the Alexander Hessel award. His research interests ore in network management, network performance, and traffic control.

RITU CHADHAis director of the Service Management Research group at Telcordio Technologies, where she has been working for the past nine years. She i s current1 the project mana er and technical lead for TelcorJa’s policy-basef management research , effort. She i s an active participant in several DMTF

and IETF working roups responsible for developing various policy ingormation models based on the work of the IETF Policy Framework workin group She has co-authored several IETF drafts, injudin a draft describing a policy information model yor MPLS trafficengineering,and another containin exten sions to the IETF Policy Core Information Mofel. She has presented tutoriols and invited speeches on related subjects at several industry conferences. She received her Ph.D. in computer science from the University of North Carolina at Chapel Hill in 1991. Her research interests includenetworkandsewicemanogement for IP-based networks, directory-based management systems, distributed systems, and automated reasoning.

lows thc IETF standard specifications

fairly closely, and a policy consumer. An algorithm for network dimensioning is also introduced, as well as a discussion on the use of related policies. We hope you will enjoy reading the collection 01 articles in this special issue on policy-based networking. In bringing this special issue, we would like to acknowledge the valuable efforts and support of the authors, reviewers, Editor-in-Chief, and publications staff.

Biographies STEVENWRIGHT [SM] has been working for more than 20 years in the communications industry, in Australio, the United Kingdom, Bel ium, and the United States, with com anies s u i as Plessey, GTE, Alcotel, Fujitsu, anfcurrently BellSouth. His current responsibilities are within the Advanced Network Architecture Concepts roupat BellSouth Science and Technology, where f e i s concerned with thea plication of MPLS,QoS, and policy technologies to Bekouth’s network.He holdsa B.Eng.(Elec.)degree from the Universityof Southern Queens and, Australia, an M.B.A. (marketing) From Arizona State University,an M.S.(computer information systems)from Boston Universit and a Ph.D. (computer engineerin ) from N o r t r Carolina State University. His standorjs ‘activities have includedcontributionsto ANSI T1 ,ATM Forum, and IETF. He i s Choir of the Atlanta (industry) Chapter of the IEEE Computer Society.

GEORGE IAPIOTIS ([email protected]) has been a research scientist with the Internet Architecture ReseaichLabof Telcordia’s Applied Research since 1998. He was a research assistant with Polytechnic University’s State Center for Advanced Technologies in Telecommunications from 1993 to 1998. He obtained an M.S. from Polytechnic University and a

IEEE Network

MarchiApril 2002

9