Policy Based Network Management

Traditional management systems are characterized with static management decision operations
that lack the ability for situation and context adaptability. With the advent of new generation
networks and emerging services, vendors are reinventing network management, transforming its
role from passive network monitoring to active QoS (Quality of Service) and network service-
level-agreement provisioning. They look forward to configuring the network service as a whole by
describing and implementing high-level business policies, rather than managing the network one
device at a time. A sample business policy could be like “Give my traffic the guaranteed
bandwidth and highest priority”.

Policy Based Network Management approach, which has recently gained prominence, provides
mechanisms that can be used to address this problem. The Policy Based Management (PBM)
provides a way of managing network elements and services using business policies rather than
managing one device at a time. Policies are high level operating rules that describe the different
kind of actions or relationships between objects. When policies are explicitly defined, the devices
in the network can refer to these policies.

Policy management framework defined by the IETF consists of four basic elements:
 Policy Management Tool (PMT)
 Policy Decision Point (PDP)
 Policy Enforcement Point (PEP)
 Policy Repository (PR)

Policy Management Tool

It is a graphical user interface tool used for specifying, editing, and administering different policies
to be enforced in a network. Polices contain rules to govern how resources should be used, or
how applications and user services should be treated. It forms a bridge between SLA and
provisioning the actual parameters on the network elements. A policy-based management system
allows administrators to define rules based on certain questions and manage them in the policy
system. These rules take the form "If condition, then action." A condition may be a user or group,
time of day, application type, or network address. The action component specifies the action that
is to be performed by the device in that situation.

Policy Decision Point

Policy Decision Point (PDP) also known as Policy Server retrieves the stored policies, interprets
the policies, validates them and sends them to Policy Enforcement Points (PEP) such as routers
and bridges to be enforced. Policy Server, in addition to retrieving, interpreting and enforcing
policies, also detects policy conflicts, receives role descriptions, policy decision requests from
PEPs and also returns policy decisions to them. PDPs also send asynchronous policy decisions
based on updates or external requests. PDP is also responsible for handling events and making
decisions based on those events (i.e., at time x do y), and updating the PEP configuration
appropriately.

Policy Enforcement Point

Policy Enforcement Point (PEP) exists in network nodes such as routers, firewalls, and hosts. It
enforces the policies based on the "if condition then action" rule sets it has received from the
PDP. Policy enforcement involves the PEP applying actions according to the PDP’s decision and
based on current network conditions. These conditions can be static (source or destination IP
address) or dynamic (current bandwidth availability, time of the day). PEP will use different
southbound interface (SNMP, XML, CLI or proprietary) to communicate with the network elements

Policy repository
The policies that are created by Policy Management Tool are stored in policy repositories. Policy
repository is a place to store and retrieve policy information, such as an LDAP server or a DEN
(Directory Enabled Network) device.
The simplification in management is obtained primarily by centralizing the definition of policies in
a single repository. Policy rules are then distributed to network resources. Policy-based
management systems are best for large networks where large numbers of devices are easier to
manage from a central location.

Protocol
IETF based Common Open Policy Service (COPS) protocol is used for the communication
between PDP and PEP. COPS is a client/server protocol that provides transport services for
moving policy information among IP network nodes. Currently there are two versions of the
COPS protocol namely COPS for dynamic QoS and COPS for device provisioning. Because
COPS has a well-defined parameter set, implementing multi vendor support is much easier.

Benefits of PBM
Policy-based capabilities provide following business values:
 Enables dynamic responsiveness to changing business needs and conditions, providing
the foundational infrastructure necessary for a real time enterprise
 Increases quality of service through a faster, dynamic response to changing business
requirements and through the reduction in human error
Significantly reduces cost through continual automation and elimination of administrator
involvement