Figure 3 - uploaded by Marcus Brunner
Content may be subject to copyright.
Source publication
The IETF has developed several specifications for policy-based configuration management. In addition, an infrastructure for distributed management by delegation has been specified. This paper combines key concepts developed in these two efforts and proposes a policy-based configuration management architecture built upon the distributed management i...
Context in source publication
Context 1
... we assume only one instance of policy manager and policy repository, there may be multiple PDPs and for each PDP there may be multiple PEPs. The architecture covers three levels of PDP distribution shown in Figure 3: (a) centralized with just a single PDP, (b) weakly distributed with several PDPs, but much less than the number of PEPs, and (c) strongly distributed with one PDP per PEP. ...
Citations
... These policies must then be mapped to a form (e.g., mathematical model) understood by management processes. There has been considerable work (e.g., [16,19,15]) in network management where policies are mapped to network device configurations that are then sent as instructions to management processes for configuring network devices. This work primarily focusses on network devices and primarily considers mappings to configurations to a single network device. ...
The goals of resource management fall within the overall aims of autonomic and grid computing, namely the sharing of resources automatically, and the allocation of resources depending on both application and business needs. Resource allocation can be guided by policies which encapsulate decisions made by the management system. Policies can be used to encapsulate many different types of management decisions including possible corrective actions when a performance requirement of an application is not being satisfied and actions to take place when there is more demand then supply. System policy is derived from the interactions between Service Level Agreements (contractual agreements between businesses) and locally specified management rules. This paper explores the potential use of mathematical models (e.g., optimisation models) for relating the various types of policies. It describes the current and proposed work in applying policies to resource management in the context of autonomic and grid computing systems.
... The control component is based on policies, which are basically if-condition-then-action rules. Policy-based systems are considered flexible in managing changes in the environment of systems [4][5][6][7][8][9][10]. ...
... The downside of interpreting policies is that the policy system must be recompiled when new language elements are added to the policy descriptions. An alternative approach would have been to implement policies as runnable code (e.g., as Java scripts) [9,10]. ...
We consider the distribution of live and scheduled multimedia content (e.g., radio or TV broadcasts) through multiple aggregators. An aggregator is an access-controlled redistributor that operates a pool of proxy servers to aggregate content from source content providers and forward it to mobile hosts. Aggregators package content into channels (e.g., BBC 9 o�clock news) and offer them at various quality levels (e.g., using different encodings) and prices. Mobile hosts receive channels via a �beyond 3G� wireless Internet, which consists of different types of wireless networks (e.g., 802.11 and UMTS networks).
In this paper, we investigate how a mobile host can switch to another aggregator and an associated quality level while it is receiving a channel. This situation can for instance occur when a mobile host roams into a (different type of) wireless network through which a new aggregator is available, or when the mobile host roams out of a network while its current aggregator is only available through that network. We use an earlier developed application-level protocol that enables mobile hosts to discover accessible aggregators and to switch to one of them. We propose a complementary control component that automatically matches the user�s preferences (e.g., regarding cost or quality) with the aggregators� available quality levels and the capabilities of the wireless networks the mobile host can connect to. The control component uses policies to decide when to invoke the protocol to hunt for alternative aggregators, how to rate their quality levels based on the user�s preferences, and when and how to switch to another aggregator. Together, the protocol and the control component ensure service continuity without bothering the user. We present the design of the system and its prototype deployed in a small-scale test bed.
... The Our current implementation includes a CIM2TC Linux Driver which is used to configure a Linux router using traffic control commands [9] via CIM classes specified in the CIM network sub-model. This approach is similar to that of [10], in which a driver component is used to translate classes that follow the DiffServ MIB object model [11] to Linux traffic control commands. We have used the "jtc" package from this implementation to represent the traffic control mechanisms of the Linux DiffServ router which is indicated as the LinuxDiffServ.LinuxDriver.tc ...
Policies are often used to define management strategies for networks, storage services or applications. Validation determines whether the policy implementation is feasible for the specific environment to which it applies and requires checking that the policy is consistent with the functional or resource constraints within the target environment. For example, do the policies assume functionality or specific operations which do not exist in target routers, or bandwidth in excess of the capacity of data links? Where possible, static checking should be done prior to policy deployment in order to detect invalid policies at design time, but there are some policies, related to resource allocation, that depend on the current state of the system, and require policy constraints that must be checked dynamically at execution time. We show how PONDER policies can be implemented and validated for differentiated services (DiffServ) by using CIM (Common Information Model) as the modelling framework for network resources, as this is device independent. We describe a CIM DiffServ-metrics sub-model extension of the CIM Network sub-model which represents DiffServ traffic statistics and a Linux driver which translates CIM classes and variables to Linux traffic control classes and variables respectively.
... The Jasmin project [103] aims to enhance the distribution and invocation of network management scripts with distributed network management applications. The implementation supports multiple languages and run-time systems. ...
The Internet is an example of a multi-agent system. In our context, an agent is synonymous with network operators, Internet service providers (ISPs) and content providers. ISPs mutually interact for connectivity's sake, but the fact remains that two peering agents are inevitably self-interested. Egoistic behaviour manifests itself in two ways. Firstly, the ISPs are able to act in an environment where different ISPs would have different spheres of influence, in the sense that they will have control and management responsibilities over different parts of the environment. On the other hand, contention occurs when an ISP intends to sell resources to another, which gives rise to at least two of its customers sharing (hence contending for) a common transport medium. The multi-agent interaction was analysed by simulating a game theoretic approach and the alignment of dominant strategies adopted by agents with evolving traits were abstracted. In particular, the contention for network resources is arbitrated such that a self-policing environment may emerge from a congested bottleneck. Over the past 5 years, larger ISPs have simply peddled as fast as they could to meet the growing demand for bandwidth by throwing bandwidth at congestion problems. Today, the dire financial positions of Worldcom and Global Crossing illustrate, to a certain degree, the fallacies of over-provisioning network resources. The proposed framework in this thesis enables subscribers of an ISP to monitor and police each other's traffic in order to establish a well-behaved norm in utilising limited resources. This framework can be expanded to other inter-domain bottlenecks within the Internet. One of the main objectives of this thesis is also to investigate the impact on multi-domain service management in the future Internet, where active nodes could potentially be located amongst traditional passive routers. The advent of Active Networking technology necessitates node-level computational resource allocations, in addition to prevailing resource reservation approaches for communication bandwidth. Our motivation is to ensure that a service negotiation protocol takes account of these resources so that the response to a specific service deployment request from the end-user is consistent and predictable. To promote the acceleration of service deployment by means of Active Networking technology, a pricing model is also evaluated for computational resources (e.g., CPU time and memory). Previous work in these areas of research only concentrate on bandwidth (i.e., communication) - related resources. Our pricing approach takes account of both guaranteed and best-effort service by adapting the arbitrage theorem from financial theory. The central tenet for our approach is to synthesise insights from different disciplines to address problems in data networks. The greater parts of research experience have been obtained during direct and indirect participation in the 1ST-10561 project known as FAIN (Future Active IP Networks) and ACTS-AC338 project called MIAMI (Mobile Intelligent Agent for Managing the Information Infrastructure). The Inter-domain Manager (IDM) component was integrated as an integral part of the FAIN policy-based network management systems (PBNM). Its monitoring component (developed during the MIAMI project) learns about routing changes that occur within a domain so that the management system and the managed nodes have the same topological view of the network. This enabled our reservation mechanism to reserve resources along the existing route set up by whichever underlying routing protocol is in place.
... The framework defined in [Martinez et al. 2002] combines IETF's Script MIB [Levi et al. 1999 The system proposed in for the management of QoS in Multi-Protocol Label Switching (MPLS) networks, also follows the IETF Policy working group approach. They have extended the Common Information Model (CIM) policy model with MPLS specific classes. ...
... As mentioned earlier, our prototype implementation uses the CIM2TC driver to configure a Linux router using traffic control ("tc") commands. This approach is similar to that of [Martinez et al. 2002], in which a driver component is used to translate classes that follow the DiffServ MIB object model [Baker et al. 2001] to Linux traffic control commands. ...
... Our policy-based management framework also complements approaches that concentrate on low-level policy specification. Examples include: using compiled or interpreted programs to specify policies (e.g. using Java programs as described in [Martinez et al. 2002]), or using an information modelling approach for QoS policy specification as described by the IETF . Policies can be more conveniently specified in Ponder and then mapped to any lower-level specification using automated software tools (i.e. ...
This paper presents a framework for specifying policies for the management of network services. Although policy-based management has been the subject of considerable research, proposed solutions are often restricted to condition-action rules, where conditions are matched against incoming traffic flows. This results in static policy configurations where manual intervention is required to cater for configuration changes and to enable policy deployment. The framework presented in this paper supports automated policy deployment and flexible event triggers to permit dynamic policy configuration. While current research focuses mostly on rules for low-level device configuration, significant challenges remain to be addressed in order to:a) provide policy specification and adaptation across different abstraction layers; and, b) provide tools and services for the engineering of policy-driven systems. In particular, this paper focuses on solutions for dynamic adaptation of policies in response to changes within the managed environment. Policy adaptation includes both dynamically changing policy parameters and reconfiguring the policy objects. Access control for network services is also discussed.
... There has been quite a bit of work (e.g., [1,18,23,12]) that has looked at the translation of policies to network device configurations which are then sent to the PEPs so that the PEPs can configure the network devices. The focus is on network devices. ...
An application's quality of service (QoS) requirements refers to non-functional, run-time requirements. These requirements are usually soft in that the application is functionally correct even if the QoS requirement is not satisfied at run-time. QoS requirements are dynamic in that for a specific application, they change. The ability to satisfy an application's QoS requirement depends on the available resources. Since an application may have different QoS requirements in different sessions, the resources needed are different. A differentiated service must be supported. Since an application's QoS requirement is soft, it may not always be satisfied. It must be possible to dynamically allocate more resources. In an overloaded situation, it may be necessary to allocate resources to an application at the expense of other applications. Policies are used to express QoS requirements and actions to be taken when the QoS requirement is not satisfied. Policies are also used to specify actions to be taken in overloaded situations. Policies dynamically change. Supporting these policies is done through a set of distributed managed processes. It must be possible specify policies and have these policies distributed to managed processes. This paper describes how these policies can be formally specified and a management architecture (based on the IETF framework) that describes how the policies are distributed and used by the management system. We conclude with a discussion of our experiences with the management system developed.
... cerns are increased, and malicious or improperly tested code can potentially damage the network. In addition, it is difficult to determine whether two computer programs specifying two different policies are contradictory or conflict with each other in any way. A comparison of different approaches to implementing policies as scripts can be found in [Martinez et. al. 2002]. FOR REVIEW ...
Policies are rules governing the choices in behaviour of a system. They are often used as a means of implementing flexible and adaptive systems for management of internet services, distributed systems, and security systems. There is also a need for a common specification of security policy for large-scale, multiorganisational systems where access control is implemented in a variety of heterogeneous components. In this paper we survey both security and management policy specification approaches. We also cover the issues relating to detecting and resolving conflicts which can arise in the policies and some ideas on how to refine high level goals and service level agreements into implementable policies. The paper briefly outlines some of the research issues that have to be solved for large-scale adoption of policy-based systems Keywords General terms: Policy specification Additional keywords and phrases: Security policy, security management, policy based management, access control, role based access control, authorization, Contents 1
... Most of the requirements mentioned in Section 2.1 have been met by our implementation: Policy condition classes can be written so that they determine the identifiers of network elements to be used in conditions and actions (1). The method to retrieve these identifiers can be implemented individually (2). Network elements for the DiffServ application domain have been implemented as parts of the policyMgmt.diffServ ...
Tasks 6.1 -- 6.3 of the joint Jasmin Project between the Technical University of Braunschweig and NEC C&C Research Laboratories scheduled for the time from January to August 2001 has been concerned with the design and implementation of a policy management system based on the Jasmin Script MIB implementation.
... Although IETF suggests LDAP [Wahl et al., 1997] as the service to store and transfer policies, there is no consensus in a single solution. For example, even the IETF, in the context of the snmpconf working group, is working in another policy transfer mechanism based on SNMP [Waldbusser et al., 2002], while Martinez et al. [Martinez et al., 2002] propose the use of Script MIB to proceed with this transfer. ...
Policy-based management and QoS monitoring are both tasks related to the management of modern QoS-enabled network. Although related to each other, these tasks are currently executed in a non integrated fashion. This paper presents an architecture that integrates policy-based management and QoS monitoring through the extension of the original IETF policy-based management architecture. The main advantage of using our proposed approach is that network administrators are freed to execute other tasks, while the QoS-enabled network is still monitored. Another advantage is that we are monitoring policies and verifying if they are respected in the network even after its deployment, which is a new feature absent in the IETF solution.
... The framework defined in [Martinez et al. 2002] combines IETF's Script MIB [Levi et al. 1999 The system proposed in for the management of QoS in Multi-Protocol Label Switching (MPLS) networks, also follows the IETF Policy working group approach. They have extended the Common Information Model (CIM) policy model with MPLS specific classes. ...
... As mentioned earlier, our prototype implementation uses the CIM2TC driver to configure a Linux router using traffic control ("tc") commands. This approach is similar to that of [Martinez et al. 2002], in which a driver component is used to translate classes that follow the DiffServ MIB object model [Baker et al. 2001] to Linux traffic control commands. ...
... Our policy-based management framework also complements approaches that concentrate on low-level policy specification. Examples include: using compiled or interpreted programs to specify policies (e.g. using Java programs as described in [Martinez et al. 2002]), or using an information modelling approach for QoS policy specification as described by the IETF . Policies can be more conveniently specified in Ponder and then mapped to any lower-level specification using automated software tools (i.e. ...
