Performance of a Multi-Tiered Policy-Based Management System

摘要

Apart from providing device management on the Internet, it is essential to offer Quality of Service (QoS) to different users with different service requirements. Policy-based management provides policy control on network devices to achieve this objective. Internet Engineering Task Force (IETF) recommended a two-tiered policy-based management (PBM) architecture. This recommended design is based on Common Open Policy Service (COPS) protocol and Lightweight Directory Access Protocol (LDAP). There are COPS policy outsourcing and provisioning models. LDAP is for storing and fetching policy rules. However, several fundamental limitations exist in the recommended design. System scalability and cross-vendor hardware compatibility are the obvious drawbacks. In this paper, we study the system performance of PBM through experiments. Consequently, improved multi-tiered policy-based management architecture is proposed, and it is known as a unified policy-based management (UPM). For this new design, there are several extensions introduced that offer system flexibility and scalability. Particularly, an intermediate entity between policy server and network routers, the Policy Enforcement Agent (PEA), is introduced. In this proposed architecture, by properly extending network protocols, by installing multi-vendor hardware modules on-the-fly, and hence by interpreting and translating request and decision messages at the agents, the architecture enables a dynamic Unified Information Model throughout the control portion of the design. The multi-tier architecture provides flexible and scalable system design, and it allows executions of policy rules with dynamic addition of new equipment during run-time. To complete the design, communication protocols between policy servers and agents are established that facilitate load sharing and balancing mechanism and improve the system scalability issue. In the following, we discuss the architectural design and its system performance.