The present application describes systems and techniques for identifying network management polices, for example, in a Policy-Based Network Management (PBNM) system. PBNM is a technology for actively managing network resources based on policies derived from criteria such as user identity, application type, current traffic conditions, bandwidth requirements, security considerations, time-of-day, cost, machine name, machine location and so on. PBNM seeks to provide comprehensive control over network resources by facilitating the specification, configuration, monitoring, and enforcement of policies related to requests for access to, and reservation of, resources in the network.
A typical PBNM architecture 100, such as shown in FIG. 1, is based on a client-server paradigm in which PBNM-enabled network devices (either virtual or physical) act as policy enforcement points (PEPs) or policy clients 108, which communicate with a policy server 110, acting as a policy decision point (PDP), using a protocol referred to as COPS (Common Open Policy Service). Examples of physical network resources that may serve as PEPs 108 include servers 101, desktops 102, gateways 103, routers 104, local area network (LAN) switches 105 and Network Interface Cards (NICs) 106, firewalls, load balancers and so on. Examples of virtual network resources that may serve as PEPs 108 include multicast channels, virtual LANs (VLANs), monitoring services and accounting services.
In order to create, manage and deploy policies to devices, a policy console 112, a user interface component, may be used. All relevant information about network devices and the policies deployed to, or otherwise associated with, them is stored in the policy database 114 coupled to the policy server 110.
Details of one or more embodiments are set forth in the accompanying drawings and the description below. Other features, objects, and advantages will be apparent from the description and drawings, and from the claims.