1. Field
The present invention relates generally to management of networks of computer systems and, more specifically, to policy-based network management (PBNM).
2. Description
Computer network management is growing increasingly more complex and difficult due in part to the unrelenting expansion of today""s enterprise networks. New applications such as intranets, priority business applications, multicast-based applications, and multimedia require a network that is capable of supporting traffic level monitoring, self-reconfiguration, multi-point communication, software distribution, security, and of adjusting to changing application requirements through deployment of new services. Policy-based network management (PBNM) is a recent approach to network management that attempts to provide a higher level interface to network management than has been previously available. PBNM hides the low-level mechanisms of network management behind a high level abstraction called policies. Policies are human-readable, simple to express propositions that dictate what actions and behaviors are permitted on a computer network. Using PBNM, a network administrator can express a set of policies governing the network. For example, one policy might be xe2x80x9callow members of the engineering department to reserve 100 Kbits/s of network bandwidth between the hours of 9:00 AM and 5:00 PM.xe2x80x9d The underlying PBNM architecture handles the resolution of technical issues such as the association of the user""s Internet Protocol (IP) addresses to group membership, detection and permission/refusal of bandwidth reservations, time of day that a bandwidth request is to be active, and so on. This abstraction of network management and the associated hiding of the specific mechanisms used to implement policies allow for a richer, more powerful set of services to be managed and deployed on computer networks.
Current PBNM architectures use a static, localized set of mechanisms for controlling the behavior of computer networks. One known PBNM protocol is the Common Open Policy Service (COPS) protocol. The COPS protocol is a xe2x80x9cwork in progressxe2x80x9d or draft protocol of the Internet Engineering Task Force (IETF) dated Aug. 16, 1999, which may be found on the Internet at http://www.ietf.org/internet-drafts/draft-ietf-rap-cops-07.txt. The COPS protocol describes a client/server model for supporting policy control over Quality of Service (QoS) signaling protocols and provisioned QoS resource management. In the COPS protocol, clients, called policy enforcement points (PEPs), relay information about network resource requests to policy decision points (PDPs), which interpret policies so as to determine whether a request for network service should be honored or not. More generally, policies consist of sets of conditions that must be met before certain actions can be taken.
For each new type of managed network resource, an extension must be defined for the COPS protocol (through the IETF procedures). In addition, changes must be made in the PEPs to allow outsourcing of decisions via the newly extended COPS protocol. The conditions and actions taken as a result of an evaluation by a PDP are fairly static as well. Typically, the actions consist of allowing or rejecting access to some resource (e.g., network bandwidth, multicast groups, etc.), along with a small set of predefined conditions such as group membership and time of day. In addition to these requirements, the conditions used in PEPs to trigger requests for policy evaluation, as well as actions taken by PEPs in response to such evaluation, tend to be strictly local in scope (that is, focused on a single network node). Thus, the policy evaluation conditions used in PEPs typically do not take into account the state of other devices in the network.
While PBNM provides a powerful means of managing computer networks, its static definition of the mechanisms that can be managed and the actions that can be decided on makes it slow to respond to the rapid evolution of network services and capabilities that is taking place. Furthermore, the local scope of PBNM conditions and actions tend to limit the network-wide utility of PBNM to solving those problems which do not require access to the global state of the network.
An embodiment of the present invention is a method of extending the capabilities of a network with a policy-based network management (PBNM) architecture. The method includes sending a first message from a policy enforcement point (PEP) to a policy decision point (PDP) in response to an external action, and sending a Java object in a second message from the PDP to the PEP in response to receiving the first message.
Another embodiment of the present invention includes sending a first message from a policy enforcement point (PEP) to a policy decision point (PDP) requesting configuration of conditions, sending a Java object in a second message from the PDP to the PEP in response to receiving the first message, and executing the Java object on the PEP to configure conditions controlling the sending of messages from the PEP to the PDP.
Other embodiments are described and claimed.