It is desirable to enforce policies in a network across which data is being sent in order to control transmissions across the network. For example a policy may give directions about how to enforce security requirements within the network. Another policy might be configured to use knowledge of the available bandwidth on connections throughout the network to perform admission control by deciding whether or not to permit calls which would use a certain connection according to the amount of available bandwidth. This allows a policy decision point to ensure that there is sufficient bandwidth to provision every call using a connection without impairing the quality of the transmissions.
When a network 10 is set out using a simple network topology such as a tree structure as illustrated in FIG. 1 data packets can only travel on one path between nodes on the network such as between a transmitter 12 and a receiver 14. In this type of network topology assumptions can be made about how the data is going to cross the network and, consequently, the amount of bandwidth which will be used on each particular connection. Policy decision points 16, such as a server, attached to the network can then enforce policies stored on the policy decision point 16 by applying the assumptions to the known network topology stored within it. The policy decision maker can then use this information to regulate the network 10, for example, to decide whether or not a request for transmission of data across the network 10 should be allowed or not.
In more complicated network topologies such as the one illustrated in FIG. 2, data may be able to travel down any one of two paths 18, 20 between nodes on the network such as between a transmitter 12 and a receiver 14. This means that assumptions which could be made with respect to a simple network topology cannot be made as it is not certain which of the paths 18, 20 the data will traverse to get from the transmitter 12 to the receiver 14. In these cases, or where there are more than two possible paths, the policy decision point 16 attached to the network 10 needs additional knowledge in order to make decisions about the provisioning of new and existing connections.
One possible solution to this is to gain additional knowledge about resource use within the network by placing intelligent middleboxes into the network. Each middlebox is enabled to monitor the status of individual paths within the network and report the status of these paths to the policy decision point. The policy decision point can then use this knowledge to apply its provisioning policy to the network.
Alternatively, the middleboxes may be configured to apply their knowledge of the flow of data through the network and any request for bandwidth to enforce policy itself. The use of middleboxes does, however, require extra hardware and software to be present within the network resulting in increased installation costs and maintenance of the network.