1 policy-based architecture. 2 policy management view of the architecture ip mmed domain is a...
TRANSCRIPT
1
Policy-based architecture
2
Policy management view of the architecture
• IP MMed domain is a converged services domain where voice, video, data are provided by one network. The challenge is to deliver predictable performance as multiple types of traffic contend for the same IP network resources.
• Good management of shared network resources requires centralized control mechanisms that give individual applications access to the network services they need, while meeting the resource allocation and security policies of the overall network/domain.
• This type of control is called policy-based networking. To achieve a successful converged network, policy based networking is essential. The architecture should therefore reflect or be based on this concept.
3
Policy management view of the architecture (2)
• Policy management enables the enforcement of a set of rules or policies that dictates access rights and resource usage based on the established profile of the application, user and group to meet an established business objective.
• Policy may be applied to any physical or logical entity which generates, handles or impacts the flow of network traffic
4
terminology
• Policy: combination of rules and services where rules define the criteria for resources access and usage.
• Eg. Of a policy rule:• If (srcIPadd=1.2.3.4 &&
– destTiPadd=5.6.7.8 && destIPport=80) then priority=6
• elseif – -----
• endif
5
Policy management view of the architecture (3)
• Currently the NRM shows a function called policy manager. The following are identified issues with regards to this function:
– The function of policy manager is ambiguous. In fact the function does not map to the policy elements of the IETF policy framework.
– We need to identify the need for policy function in the architecture, therefore it is necessary to understand the IETF policy model and map it to the NRM.
– Mapping the architecture elements to the IETF policy elements will help identify the distribution of policy roles amongst the NRM elements.
6
Policy management view of the architecture (4)
• To illustrate the role of policy, the architecture entities are mapped into the policy based model elements (RFC2753): policy enforcement points (PEP), policy decision points (PDP), policy repositary point (PRP), policy information point (PIP) and policy ignorant nodes (PIN)
• PEP is the point where the policy decision is enforced eg. ACS, SCM
• PDP is the point where policy decisions are made. The PDP may make use of additional mechanisms to achieve functionality such as user authentication, accounting, policy information storage, and may return to the PEP policy elements eg. AAA server
• The PIN is used to indicate nodes that do not explicitly support policy control, but rely on policy capable nodes to enforce the policy instead. Eg. MRF is a PIN relies on policy capable node SCM for policy enforcement.
7
Roles of policy in NRM
Based on the policy elements definitions, we suggest the following mapping of the architecture elements to the policy based model elements :– ACS is the policy enforcement point (PEP) which would communicate
with the AAA (PDP) in order to receive policy decisions and may be policy elements as well, containing information for the evaluation of policy rules (QoS, priority, ToD, security)
– The ACS pushes the policy information to the PDSN and RAN. – The PDSN and HA act as PEPs as they communicate with the AAA
(PDP) for some specific user and network policies. The directory server (DS) stores the policy information, therefore act a policy repositary point.
– The PDSN and RAN acts as PINs towards the ACS mainly for resource allocation policies.
8
– The PDSN and RAN acts as PINs towards the ACS mainly for resource allocation policies.
– SCM could be mapped to another policy enforcement point which would communicate with the AAA (PDP) in order to receive policy decisions and may be policy elements containing user or application information for the evaluation of policy rules.
– The SCM enforces the policy towards other elements such as MRF, MGCF, R-SGW which act as PINs from the SCM point of view.
– Without using the same mechanisms described in RFC2753, MGCF plays the role of a policy server towards T-SGW and MGW.
Roles of policy in NRM (2)
9
– In conclusion, the architecture provides policy enabled clusters. Each cluster support different policy mechanisms (as well as protocols), but the relation between the clusters could be described in terms of the policy model described in RFC2753 (see figure).
Roles of policy in NRM (3)
10BSC+PCF
HA
(PEP)
SCM(PEP)
ACS(PEP)
PDSN
(PEP)
MGW
MGCFMRF
T-SGW
R-SGW
IP MMed domain onlyAccess part
PDP
PIN
PIN
PIN
PDP PEP
PEP
PIN
PIN
AAA
DS
LDAP
PRP
11
Conclusion
• The single element “policy manager” is not required in the architecture.
• Policy manager role is ambiguous and does not map to the currently defined IETF policy elements.
• Policy roles are distributed in the architecture with AAA used as the policy decision point and the directory server (DS) as the policy repositary point. The policy enforcement points are distributed in the architecture and communicate with the PDP for policy decision.