Agenda

1
Agenda

• Quiz
• Policy Based Network Management
• Practice Mid-Term

2
Policy Based Network Management (PBNM)

• BACKGROUND
• Conceived in the late 1990s
• Promised the ability to control QoS on networked
  applications
• Expectations were that CIOs could control
  policies through graphical interfaces from their
  desk
• Now is thought of as Differentiated QoS
• Different configurations of QoS for different
  types of applications
• Still means many different things to different
  people

Note PBNM Information taken from Policy Based
Network Management by Strassner
3
Policy Based Network Management (PBNM)

• WHY PBNM SOLUTIONS HAVE FAILED
• Looked at as a quick fix for network management
• Managers bought single vendor approaches (which
  could only manage some of the devices)
• Solutions were based on particular technologies
  or devices (so they could not control other types
  of technologies)
• Solutions focused on the IP world (so they missed
  non-IP)
• Solutions were generally not understood
• Solutions were implemented without a solid set of
  standards

4
Policy Based Network Management (PBNM)

• UNCOMMON INFORMATION MODELS

Config Inventory Performance
Trouble Ticket Mgt Mgt
Management Management
Username string 1 Employee string 2 Manager
string 3
Username alpha numeric Employee
integer IsAdmin Boolean
5
Policy Based Network Management (PBNM)

• MOST PBNM SOLUTIONS MISS THE POINT. TWO CRITERIA
  ARE ESSENTIAL
• Some central authority must decide what users and
  what applications get priority over other users
  and applications
• You must connect the way business runs to the
  services that the network provides
• Some people study work flow and then implement a
  system
• Some people try to implement a system to change
  work flow or culture

6
Policy Based Network Management (PBNM)

• WHERE WE ARE TODAY
• Standards bodies are addressing issue
• TeleManagement Forum (TMF) is most prominent (my
  opinion)
• Next Generation Operational Systems Software
  (NGOSS) architecture
• Shared Information Data (SID) model

7
Policy Based Network Management (PBNM)

• New Generation Operational Systems Software
  (NGOSS)
• Concerned with defining an architecture that
  automates business processes
• Policies choose which processes perform a
  function
• Feedback from executing processes can be used to
  change policies
• Combines policy management process management
  in the sense that you manage by both rather than
  either/or.
• The policy model includes business, system
  implementation viewpoints

8
Policy Based Network Management (PBNM)

• TMF Shared Information and Data (SID) Model
• Is federated, i.e., is composed of sub models
  which were
• Contributed by companies
• Mined from other standards or
• Developed within the TMF
• To achieve true interoperability (where data from
  different components can be shared and reused) a
  common language needs to be developed and agreed
  upon.
• Objective of SID is to develop a common language
  using UML for shared data.
• An important feature it contains multiple models
  that concentrate on different disciplines.

9
Policy Based Network Management (PBNM)

• A USABLE AND USEFUL PBNM SOLUTION
• Key to utility is to think holistically about
  policy management
• A policy is needed that can translate business
  needs into device configuration
• Business procedures must
• Identify who must approve a change and who must
  implement the change.
• Describe how to verify that the change has been
  properly implemented.
• Show what action to take if a problem is
  discovered.
• The information model must represent the managed
  environment as a set of entities.

10
Policy Based Network Management (PBNM)

• DEFINING POLICY MANAGEMENT
• Policy management is the use of rules to
  accomplish decisions.
• Policy is represented as a set of classes and
  relationships that define the semantics of the
  building blocks.
• The building blocks usually consist of a minimum
  of a policy rule, a policy condition and a policy
  action, as shown below.

Policy Condition
Policy Rule
Policy Action
Has Conditions
Has actions
11
Policy Based Network Management (PBNM)

• Directory Enabled Networks-new generation
  (DEN-ng) POLICY MANAGEMENT

Policy Condition
Policy Rule
Policy Action
Policy Condition In Policy Rule
Policy Action In Policy Rule
Is Triggered By
Policy Event Set
12
Policy Based Network Management (PBNM)

• Directory Enabled Networks-new generation
  (DEN-ng)
• Architecture claims uniqueness in that
• An event model is used to trigger the evaluation
  of the policy condition clause.
• Specific constraints define (through restriction
  and more granular specification) what the model
  represents.
• This system uses a finite state machine to
  represent the state of a managed entity.
• Closed loop control is enabled by events and a
  state machine
• Policy is represented as a means to control when
  a managed object transitions to a new state.

13
Policy Based Network Management (PBNM)

• The Problem How to string a network of
  multi-vendor equipment together to provide a
  seamless set of customer-facing services

Aggregation
Content Network
Network
Policy Mgt SW
Corporate Gateway
Administrator

• Providing better-than-best-effort service to
  certain users
• Simplifying device, network, and service
  management
• Requiring less engineers to configure the
  network
• Defining the behavior of a network or
  distributed system
• Managing the increasing complexity of
  programming devices
• Using business requirements and procedures to
  drive the configuration of the network

14
Policy Based Network Management (PBNM)

• Providing Different Services to Different Users
• Two principal difficulties of QoS
• Complexity of implementing QoS
• Network vendors continue to add additional types
  of mechanisms that can be used (by themselves or
  other mechanisms) to implement QoS
• Different devices have different QoS mechanisms,
  making it hard to compare apples to apples
• Variety of services that can use QoS
• There is a lack of specificity in standards, e.g.
  Differentiated Services
• RFCs concentrate on specifying behavior without
  specifying how to implement that behavior, e.g.,
  none specify what type of queuing to use
• DiffServ has 64 code points (32 standard 32
  experimental) most service providers offer
  three to ten different services.
• A small set of standard rules is needed

15
Policy Based Network Management (PBNM)

• Simplifying Device, Network Service Management
• PBNM was conceptualized as a set of mechanisms to
  fine tune different network services
• The PBNM processes is to implement simplification
  through abstraction
• Users can concentrate on the task at hand rather
  on the various programming models and traffic
  conditioning mechanisms.
• Day-to-day management involves subtle changes on
  how different components are configured.
• Changes over time impact the ability of a device
  to support one or more of its services
• The requirement for tracking state is one of the
  reasons DEN-ng uses finite state machine models.

16
Policy Based Network Management (PBNM)

• Requiring Fewer Engineers to Configure the
  Network
• The theory behind being able to use fewer
  engineers is based on distributing intelligence
  to managed devices and applications that manage
  devices so that dynamically changing environments
  can be more easily managed and controlled.
• PBNM provides two important benefits
• The majority of network configuration tasks are
  simple in nature and do not require a specialist,
  and many of them are repetitive.
• PBNM systems enforce process, e.g., in
  configuration management, PBNM systems can
  define
• Which personnel are qualified to build a
  configuration change
• Which personnel must approve a configuration
  change
• Which personnel must install a configuration
  change
• Which personnel must validate a configuration
  change
• PBNM systems provide consistency by formalizing
  specific types of configurations

17
Policy Based Network Management (PBNM)

• Defining the Behavior of a Network of Distributed
  System
• PBNM systems can be used to define policy rules
  once and mass deploy them (a single network can
  have thousands of interfaces, making individually
  configuring them impractical)
• Policy rules can be used ad hoc or in a reusable
  fashion.
• Since a large system will execute many different
  policies, PBNM systems can be used to ensure they
  do not result in conflicting actions.
• PBNM systems can be used to capture business
  logic that is associated with certain conditions
  that occur in the network.

18
Policy Based Network Management (PBNM)

• Managing the Increasing Complexity of Programming
  Devices
• DEN-ng has two types of services
• Customer Facing Services are services of which
  the customer is directly aware, e.g., a VPN.
• Resource Facing Services are network services
  that are required to support the functionality of
  Customer Facing Services but of which the
  customer is not (and should not) be aware.
• Models can be used to describe features of
  Resource Facing Services (such as metering) and
  how those features relate to other features (such
  as classification and dropping) in a particular
  function (such as traffic conditioning) using
  classes and relationships.
• Abstractions, if defined properly, can be used to
  model the types of functions that are present in
  different vendor devices and accommodate new
  functionality.

19
Policy Based Network Management (PBNM)

• Using Business Rules to Derive Network
  Configuration

Business View SLAs, processes, guidelines, and
goals
System View Device and Technology Independent
Operation (workflow)
Network View Device Dependent, Technology
Specific Operation
Device View Device and Technology Specific
Operation
Instance View Device Specific MIBs, PIBs, CLI,
etc., implementation
20
Policy Based Network Management (PBNM)

• MOST SIGNIFICANT CHALLENGES
• Lack of a Consistent product model prevents
  predictable behavior
• Cisco Juniper routers can have different
  functionality and characteristics.
• Standards are not explicit enough to guarantee
  interoperability.
• Emerging policy information model standards have
  less of, but the same problem.
• They do not specify the concept of a device
  interface and therefore cannot be used to specify
  how to program the interface.
• They do not contain associations to business
  entities and therefore cannot be used to define
  which services from which products are assigned
  to which customers.
• No standard for shared data
• Before TMFs SID no standard existed for sharing
  and reusing data for network devices
• After business system views are defined, a set
  of tools must be produced that focus on
  translating information model into data models
  (e.g., a directory model and a Java model)

21
Policy Based Network Management (PBNM)

• BENEFITS OF PBNM
• An alternative to over-provisioning a network
• Over-provisioning doesnt give you interactive
  QoS.
• You need to establish a unified minimum level of
  performance.
• Providing Better Security
• PBNM can help categorize traffic into expected
  and unexpected types and establish rules for
  dealing with each.
• PBNM systems lets administrators easily restrict
  users to those applications and information
  sources that they need during their current
  session.
• Managing Device Complexity
• PBNM systems help you classify such things as
• What is the role of the device, e.g., will it be
  on the edge or in the core? Is it a border
  router?
• What is the physical capacity of the device,
  e.g., how many ports does it have?

22
Policy Based Network Management (PBNM)

• BENEFITS OF PBNM (continued)
• Managing Device Complexity (continued)
• PBNM systems help you classify such things as
  (continued)
• What is the logical capacity of the device, e.g.,
  how many VPNs can it support?
• What is the programming model, e.g., CLI, SNMP,
  used to program the device?
• What is the programming model used to monitor the
  device?
• What are the critical features (i.e., commands)
  that this device must support?
• What types of cards are available for this
  device?
• Is the configuration small enough to fit in flash
  memory or does it require RAM?
• What types of services are planned to be
  activated on this device?
• Associations and constraints can be defined that
  relate different logical features to different
  physical features, thereby building up a more
  complete picture of the device and facilitating
  control.

23
Policy Based Network Management (PBNM)

• BENEFITS OF PBNM (continued)
• Managing Complex Traffic Services
• Some applications generate several types of
  traffic, e.g., H.323 traffic generates both UDP
  and TCP flows.
• Some applications provide unpredictable behavior,
  e.g., some open random ports for communication.
• Different flows require different types of
  traffic conditioning, e.g., any of the fair
  whighted queuing approaches will adversely affect
  voice traffic.
• Handling Traffic More Intelligently
• PBNM systems can augment firewalls in blocking
  unauthorized users and other forms of unwanted
  traffic.
• Business critical applications can be identified
  immediately and transported using special
  mechanisms, e.g., using special paths.
• Performing Time-Critical Functions
• Changing device configurations within a specific
  time-window
• Performing scheduled provisioning functions

24
PBNM NGOSS Architecture
System View
Implement View
Imple-ment
Model
NGOSS Knowledge Base
Need
Run
Policy and Process Management
Business View
Runtime View
25

• Practice Mid Term Examination