Dynamically Extensible Policy Server and Agent
Kanada, Y., 3rd International Workshop on Policies for Distributed Systems and Networks (Policy 2002), pp. 236-239, June 2002, http://dx.doi.org/10.1109/policy.2002.1011316
[ 日本語のページ ]
[ Paper PDF file ] [ OHP PDF file ]
[ IEEExplore Paper page ]
要約: This paper proposes a method, called the policy-extension-by-policy method, for quickly and dynamically adding policy classes with new functionality to policy servers and agents. In this method, users can add a new policy class to the policy server by using policy-definition (PD) policies, and they can define a method to translate a policy of the new class and to send to network nodes of different vendors through various types of device interfaces, such as CLI, MIBs, PIBs, APIs or hardware tables, by using policy-embedding (PE) policies. A PE policy also enables translating a policy of an existing class and sending the result to a new type of network node. PE policies contain command templates and methods for filling the templates. A program interpreter is embedded in policy agents to make flexible policy-to-configuration translation possible. A prototype system and example policies, i.e., access control, Diffserv, and VPN policies, were developed.
Introduction to this research theme: Policy-based Networking