 |
Policy Strategies
A good policy-management strategy comprises four phases. The first, and most difficult, phase is identifying the network traffic that needs to be classified, using traditional tools such as RMON, SNMP and packet-capture tools. This involves measuring the typical amount of bandwidth used, peak load times, typical traffic burst sizes and overall packet-size distribution. It is also critical to evaluate the latency that applications will tolerate. None of the products we tested offer this sort of functionality. The resourceful network administrator must hack his way through these issues and come up with a fair game plan.
In phase two, the network administrator must construct and deploy a set of policies to help shape or eliminate different types of traffic and carve up available bandwidth. Your WAN connections will require the most attention in this department. Many of the policy management solutions have scheduling features that let you create dynamic policies that shape traffic to fit your users' and customers' varying needs. The most dynamic solutions by far were products from Cisco Systems and Orchestream. Hewlett-Packard and IPHighway also were able to demonstrate multivendor policies based on a wide range of differentiators. Other vendors had pieces of the equation in place, but their solutions were far from complete.
Phase three involves deploying mechanisms to measure the policies' effects. Simple user feedback is a first-generation mechanism that is particularly effective when something goes wrong. But in the long term, the network devices must be able to report service level statistics back to the policy management tool. Most of the products we tested had little or no functionality in this area. One notable exception was Allot Communications, whose in-line hardware provided extensive feedback as to the effects of policies on your network. However, in most cases we used brute-force mechanisms, such as measuring end-to-end throughput using Chariot or "telneting" to the router and verifying access-control-list match counters, to determine whether a policy was being used and enforced.
Finally, once you've developed a feedback mechanism, the potential exists for the network to become self-tuning. No products had anything close to that today. Reporting based on device statistics will be the first step towards a self-tuning network. Spectrum Management was able to demonstrate a working reporting mechanism, but it lacked the necessary statistics to help us gauge whether the policies were actually working. In the long run, empowering your network with the power to adjust itself dynamically is a dangerous proposition: If a solution is too granular, it could lead to a feedback loop that could shut out your most mission-critical traffic. Fortunately, most vendors feel this level of sophistication is still several years away. First, the network must be able to inform the administrator of any type of statistics, a feature that was sorely lacking in the products we reviewed.
|
|
REPORTS
ANALYTICS
Follow 
