Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

F E A T U R E

Are You a Control Freak?

January 21, 2002
By Bruce Boardman and Jon Saperia

>> continued from previous page

IETF Wrangles Over Policy Definitions


	Print Full Article Print This Page Download the PDF E-Mail This URL

When you hear policy-based management, what comes to mind? More pointedly, what does policy mean in this context? For two years now, the IETF has been working on a document on policy terminology. The dictionary has several definitions for the word policy. One that works well for our purposes is a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions.

Not surprisingly, this definition is similar to the one the IETF is considering. But even so, there are several different types of policies when it comes to policy management. This overlap is a source of confusion. The word policy, as it relates to management, has three different uses. Each of the expressions is functional.

>>Policy-based configuration: These are rules that control the type of configuration parameters sent to a system. The parameters can encompass any aspect of the network device's configuration -- from which DNS servers it should use, to algorithmically assigned names for interfaces, to what types of services to allow and configure. A policy could be that all devices east of the Mississippi use specific DNS primary and secondary servers. The details of how the systems are covered by the policy are then sent to them so they can "execute the policy."

Policy-based configuration actions also can be triggered by events. For example, a new set of configuration parameters might be sent to a device based on the time of day or a certain set of network-failure conditions. The details of the configuration of these services that perform the real work on these systems are described with the expression configuration of policy.

>>Configuration of policy: Configuration of policy occurs when we send a set of configuration parameters to a system (or systems) that causes them to do their main work in a certain way or to treat "customers" differently. People often think about differentiated services configuration in this context; a set of parameters is sent to a device so packets of a certain type are treated "better" than others -- that is, given a higher priority. Another type of configuration of policy is security-related. In this case, a set of parameters sent to the firewall may state that the firewall refuse certain types of traffic except that from certain trusted locations.

>>Policy-based configuration of policy: This type of configuration is the combination of the two types of policy described above. In policy-based configuration of policy, we use a number of characteristics or events (policy-based configuration) to determine what type of policy (configuration parameters) to send to network devices, including how they perform their various services for different "customers."

In a nutshell, policy-based configuration is the selection of the system that is to be configured, configuration of policy refers to the configuration of parameters on systems that are selected, and policy-based configuration of policy is the union of the previous two. The important point is that policy is many different things, not just how packets are treated or how devices are configured. When you talk to vendors, make sure you're both on the same page when you bandy about the word policy. Make sure you mean the same thing.