Network Computingwww.networkcomputing.com

	Print Full Article Print This Page Download the PDF E-Mail This URL

Back in 1999, when we last looked at PBNM products, we thought COPS (Common Open Policy Server) was going to get some traction with infrastructure vendors because it offered QoS configuration. Now no one, not even Cisco, is pushing COPS.

But we have SNMP -- thank goodness. Initially (we're talking way back), SNMP was to be an interim solution, quickly providing management access while ISO's CMIP (Common Management Information Protocol) was finalized. As with most two-phase projects, Phase 1 is all that got done, and SNMP -- now in its third version -- has become the most prevalent, though maybe not the best, source of management data.

It may seem, with the rich management data produced by products like those from Concord Communications and Micromuse, which heavily leverage SNMP, that SNMP should be able to support policy management. Wrong: Policy applications must configure network infrastructures, not merely read MIB variables and receive alerts, as do most other management applications available. And no one -- vendors or users -- has been willing to trust network configurations to an nonsecure protocol like SNMPv1 and v2 (as if telnet in the clear is better!).

But what about SNMPv3, which has added security and bulk transfers, making configuration possible? The key word is possible -- it's not yet a reality. There are few examples of SNMP being used as a configuration mechanism. The notable -- and significant -- exception is the DOCSIS (Data-Over-Cable Service Interface Specification) RFC 3083 standard for cable-modem management, which does its configuration using SNMPv3. It's a mystery why others haven't sought to leverage SNMPv3, though Cisco and Hewlett-Packard Co. have been shipping standard versions for more than a year.

There is work going on in the IETF to configure devices with SNMP, including policy configuration). Another advantage of SNMP is that its structure is well-understood -- maybe not well-liked, but widely deployed. Not only is there a significant installed base, there are lots of programmers who understand SNMP's structure, making it more likely the protocol will be implemented.

Time is Not on Our Side

But interfaces and APIs are only part of the issue; time is another. It can take years for a technology to move through the standardization process and appear in a critical mass of network devices and management software. This is where PBNM technology is today.

Given this state of flux, it's not surprising that many pieces of network equipment implement proprietary technology or interim versions of some standards. Policy-management application vendors are faced with the perennial problem of writing customized solutions, reducing their productivity and profitability. Writing customized solutions is, of course, like tilting at windmills. This situation ensures that new releases of PBNM software always will be behind the available hardware and likely will be bug-ridden.

For now, the safest thing to do is to use a single vendor and that vendor's policy-management software. This is the only way to have much leverage. But, of course, if you happen to own a network that has gear from more than one vendor, this is no solution. Lest you be completely depressed, the economy hasn't helped much in funding new development, so the lack of standard-facing products is understandable. The good news is that when development picks up, the standards should be in place to code to.

No way is the IETF going to pass up cool new ideas to go on doing the same old things. So the failures in policy technology are due in some part to the pressing need for the industry to form new initiatives -- after all, engineers cannot resist smart new concepts. We need to have patience and let standards mature, as they're bound to do.

Bruce Boardman is an executive editor of Network Computing, testing and writing on network systems and management. He has 12 years of IT experience managing networks and distributed computing for a financial service provider. Jon Saperia, co-chair of the IETF SNMP Configuration Working Group, is co-author of several recent Internet drafts in the area of policy and configuration management. He is also the founder of JDS Consulting. Send your comments on this article to Bruce Boardman at bboardman@nwc.com or to Jon Saperia at saperia@jdscons.com.