Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Policy-based architecture. 2 Policy management view of the architecture IP MMed domain is a converged services domain where voice, video, data are provided.

Published byShauna Sharp Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Policy-based architecture. 2 Policy management view of the architecture IP MMed domain is a converged services domain where voice, video, data are provided."— Presentation transcript:

1 1 Policy-based architecture

2 2 Policy management view of the architecture IP MMed domain is a converged services domain where voice, video, data are provided by one network. The challenge is to deliver predictable performance as multiple types of traffic contend for the same IP network resources. Good management of shared network resources requires centralized control mechanisms that give individual applications access to the network services they need, while meeting the resource allocation and security policies of the overall network/domain. This type of control is called policy-based networking. To achieve a successful converged network, policy based networking is essential. The architecture should therefore reflect or be based on this concept.

3 3 Policy management view of the architecture (2) Policy management enables the enforcement of a set of rules or policies that dictates access rights and resource usage based on the established profile of the application, user and group to meet an established business objective. Policy may be applied to any physical or logical entity which generates, handles or impacts the flow of network traffic

4 4 terminology Policy: combination of rules and services where rules define the criteria for resources access and usage. Eg. Of a policy rule: If (srcIPadd=1.2.3.4 && –destTiPadd=5.6.7.8 && destIPport=80) then priority=6 elseif –----- endif

5 5 Policy management view of the architecture (3) Currently the NRM shows a function called policy manager. The following are identified issues with regards to this function: –The function of policy manager is ambiguous. In fact the function does not map to the policy elements of the IETF policy framework. –We need to identify the need for policy function in the architecture, therefore it is necessary to understand the IETF policy model and map it to the NRM. –Mapping the architecture elements to the IETF policy elements will help identify the distribution of policy roles amongst the NRM elements.

6 6 Policy management view of the architecture (4) To illustrate the role of policy, the architecture entities are mapped into the policy based model elements (RFC2753): policy enforcement points (PEP), policy decision points (PDP), policy repositary point (PRP), policy information point (PIP) and policy ignorant nodes (PIN) PEP is the point where the policy decision is enforced eg. ACS, SCM PDP is the point where policy decisions are made. The PDP may make use of additional mechanisms to achieve functionality such as user authentication, accounting, policy information storage, and may return to the PEP policy elements eg. AAA server The PIN is used to indicate nodes that do not explicitly support policy control, but rely on policy capable nodes to enforce the policy instead. Eg. MRF is a PIN relies on policy capable node SCM for policy enforcement.

7 7 Roles of policy in NRM Based on the policy elements definitions, we suggest the following mapping of the architecture elements to the policy based model elements : –ACS is the policy enforcement point (PEP) which would communicate with the AAA (PDP) in order to receive policy decisions and may be policy elements as well, containing information for the evaluation of policy rules (QoS, priority, ToD, security) –The ACS pushes the policy information to the PDSN and RAN. –The PDSN and HA act as PEPs as they communicate with the AAA (PDP) for some specific user and network policies. The directory server (DS) stores the policy information, therefore act a policy repositary point. –The PDSN and RAN acts as PINs towards the ACS mainly for resource allocation policies.

8 8 –SCM could be mapped to another policy enforcement point which would communicate with the AAA (PDP) in order to receive policy decisions and may be policy elements containing user or application information for the evaluation of policy rules. –The SCM enforces the policy towards other elements such as MRF, MGCF, R-SGW which act as PINs from the SCM point of view. –Without using the same mechanisms described in RFC2753, MGCF plays the role of a policy server towards T-SGW and MGW. Roles of policy in NRM (2)

9 9 –In conclusion, the architecture provides policy enabled clusters. Each cluster support different policy mechanisms (as well as protocols), but the relation between the clusters could be described in terms of the policy model described in RFC2753 (see figure). Roles of policy in NRM (3)

10 10 BSC+PCF HA (PEP) SCM (PEP) ACS (PEP) PDSN (PEP) MGW MGCF MRF T-SGW R-SGW IP MMed domain only Access part PDP PIN PDP PEP PIN AAA DS LDAP PRP

11 11 Conclusion The single element “policy manager” is not required in the architecture. Policy manager role is ambiguous and does not map to the currently defined IETF policy elements. Policy roles are distributed in the architecture with AAA used as the policy decision point and the directory server (DS) as the policy repositary point. The policy enforcement points are distributed in the architecture and communicate with the PDP for policy decision.

Download ppt "1 Policy-based architecture. 2 Policy management view of the architecture IP MMed domain is a converged services domain where voice, video, data are provided."

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
All-IP distributed (proxy) control model architecture Henrik Basilier, Ericsson ALLIP-20000717-011__ERI_distributed_CM.

All-IP distributed (proxy) control model architecture Henrik Basilier, Ericsson ALLIP __ERI_distributed_CM.
IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.

IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV 16-22 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균

All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균
1 Presentation_ID © 1999, Cisco Systems, Inc. Programmable Networks OPENSIG-99 Industry Panel John Hopprich.

1 Presentation_ID © 1999, Cisco Systems, Inc. Programmable Networks OPENSIG-99 Industry Panel John Hopprich.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
IMS – IP Multimedia Subsystem SINDHUJA GADDE UIN : 01008090.

IMS – IP Multimedia Subsystem SINDHUJA GADDE UIN :
Omniran-13-0032-04-0000 1 IEEE 802 Scope of OmniRAN Date: 2013-05-16 Authors: NameAffiliationPhone Max RiegelNSN+49 173 293

Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN
Network Management: Accounting and Performance Strategies - Graphically Rich Book Network Management: Accounting and Performance Strategies by Benoit Claise.

Network Management: Accounting and Performance Strategies - Graphically Rich Book Network Management: Accounting and Performance Strategies by Benoit Claise.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.

Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
December 13, 20001 Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.

December 13, Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
Differentiated Access to Virtual Resources in Cloud Environments M. Fazio and A. Puliafito Euro-TM Workshop.

Differentiated Access to Virtual Resources in Cloud Environments M. Fazio and A. Puliafito Euro-TM Workshop.
Division of IT Convergence Engineering Towards Unified Management A Common Approach for Telecommunication and Enterprise Usage Sung-Su Kim, Jae Yoon Chung,

Division of IT Convergence Engineering Towards Unified Management A Common Approach for Telecommunication and Enterprise Usage Sung-Su Kim, Jae Yoon Chung,
An Integrated QoS, Security and Mobility Framework for Delivering Ubiquitous Services Across All IP-based Networks Haitham Cruickshank University of Surrey.

An Integrated QoS, Security and Mobility Framework for Delivering Ubiquitous Services Across All IP-based Networks Haitham Cruickshank University of Surrey.

Similar presentations

Ads by Google