Internet Engineering Task Force                Kwok Ho Chan
 RAP Working Group                              Nortel Networks
 Internet-Draft
 Expiration: February 2002
 draft-ietf-rap-cops-frwk-00.txt





An Architecture for COPS Based Policy Control
 Management Framework

Last Updated: 7/13/01



Status of this Memo

This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups.  Note that
other groups may also distribute working documents as Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time.  It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.


Conventions used in this document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in
this document are to be interpreted as described in [RFC-2119].



Status of this Memo     1
Conventions used in this document       1
Abstract        3
1. Introduction 3
2. Architecture Overview        3
2.1 Policy Controlled Management System Units   3
2.2 Policy Controlled Management System Data Models     4
3. Policy Decision Point        4
3.1 Message Processing  4
3.2 Security    4
3.3 Framework Data Model        4
3.4 Application Specific Data Model     4
4. Access Edge Policy Enforcement Point 4
4.1 Message Processing  4
4.2 Security    4
4.3 Framework Data Model        4
4.4 Application Specific Data Model     4
5. Core Policy Enforcement Point        4
5.1 Message Processing  4
5.2 Security    4
5.3 Framework Data Model        4
5.4 Application Specific Data Model     4
6. References   4




Abstract

This document describes an architecture for a COPS based Policy
Control Management System Framework.  The architecture is designed
to be modular, allowing future modification and addition to existing
framework.  The major units of the architecture are the Policy
Decision Points (PDP), the Access Edge Policy Enforcement Points
(PEP), the Core Policy Enforcement Points.  With Message Processing
Subsystem, Security Subsystem, Framework Data Model Subsystem, and
Application Specific Data Model Subsystem in each PDP and PEP.

This document further provides a high level description of each unit
and describes the relationship among each unit.  This document also
describes how the subsystems within each unit interact with each
other to provide the functionality of a Policy Control Management
System.


1. Introduction

COPS based Policy Control Management System provides a modular and
scalable way to management resource access and provisioning.  We
started with network QoS resources but this is only the initial
application of COPS based Policy Control.  Other applications
includes but not limited to:
1.      Network Plumbing Resource
2.      Content Resource

This document provides examples on how Policy Controlled access and
provisioning can be done for each of the above resources.  Providing
some solutions for Policy Controlled End-To-End Services.


2. Architecture Overview

The COPS based Policy Control Management System Architecture
contains two kinds of modular decompositions:
1.      Functional Units
2.      Data Models

As described in more details in the following sub sections.


2.1 Policy Controlled Management System Units

In this architecture, we have broken up the Policy Controlled
Management System into two functionalities, each handled by the
functional units:
1.      Policy Decision Point (PDP)
PDPs are the gateways to the centralized policy repository,
allowing administrative domain wide policy implementation.
2.      Policy Enforcement Point (PEP)
PEPs are the gateways to the resource being managed and have
direct interfaces to the resource's control planes.


2.2 Policy Controlled Management System Data Models

In this architecture, the Data Models are tied to the kinds of
resource being managed, for example:
1.      For Network QoS Resource, the DiffServ PIB Data Model is used.
2.      For Network Plumbing Resource, the TE PIB Data Model is used.

Other Data Models are being defined and more examples will be
provided as this document is being developed.


3. Policy Decision Point

3.1 Message Processing

3.2 Security

3.3 Framework Data Model

3.4 Application Specific Data Model


4. Access Edge Policy Enforcement Point

4.1 Message Processing

4.2 Security

4.3 Framework Data Model

4.4 Application Specific Data Model


5. Core Policy Enforcement Point

5.1 Message Processing

5.2 Security

5.3 Framework Data Model

5.4 Application Specific Data Model



6. References

[FWPIB] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Hahn, R.
        Sahita, A. Smith, F. Reichmeyer, Framework Policy
        Information Base,"
        draft-ietf-rap-frameworkpib-04.txt, March 1, 2001.

[DSPIB] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Hahn, C.
        Bell, A. Smith, F. Reichmeyer, "Differentiated
        Services Quality of Service Policy Information Base,"
        draft-ietf-diffserv-pib-03.txt, March 2, 2001.


9. Author Information and Acknowledgments

Kwok Ho Chan
    Nortel Networks
    600 Technology Park Drive
    Billerica, MA 01821
    Phone: 978-288-8175
    E-mail: khchan@nortelnetworks.com

Internet Draft  COPS Framework  July 2001



Chan    Expires February 2002   [Page 3]

Chan            [Page 1]