Internet Engineering Task Force Kwok Ho Chan
RAP Working Group Nortel Networks
Internet-Draft
Expiration: February 2002
draft-ietf-rap-cops-frwk-00.txt
An Architecture for COPS Based Policy Control
Management Framework
Last Updated: 7/13/01
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in [RFC-2119].
Status of this Memo 1
Conventions used in this document 1
Abstract 3
1. Introduction 3
2. Architecture Overview 3
2.1 Policy Controlled Management System Units 3
2.2 Policy Controlled Management System Data Models 4
3. Policy Decision Point 4
3.1 Message Processing 4
3.2 Security 4
3.3 Framework Data Model 4
3.4 Application Specific Data Model 4
4. Access Edge Policy Enforcement Point 4
4.1 Message Processing 4
4.2 Security 4
4.3 Framework Data Model 4
4.4 Application Specific Data Model 4
5. Core Policy Enforcement Point 4
5.1 Message Processing 4
5.2 Security 4
5.3 Framework Data Model 4
5.4 Application Specific Data Model 4
6. References 4
Abstract
This document describes an architecture for a COPS based Policy
Control Management System Framework. The architecture is designed
to be modular, allowing future modification and addition to existing
framework. The major units of the architecture are the Policy
Decision Points (PDP), the Access Edge Policy Enforcement Points
(PEP), the Core Policy Enforcement Points. With Message Processing
Subsystem, Security Subsystem, Framework Data Model Subsystem, and
Application Specific Data Model Subsystem in each PDP and PEP.
This document further provides a high level description of each unit
and describes the relationship among each unit. This document also
describes how the subsystems within each unit interact with each
other to provide the functionality of a Policy Control Management
System.
1. Introduction
COPS based Policy Control Management System provides a modular and
scalable way to management resource access and provisioning. We
started with network QoS resources but this is only the initial
application of COPS based Policy Control. Other applications
includes but not limited to:
1. Network Plumbing Resource
2. Content Resource
This document provides examples on how Policy Controlled access and
provisioning can be done for each of the above resources. Providing
some solutions for Policy Controlled End-To-End Services.
2. Architecture Overview
The COPS based Policy Control Management System Architecture
contains two kinds of modular decompositions:
1. Functional Units
2. Data Models
As described in more details in the following sub sections.
2.1 Policy Controlled Management System Units
In this architecture, we have broken up the Policy Controlled
Management System into two functionalities, each handled by the
functional units:
1. Policy Decision Point (PDP)
PDPs are the gateways to the centralized policy repository,
allowing administrative domain wide policy implementation.
2. Policy Enforcement Point (PEP)
PEPs are the gateways to the resource being managed and have
direct interfaces to the resource's control planes.
2.2 Policy Controlled Management System Data Models
In this architecture, the Data Models are tied to the kinds of
resource being managed, for example:
1. For Network QoS Resource, the DiffServ PIB Data Model is used.
2. For Network Plumbing Resource, the TE PIB Data Model is used.
Other Data Models are being defined and more examples will be
provided as this document is being developed.
3. Policy Decision Point
3.1 Message Processing
3.2 Security
3.3 Framework Data Model
3.4 Application Specific Data Model
4. Access Edge Policy Enforcement Point
4.1 Message Processing
4.2 Security
4.3 Framework Data Model
4.4 Application Specific Data Model
5. Core Policy Enforcement Point
5.1 Message Processing
5.2 Security
5.3 Framework Data Model
5.4 Application Specific Data Model
6. References
[FWPIB] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Hahn, R.
Sahita, A. Smith, F. Reichmeyer, Framework Policy
Information Base,"
draft-ietf-rap-frameworkpib-04.txt, March 1, 2001.
[DSPIB] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Hahn, C.
Bell, A. Smith, F. Reichmeyer, "Differentiated
Services Quality of Service Policy Information Base,"
draft-ietf-diffserv-pib-03.txt, March 2, 2001.
9. Author Information and Acknowledgments
Kwok Ho Chan
Nortel Networks
600 Technology Park Drive
Billerica, MA 01821
Phone: 978-288-8175
E-mail: khchan@nortelnetworks.com
Internet Draft COPS Framework July 2001
Chan Expires February 2002 [Page 3]
Chan [Page 1]