A Network Management Architecture Using XML-Based Policy ...

A Network Management Architecture Using XML-Based Policy Information Base
Kwoun Sup Youn and Choong Seon Hong School of Electronics and Information, Kyung Hee University 1 seocheon, Kihung, Yongin, Kyungki, 449-701 Korea [email protected],[email protected]

Abstract. XML is being used to describe components and applications in a vendor and language neutral. Therefore it already has a role in distributed system. XML is also being used as a data interchange format between components and applications in loosely coupled large-scale application. Until now, policy is described for specific applications and devices. Its use has been very limited. In current network management system, we can only invoke predefined operations and actions using policy-based Network Management. The main motivation for the recent interests in policy-based networks is to support dynamic adaptability of behavior by changing policy without recoding or stopping system. For these reasons we present the use of the XML for describing the policy and PIB(Policy Information Base) in COPS-PR. It improves flexibility and interoperability among heterogeneous network systems. It also can add new functionality into network components. In this paper, we propose a network management Architecture using XML-based policy information base.

1

Introduction

For several years, the Internet Protocol (IP) networking industry has been struggling to develop ways to manage networks. Initial attempts brought mechanisms and protocols that focused on managing and configuring individual networking devices rather than the network as a whole. While the model was worked well in early deployments of IP networks, the overhead of administrating networks was increased not only as the size of networks grew but also the capabilities of networking devices were increased. The emerging policy-based network management paradigm is a direct result of this shift [1]. The idea of policy-based management system has caught on as a way to reduce administrative costs, tighten security, and help troubleshooting by setting standards for dealing with a number of situations that range from adding new users to the network to reacting to system faults. Instead of emphasizing devices and interfaces, a policy based management system focuses on users and applications.


This work was supported by grant No R05-2001-000-00976-0 from Korea Science and Engineering Foundation.

H.-K. Kahng (Ed.): ICOIN 2003, LNCS 2662, pp. 876–885, 2003. c Springer-Verlag Berlin Heidelberg 2003


A Network Management Architecture

877

In essence, policy-based network management system allows network mangers to express business goals as a set of rules, or policies, which are then enforced throughout the network. Also, it can automate many tasks that network mangers have had to perform manually in the past, such as configuring switches and routers to prioritize traffic from specific applications.

2

Motivation

The challenges in policy based network management system are as follows. Firstly, some policies may be user- or application-specific, such as the information to filter when bandwidth or device capabilities are limited. It is very unsuitable in large-scale network. Secondly, policies define choices in behavior in terms of the conditions under the environment that predefined operations and actions can be invoked rather than changing the functionality of the actual operations themselves. For these reasons, we propose a network management system using XMLbased policy information base. It supports dynamic adaptability of behavior by changing policy without the stop of system operation. The use of XML provides a neutral means that is independent on operating systems and applications of describing network management policies. We propose the use of the XML for describing of the policy and PIB( Policy Information Base) in COPS-PR [2,3].

3 3.1

Related Works The COPS(COPS-PR) and PIB

We focus on configuration management based on IETF standards. The IETF has defined a policy framework consisting of management interfaces for entering policies, repositories for storing policies, policy decision points(PDPs) for evaluating policies, and policy enforcement points(PEPs) for enforcing policy decisions [2,3,10]. Based on this framework, the IETF standardized policy core information models (i.e., PCIM and PCIMe) that can be used when entering policies, when storing them in repositories, and when evaluating them at PDPs. For the transfer of policy decisions between PDP and PEP, the COPS-PR (Common Open Policy Service for Policy Provisioning ) protocol was standardized. The structure of configuration information carried by COPS-PR is defined in Policy Information Base (PIBs). The language for defining PIBs has been standardized as the structure of policy provisioning information (SPPI) [11]. The basic COPS operational model shown in Figure 1(a) is described as the PEP that establishes communication with the PDP, send policy requests, receive policy decisions, and optionally send reports. At any time, the PEP can update a request; a PDP can update a decision. The PEP is responsible for deleting the request when it is no longer applicable. The PIB is a conceptual tree namespace of provisioning classes (PRCs) and provisioning instances (PRIs). There may be multiple instances of any PRC. Figure 1 (b) shows an example of PIB tree.

878

Kwoun Sup Youn and Choong Seon Hong

Policy Server(PDP)

Request Messages

PRC

PRI PRI PRI

COPS Decision Messages

PRC

PRI PRI

Report Messages

Policy Client(PEP)

(a) COPS Operational Overview

PRC

PRC

PRI

PRI

(b) The PIB Tree

Fig. 1. COPS Operational Overview

Specific clauses in the SPPI allow the PRCs defined in generic PIBs to be reused and specialized for service-specific PIBs via well-known object oriented concepts such as inheritance. This makes the data model defined in any PIB extensible 3.2

The Use of XML in Network Management Area

XML is being used to describe components and applications in a vendor and language neutral way. Therefore it already has a key role in network management area. In this section, we present a way to represent managed data using XML. A new representation for system management data called the Common Information Model (CIM) has been proposed by DMTF [6,7]. There are fundamentally different two models for mapping CIM into XML. One is a schema mapping in which the XML schema is used to describe the CIM classes, and CIM instances are mapped to valid XML documents for that schema. The other is a metaschema mapping in which the XML schema is used to describe the CIM metaschema. Both CIM classes and instances are valid XML documents for that schema [8,9]. Similarly, there are two different models for mapping MIB into XML. One is a model-level mapping, the other is a metamodel-level mapping. Figure 2 shows the model-level mapping and a metamodel-level mapping, respectively [17]. Model-level mapping means that each MIB variable generates its own DTD fragment. The XML element names are taken directly from the corresponding MIB element names. Metamodel-level mapping means that the DTD is used to

A Network Management Architecture

Cisco xx (a) Model-level mapping

879

Cisco xx (b). Metamodel-level mapping

Fig. 2. Two Different Models for Mapping MIB into XML

describe in a generic fashion and the notion of MIB variables. MIB element names are mapped to XML attribute or element values, rather than XML element names.

4 4.1

Proposed System Issues and Design Objectives

As mentioned earlier, policies may be user- and application-specific, such as the information to filter when bandwidth or device capabilities are limited. Policies define choices in behavior in terms of the conditions under the environment which predefined operations and actions can be invoked rather than changing the functionality of the actual operations themselves. We use COPS-PR to communicate with policy-related information. By adding or removing PRIs, the PDP can implement the desired polices to be enforced at the device. It is important to highlight that the policies that each PIB can be implemented are predefined. For these issues, we propose the use of XML to describe policies and PIB of COPS-PR [2,3]. An XML-based policy is independent on operating system and application. It is applicable to large-scale networks. Mapping PIB to XML can dynamically add PRC. It can support dynamic adaptability of behavior by changing policy without the stop of system operation and can provide the flexibility of PIBs. In addition, we have design objectives as follows: – A business level policy can be refined in such a way that the policy author can, at some point, actually deploy it in devices without leaving the authoring environment. – Using the same system, a business level policy can be expressed as easily as the device level policy.

880

Kwoun Sup Youn and Choong Seon Hong

Retrieve a template based on XML

User-defined policy

XML-based Policy Template Repository

Policy Generation Engine

GUI Policy editor

Policy Generation Manager

PDP Viewer

Database Manager

PEP Viewer

t–•›–™•ŽGwkw

‹–”ˆ• “›Œ™•Ž x–z

Retrieve a object

Xml-based Policy

Policy Information Repository

w–“Š G{™ˆ•š“ˆ›–™ w–“Š GzŒ™Œ™ t–•›–™•ŽGwlw

u– ›Œ”—“ˆ› Œ X cŸ”“eUU cVŸ”“e Y cŸ”“eUU cVŸ”“e

JDBC

jvwzT jvwzTwyGt–‹œ“Œ

u– –‰‘ŒŠ› X

ˆ“œŒš X]ZUX_WU ˆ‹”•š ŸŸ ŸŸTT ›™ˆ›–™ X]ZUX_WU ŸUŸ

jvwzGw™–›–Š–“ tsG—ˆ™šŒ™ jvwzTwyG jvwzT jvwzTwyG j“Œ•› jvwzT t–‹œ“Œ oˆ•‹“Œ™ oˆ•‹“Œ™

wpiG j–•›™–““Œ™

tsT tsT‰ˆšŒ‹Gwpi

Fig. 3. An Overall Architecture of Proposed System

4.2

Proposed Architecture

In this section, we describe an overview of the architecture of our proposed system. The architecture of our system is shown as Figure 3. There are six key components in this architecture. Graphical User Interface (GUI) The Graphical User Interface supports the creation of new policies and modifies the past polices using the XML-based generic template. It is the basic interface between the network manger and our proposed system. It also provides methods to edit or create the XML-based generic template and immediate feedback when the network manger uses an improper syntax or enters incorrect entity. It consists of following parts: – The policy editor supports functionality to create or edit the policies. – The PEP viewer browses XML-based PIB of PEP and retrieves value of elements in PIB. – The PDP viewer monitors current status of policy server which receives COPS messages from PEP.

A Network Management Architecture

881

Policy Generation Engine The Policy generation engine is the most important part of our proposed system. It consists of following parts: – Database manager that manipulates an XML based generic template according to the policy-related information. – JDBC module that interacts with the policy information repository. – Policy generation manager that interacts with PDP (Policy Decision Point). It loads the XML-based policy template from template repository. Through the use of a GUI, a proper XML-based template and embedded policy-related information can be selected. XML-Based Policy Template Repository It stores an XML-based Policy Template. The main goal of an XML-based Policy Template is to store generic policies for providing specific policy information to the Policy Generation Engine Policy Decision Point It is one of the components in policy-based network management system. Policy Decision Point includes three components such as policy translator, policy server, and COPS-PR module. Policy translator translates higher-level abstractions of policies into device-level policy that applies to PEP (Policy Enforcement Points). The Policy server can serve as the central point for distribution policies to PEPs [2, 3, 12]. The COPS-PR module makes COPS-PR messages that are sent to PEP. Also it receives COPS-PR messages and then interprets ones. Policy Information Repository All policy related information is stored in policy information repository and generated using policy information model. Its concept is derived from ISM (Information System Model) of POWER prototype [15]. This is a subset of the full model of the managed system. It includes sufficient information for enabling policy definition. The system related part of this model is linked into the actual managed system Through the interaction with the managed objects, it would be possible for polices to be deployed. The concept used here may easily be implemented using the Common Information Model (CIM) from the DMTF (Distributed Management Task Force) [6,7]. Policy Enforcement Point It is one of the components in policy based network management system. It controls the traffic on our networks in accordance with the business goals and polices we set at higher levels in the policy-based network management system [12]. It consists of following parts: – COPS-PR module is similar to COPS-PR module of PDP. – Client-handler is able to handle different client-specific requirements. – PIB controller manipulates XML-based PIB in PEP. It provides methods to add or delete PRI in PIB. Also it supports functionality to create new PRC objects in PIB.

882

5 5.1

Kwoun Sup Youn and Choong Seon Hong

The Use of XML in Policy Template and PIB An XML-Based Policy Template

We propose the use of XML to describe polices. It is very flexible and scalable. An XML-based policy template stores a generic policy description for providing specific policy information to Policy Generation Engine. The XML Schema of a policy template is shown as Figure 4. The XML Schema includes five generic elements: ”people”, ”operation”, ”start time”, ”end time”, ”where”. These objects are defined and described in the Policy Information Repository. Individual elements represent objects of the managed domain. A specific policy is described in Figure 5. It is a form of XML instance document by XML Schema. It is described that the administrator can through the internet during working hours(08:00 12:00) and from wherever

cfŸ”“GŒ™š–•dIXUWIGŒ•Š–‹•ŽdI|{mT cfŸ”“GŒ™š–•dIXUWIGŒ•Š–‹•ŽdI|{mT_Ife cŸšašŠŒ”ˆ Ÿ”“•šaŸšdI››—aVVžžžUžZU–™ŽVYWWXVtszŠŒ”ˆIG Ÿ”“•šaŸšdI››—aVVžžžUžZU–™ŽVYWWXVtszŠŒ”ˆIG Œ“Œ”Œ•›m–™”kŒˆœ“›dI˜œˆ“Œ‹Ie Œ“Œ”Œ•›m–™”kŒˆœ“›dI˜œˆ“Œ‹Ie cŸšaŒ“Œ”Œ•› •ˆ”ŒdI”ŒššˆŽŒ†›Œ”—“ˆ›ŒIe cŸšaŠ–”—“ŒŸ{ —Œe ŸšaŠ–”—“ŒŸ{ —Œe cŸšašŒ˜œŒ•ŠŒe ŸšašŒ˜œŒ•ŠŒe cŸšaŒ“Œ”Œ•› ™ŒdI—Œ–—“ŒIVe cŸšaŒ“Œ”Œ•› ™ŒdI–—Œ™ˆ›–•IVe cŸšaŒ“Œ”Œ•› ™ŒdIš›ˆ™›†›”ŒIVe cŸšaŒ“Œ”Œ•› ™ŒdIŒ•‹†›”ŒIVe cŸšaŒ“Œ”Œ•› ™ŒdIžŒ™ŒIVe cVŸšašŒ˜œŒ•ŠŒ cVŸšašŒ˜œŒ•ŠŒe ŸšašŒ˜œŒ•ŠŒe cVŸšaŠ–”—“ŒŸ{ —Œ cVŸšaŠ–”—“ŒŸ{ —Œe ŸšaŠ–”—“ŒŸ{ —Œe cVŸšaŒ“Œ”Œ•› cVŸšaŒ“Œ”Œ•›e ŸšaŒ“Œ”Œ•›e cŸšaŒ“Œ”Œ•› •ˆ”ŒdI–—Œ™ˆ›–•IG› —ŒdIŸšaš›™•Ž •ˆ”ŒdI–—Œ™ˆ›–•IG› —ŒdIŸšaš›™•ŽIVe Ÿšaš›™•ŽIVe cŸšaŒ“Œ”Œ•› •ˆ”ŒdI—Œ–—“ŒIG› —ŒdIŸšaš›™•Ž •ˆ”ŒdI—Œ–—“ŒIG› —ŒdIŸšaš›™•ŽIVe Ÿšaš›™•ŽIVe cŸšaŒ“Œ”Œ•› •ˆ”ŒdIš›ˆ™›†›”ŒIG› —ŒdIŸša›”Œ •ˆ”ŒdIš›ˆ™›†›”ŒIG› —ŒdIŸša›”ŒIVe Ÿša›”ŒIVe cŸšaŒ“Œ”Œ•› •ˆ”ŒdIŒ•‹†›”ŒIG› —ŒdIŸša›”Œ •ˆ”ŒdIŒ•‹†›”ŒIG› —ŒdIŸša›”ŒIVe Ÿša›”ŒIVe cŸšaŒ“Œ”Œ•› •ˆ”ŒdIžŒ™ŒIG› —ŒdIŸšaš›™•Ž •ˆ”ŒdIžŒ™ŒIG› —ŒdIŸšaš›™•ŽIVe Ÿšaš›™•ŽIVe cVŸšašŠŒ”ˆ cVŸšašŠŒ”ˆe ŸšašŠŒ”ˆe

Fig. 4. Structure of Template by Using XML Schema cfŸ”“GŒ™š–•dIXUWIGŒ•Š–‹•ŽdIœ›T_Ife c”ŒššˆŽŒ†›Œ”—“ˆ›Œ Ÿ”“•šaŸšdI››—aVVžžžUžZU–™ŽVYWWXVtszŠ Œ”ˆT•š›ˆ•ŠŒIG Ÿša•–uˆ”Œš—ˆŠŒzŠŒ”ˆs–Šˆ›–•dI›Œ”—“ˆ› ŒUŸš‹Ie c—Œ–—“Œeˆ‹”•š›™ˆ›–™cV—Œ–—“Œe c–—Œ™ˆ›–•ep•›Œ™•Œ›cV–—Œ™ˆ›–•e cš›ˆ™›†›”ŒeW_aWWcVš›ˆ™›†›”Œe cŒ•‹†›”ŒeX^aWWcVŒ•‹†›”Œe cžŒ™ŒeŒŒ™ cVžŒ™Œe cV”ŒššˆŽŒ†›Œ”—“ˆ›Œe

Fig. 5. A Specific Policy by Using Template

A Network Management Architecture

883

TT {ŒGwpiG‹Œ•›–•G‰ Gœš•ŽGzwwp —[m“›Œ™kš›h‹‹™Gviqlj{T{€wl z€u{hGp—h‹‹™Œšš thThjjlzzG™Œˆ‹Tž™›Œ z{h{|zGŠœ™™Œ•› klzjypw{pvuG“{ŒGpwGˆ‹‹™ŒššG›–…” aad¢ —[m“›Œ™l•›™ GYG¤ TT k–Šœ”Œ•›G{ —ŒGkŒ•›–•G cHlsltlu{G—[m“›Œ™kš›h‹‹™GJwjkh{he cHh{{spz{G—[m“›Œ™kš›h‹‹™Gz€u{hGjkh{hGJylx|pylk hjjlzzGjkh{hGJylx|pylk z{h{|zGjkh{hGJylx|pylkeG TT tsT‰ˆšŒ‹GwpiG‰ Gœš•ŽGk{kGOk–Šœ”Œ•›G{ —ŒGkŒ•›–•P cG—[m“›Œ™kš›h‹‹™Gz€u{hd“p—h‹‹™Œšš” hjjlzzd“™Œˆ‹Tž™›Œ” z{h{|zd“Šœ™™Œ•›”e cV—[m“›Œ™kš›h‹‹™eG

Fig. 6. Mapping SPPI-based PIB to XML-based PIB

he/she is logged in. An XML-based policy template supplies the convenience for a network manager to determine the policy description. 5.2

Mapping PIB to XML

As mentioned earlier, we generated a PIB using XML. We used a method of Model-level Mapping. It means that each PIB variable generates its own DTD fragment and the XML element names that are taken directly from the corresponding PIB element names. PIB definition using SPPI is shown in Figure 6. The IETF RFC 3159 specifies SPPI that defines numerous constructs, along with their semantics, that can be used while defining PIBs. SPPI also defines how the data definition in PIBs can be reused, thereby avoiding redundancy. We mapped SPPI-based PIB to XML-based PIB using DTD [4]. DTDs use a formal grammar to describe the structure and syntax of an XML document, including the permissible values for much of document’s contents. DTD of XML-based PIB and an instance of XML document by the DTD are shown in Figure 6.

6

Execution Sequence for Proposed System

Execution Sequence for Proposed System is shown as Figure 7. We consider that a network manager creates new policy using an XML-based template as follows 1. COPS-PR module is similar to COPS-PR module of PDP. 2. It inquires a necessary XML-Based generic policy template.

884

Kwoun Sup Youn and Choong Seon Hong

P o lic y e d ito r

P o lic y G e n e ra ta tio n E n g in e

C onne ct

D a ta b a s e M anage r

P o lic y T ra n s la to r

P o lic y D e c is i...

P ol ic y E n fo rc e m e n t P o in t

P IB C o n tro lle r

re trie v e X M L te m p la te a n d o b je c t s e a rc h te m p la te in D B

q u e ry re tu rn te m p la te a n d o b je c t

sh o w x m lte m pl at e an d o bj e c t

d e s c rib e p o lic ie s a n d th e n d e p lo y it tra n s m it a p o lic y fro m P G E to P D P t ra ns la te p o lic y tra n s m it

d e p lo y p o lic y to P E P in s ta ll p o lic y s e nd re p ort m e s s a ge

c o n ne c t P D P (O P N ) re p ly a c c e p t m e s s a g (C A T ) s e n d r e p o rt m e s s a g e (R P T ) re q u e s t p o lic y (R E Q ) s e n d p o lic y d e c is io n (D E C ) e x e c u te a p o lic y s e n d r e p o rt m e s s a g e (R P T )

Fig. 7. Sequence Diagram of Proposed System

3. Policy Generation Engine(PGE) inquires a necessary XML-based policy template from XML-based Policy Template Repository. 4. PGE loads a required XML-based template. The manager describes a special policy with the template. 5. When a special policy is described, PGE gets necessary parameters from policy information repository. 6. Policy translator converts the described policy to a policy of device-level and then sends policy. 7. Described special policy is transferred to PEP. 8. PDP sends a device-level policy to PEP through COPS protocol. 9. PEP decides whether it is correct policy or not, after that the result is sent to PDP. 10. PDP sends the result to PGE and notifies the resulting message to manager.

7

Conclusion and Future Works

In this paper, we proposed the use of XML for describing management policies and PIB of COPS-PR. An XML-based Policy is independent of operating system and application. It is applicable to large-scale networks. PIB-to-XML mapping can dynamically add PRC (Provisioning Class). It can support dynamic adaptability of behavior by changing policy without the stop of system operation and provide the flexibility of PIBs. In future works, we plan to develop an efficient algorithm that maps high-level policy into device-level policy.

A Network Management Architecture

885

References [1] Mark L. Stevens, Watler J. Weiss, ”Policy-based Management for IP Networks”, Bell Labs Technical Journal, 1999. [2] D. Durham et al., ”The COPS(Common Open Policy Service) Protocol”, IETF RFC2748, Jan. 2000 [3] K. Chan et al.,”COPS Usage for Policy Provisioning,”IETF, RFC3084, Mar. 2001. [4] W3C, ”Extensible Markup Language”, http://www.w3.org/XML/ . [5] M. Fine et al.,”Framework Policy Information Base”, IETF Internet-Draft, draftietf-rap-frameworkpib-04.txt, Nov. 2000. [6] DMTF, ”Common Information Model (CIM) Specification Version 2.2 ”, June. 1999. [7] DMTF, ” CIM Schema Version 2.6 ”, June 2001. [8] DMTF, ”Specification for the Representation of CIM in XML”, Version 2.0, July. 1999. [9] DMTF, ”XML as a Representation for management Information”, A White Paper Version 1.0, September. 1998. [10] Heinz Johner et al, ”Understanding LDAP”, http://www.redbooks.ibm.com/ pubs/pdfs/redbooks/. [11] M.Wahl ,” A Summary of the X.500(96) User Schema for use with LDAPv3”, December. 1997 [12] A. Westerinen et al., ”Terminology”, IETF Internet draft, http://www.ietf.org /internet-drafts/draft-ietf-policy-terminology-02.txt, Nov.2000. [13] K. McCloghire et al., ”Structure of Policy Provisioning Information [SPPI]”, IETF RFC 3159, August. 2001. [14] R. Boutaba et al., ”The Meta-Policy Information Base(M-PIB)”,IETF Internet draft, Mar. 2002. [15] M. Casassa Mont et al., ”POWER Prototype: Towards Integrated Policy-Based Manage-ment”, NOMS 2000, April 2000. [16] Natarajan, R et al., ”A XML based policy-driven management information service”, Pro-ceedings of IM 2001, May. 2001. [17] J. P. Martin-Flatin, ”Web-based management of IP Networks and Systems”, Ph.D thesis, Swiss Federal Institute of Technology, Lausanne (EPEL), Oct. 2000.