Abstract :
This paper proposes a method, called the policy-extension-by-policy method, for quickly and dynamically adding policy classes with new functionality to policy servers and agents. In this method, users can add a new policy class to the policy server by using policy-definition (PD) policies, and they can define a method to translate a policy of the new class and to send to network nodes of different vendors through various types of device interfaces, such as CLI, MIBs, PIBs, APIs or hardware tables, by using policy-embedding (PE) policies. A PE policy also enables translating a policy of an existing class and sending the result to a new type of network node. PE policies contain command templates and methods for filling the templates. A program interpreter is embedded in policy agents to make flexible policy-to-configuration translation possible. A prototype system and example policies, i.e., access control, Diffserv, and VPN policies, were developed.
Keywords :
application program interfaces; authorisation; computer networks; program interpreters; quality of service; API; Diffserv; VPN policies; access control; command templates; computer networks; device interfaces; dynamically extensible policy server; open programmable networking; policy agents; policy class; policy-definition policies; policy-extension-by-policy method; policy-to-configuration translation; program interpreter; Computer architecture; Electronic mail; Filling; Hardware; IP networks; Java; Network servers; Prototypes; Software prototyping; Utility programs;
