As per Relevance of the word resource, we have this rfc below:
Network Working Group H-W.
Request for Comments: 1104 Merit/
June 1989
Models of Policy Based
1. Status of this
The purpose of this RFC is to outline a variety of models for
based routing. The relative benefits of the different approaches
reviewed. Discussions and comments are explicitly encouraged to
toward the best policy based routing model that scales well within
large internetworking environment
Distribution of this memo is unlimited
2.
Specific thanks go to Yakov Rekhter (IBM Research), Milo
(NASA), Susan Hares (Merit/NSFNET), Jessica Yu (Merit/NSFNET)
Dave Katz (Merit/NSFNET) for extensively contributing to
reviewing this document
3.
To evaluate the methods and models for policy based routing, it
necessary to investigate the context into which the model is to
used, as there are a variety of different methods to
policies. Most frequently the following three models are referenced
Policy based distribution of routing
Policy based packet filtering/
Policy based dynamic allocation of network resources (e.g.,
bandwidth, buffers, etc.)
The relative properties of those methods need to be evaluated to
their merits for a specific application. In some cases, more
one method needs to be implemented
While comparing different models for policy based routing, it
important to realize that specific models have been designed
satisfy a certain set of requirements. For different models
requirements may or may not overlap. Even if they overlap, they
have a different degree of granularity. In the first model,
requirements can be formulated at the Administrative Domain
network number level. In the second model, the requirements can
formulated at the end system level or probably even at the level
Braun [Page 1]
RFC 1104 Models of Policy Based Routing June 1989
individual users. In the third model, the requirements need to
formulated at both the end system and local router level, as well
at the level of Routing Domains and Administrative Domains
Each of these models looks at the power of policy based routing in
different way. They may be implemented separately or in
with other methods. The model to describe policy based
allocation of network resources is orthogonal to the model of
based distribution of routing information. However, in an
implementation each of these models may interact
It is important to realize that the use of a policy based scheme
individual network applications requires that the actual effects
well as the interaction of multiple methods need to be
ahead of time by policy
While uncontrolled dynamic routing and allocation of resources
have a better real time behavior, the use of policy based
will provide a predictable, stable result based on the desires of
administrator. In a production network, it is imperative to
continuously consistent and acceptable services
4. Policy based distribution of routing
Goals
The goal of this model is to enforce certain flows by means
policy based distribution of routing information.
enforcement allows control over who can and who can not
specific network resources
Enforcement is done at the network or Administrative Domain (AD
level - macroscopic policies
Description
A good example of policy based routing based on the
of routing information is the NSFNET with its interfaces to mid
level networks [1], [2]. At the interface into the NSFNET,
routing information is authenticated and controlled by four means
1. Routing peer authentication based on the source address
2. Verification of the Administrative Domain
(currently EGP Autonomous System numbers).
3. Verification of Internet network numbers which
advertised via the routing peer
Braun [Page 2]
RFC 1104 Models of Policy Based Routing June 1989
4. Control of metrics via a Routing Policy Data Base for
announced Internet network numbers to allow for
paths to the NSFNET as well as for paths of a
degree
At the interfaces that pass routing traffic out of the NSFNET,
NSS routing code authenticates the router acting as an EGP peer
its address as well as the Administrative Domain
(Autonomous System Number).
Outbound announcements of network numbers via the EGP protocol
controlled on the basis of Administrative Domains or
network numbers by the NSFNET Routing Policy Data Base
The NSFNET routing policy implementation has been in place
July 1988 and the NSFNET community has significant experience
its application
Another example of policy controlled dissimination of
information is a method proposed for ESNET in [3].
Benefits
A major merit of the control of routing information flow is
it enables the engineering of large wide area networks and
for a more meshed environment than would be possible without
control. Resource allocation in a non-hostile environment
possible by filtering specific network numbers or
Domains on a per need basis. Another important benefit of
scheme is that it allows for network policy control with
no performance degradation, as only the routing packets
are relevant for policy control. Routing tables are generated
a result of these interactions. This means that this
imposes only very little impact on packet switching performance
large
Concerns
Policy based routing information distribution does not
packet based filtering. An example is the inability to
malicious attacks by introduced source routed IP packets.
resource allocation is possible, it extends largely to
on network numbers or whole Administrative Domains, but it
not extend to end systems or individual users
Costs
Policy based routing in the NSFNET is implemented in a series
Braun [Page 3]
RFC 1104 Models of Policy Based Routing June 1989
configuration files. These configuration files are in
generated from a routing information database. The
creation of this routing information database requires
of the Internet at large. Because the Internet is
constantly, the upkeep of this routing information database is
continuous requirement. However, the effort of collecting
maintaining an accurate view of the Internet at large can
distributed
Since policy controlled distribution of routing information
for filtering on the basis of network numbers or
Domains, the routing information database only needs to
information for the more than 1300 networks within the
today
5. Policy based packet filtering/
Goals
The goal of the model of policy based packet filtering/
is to allow the enforcement of certain flows of network traffic
a per packet basis. This enforcement allows the
administrator to control who can and who can not use
network resources
Enforcement may be done at the end system or even individual
level - microscopic policies
Description
An example of packet/flow based policies is outlined in [4]. In
generic sense, policy based packet filtering/forwarding
very tight control of the distribution of packet traffic.
implemented example of policy based filtering/forwarding is
protection mechanism built into the NSFNET NSS structure,
the nodes can protect themselves against packets targeted at
NSFNET itself by filtering according to IP destination. While
feature has so far not been enabled, it is fully implemented
can be turned on within a matter of seconds
Benefits
The principal merit of this scheme is that it allows
enforcement of packet policies and resource allocation down
individual end systems and perhaps even individual end users.
does not address a sane distribution of routing information.
policies are contained in the packets themselves it could
users, resulting in the ability of users to move
Braun [Page 4]
RFC 1104 Models of Policy Based Routing June 1989
locations
Concerns
The major concern would be the potentially significant impact
the performance of the routers, as, at least for tight
enforcements, each packet to be forwarded would need to
verified against a policy data base. This limitation makes
application of this scheme questionable using current
technology, but it may be very applicable to circuit
environments (with source-routed IP packets being similar to
circuit switched environment). Another difficulty could be
sheer number of potential policies to be enforced, which
result in a very high administrative effort. This could
from the creation of policies at the per-user level. Furthermore
the overhead of carrying policy information in potentially
packet could result in additional burdens on
availabilities. This again is more applicable to connection
oriented networks, such as public data networks, where the
would only need to be verified at the call setup time. It is
open question how well packet based policies will scale in a
and non homogeneous Internet environment, where policies may
created by all of the participants. These creations of
types of services may have to be doable in real time
Scaling may require hierarchy. Hierarchy may conflict
arbitrary Type of Service (TOS) routing, which is one of
benefits of this model
Costs of implementation
A large scale implemention of packet based policy routing
require a routing information base that would contain
down to the end system level and possibly end users. If one
assume that for each of the 1300 networks there is an average
200 end systems, this would result in over 260000 end
Internet wide. Each end system in turn could further
some information on the type of traffic desired, including
of service (issues like agency network selection), potentially
a per-user basis. The effort for the routing policy data
could be immense, in particular if there is a scaling
towards a variety of policies for backbones, mid-level networks
campus networks, subnets, hosts, and users. The administration
this "packet routing" database could be distributed. However
with a fully distributed database of this size several
checks would have to be built into the system
Braun [Page 5]
RFC 1104 Models of Policy Based Routing June 1989
6. Policy based dynamic allocation of network resources (e.g.,
bandwidth, buffers, etc.).
Goals
Flexible and economical allocation of network resources based
current needs and certain policies. Policies may be formulated
the network or Administrative Domain (AD) levels. It is
possible to formulate policies which will regulate
allocation for different types of traffic (e.g., Telnet, FTP
precedence indicators, network control traffic).
Enforcement of policy based allocation of network resources
be implemented within the following parts of the network
routers for networks and Administrative Domain (AD)
circuit switches for
end systems establishing network
Description
Policy based allocation of bandwidth could allow the modulation
the circuits of the networking infrastructure according to
time needs. Assuming that available resources are limited
an upper bound, the allocation of bandwidth would need to
controlled by policy. One example might be a single end
that may or may not be allowed to, perhaps even automatically
take resources away from other end systems or users. An
of dynamic bandwidth allocation is the currently
circuit switched IDNX component of the NSFNET, as well as the
Digital Reconfiguration Service (DRS) which is planned for
NSFNET later this year
Another model for resource allocation occurs at the packet level
where the allocation is controlled by multiple packet queues
This could allow for precedence queuing, with preferences based
some type of service and preferred forwarding of
critical data, such as network monitoring, control and routing
An example can be found in the NSFNET, where the NSFNET
prefer traffic affiliated with the NSFNET backbone network
over all other traffic, to allow for predictable passing
routing information as well as effective network monitoring
control. At the other end of the spectrum, an
could also allow for queues of most deferrable traffic (such
large background file transfers).
Braun [Page 6]
RFC 1104 Models of Policy Based Routing June 1989
Benefits
Dynamic allocation of bandwidth could allow for a truly
environment where the networking infrastructure could
bandwidth on a per need basis. This could result in
cost reductions during times when little bandwidth is needed
This method could potentially accommodate real time transient
bandwidth requirements, potentially by reducing the
available to other parts of the infrastructure. A positive
is that the bandwidth allocation could be protocol independent
with no impact on routing protocols or packet
performance
Policy based allocation of bandwidth can provide a
dynamic environment. The rules about allocation of bandwidth
the circuit level or at the packet level need to be determined
a consistent and predictable policy, so that other networks
Administrative Domains can tune their allocation of
resources at the same time
Concerns
The policies involved in making dynamic bandwidth allocation in
largely packet switching environment possible are still in
development phase. Even the technical implications
infrastructure reconfiguration in result of events happening on
higher level still requires additional research
A policy based allocation of bandwidth could tune the network
good performance, but could cause networks located in
Administrative Domains to pass traffic poorly. It is
that network resource policy information for a network
discussed within the context of its Administrative Domain
Administrative Domains need to discuss their network
allocation policies with other Administrative Domains
The technical problem of sharing network resource
information could be solved by a making a "network resource
information" database available to all administrators of
and Administrative Domains. However, the political
involved in creating a network resource policy with impact
multiple Administrative Domains does still require
study
7.
Both the first and the second model of policy based routing
similar in the sense that their goal is to enforce certain flows
Braun [Page 7]
RFC 1104 Models of Policy Based Routing June 1989
This enforcement allows the control of access to scarce
resources (if the resource is not scarce, there is no
reason to control access to it). The major difference is the
of enforcement: macroscopic level versus microscopic level control
Associated with the enforcement for a certain network resource is
cost. If this cost is higher than the cost required to make
particular resource less scarce, then the feasibility of
may be questionable
If portions of the Internet find that microscopic enforcement
policy is necessary, then this will need to be implementable
significant performance degradation to the networking environment
large. Local policies within specific Routing Domains
Administrative Domains should not affect global Internet traffic
routing. Policies within Administrative Domains which act as
transit systems (such as the NSFNET) should not be affected
policies a single network imposes for its local benefit
Some models of policy routing are trying to deal with cases
network resources require rather complex usage policies. One
scenarios in [4] is one in which a specific agency may have
network resource (in the example it is a link) which is
underutilized. The goal is to sell this resource to other
during the underutilization period to recover expenses.
situation is equivalent to the problem of finding optimum routes
with respect to a certain TOS, in the presence of network
(e.g., links) with variable characteristics. Any proposed
to this problem should address such issues as network and
stability. More feasibility study is necessary for the
approach where links used for global communication are also
to arbitrary local policies. An alternative approach would be
reconfigure the network topology so that underutilized links will
dropped and possibly returned to the phone company. This
comparable to what the NSFNET is planning on doing with the
Digital Reconfiguration Service (DRS). A DRS model may
cleaner and more easy to implement than a complicated model like
one outlined in [4].
The models for policy based routing emphasize that
engineering of the Internet needs to decided upon the profile
traffic during normal times, outage periods, and peak loads.
type of engineering is not a new requirement. However, there
potentially be a significant benefit in deciding these policies
of time and using policy based routing to implement specific
policies
Braun [Page 8]
RFC 1104 Models of Policy Based Routing June 1989
8. Accounting vs. Policy Based
Quite often Accounting and Policy Based Routing are
together. While the application of both Accounting and Policy
Routing is to control access to scarce network resources, these
separate (but related) issues
The chief difference between Accounting and Policy Based Routing
that Accounting combines history information with policy
to track network usage for various purposes. Accounting
may in turn drive policy mechanisms (for instance, one could
a policy limiting a certain organization to a fixed
percentage of dynamically shared bandwidth). Conversely,
information may affect accounting issues. Network
typically involves route information (at any level from AD to
system) and volume information (packet, octet counts).
Accounting may be implemented in conjunction with any of the
models mentioned above. Similar to the microscopic
macroscopic policies, accounting may be classified into
levels. One may collect accounting data at the AD level,
level, host level, or even at the individual user level. However
since accounting may be organized hierarchically,
accounting may be supported at the network or host level,
macroscopic accounting may be supported at the network or AD level
An example might be the amount of traffic passed at the
between the NSFNET and a mid-level network or between a mid-
network and a campus. Furthermore, the NSFNET has
implemented to allow for accounting of traffic trends from
network numbers as well as application-specific information
Full-blown accounting schemes suffer the same types of
previously discussed, with the added complication of
large amounts of additional data gathered that must be
retrieved. As pointed out in [4], policy issues may impact the
accounting data is collected (one administration billing for
that were then dropped in the network of another administration).
Microscopic accounting may not scale well in a large internet
Furthermore, from the standpoint of billing, it is not clear that
services provided at the network layer map well to the sorts
services that network consumers are willing to pay for. In
telephone network (as well as public data networks), users pay
end-to-end service and expect good quality service in terms of
rate and delay (and may be unwilling to pay for service that
viewed as unacceptable). In an internetworking environment,
heterogeneous administrative environment combined with the lack
end-to-end control may make this approach infeasible
Braun [Page 9]
RFC 1104 Models of Policy Based Routing June 1989
Lightweight approaches to accounting can be used (with less impact
when specific, limited goals are set. One suggested
involves monitoring traffic patterns. If a pattern of abuse (e.g.,
unauthorized use) develops, an accounting system could track this
allow corrective action to be taken, by changing routing policy
imposing access control (blocking hosts or nets). Note that this
much less intrusive into the packet forwarding aspects of
routers, but requires distribution of a policy database that
accounting system can use to reduce the raw information.
this approach is statistical in nature, it may be slow to react
9.
[1] Rekhter, Y., "EGP and Policy Based Routing in the New
Backbone", RFC 1092, IBM Research, February 1989.
[2] Braun, H-W., "The NSFNET Routing Architecture", RFC 1093,
Merit/NSFNET Project, February 1989.
[3] Collins, M., and R. Nitzan, "ESNET Routing", DRAFT Version 1.0,
LLNL, May 1989.
[4] Clark, D., "Policy Routing in Internet Protocols", RFC 1102,
M.I.T. Laboratory for Computer Science, May 1989.
Author's
Hans-Werner
Merit Computer
University of
1075 Beal
Ann Arbor, Michigan 48109
Telephone: 313 763-4897
Fax: 313 747-3745
EMail: hwb@merit.
Braun [Page 10]
if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.
RFC documents can be found at I.E.T.F.
Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX
