Policy-Driven Routing Management Using CIM - Computer Network Security

Information Technology Reference

In-Depth Information

of use XML technologies, a more appropriate solution is to store routing

policies in an XML native database, as such we will describe at section 6.

- Policy Decision Point (PDP) in charge of interpreting the policies stored in the

policy repository, recuperating the set of rules for a particular PEP,

transforming them into a format that can be understood by the PEP, and

distributing them to the PEP.

- Policy Enforcement Point (PEP) is a component running on a border router that

can apply and execute the different policies received from the PDP.

The proposed architecture is independent of any particular policy, so it could be

used in the provision of security policies, QoS policies, or any other kind of policies.

5 Example of Routing Policy

The following example shows the mapping of the RoutingAction class of CIM

Schema into XML Schema (which follows the general steps explained in section 3):

<xs:complexType name="CIM_RoutingAction" >

<xs:complexContent>

<xs:extension base="CIM_PolicyAction" >

<xs:sequence>

<xs:element name="Action" type="xs:string"/ >

<xs:element name="AttributeAction" type="xs:uint16" />

<xs:element name="BGPAction" type= xs:uint16" />

<xs:element name="BGPValue" type="xs:string" />

<xs:element name="RemarkAction" type="xs:uint16" />

<xs:element name="RemarkValue" type="xs:string" />

<xs:element name="ConditioningAction" type="xs:uint16" />

<xs:element name="OtherConditioningAction" type="xs:string" />

<xs:element name="ConditioningValue" type="xs:string" />

</xs:sequence>

</xs:extension>

</xs:complexContent>

</xs:complexType>

As it is shown, the CIM class is mapped in a XS type extending the type

CIM_PolicyAction , and each class property is mapped into a different XS element.

The CIM_PolicyAction and basic types (i.e., string and uint16) are defined in other

XS documents.

A practical example of policy combining both routing concepts and QoS concepts

is the following one:

If (IP source address = 155.0.0.0/8) and (IP source Port = 80)

then changing the DSCP value = 40

Differentiated Services Code Point (DSCP) value is related with differentiation of

services in IPv4 and IPv6 network, as quality of services aspects. Therefore this rule

implies that all web traffic (port 80) from the A class 155.0.0.0/8 network will be

Search WWH ::

Custom Search

Home