1 / 14

Policy Monitoring

Policy Monitoring. Bob Moore & Ken White. Why Monitor?. Administrators need to know which policies (active and inactive) are present at a PDP whether these policies are meeting their objectives There needs to be a “core” policy MIB to tie together all the individual policy-related MIBs

lihua
Download Presentation

Policy Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Policy Monitoring Bob Moore & Ken White 47th IETF

  2. Why Monitor? • Administrators need to know • which policies (active and inactive) are present at a PDP • whether these policies are meeting their objectives • There needs to be a “core” policy MIB to tie together all the individual policy-related MIBs • Scope is monitoring only -- we have other mechanisms for configuring policies 47th IETF

  3. What to Monitor? • Two broad categories: • instrumenting the Policy Framework itself • evaluating the efficacy of applied policies • Several dimensions to consider: • policy repository protocol - e.g., LDAP • policy protocol - e.g., COPS, SNMP • policy domain - e.g., Diffserv, IPSec 47th IETF

  4. Policy Management Tool Policy Repository PDP PEP Possible Instrumentation Points 1 2 3 4 5 6 7 8 9 47th IETF

  5. 1 - PM Tool-to-Repository • Implemented at a Policy Repository • Examples of information • which PM Tools “fed” this repository? • which / how many policies was it fed? • did any policies fail to get to this repository? 47th IETF

  6. 2 - Policy Repository • Implemented at a Policy Repository • Examples of information • how many / which policies are stored here? • how much remaining capacity is there? • which other Policy Repositories are known to / used by this Policy Repository? 47th IETF

  7. 3 - Policy Repository-to-PDP • Implemented at a Policy Repository • Examples of information • how many / which PDPs have I interacted with? • Which policies have I sent to each PDP? 47th IETF

  8. 4 - Policy Repository-to-PDP • Implemented at a PDP • Two possible approaches: • repository protocol-specific, e.g., LDAP client MIB; but this won’t reflect any awareness of Policies • repository protocol-independent, with Policy awareness • Examples of information • how many / which Repositories have I interacted with? • which policies have I gotten from each Repository? 47th IETF

  9. 5 - The PDP Itself • Implemented at a PDP (duh!) • Examples of information • conflicts detected: how many, for which policies, for which PEPs / roles, from which repositories. • results of policy translations / expansions • counts of operations performed 47th IETF

  10. 6 - PDP-to-PEP • Implemented at a PDP • Examples of information • how many / which PEPs have I interacted with? • which policies have I sent to each PEP? • which roles have been advertised to me by each PEP? 47th IETF

  11. 7 - PDP-to-PEP • Implemented at a Policy-aware PEP • Examples of information • how many / which PDPs have I interacted with? • which roles have I advertised to these PDPs? • which policies have I received from each PDP? • May also have a Policy protocol-specific MIB, e.g., the COPS Client MIB 47th IETF

  12. 8 - The Policy-Managed Resource • Implemented at a Policy-awareorPolicy-unaware PEP • Hundreds of examples: If MIB, TCP MIB, UDP MIB, ATM MIB, FR MIB, APPN MIB, ... • MIBs represent how resources are behaving and/or are configured, but have no tie-in with Policy: • 8: how many packets have come in on interface I? • 9: how many packets have come in on interface I under the control of Policy Rule A? 47th IETF

  13. 9 - The PEP Itself • Implemented at a Policy-aware PEP • Examples of information • what is the mapping between roles and resources for the Policy-managed resources I support? • how many Policies have I retrieved over time? • how many Policies do I have active right now? • which policies have I applied to which resources? 47th IETF

  14. Policy Monitoring MIBs • SLAPM MIB (RFC 2758): experimental • COPS Client MIB • Policy Device Auxiliary MIB • Policy Based Management MIB • others? How should work proceed to harmonize / rationalize these? 47th IETF

More Related