The application of strategy based on SNMPV3 network management

First, the preface

With the rapid development of the network, new technology, business and new concepts are emerging, whether the scale, breadth and depth, the impact on people's lives is not the past comparable. With the expansion of the network scale, the management problem is becoming more and more prominent, in view of the guarantee of service quality and the management of the business, people put forward the Policy-based network management pbnm (policy-based network Management) scheme. The Policy-based network management scheme has become one of the most rapid development in recent years.

At the same time, as network devices become larger, more complex and more and more changeable, the management cost of the network increases. To control costs, you need to use standard tools to enable it to apply to more product types, including terminal systems, bridges, routers and telecommunications equipment, and devices that can be used in multi-vendor environments. To meet this need, SNMP has developed to provide a multi-vendor, interoperable network management tool.

This paper makes a preliminary discussion on how to integrate policy-based network management and network management based on SNMPv3, so as to play a better role in management.

Second, policy-based network management

The so-called strategy, currently has no uniform standards for its definition and description, according to the IETF definition refers to a set of management rules. Each rule is defined by a if/then structure, consisting of a condition (condition) and an action (action) that executes the corresponding action defined by the rule when the network environment satisfies the conditions of the rule. A strategy can also be viewed as an action that affects the subject (subject) and target. The body here is the object that refers to the policy, and the target is the managed object, which can be an administrator, user, or hardware and software part.

There are two types of policies: authorization policy and obligation policy. An authorization policy defines an action that allows a principal to be implemented on an object. Typically, an authorization policy can be positive (that is, allow), and can be negative (that is, forbidden). Because a reference monitor that determines whether an operation is allowed and implements the action is related to the target object, the authorization policy is said to be based on the target. An obligation policy defines an action that a principal must or should not implement. Because the principal is responsible for interpreting the policy and implementing the specified action, the obligation policy is called a principal.

With the expansion of network scale and the increase of network application, the whole network needs to be divided into several administrative domains, each domain realizes its own management strategy, but there is a relationship between domains. A domain can be understood as a collection of managed objects. Domains are generally divided according to geography, organization, management policy, or other forms. Each domain implements its own management plan, and the management of the domain is greatly simplified.

The so-called policy-based management, refers to the network automatically according to the established strategy, to implement information access, information transmission and network equipment monitoring and configuration, to provide the optimal network of the necessary services: including directory/policy services, progressive information flow management, virtual private network and security services. The fundamentals of policy-based management are shown in Figure 1. A policy-based management system transforms a user's service requirements or management objectives into a certain strategy after proper inspection and adjustment (which can include authorization agents, firewalls, quality service management) and stores them in the policy library. According to the policy service request of the network equipment, the policy-based management system queries the relevant policies, evaluates the implementation of the relevant policies, and finally transforms the strategy into a device-oriented instruction, configures and operates the network equipment to meet the relevant management objectives or service requirements. At the same time, the Policy-based management system decides whether to modify the relevant policies by monitoring the implementation of the network performance change checking strategy.

Fig. 1 schematic diagram of the management principle based on policy

Policy-based Network Management is comprised of four core components: Policy console-a management tool for network managers to define and edit policies; Policy server (also called policy decision Point PDP)-responsible for notifying switches and routers about how to handle different types of traffic; Policy database-directory server where policy is saved ; Policy execution Point (PEP)-network devices that perform policies through access lists, queue management algorithms, and other methods, such as switches or routers that are activated by policies.