Laying the foundation for policy-based networking

Policy-based networking has been around at least since Cabletron pushed the idea a few years ago in conjunction with its SecureFast switching architecture. In the past year, nearly every leading network equipment vendor has announced a policy-based networking initiative. Companies didn't buy it from Cabletron then; will they buy it now?

The answer is yes. The primary reason: the existence of a killer application - voice over IP.

Voice-over-IP gateways and Ethernet-based telephone systems let us move voice calls directly onto our packet-based backbone data networks. The caveat is that we will need robust, manageable, end-to-end quality of service (QoS).

Enter policy-based networking. The goal of policy networking is to allow you to define QoS and security policies in relatively simple terms at a policy administration station. These policies are translated into configuration instructions, which are downloaded to network devices via a protocol such as Common Open Policy Services (COPS).

Most vendors are pushing the idea of storing configuration information, along with user, device and application information, in a Lightweight Directory Access Protocol (LDAP)-compliant directory system so multiple network applications can share and make decisions based on the information. Domain Name System/Dynamic Host Configuration Protocol (DNS/DHCP) systems will dynamically update the directory with IP address-to-device association information, which is used in policy enforcement. Ultimately, the network will dynamically learn of changes from the directory and will reconfigure itself to ensure that QoS and security policies are appropriately applied.

As vendors resolve issues of scalability, interoperability and ease of use, policy networking will be adopted because it will be the only reasonable way to manage a converged voice/data/video network.

So what should you do now? Start by learning about fundamental concepts and technologies, including QoS, COPS and LDAP, and begin laying a foundation for policy networking.

Think about where you will need QoS and security capabilities in your network, and understand the policy networking initiatives of your primary vendors.

Take a close look at your DNS/DHCP infrastructure and the products available on the market. DNS/DHCP is a fundamental building block of policy-based networking; make sure you implement a robust system that positions you for the future.

Finally, get an understanding of directories and begin to plan a next-generation directory structure for your corporation. Study Microsoft's Active Directory initiative because it will affect you. The directory will be the key information repository for the network and will play a critical role in enabling peer-to-peer communications and advanced cooperative applications. It may even help us realize the Holy Grail of single sign-on.

Stenson is president of M5 Systems, a Boston consultancy, and a former vice president of network architecture at a major financial institution. He can be reached at tstenson@m5systems.com.