Search and DocFinder
 
Search help/advanced search
  

Vendor Product Showcase



News NetFlash: Daily News Internat'l News This Week in NW The Edge Features Research Buyer's Guides Reviews Technology Primers Vendor Profiles Forums Columnists Knowledgebase Help Desk Dr. Intranet Gearhead Careers Free Newsletters Subscription Center Seminars/Events Reprints/Links White Papers Partner with Us Site Map Contact Us Home









The Signature Series
absurd buzzword contest


Send to colleague


By JIM DUFFY
Network World, 09/27/99

Seeking network nirvana? Ask your favorite switch vendor if it can help you achieve such a state, and you'll surely hear a policy mantra.

Policy networking - the ability to set corporate policies for network access and bandwidth privileges, and have switches and routers execute and enforce the policies based on who is logging on or what application is traversing the network - certainly has an intriguing aura. But is it really capable of bringing network administrators total bliss?

See what our columnists say

The answer is, "It depends - on the enterprise, on the network design, on the environment (LAN or WAN) and on the application."

Policies are defined by entering user or application identification into a template-based management application provided by the switch vendor. The IDs are made using IP addresses or, if a directory is employed, names.

Once the administrator has input the IDs, he or she then indicates to which networks or subnetworks the user or application has access and marks where the user falls in the hierarchy of bandwidth and network service priority. It's logical that e-mails from the CEO or SAP applications for just-in-time manufacturing take precedence over traffic generated by a low-level staffer embroiled in a hot "Doom" match.

Once policies are entered into the management application, they are downloaded onto switches and routers equipped with agents that recognize and enforce the rules. If all goes according to plan, the devices will have enough intelligence to allocate bandwidth so those SAP applications or e-mails from your boss are never timed out because that "Doom" fanatic is determined to rid the universe of evil mutants before the end of lunch hour.

The better place for policies

From a quality-of-service (QoS) perspective, there's some healthy debate going on as to whether policies are more at home in the WAN or LAN. In one camp are those who argue that WAN bandwidth is scarce and expensive, so establishing policies for divvying up rare transmission resources makes a lot of sense. Conversely, they point out, LANs have a glut of inexpensive bandwidth. Why bother with policies when you can just throw more bandwidth at a QoS problem? "QoS . . . is of little utility in the LAN until people start implementing voice over IP and replacing PBXs with call servers and Ethernet phones," asserts David Passmore, research director at NetReference in Sterling, Va.

Yet some users say LANs could benefit from policies now, even before they take on voice traffic.

"It is not always practical to just throw bandwidth at a problem," says Gary Habermann, director of network operations at Widener University in Chester, Pa. "Different traffic has different levels of importance based on the time of the month. Sometimes installation of a large core pipe just aggravates the problem," merely providing a faster conduit for less-important traffic. There's still no guarantee that mission-critical data will get the bandwidth it needs, he says.

Stan Christensen, senior network engineer at PeopleSoft, an enterprise resource planning software developer in Pleasanton, Calif., agrees. "You need to be concerned that your accounting department data will be getting through without impact when high-usage users start pounding remote servers," he says. "In an environment where development teams and accounting teams share the same LAN link back to all their resources, this can be a problem, even with gigabit links."

Habermann says policies are vital in a LAN with a lot of multicast or broadcast traffic. Without policy, a network interface card would have to look at all traffic to determine which packets it needs to forward to the workstation. In the process, workstations could slow to a crawl. With a policy, a net administrator could establish rules that would prevent switches from sending data to select workstations or from sending certain types of traffic at all.

What's more, just throwing bandwidth at a problem doesn't help when links become disabled. In that event, all traffic - including "Doom" - is coursing over the remaining links, over-running real-time, mission-critical traffic. In a policy-based network, the real-time traffic would make it through the network and the non-mission-critical traffic would only move when bandwidth was available.

The problem of nonessential data vying with mission-critical traffic for reduced capacity is only amplified in a converged voice and data network, Habermann says.

Pervasive policy

Indeed, some users say it's crucial that all data - mission-critical or not, LAN or WAN - be assigned a policy. If not, there's the possibility that network management data, such as an alarm on a faulty device, will be stuck behind a large Web file transfer.

Other observers find fault with that premise. "There's a whole lot of traffic that will be just fine with the traditional best-effort delivery," says John McConnell, president of consultancy McConnell Associates in Boulder, Colo. "If you're transferring files, replicating databases - a lot of the stuff that people do overnight - policies don't get you much."

But as companies add delay-sensitive applications - streaming video, packetized voice and the like - traffic conditions become such that policies are vital for guaranteeing response time and avoiding data loss. Moreover, policies can help users design networks to run delay-sensitive applications by allocating available bandwidth rather than oversubscribing bandwidth.

For example, policies are helping Domino's Pizza in Ann Arbor, Mich., design its network to allocate bandwidth based on traffic type. The company is using Packeteer's PacketShaper for establishing WAN traffic priorities.

"Policies are supposed to be able to police the network so you don't get swamped," says Matt Maguire, Domino's chief information officer. "That's how you're going to be able to continue to maintain your commitment levels and your service-level objectives, as well as when you need to grow."

Policies also may help PeopleSoft provide ample network resources to its bandwidth-constrained operations in the Asia/Pacific region. "When a bandwidth crunch hits, that's when you are really concerned with making sure your QoS is going to keep key traffic flowing," Christensen says. PeopleSoft is using Cisco routers and IOS software, which includes QoS and policy-based routing capabilities.

But in many cases, observers caution, the implementation hassles of policy networking might outweigh the benefits. It's not that policy networking is hard to get - policy-enabled hardware and software are included in most switch upgrades today. And given that companies tend to upgrade their networks every three to five years, cost really isn't an issue, either.

But grappling with political issues - trying to decide who gets bandwidth priority and who does not - can be particularly painful.

Beyond politics

Compounding political issues is the fact that implementing an end-to-end policy network among multivendor devices is a virtual impossibility. Users have to ensure that each element in their networks can support and enforce the policy.

"Say I'm going to allocate a streaming video pipe between a server and client. What if my server is not configured to handle or supply that volume of data for that application?" consultant McConnell asks. "Then all of my bandwidth policies just went into the toilet."

In this regard, the policy networking fervor is a lot like the virtual LAN craze of three years ago. Vendors were quick to extol the virtues of VLANs, but they didn't tell users that the full potential of VLANs could only be realized in a single-vendor environment. McConnell says a unified directory for multiple vendors' products could alleviate the implementation issues of policy networking. But a unified directory is a moving target.

Still, some users forge ahead unfazed. "If policies are tied into our existing directories, they will not be hard to implement," says Widener's Habermann, who is using 3Com policy-enabled switches and management software. "I do not want to maintain a special directory for policies."

Policy networking might not free Habermann from all network woes, but he's counting on them to simplify his life. "Policies are going to be a valuable asset."

Related links

Contact Senior Editor Jim Duffy

Other recent articles by Duffy

The QOS Quagmire
Convergence will live or die depending on how easy it is to implement IP-based QoS through policy-based networking. Unfortunately, policy-based networking is still a work in progress. Network World, 9/6/99.

Policy talk
Listen to an eight-minute discussion by Network World columnists James Kobielus, Tom Nolle and Dave Kearns (requires the free RealPlayer G2).

Laying the foundation for policy-based networking
Look for voice over IP to drive it. Network World, 5/31/99.

SLA Net Resources
Primers and more advanced topics.

Policy capabilities help drive RSVP's renaissance
Mary Petrosky. Network World, 7/5/99.

Virtual private nets show QoS no respect
Users looking for quality of service from their VPNs may be in for a rude awakening. Network World, 6/21/99.

Spectrum licenses directory from Sun-Netscape
Policy management platform will feature software from Alliance. Network World Fusion, 9/2/99.

3Com boosts policy management software package
3Com today announced a new version of its policy management software that the company says simplifies management of cell- and packet-based networks. Network World Fusion, 7/28/99.

Nortel policy mgmt. as easy as 1,2,3
Optivity Policy Services handle priority, security, service levels. Network World, 5/31/99.

Xylan switches gain policy features
Xylan announced it has embedded policy software - including a policy server, an authentication service, IP address management software and directory services - into its switches. Network World, 5/10/99.

Lucent and Extreme join policy mgmt. parade
Network World, 4/26/99.

Solsoft offers glimpse of policy-based security management
Network World Fusion Focus on Network/Systems Management, 4/26/99.

FORE presents policy software for its net hardware
Network World, 1/25/99.

QoS? Not at USC
University says it's easier and more practical to just add bandwidth. Network World, 9/20/99.

Send this article to a colleague

Recipient's name:

Recipient's e-mail:
 Your name:

Your e-mail:
Comments:


Feedback

Tell us your thoughts on this article or the issues raised in it. We'll cc: the author and editors on all comments.

Comments:

Name:
E-mail address:

Can we post your comments in an online forum on the topic?
Yes No

What did you think of this article?
Very useful Somewhat useful Not at all useful

Would you want to see:
More articles on this topic
Fewer articles on this topic

Thank you! When you click Submit, you'll be taken back to this article.

Back to the Buzz home page
absurd buzzword competition
Hear what or columnists sayrelated linksmore stories

  SLAs

  ASPs

  Intrusion detection

  XML

  Directories

  VPN

  Access services

  Convergence

  More Buzz

  Buzz Control

  Y2K

Feedback
Tell us your thoughts on this article or the issues it raises.

Today's News

ICANN board approves reform agenda

House committee subpoenas WorldCom executives

KPMG Consulting to hire Andersen IT staff, not unit

Xerox accounting troubles may total $6 billion

Analysis: Ciena/ONI deal done


All of today's news

Compendium

A good .plan
Plus: Porn credit-card site hacked.

nutter

Prioritizing voice over data in VoIP
Nutter helps a user make sure voice gets priority on a Cisco net.

Research

E-comm Innovator of the Year Award
Know someone with a groundbreaking e-commerce project? Nominate him or her for our annual award.

The Signature Series


  Copyright, 1995-2001 Network World, Inc. All rights reserved.