Diffserv Policies and Their Combinations in a Policy Server Called PolicyXpert
- Y. Kan 01d Kanada
- SIG Information Networks & SIG Network Systems,
In policy-based networks, two or more policies often have to cooperate because combined and customized network functions must be controlled using policies. Two types of policy transformation, policy fusion and policy division, are sometimes required to implement cooperating policy systems on high-performance hardware routers. Policy fusion transforms two or more policies into one, and policy division transforms a policy into two or more policies. These transformations causes a problem that the original policies must usually be strongly constrained to allow these transformations. This paper shows a method for resolving restrictions on the division of QoS policies by a software-hardware integration, i.e., by implementing virtual flow labels (flow IDs) in hardware and by dividing a policy and deploying the policies onto two filter blocks. We have developed a policy agent (PEP) and a gigabit router integrated by using this method. Both high-performance and flexibility are achieved by this integration.