Policy-based Network Management Research Articles

Towards transactional integrity issues in policy based network management systems

Towards transactional integrity issues in policy based network management systems

Cognitive Software Defined Networking and Network Function Virtualization and Applications

The emergence of Software-Defined Networking (SDN) and Network Function Virtualization (NFV) has revolutionized the Internet. Using SDN, network devices can be controlled from a centralized, programmable control plane that is decoupled from their data plane, whereas with NFV, network functions (such as network address translation, firewall, and intrusion detection) can be virtualized instead of being implemented on proprietary hardware. In addition, Artificial Intelligence (AI) and Machine Learning (ML) techniques will be key to automating network operations and enhancing customer service. Many of the challenges behind SDN and NFV are currently being investigated in several projects all over the world using AI and ML techniques, such as AI- and software-based networking, autonomic networking, and policy-based network management. Contributions to this Special Issue come from the above areas of research. Following a rigorous review process, four excellent articles were accepted that address and go beyond many of the challenges mentioned above.

Establishment of new management method of specific domain for realization of Internet management method

Since the inception of the internet in 1989, manual tasks have become automated to such an extent that organisations around the world would find it impossible to function without the internet. As more and more organisations have come to rely on the internet, and the workers of these organisations have been given access to the internet in order to perform their daily tasks, decisions over policies and proper use have become an important necessity. Some of these policies have been put in place to determine which individuals can access specific resources and when these resources are available, not least because there are limits to bandwidth which can cause blockages in systems and bring companies to a halt. One of the most well-known systems is Policy-Based Network Management (PBNM) which enables IT administrators to put measures in place that manage network resources and ensure the bandwidth of any given network is allocated to specific users in an appropriate manner. While this typically applies to single organisations, a team based at the Sugiyama Jogakuen University in Japan is hoping to study a PBNM that covers an entire internet system.

A PBNM and economic incentive-based defensive mechanism against DDoS attacks

ABSTRACT In this paper, a policy-based network management (PBNM) strategy has been proposed to defend DDoS attack along with maintaining Quality of Service (QoS) for legitimate users. During cautious or alert level users having a contract are only allowed to enter into the network. Moreover, PBNM has been used for enabling users to negotiate with the service provider dynamically on cost and types of services. Extensive experimentations have been carried out to check the validity of the proposed model. Experimentation has been performed in two phases. In first phase reachability condition will be checked on PN2 simulator and SPIN while in second phase, NS-2 is used to monitor the performance of the proposed model according to networking parameters. Results from implementation show the supremacy of the proposed model.

Deriving policies from connection codes to ensure ongoing voltage stability

The management and transmission networks is becoming increasingly complex due to the proliferation of renewables-based distributed energy resources (DER). Existing control systems for DER are based on static specifications from interdependent network connection documents. Such systems are inflexible and their maintenance requires concerted effort between grid stakeholders.In this paper we present a new supplementary control approach to increase the agility of the electricity grid. The ICT system that underlies smart grids has the potential to offer, by analogy with ICT based network management, a control plane overlay for the modern smart grid. Policy-based Network Management (PBNM) is widely deployed in managed telecoms networks. We outline how PBNM can augment the management of power and energy networks and report on our initial work to validate the approach. To configure the PBNM system, we have used text mining to derive connection parameters at the LV level. In our simulations, PBNM was used in collaboration with a Volt-VAr optimisation (VVO) to tune the connection settings at each DER to manage the voltage across all the buses. We argue that the full benefits will be realised when stakeholders focus on agreeing relatively stable high-level connection policies, the policies being refined dynamically, and algorithms such as VVO that set connection parameters so they are consistent with those high-level policies. Thus faults, power quality issues and regulatory infringement can be identified sooner, and power flow can be optimised.

PEMETAAN QOS DENGAN METODE INTRINSIK BERBASIS STANDAR HATTINGH PADA JARINGAN WERELLESS UGM-HOSTPOT PPTIK UGM

The high usage of wireless network will affect the level of data traffic. if there are multiple users to request a connection with the limited capacity of the connection between the user simultaneously then it will wait for their turn in the connect. The simple solution for institutions by adding capacity or bandwidth. But by adding bandwidth, the cost is also quite large. End-to-end monitoring method allows a provider to determine the quality of service QoS using actual data from the availability of services. This information in turn can be useful to know the characteristics of the use of the service, so that the results of monitoring in the form of hotspot service profile may be a reference to determine the user's perception. The final results of this research is profile of network quality service of UGM-Hotspot on PPTIK UGM. It could be a reference to improve QoS, and reference for making policy-based network management. Keyword : QoS, hattingh standard, end-to-end monitoring, wireless network, quality of services

ARKHAM: An Advanced Refinement toolkit for Handling Service Level Agreements in Software-Defined Networking

Software-Defined Networking (SDN) provides a more sophisticated and flexible architecture for managing and monitoring network traffic. SDN moves part of the decision-making logic (i.e., flow processing and packet routing) from network devices into a logically centralized controller. However, the expected behavior and configuration of network devices are often defined directly in the controller as static rules for specific situations. This approach becomes an issue when associated with an increasing number of network elements, links, and services, resulting in a large amount of rules and a high overhead related to network configuration. As an alternative, techniques such as Policy-Based Network Management (PBNM) and more specifically policy refinement can be used by operators to write Service Level Agreements (SLAs) in a user-friendly interface without the need to manually reconfigure each network device. To address these issues, we specifically introduce ARKHAM: an Advanced Refinement Toolkit for Handling SLAs in SDN. In this article, we present (i) a policy authoring framework that uses logical reasoning for the specification of business-level goals and to automate their refinement; (ii) an OpenFlow controller which performs information gathering and configuration deployment; (iii) a policy repository that stores information about the behavior of the infrastructure, which is obtained by the OpenFlow Controller, and policy authoring operations; and (iv) a formal representation using event calculus that describes our solution. The main contributions of this work are (i) the capacity to deploy refined policies with minimal human intervention; (ii) analysis of the infrastructure's ability to fulfill the requirements of high-level policies; (iii) decreased amount of network rules coded into the controller; and (iv) management and deployment of new rules with minimal disruption to the network. The experimental results demonstrate that the refinement toolkit achieves the expected results within acceptable performance bounds, even with the increasing complexity and size of SLAs, network topologies, and repositories.

Functional Evaluation of the Cloud Type Virtual Policy Based Network Management Scheme for the Common Use between Plural Organizations

In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the whole LAN by locating the communication control mechanisms on the path between network servers and clients. The second is the scheme of managing the whole LAN by locating the communication control mechanisms on clients. As the second scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, as the progression phase of the third phase for the last goal, we perform the functional evaluation of the cloud type virtual PBNM, which can be used by plural organizations.

Policy-Based Network Management in BIUST Network

Policy-Based Network Management (PBNM) is one of the approaches used by network administration groups for Quality of Service (QoS) and administration on the internet. This paper seeks to propose the adoption of a Policy Creation Model for Policymaking in some organizations. The model will then be applied to a real scenario Botswana International University of Science and Technology (BIUST) network. A combination of technical computer skills, effective network monitoring and a workable policy helps in attaining effective bandwidth management by the users. This study extends one of our researches in network traffic monitoring in BIUST network.

Implementation of the Basic System in the Cloud Type Virtual Policy Based Network Management Scheme for the Common Use between Plural Organizations

In the current Internet-based systems, there are many problems using anonymity of the network communication such as personal information leak and crimes using the Internet systems. This is because the TCP/IP protocol used in Internet systems does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a solution for solving the above problem, there is the approach of Policy-based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control of every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the whole LAN by locating the communication control mechanisms on the course between network servers and clients. The second is the scheme of managing the whole LAN by locating the communication control mechanisms on clients. As the second scheme, we have been studied theoretically about the Destination Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system management, we realize the policy-based Internet system management. In this paper, we show the DACS system theoretically.

Establishment of Virtual Policy Based Network Management Scheme By Load Experiments in Virtual Environment

Establishment of Virtual Policy Based Network Management Scheme By Load Experiments in Virtual Environment

A Survey of Policy Refinement Methods as a Support for Sustainable Networks

Green sustainability-oriented features have become common in network nodes and protocols. Running a network in an energy-efficient way is an important concern of network operators and datacenter networks. The implementation and coordination of the myriad of existing network features poses a challenging task. The energy efficiency capabilities must be selected according to the network conditions and can be combined to increase energy savings. However, they can conflict if not orchestrated in a proper manner. Policy-Based Network Management is a well-known approach to addressing the complexity of network management tasks. In conjunction with a refinement process to translate high-level policies down to low-level policies, it can bring business directives to the network, including sustainability goals. In this survey, we identify the major characteristics of sustainability-oriented policies, as well as the requirements a policy refinement method for such type of policies has to fulfill, including energy efficiency capabilities orchestration. We then analyze existing policy refinement techniques and discuss the challenges on how they address or need to be modified in order to be applicable to sustainability-oriented policies.

IMS에서 정책기반 QoS 알고리즘의 성능 분석

The IMS is an architectural control framework for delivering IP multimedia services such as voice, video, audio and data, the IMS supports not only the mobile communication system but also the existing wired and wireless network based on IP. The network that is integrated by the IMS needs policy-based network management protocol for managing the limited network resources to provide efficient multimedia service. The IMS use additional device called PDF for efficient resource management, but the PDF only uses diameter which is one of the network management protocol such as SNMP and COPS. Many devices use various protocol to manage the limited network resources. There is an algorithm using a variety of protocols such as Diameter, COPS and SNMP to handle the resources management efficiently. We also analyze the performance using the proposed algorithm in the implemented IMS environment.

English

In the current Internet-based systems, there are many problems using anonymity of the network communication such as personal information leak and crimes using the Internet systems. This is because the TCP/IP protocol used in Internet systems does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a solution for solving the above problem, there is the approach of Policy-based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control of every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the whole LAN by locating the communication control mechanisms on the course between network servers and clients. The second is the scheme of managing the whole LAN by locating the communication control mechanisms on clients. As the second scheme, we have been studied theoretically about the Destination Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system management, we realize the policy-based Internet system management. In this paper, we show the DACS system theoretically.

Policy-based QoS management for SLA-driven adaptive routing

This paper proposes a policy-based quality of service (QoS) management framework for adaptive routing decisions. We present an approach considering interior gateway protocol (IGP) for path discovery mechanisms and QoS-aware policies for configuring the network elements. The integration of the aforementioned modules into this policy-based network management (PBNM) system is demonstrated by conducting experiments in a real environment, the hellenic public administration network SYZEFXIS. These experiments combine different traffic conditioning mechanisms through event detectors, consider IP service level agreement mechanisms that interoperate with the PBNM system and analyze the enforcement of IGP and QoS policies. Finally, validation and measurement tools are used to prove the efficiency of this framework. It is shown that this architecture offers significantly increased performance and learning capabilities, while the PBNM system achieves adaptive QoS routing through automated configuration considering the avoidance of suboptimal routing issues or under-performance conditions of the network entities.

Fuzzy Conflict Analysis for QoS Policy Parameters in DiffServ Networks

Policy-based network management is a necessity for managing large-scale environments. It provides the means for separating high-level system requirements from the actual implementation. As the network size increases, the need for automated tools to perform management becomes more apparent. But configuring routers and network devices to achieve QoS goals is a challenging task. Using Differentiated Services to dynamically perform this configuration involves defining policies on different network nodes in multiple domains. Policy aggregation across domains requires a unified policy model that can overcome the challenge of conflict detection and resolution. In this work, we propose a unified model to represent and encode QoS policies. This model enables efficient and flexible conflict analysis. The representation utilizes a bottom-up approach, from the base policy parameters to the aggregation of policies across domains with respect to traffic classes. We also present a classification of these conflicts and a measure of conflicts to assess the severity of any misconfiguration. The model and the conflict measure are evaluated with large networks and different topologies.

A Policy Based Scheme for Combined Data Security in Mobile Ad hoc Networks

Problem statement: In Mobile Ad hoc Networks (MANET) routing protocols, we require a network-level or link layer security. Since without appropriate security provisions, the MANETs is subjected to attacks like network traffic, replay transmissions, manipulate packet headers and redirect routing messages. In order to address these needs, a policy based network management system that provides the capability to express network requirements is required. Approach: In this study, we propose a policy based scheme for combined data security which focuses mainly on three policies: Integrity, authentication and Confidentiality. For providing security not only to data, but also for routing information, we calculate the trust indexes of the nodes and the route is selected according to the trust value which improves integrity. Then in order to provide authentication, we propose a Distributed Certificate Authority (DCA) technique in which multiple DCA is required to construct a certificate. Next we propose an RSA based novel encryption mechanism in order to provide Confidentiality among the nodes. Thus, the desired level of security is provided by the system based on the policy of the user by executing the corresponding security modules. Results: By simulation results, we show that this scheme provides a combined data security in MANETs and can be used efficiently. Conclusion: Our proposed combined data security policy provides complete protection for the data in MANET communications.

Adaptive Measurement-Based Policy-Driven QoS Management with Fuzzy-Rule-based Resource Allocation

Fixed and wireless networks are increasingly converging towards common connectivity with IP-based core networks. Providing effective end-to-end resource and QoS management in such complex heterogeneous converged network scenarios requires unified, adaptive and scalable solutions to integrate and co-ordinate diverse QoS mechanisms of different access technologies with IP-based QoS. Policy-Based Network Management (PBNM) is one approach that could be employed to address this challenge. Hence, a policy-based framework for end-to-end QoS management in converged networks, CNQF (Converged Networks QoS Management Framework) has been proposed within our project. In this paper, the CNQF architecture, a Java implementation of its prototype and experimental validation of key elements are discussed. We then present a fuzzy-based CNQF resource management approach and study the performance of our implementation with real traffic flows on an experimental testbed. The results demonstrate the efficacy of our resource-adaptive approach for practical PBNM systems.

Evaluation by Implementation of the Policy-based Network Management System Called DACS System

As the work for managing a whole LAN effectively withoutlimited purposes, there are works of Policy-based networkmanagement (PBNM). The existing PBNM is defined in someorganizations including the Internet Engineering Task Force(IETF). However, it has structural problems. For example,communications sent from many clients concentrate on acommunication control mechanism called PEP (PolicyEnforcement Point). To improve the problems, we have beenstudying next generation PBNM called Destination AddressingControl System (DACS) Scheme. The DACS Scheme controlsthe whole LAN through communication control by the clientsoftware as PEP which locates on a client computer. We havebeen studied on the aspect of principle until now. In thisresearch, we implement a DACS system to realize a concept ofthe DACS Scheme, and show implement method and results offunctional experiments.

Principle of Virtual Use Method in Common Gateway Interface Program on the DACS Scheme

In the world of the Internet, Web Servers such as Apache and Internet Information Ser ver (IIS) were developed to exchange information among client computers having different Operation System. They have only the function of displaying static information such as HTML files and image files into the Web Browser. However, when the information i s updated, the administrator updates it by manual operation. In some cases, because it is necessary to update several places about the same information, the work load becomes high than it is assume and update error and update omission may occur. These prob lems were solved by use of a Common Gateway Interface (CGI) program such as a bulletin board system and a Blog system. However, these programs opened to Internet have often no user authentication mechanism and no access control mechanism. That is, they hav e the problem that user can access it freely only by getting the URL and inputting it to a Web Browser. Therefore, in this paper, we show a method to add the user authentication and access control mechanism for them. It is called virtual use method of CGI and is realized in the case of introducing the Destination Addressing Control System (DACS) Scheme, which is a kind of Policy Based Network Management Scheme (PBNM). As the result, this kind of the CGI program can be used in the organization with the abovetwo functions..