Is Policy Based Routing a real option for your network

Is Policy Based Routing a real option for your network? Stuart Mark looks at the technology evolution and explains some of the terms behind this marketing favourite.

Policy Based Routing and Quality of Service

The destination based routing used in most of today’s network architectures may be fine for file transfers or e-mail, but its indiscriminate treatment of applications means that the retrieval of a word document may be given precedence over a time critical voice conversation or video broadcast.

Hence the requirement for a different approach to routing, one that allows the network to transport data based not only on destination, hopcount and bandwidth but using rules defined externally in accordance with service requirements.

The methodology of network policy is extremely complex and you may have heard terms like, Policy Routing, DEN, CIM, LDAP, RSVP, COPS, MPLS and Class of Service used to describe offerings and future developments. With such a plethora of technologies it is difficult to understand the role each one plays in the context of reliable service differentiation and provision.

In general, the framework for providing service level transport of applications or user specific data across the network can be divided into two overlapping areas, Policy Based Routing and Quality of Service (QoS)

Policies are the rules of preference that are assigned either to applications or users on a network. For example, Voice Over IP (VoIP) is very sensitive to bandwidth and network latency and needs a policy to carry it across a network accordingly. Alternatively, certain users in an organisation, such as share dealers or executives, may perform business critical functions so a policy might be defined to give their data precedence.

QoS is the manner in which policies are enforced. This may use factors such as but not limited to source node, application port, predefined class or type, labelling, bandwidth requirement or maximum allowed delay to ensure that traffic flow obeys policy.

Policy Based Routing

In practice, provision for transport sensitive applications requires both the application of a policy and the QoS mechanism to enforce it. At its simplest level, this can be achieved when a network administrator telnets to a Cisco router and enters an Access Control List (ACL) to, for example, filter on traffic using a certain IP port. This is the definition of policy. The ACL rule can then be applied to a faster interface or used with Cisco’s Weighted Fair Queuing to make sure it’s given preference. This is the application of (very basic) QoS.

Policy routing is still immature and most real world examples are based on proprietary vendor offerings. However, a number of standard mechanics have come to the fore. Most common of these are the Lightweight Directory Access Protocol (LDAP) which is used to access policy repositories and the Common Open Policy Service (COPS) which is primarily used by Resource Reservation Protocol (RSVP) to configure policy rules in RSVP capable network devices. The IETF now has a working group looking at a standard policy framework which is based on the Core Information Model (CIM) to closely associate policy with the concept of Directory Enabled Networking. The intention is that directory offerings like the Novel Directory Service (NDS), Microsoft’s Active Directory and Sun’s Global Directory Server (GDS) will become the policy repositories of the future. LDAPv3 will access the information and COPS receives a mention as a possible method of communicating policy to the network. The working group also intends the policy framework to be secure through the use of IPsec and that it will make use of but be independent of future QoS offerings.

Quality of Service

QoS models can be split into a number of categories, some of which include IETF standards with others in draft. They are; relative priority marking, differentiated services, service marking, label switching/MPLS, and RSVP.

Relative Priority Marking uses Class of Service (CoS) to assign a priority to each packet in a data flow. IPv4 provides 7 priority levels through the precedence bits in an IP packet (RFC791) while 802.1p will use the same precedence bits for IP packets or insert a 16bit ‘tag’ into a non IP packet between layers 2 and 3 to allow 6 priority levels. Priorities can be assigned to applications or hosts via an arbitrary policy mechanism although these policies are limited by the low number of available classes. The latest versions of Cisco’s Weighted Fair Queuing can also use the IP Precedence bits.

Therefore, as packets pass through a network device, the assigned priority of each one decides its importance. This form of QoS is most widely used by IP management traffic and some vendor implementations make use of IP precedence. 802.1p is not particularly scaleable and prone to interoperability problems.

Differentiated Services (DS) is an IETF draft framework which uses a CoS type of routing, similar to priority marking. It is seen as an evolution of IP precedence QoS but improves on it by offering 64 classes to packets on a network by using the IPv4 Type of Service (ToS) field or the IPv6 Traffic Class octet. DS requires domains to be specified and traffic entering such a domain is classed according to policy defined DS Codepoints and given a Per Hop behaviour (PHB). As it traverses the domain, DS network devices use the PHB to forward the data, allowing an efficient transport. DS will use IP and its use of existing fields may make it a desirable QoS choice in the future.

An example of service marking is the IPv4 ToS field, the same as is used in DS. There are differences, though. As it is used at the moment, ToS allows packets to be marked with a very limited range of service types which routers can use to make routing decisions,. This is one of the main differences between ToS and DS. Codepoints and PHBs are not used as inputs to routing decisions, rather they allow a DS device to make a QoS decision that applies only to the next hop.

Label Switching or label-swapping is the mechanism used by link layer technologies such as Frame Relay or ATM. In these cases the ‘label’ is the Frame Relay DLCI or ATM VPI/VCI. It is carried in a packet’s header and used to identify a Forward Equivalence Class (FEC) which is a set of packets that will take the same route through a network. The label is updated to reflect the next hop by each switch that forwards it, hence ‘swapping’ term. Traditionally, ATM has been used to carry IP, as in parts of the Internet. In label switching, the IP traffic enters the ATM network and is transported across by the labels and FEC defined by complex IP to ATM mappings.

Whereas this has solved a lot of problems for service providers desperate for bandwidth and some form of QoS, it has proved complex to maintain IP mappings, not suited to large scale implementations and was, obviously, limited to ATM. Multi-Protocol Label Switching (MPLS) is the subject of yet another IETF working group and intends to provide a standardised version of label switching that will be more suited to IP. It will provide control and forwarding capabilities; control will use IP based signalling so that all MPLS capable switches across the network will see each other as IP peers, not just the boundary devices as is the case with ATM or Frame Relay. The forwarding component will continue to use the label-swapping algorithm, existing label fields on ATM and Frame Relay or an MPLS header inserted between layers two and three for other media. MPLS will also be scaleable and provide compatibility with RSVP. It will be most widely used by the Internet to provide services and traffic flows not easily attainable today. MPLS capable products are now starting to appear in the marketplace.

RSVP (RFC2205) is an IETF standard most widely used to provide QoS for VoIP. RSVP was designed to operate on existing IP networks and allows an end node to reserve a level of network service for a particular application. It is receiver-based which is to say, the required QoS is requested by a node when it receives application data. It is able to send messages to all nodes along the network data path to specify a level of service and this can dynamically change according to the prevailing network or traffic conditions. RSVP can be used with other, lower level QoS offerings, like MPLS, to enhance its effectiveness.

So the issue of Policy-Based routing and QoS is by no means a closed book. The growing popularity of voice and video applications and a new level of application reliability that is sure to be demanded from fee charging ASPs will make these technology frameworks a key part of networking. However, don’t rush to implement DS or MPLS just yet unless you have a real bandwidth limitation that can’t be resolved. The sinking cost of gigabit ethernet makes it a more attractive option for improving all applications on the enterprise with RSVP available to get the most out of IP. Standard Policy and QoS technologies will have a role to play, but not for some time to come.

www.ietf.org

www.cisco.com

www.microsoft.com

www.sun.com

Summary

Policy Based Routing and QoS service are separate functions but rely on each other to provide an end-to-end traffic management solution
Policy Based Routing will be a key part of directory technologies.
QoS is a resource used to enforce Policy Routing
IP precedence and RSVP are the only real standards based QoS offerings today but look out for MPLS and DS.
Policy and QoS will only go so far, sooner or later more bandwidth will be needed
Policy will play a major role in future accounting solutions