RFC 3318 (rfc3318) - Page 3 of 70


Framework Policy Information Base



Alternative Format: Original Text Document



RFC 3318           Framework Policy Information Base          March 2003



2. General PIB Concepts

2.1. Roles

   The policy to apply to an interface may depend on many factors, such
   as immutable characteristics of the interface (e.g., Ethernet or
   frame relay), the status of the interface (e.g., half or full
   duplex), or user configuration (e.g., branch office or headquarters
   interface).  Rather than specifying policies explicitly for each
   interface of all devices in the network, policies are specified in
   terms of interface functionality.

   To describe these functionalities of an interface, we use the concept
   of "Roles".  A Role is simply a string that is associated with an
   interface.  A given interface may have any number of roles
   simultaneously.  Provisioning classes have an attribute called a
   "RoleCombination" which is a lexicographically ordered set of roles.
   Instances of a given PRovisioning Class are applied to an interface
   if and only if the set of roles in the role combination matches the
   set of the roles of the interface.

   Thus, roles provide a way to bind policy to interfaces without having
   to explicitly identify interfaces in a consistent manner across all
   network devices.  That is, roles provide a level of indirection to
   the application of a set of policies to specific interfaces.  This
   separates the policy definition from device implementation specific
   interface identification.  Furthermore, if the same policy is being
   applied to several interfaces, that policy needs to be pushed to the
   device only once, rather than once per interface, as long as the
   interfaces are configured with the same role combination.

   We point out that, in the event that the administrator needs to have
   a unique policy for each interface, the administrator can configure
   each interface with a unique role.

   The PEP sends all its Capability Set Names, Role Combinations, Policy
   Controlled Interfaces, and their relationships to the PDP in the
   first COPS request (REQ) message for a handle, and whenever any
   updates or deletes occur.  The PDP can install new instances or
   change existing instances of these PRIs.  This operation can also
   occur in subsequent request messages generated in response to COPS
   state synchronization (SSQ) requests and local configuration changes.

   The comparing of roles (or role combinations) is case sensitive.






Sahita, et. al.              Informational