RFC 3318 (rfc3318) - Page 3 of 70
Framework Policy Information Base
Alternative Format: Original Text Document
RFC 3318 Framework Policy Information Base March 2003
2. General PIB Concepts
2.1. Roles
The policy to apply to an interface may depend on many factors, such
as immutable characteristics of the interface (e.g., Ethernet or
frame relay), the status of the interface (e.g., half or full
duplex), or user configuration (e.g., branch office or headquarters
interface). Rather than specifying policies explicitly for each
interface of all devices in the network, policies are specified in
terms of interface functionality.
To describe these functionalities of an interface, we use the concept
of "Roles". A Role is simply a string that is associated with an
interface. A given interface may have any number of roles
simultaneously. Provisioning classes have an attribute called a
"RoleCombination" which is a lexicographically ordered set of roles.
Instances of a given PRovisioning Class are applied to an interface
if and only if the set of roles in the role combination matches the
set of the roles of the interface.
Thus, roles provide a way to bind policy to interfaces without having
to explicitly identify interfaces in a consistent manner across all
network devices. That is, roles provide a level of indirection to
the application of a set of policies to specific interfaces. This
separates the policy definition from device implementation specific
interface identification. Furthermore, if the same policy is being
applied to several interfaces, that policy needs to be pushed to the
device only once, rather than once per interface, as long as the
interfaces are configured with the same role combination.
We point out that, in the event that the administrator needs to have
a unique policy for each interface, the administrator can configure
each interface with a unique role.
The PEP sends all its Capability Set Names, Role Combinations, Policy
Controlled Interfaces, and their relationships to the PDP in the
first COPS request (REQ) message for a handle, and whenever any
updates or deletes occur. The PDP can install new instances or
change existing instances of these PRIs. This operation can also
occur in subsequent request messages generated in response to COPS
state synchronization (SSQ) requests and local configuration changes.
The comparing of roles (or role combinations) is case sensitive.
Sahita, et. al. Informational