INTRODUCTION Among the current research initiatives, the policy-based management (PBM) [1] approach is recognized as a major advance in the simpli- fication of the complex task of network resource management. In this approach man- agement policies are derived from the contract between the operator and its customers that defines rights and duties in terms of resource usage and access. These contracts are called service level agreements (SLAs). The PBM framework as defined by the Internet Engi- neering Task Force (IETF) assumes that SLA fulfillment will be performed as an offline activity. This implies that service level specifi- cations (SLSs) must have long validity periods. Dynamic negotiation of QoS parameters is not envisaged at this stage by the IETF frame- work, and this lack is an obstacle to the devel- opment of on-demand service access and usage such as for voice over IP (VoIP) and video on demand (VoD). In order to overcome this limitation, an earli- er proposal in our laboratory [2] was to extend the PBM architecture using a new signaling pro- tocol to allow per-session QoS provisioning. However, the scalability issues of integrating such a per-session negotiation protocol have not been addressed so far. This article aims to address this issue and demonstrate that dynamic policy-based manage- ment is a realistic approach even in large-scale networks. Note, however, that this is conditioned by the respect of some design principles when instantiating the PBM framework. More precisely, we are interested in achiev- ing on-demand policy-based resource allocation in large-scale stateless IP networks (e.g., differ- entiated services [DiffServ] networks). The scal- ability features are determined by the capacity of the system to handle a high resource request rate and a high number of active customers. We also aim to develop simple rules allowing the dimensioning of the PBM system to be able to anticipate the expected performance from a particular PBM framework instantiation. This article is organized as follows. We present a rapid overview of the major principles of the IETF PBM architecture. Next, we discuss the main related work highlighting the various objectives and limitations. We present our solu- tion (i.e., introducing dynamic provisioning in the IETF PBM architecture) and its instantia- tion scheme. The testbed description and the empirical results obtained from several scalabil- ity testing scenarios are given. We introduce a simple analytical evaluation of our framework. This is followed by a brief presentation on how a network operator can use these results to design their own PBM system, before a conclu- sion is proposed. IEEE Communications Magazine • March 2006 142 0163-6804/06/$20.00 © 2006 IEEE NETWORK AND SERVICE MANAGEMENT Kamel Haddadou and Samir Ghamri-Doudane, Pierre & Marie Curie University Yacine Ghamri-Doudane and Nazim Agoulmine, LSRM, IIE, and University of Evry Joint Group ABSTRACT Today, the policy-based management approach is recognized as an efficient solution to simplify the complex task of managing and controlling networks. To this end, the IETF has introduced a reference framework to build PBM systems. However, this framework only address the provisioning of relatively long validity period services based on pre-defined service level agreements. Furthermore, very lit- tle work addresses the scalability properties of the instantiation of this framework in a real network. This work aims to extend the IETF PBM framework in order to support dynamic provisioning of short term services (end system signaling) as well as an instantiation scheme that is scalable (distributed provisioning of edge routers). This instantiation scheme is based on the distribution of the provisioning process while keeping centralized only the parts that involve critical resources, that is, the bandwidth brokerage. The performance prop- erties of the proposed scheme are then demon- strated throughout both extensive experimentation and a short analytical study. The results of this work are intended to be used as a guideline to help network operators to design scalable PBM system in order to offer to their customers services with QoS assurance in an on-demand basis. Designing Scalable On-Demand Policy-Based Resource Allocation in IP Networks