Policy-based Management for ALAN-Enabled Networks Ognjen Prnjat, Ioannis Liabotis, Temitope Olukemi, Lionel Sacks University College London, Dept. of Electronic and Electrical Eng., London WC1E 7JE, England email: {oprnjat | iliaboti | tolukemi | lsacks}@ee.ucl.ac.uk; Fax: +44 20 7388 9325 Mike Fisher, Paul McKee BTexact Technologies, Adastral Park, Ipswich IP5 3RE, UK email: {mike.fisher | paul.mckee }@bt.com Ken Carlberg, Gregorio Martinez University College London, Department of Computer Science, London WC1E 7JE, England email: {K.Carlberg | G.Martinez}@cs.ucl.ac.uk Abstract This paper presents the architecture, the policy schema, and the policy specifications necessary to accomplish effective management of the Application Level Active Networking (ALAN) environment. Using ALAN, developers can engineer applications through the network by utilising platforms (active servers) on which 3 rd party software (proxylets) can be dynamically loaded and run. Redirection of packets destined for active processing at the servers is performed by active routers. Management of such large, dynamic systems presents challenges to centralised approaches. Management based on policies locally interpreted in the context of local state is gaining acceptance as an alternative. The IST project ANDROID is using a flexible generic specification for policies, represented in XML, allowing a wide range of policies to be expressed and processed in a common framework. Policies given here focus on management of routers for VPN scenarios, resource and security management of active servers running the proxylets, and management of the information distribution mechanism. Preliminary results were demonstrated during the trial which included the scenario involving the inter-site connectivity and active server resource and security management. 1 INTRODUCTION Traditional centralised approaches to the management of networks and services are beginning to reach their limits as the complexity of the systems to be managed increases. Network equipment is becoming more heterogeneous and the range of capabilities that can be offered by network equipment is growing. At the same time, as users expect networks to provide the features they require on demand, configuration must be performed much faster than before. All these considerations mean that an automated and distributed approach to network and service management is required, reflecting the distribution of the system elements being managed [1]. This is particularly relevant in active networking scenarios, in which the ability to load software dynamically onto network equipment (e.g. routers, application-layer proxies/servers) allows the behaviour of the network infrastructure to be customised for individual users and applications. In this context, the IST project ANDROID (Active Network DistRibuted Open Infrastructure Development) is focusing on the management of Application Level Active Networks (ALAN). The project has adopted the policy-based, event-driven management approach, and is striving to manage a wide range of functionality needed to provide the ALAN infrastructure. The current ANDROID scenario involves the inter-site connectivity accomplished through the interaction of the Reflector proxylets running on the ALAN active servers. The scenarios under development involve the dynamic set-up of the VPN through policy control of the active routers. Moreover, the policy control is exercised at the active server platforms, where both the security aspects of the active server platform and the proxylet resource allocation and consumption are managed. Finally, the management infrastructure - the management information distribution service (for policy and event distribution) - is also managed through policies. The general approach to the policy definitions was to consider the possible events that can occur in the ANDROID scenario(s), and then to identify the actions to be taken as a response to these events, and consequently the management policies that need to be in place. Finally, the specific example policies in XML are defined.