Fuzzy Conflict Analysis for QoS Policy Parameters in DiffServ Networks

Policy-based network management is a necessity for managing large-scale environments. It provides the means for separating high-level system requirements from the actual implementation. As the network size increases, the need for automated tools to perform management becomes more apparent. But configuring routers and network devices to achieve QoS goals is a challenging task. Using Differentiated Services to dynamically perform this configuration involves defining policies on different network nodes in multiple domains. Policy aggregation across domains requires a unified policy model that can overcome the challenge of conflict detection and resolution. In this work, we propose a unified model to represent and encode QoS policies. This model enables efficient and flexible conflict analysis. The representation utilizes a bottom-up approach, from the base policy parameters to the aggregation of policies across domains with respect to traffic classes. We also present a classification of these conflicts and a measure of conflicts to assess the severity of any misconfiguration. The model and the conflict measure are evaluated with large networks and different topologies.

[1]  Ehab Al-Shaer,et al.  Firewall Policy Advisor for Anomaly Discovery and Rule Editing , 2003, Integrated Network Management.

[2]  Pallab Dasgupta,et al.  Policy Based Security Analysis in Enterprise Networks: A Formal Approach , 2010, IEEE Transactions on Network and Service Management.

[3]  Jørn Lind-Nielsen,et al.  BuDDy : A binary decision diagram package. , 1999 .

[4]  Carsten Lund,et al.  Modeling and understanding end-to-end class of service policies in operational networks , 2009, SIGCOMM '09.

[5]  Chen-Nee Chuah,et al.  FIREMAN: a toolkit for firewall modeling and analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[7]  Shan Xiuming,et al.  Design of a fuzzy controller for active queue management , 2002 .

[8]  Ehab Al-Shaer,et al.  Modeling and verification of IPSec and VPN security policies , 2005, 13TH IEEE International Conference on Network Protocols (ICNP'05).

[9]  Albert G. Greenberg,et al.  On static reachability analysis of IP networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[10]  Zheng Wang,et al.  Internet QoS: Architectures and Mechanisms for Quality of Service , 2001 .

[11]  José Ferreira de Rezende,et al.  Dynamic QoS Provisioning in DiffServ Domains Using Fuzzy Logic Controllers , 2004, Telecommun. Syst..

[12]  Ehab Al-Shaer,et al.  Taxonomy of conflicts in network security policies , 2006, IEEE Communications Magazine.

[13]  Marcial P. Fernandez,et al.  Converting QoS policy specification into fuzzy logic parameters , 2003 .

[14]  Paris Flegkas,et al.  Policy conflict analysis for quality of service management , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[15]  Andreas Pitsillides,et al.  Fuzzy Logic Congestion Control in TCP/IP Tandem Networks , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[16]  Ellen Zegura,et al.  Generation and Analysis of Random Graphs to Model Internetworks , 1994 .

[17]  Naranker Dulay,et al.  Authorisation and Conflict Resolution for Hierarchical Domains , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[18]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[19]  Fengyuan Ren,et al.  Design of a fuzzy controller for active queue management , 2002, Computer Communications.

[20]  Hong Li,et al.  QoS Policy Modeling and Conflict Analysis , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[21]  George Pavlou,et al.  Policy refinement for IP differentiated services Quality of Service management , 2006, IEEE Transactions on Network and Service Management.

[22]  Alan Jeffrey,et al.  Model Checking Firewall Policy Configurations , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[23]  David L. Black,et al.  An Architecture for Differentiated Service , 1998 .

[24]  Ehab Al-Shaer,et al.  Network configuration in a box: towards end-to-end verification of network reachability and security , 2009, 2009 17th IEEE International Conference on Network Protocols.

[25]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[26]  Zheng Wang,et al.  An Architecture for Differentiated Services , 1998, RFC.

[27]  George Pavlou,et al.  A policy-based quality of service management system for IP DiffServ networks , 2002, IEEE Netw..

[28]  José Ferreira de Rezende,et al.  Optimizing Fuzzy Controllers with Genetic Algorithms for QoS Improvement , 2002, Anais do 2002 International Telecommunications Symposium.

[29]  Jadwiga Indulska,et al.  Methods for conflict resolution in policy-based management systems , 2003, Seventh IEEE International Enterprise Distributed Object Computing Conference, 2003. Proceedings..

[30]  Brendan Jennings,et al.  Efficient Policy Conflict Analysis for Autonomic Network Management , 2008, Fifth IEEE Workshop on Engineering of Autonomic and Autonomous Systems (ease 2008).

[31]  Ke Xu,et al.  Using fuzzy-PI controller in active queue management , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[32]  Ehab Al-Shaer,et al.  Conflict classification and analysis of distributed firewall policies , 2005, IEEE Journal on Selected Areas in Communications.

[33]  Paris Flegkas,et al.  Policy conflict analysis for diffserv quality of service management , 2009, IEEE Transactions on Network and Service Management.