Handle semantics, Cops: common open policy service – Znyx Networks bh5700 User Manual
Page 70
Although the translation rules handle some inconsistency between software and hardware, a user
must define a combination of rules that is reasonable in hardware, to ensure predictable results.
Handle Semantics
All examples have illustrated zqosd copying tc rules into hardware. In fact, the zqosd utility
also enables the user to add tc rules that remain only in software. This selection is based on
handles. zqosd processes all supported queue disciplines and filters with handles between 100:0
and 200:FFFF.
COPS: Common Open Policy Service
The Common Open Policy Service (COPS) is a protocol for distributing networking policy to
devices such as switches and routers. COPS allows a single Policy Decision Point (PDP) to
distribute policy to multiple Policy Enforcement Points (PEPs). A PDP acts as a server for PEP
clients. Figure 4.3 Provides an illustration of the COPS Network Architecture.
A PDP contains all of the policy rulers for its associated PEPs. A PDP typically stores rules in a
data and is a dedicated server, not a forwarding device.
A PEP is any network device that has to enforce policy decisions. For example, a switch that
restricts network access or prioritizes traffic fits the definition of a Policy Enforcement Point. A
PEP makes no policy decision. It simply applies policy that receives from its PDP.
COPS uses a connection-based query and response mechanism. The following scenario illustrates
PEP-PDP communication:
•
A PEP comes online and opens a connection to its PDP.
•
After a connection has been established, the PEP transmits state information to the PDP.
•
The PDP uses that state information to determine what policy is applicable for the PEP.
Ethernet Switch Blade User's Guide
release 3.2.2j
page 70
Figure 4.3: COPS Network
Architecture
PDP
PEP
PEP
PEP