Figure 7.6: COPS Network Architecture
A PDP contains all of the policy rulers for its associated PEPs. A PDP typically stores rules in a
data and is a dedicated server, not a forwarding device.
A PEP is any network device that has to enforce policy decisions. For example, a switch that
restricts network access or prioritizes traffic fits the definition of a Policy Enforcement Point. A
PEP makes no policy decision. It simply applies policy that receives from its PDP.
COPS uses a connection-based query and response mechanism. The following scenario illustrates
PEP-PDP communication:
•
A PEP comes online and opens a connection to its PDP.
•
After a connection has been established, the PEP transmits state information to the PDP.
•
The PDP uses that state information to determine what policy is applicable for the PEP.
•
The PDP sends that policy to the PEP.
•
The PEP installs the policy and applies it to future traffic.
As long as COPS is running, a connection between the PEP and PDP should stay open. A PEP
could query a PDP at any time asking for a policy decision. Alternatively, an administrator could
modify the policy on a PDP, which would then push any policy changes to its PEPs.
Protocol Architecture
The COPS protocol is broken into several components. The base layer is the COPS protocol
itself, which defines the messaging format. This protocol defines
how
communication is handled
without specifying the details of the message data.
The base COPS protocol is then used by different
client types
. These client types apply the COPS
messaging scheme to particular types of data. The currently standardized client types deal with
the RSVP model (COPS-RSVP) and provisioning model (COPS-PR).
The COPS-RSVP scheme is designed around the requirement that a PEP will have to query a
PDP in response to events. An RSVP PEP is constantly listening for resource reservation requests
Ethernet Switch Blade User's Guide
release 3.2.2j
page 125
PDP
PEP
PEP
PEP
Downloaded from
www.Manualslib.com
manuals search engine