Professional Documents
Culture Documents
Policy Peering For Next-Generation Networks: Figure 1 - Traditional Policy Architecture
Policy Peering For Next-Generation Networks: Figure 1 - Traditional Policy Architecture
212
the user's policy profile, irrespective of whether the Traditionally, services have been provided by the
home network resources are being used or not. visited network, however this requires standardization
and deployment of said services in the visited network.
3. Peering Interface Design Principles Due to the need for service provider differentiation,
services are often provided by the home network. To
This section provides the design principles and enable visited network control of resources, the home
requirements for the policy peering interface. PDP controls the subscriber specific policies and
communicates the resulting policy decisions to the
3.1 Uniform Policy Peering Interface visited network, where they are installed in the PEP,
subject to any visited network policy modifications.
There should be a single uniform policy peering While this may seem straightforward, it is
interface that can be used by all providers, irrespective challenging to enable both the home and visited
of the types of access networks they support. Similarly, network to make application aware policy decisions
the interface must accommodate providers with without standardizing services. For example, a roaming
varying policy capabilities. agreement between provider A and B may allow A's
Today, different access network types define their subscribers to use up to 10 percent of B's access
own policy architectures and interfaces. Ideally, we network resources when placing Voice over IP (VoIP)
would have a common policy peering protocol defined calls served by A's home VoIP infrastructure. To
for all access network types. More importantly though, address this, we require the policy peering interface to
we need universal support for the same underlying inform the peer provider of the "name" of the
policy information and flows; protocol differences can application being used as well as "names" of its
then be handled by interworking functions. constituent flows and associated policy parameters.
Policy information types include static, dynamic, The names are simple text-strings that can be
per-session/per-flow QoS and charging policies. Policy established as part of the roaming agreement. Although
objects must be defined in an access network agnostic B's infrastructure does not support these applications,
manner, and we must support new policy objects (e.g. B's PDPs can still make application aware policy
DPI control) as extensions. This does not preclude the decisions and perform application-specific charging for
use of access network specific policy objects for more use of B's resources. Similarly, applications deployed
detailed control, but a basic level of interoperability in B's network and used by roaming subscribers from
requires access network agnostic parameters. A are assigned a "name" to enable application aware
The basic flows needed to be supported are policy policy decisions from the subscriber's home network.
capabilities exchange, policy pull, and policy push. A The visited network has important information for
policy capabilities exchange informs each network of the home network policy decision; in particular the
the peer network's policy capabilities. This way, the access network characteristics and available network
home network learns which policies it can ask the resources. The policy peering interface needs to inform
visited network to enforce (and vice versa), and which the home network of the current type of access network
policies will require traffic to be routed to the home and its associated bandwidth characteristics. Available
network for policy enforcement. Once learned, the bandwidth is another issue. Communicating such
home network can inform the user's device of which continuously changing information would be chatty
applications require use of the home anchor point. In and may divulge more detailed information than the
“policy pull”, the PEP requests policy from the PDP visited network would like. Instead, the policy peering
and in “policy push” the PDP proactively installs interface should propose alternative policies when a
policies in the PEP. given request cannot be satisfied. For example, if
provider A asks for a 200 kb/s flow, provider B may
reject that while indicating support for a 100 kb/s flow.
3.2 Consistent User Experiences and
Application Aware Policy Decisions
3.3 Real-Time Policy Decisions and Policy
There should be a consistent user experience Peering
between the roaming and non-roaming case,
irrespective of the services supported by the visited The policy peering interface must provide an
network. At the same time, the visited network should efficient interface that can support real-time
control use of its own resources and be able to make applications.
application aware policy decisions. Policy interactions may occur at different points in
time and for different purposes. Some of these involve
real-time interactions where a minimal delay is
213
important. Two strategies are proposed for dealing PDPs and PEPs, and perform any policy protocol
with that. First, the policy peering interface should interworking necessary.
allow for policy delegation, whereby the home PDP
can push policy decisions to the visited network ahead 4. Conclusions
of time instead of always having policies pulled from
the visited network. Those policies should include We examined the existing service provider policy
authorization guidelines such that subsequent requests architectures across the cellular, wireline and cable
for resources in the visited network do not need segments. We found them to be architecturally similar
interaction with the home PDP. Secondly, the peering but largely without inter-provider policy support and
interface should allow for opportunistic and access network independence. Initial work has started
asynchronous policy interactions by use of a addressing that, which is necessary in the future
provisional policy decision, which may be changed converged network architecture, which we believe
following the completion of the policy interaction. should incorporate dual IP anchor points and policy
peering. To date, limited work has been done on the
3.4 Expanded Policy Control policy peering details. We proposed a number of
design principles and requirements for this starting
As the role of policy expands, it must be possible to with uniformity for different access networks and
extend the set of policy objects from the current QoS, support for a common set of policy flows and basic
charging, and NAT focus. The peering interface must policy objects. We proposed use of symbolic "names"
be extensible, but, to accommodate service providers and access network information over the interface and
with different capabilities and avoid the need to policy delegation and opportunistic policy interactions
standardize services, a capabilities exchange and a for real-time applications, whereas extensibility allows
flexible approach to extension policies should be used. for new policy objects to be supported. Finally, we
Existing service provider policy architectures have proposed use of policy border elements to aid with
focused on policy control of QoS and charging, and in secure and manageable peering interconnects while
one case NAT traversal as well. The future converged supporting service provider privacy.
networks however have additional functions and
resources that benefit from integrated policy control. 5. References
Access policies for example govern which entities a
user device is allowed to communicate with. Mobility [1] 3GPP TS 23.203 V7.5.0 (2007-12), 3rd Generation
policies govern the mobility operations that are Partnership Project; Technical Specification Group Services
performed, e.g. whether reauthentication is needed on and System Aspects; Policy and charging control architecture
handover, restrictions on the types of access networks (Release 7)
to use or handover to, etc. DPI control and other policy
objects can be envisioned as well. [2] 3GPP2 X.S0013-0012-0 Version 1.0 (Draft Version
0.21.0), 3rd Generation Partnership Project 2 "3GPP2", All-
IP Core Network Multimedia Domain, Service Based Bearer
3.5 Policy Peering Connections, Security and Control - Stage 2
Privacy
[3] ETSI ES 282 003 v1.1.1 (2006-06), Telecommunications
The policy peering interface must support peering and Internet converged Services and Protocols for Advanced
between many providers while addressing security and Networking (TISPAN); Resource and Admission Control
privacy concerns. Sub-system (RACS)' Functional Architecture
Providers may have many PDPs peering internally
[4] PacketCableTM Technical Report, Multimedia
or externally. For typical nationwide networks, the Architecture Framework, PKT-TR-MM-ARCH-V02, 051221
number of security associations required to fully
interconnect all PDPs between providers can be large. [5] 3GPP TS 23.401 V8.1.0 (2008-03), 3rd Generation
This complexity must be reduced while providing Partnership Project; Technical Specification Group Services
secure interfaces. This can be done by use of a policy and System Aspects; GPRS Enhancements for E-UTRAN
border element whose role is to peer with partner Access (Release 8)
networks. This well-defined point of interconnect
reduces the complexity and number of security [6] 3GPP TS 23.402 V8.1.1 (2008-03), 3rd Generation
associations between partners (and/or clearing houses). Partnership Project; Technical Specification Group Services
and System Aspects; Architecture Enhancements for non-
This border element can also provide necessary border 3GPP Accesses (Release 8)
security, topology hiding of the providers deployed
214