Redirecting directories

As part of a drive to make it easier to manage and deploy policies across networks, IBM is aggressively lobbying standards bodies to adopt a new standard set of file formats for directories.

If the technology is widely adopted by other vendors, it could present a viable alternative to proprietary policy-based network architectures, most notably that of market leader Cisco Systems.

The proposed file formats would allow a network device or server to quickly match the correct policy to a packet or traffic flow, reducing network delays, according to IBM. Also, they would remove the need for the policy servers that other vendors are designing into their solutions, slashing costs, IBM said.

Policy-based networking systems let businesses assign different access rules to different users and applications. They are designed to make sure that critical jobs can be done on a network with limited bandwidth.

IBM has successfully lobbied the Internet Engineering Task Force, or IETF, and is currently lobbying the Desktop Management Task Force, or DMTF, to adopt the standard directory file formats.

"What we requested was a common information model for how information is stored in the directory, in order to make that information more easily retrievable," said Bruce Dillon, IBM's development manager for policy-based networking.

Some analysts doubt the IBM solution will force other policy architectures out of the picture. Cisco and other rivals are likely to stand by their own approaches, and many enterprises will follow.

But the development of such a standard would be a key tool for implementing IBM's forthcoming policy management architecture, which is expected to become part of IBM's network hardware offerings in June.

Those products rely on a common policy engine that implements a stateful dynamic multifield binary tree, which eliminates the need to deploy separate policy servers on the network.

Existing routing devices, however, were not designed to take advantage of a common policy engine, so they will still need to rely on policy servers. IBM officials said the company's new policy engine does not bypass the server to get to Cisco's routers. The system removes the need for the coming Common Open Policy System (COPS), which most other policy systems will use.

But one analyst said the benefits of IBM's system are questionable for multivendor networks.

"If Cisco, HP, and others are going to be using COPS, as a customer, what's the benefit to me to look at IBM's solution?" asked John McConnell, president of McConnell Associates.

IBM's new two-tier technology does support COPS when interacting with more traditional three-tier architectures, officials said.

A network manager at a large engineering company said adding policy decision making to network devices would make them too complex and raise the risk of failures.

"I'm a little skeptical. It's a false economy," the manager said.

Cisco is expected to offer the option of doing some policy functions on a routing-switch module that runs Embedded NT.

"We have completely eliminated the need for NT or Embedded NT in a Cisco router," Dillon said.