Policy Enforcement Point Components
In order to present the discussion of the Policy Enforcement Point (PEP), a simple model of a device is assumed, in which the operations are broken into two areas that I call the data path and the control path. The data path refers to all the operations that are performed at a device on packets, connections, or other units of traffic flowing through the device. The control path refers to operations and algorithms that need to be executed in order to obtain the configuration information or other information needed for the operation of the data path.
The control path in most applications predominantly consists of an agent running on the device that will be involved in the distribution of policies to the device, ...
Get Policy-Based Networking: Architecture and Algorithms now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
