Abstract: Because higher- and lower-level policies do not necessarily correspond one to one, a higher-level network policy may have to be translated into two or more lower-level policies, and two or more cooperating higher-level policies may have to be translated into one lower-level policy. The former transformation is called a policy division, and the latter transformation is called a policy fusion. These transformations can be performed mechanically under restricted conditions as described in this paper. However, in general, they are very complicated and the restrictions cannot be eliminated completely mainly because of existence of multiple packet classifiers in a set of policies. Thus, this paper concludes that they should not be introduced if it is possible. The policy division and fusion can be avoided in certain cases, but they will not probably be able to be avoided in general. If so, the problem should be solved or relaxed by removing harmful classifiers by introducing virtual flow labels and by further studies. In addition, we may have to find a better method to control network devices than policies in the current sense.
Introduction to this research theme: Policy-based Networking