This week, the Packet Pushers chat with Martin Casado & Tim Hinrichs about policy. What’s policy, you ask? In the context of the software defined data center, policy is the big idea that what an IT system needs to do can be expressed in an abstract policy language. The need for abstraction exists because human beings aren’t easily able to tell machines explicitly what they need to do build a system that conforms to a given policy.

For example, let’s say we need a web application that requires strict security to conform to some regulation. Humans should be able to express those needs in a way that makes reasonable sense to a human. The policy system would then take those abstract instructions and translate them into specific system instructions, such as spinning up a virtual machines in an isolated virtual network, placing firewall rules between each other and the outside world, adding deep packet inspection via a service chain, etc. The end result will comply with the policy, without a human having to interpret between the policy and the technical end result. As Tim put it,

At the end of the day, what we want is an interface between people and computer systems in a way that makes it easy for people to write down their ideas that, importantly, the computer understands.

At least, that’s the intention. Policy is a growing area of IT seeing a lot of attention from projects like OpenStack’s Congress. The industry is far from decided on just how policy should work. Policy is a complicated issue, which is why we’re talking about it today. Good stuff from Martin & Tim, two of the brightest in the networking business.

The secret is that the network is just one element of a cloud system and it needs “handles” to be able to participate in overall infrastructure. Congress is about using the handles to configure all parts of the cloud using a logical language and infrastructure.

In the end, the network is no longer alone.

Topics Discussed

What is policy based SDN/networking?
How does this apply to practical networking problems?
The use of other protocol/technologies to support policy implementation.
Managing the complexity that this creates: thick / thin devices are intelligent.
How can policy be reliable if nothing is determined?
How does a static route get configured on a firewall?
Why is policy/declarative programming a good choice compared to imperative/direct intention?
What are the advantages of policy implementation?
What does the Geneve protocol add to existing protocols?
What are the differences between promise theory and policy theory? They are not the same, so we highlight the differences.