A network policy is a guideline or a rule describing how the network ought to resolve the resource conflicts which are a natural consequence of the interactions between the users and different applications available on the network. Policies can dictate which network resources and applications are to be accessible to which users as well as classify different applications and users into multiple categories and give preferential treatment to some users/applications over others. As an example, a network policy may state that transaction-oriented business applications should be considered more important than random web-surfing. Another network policy may state that communication across two machines be encrypted using IPSEC.

Network policies are supported using the architectural framework shown in the figure. The network policies are stored in a policy-store, which is a X.500 directory accessed using the LDAP protocol. The network policies are implemented by different enforcers in the network. Each enforcer is a software functionality that can be placed at different sites in the network, e.g. a firewall, a border-server or an access-router. Enforcers may operate by examining the traffic flow through a single device in the network, or may examine the network state at multiple devices in the network. In the former case, they are classified as application specific enforcers and in the latter classified as network-wide enforcers. The final component of the architectural framework is the administration tool for defining and configuring policies. The administration tool is a key part of the architecture. Policy administration and specification needs to be relatively easy and intuitive for the network operator. Without a good tool for defining policies, the architecture is not likely to be deployed in customer installations.

The policy framework described above can be used for supporting service level agreements, new service definition, control resource reservation protocols such as RSVP, and create virtual private networks (VPN). It can be used to advantage in distributed computing context, such as, Grid, Content Distribution Networks, Network Management etc and is a key technology enabling autonomic systems.