A computer network having multiple, dissimilar network devices includes a
system for implementing high-level, network policies. The high-level
policies, which are generally device-independent, are translated by one
or more policy servers into a set of rules that can be put into effect by
specific network devices. Preferably, a network administrator selects an
overall traffic template for a given domain and may assign various
applications and/or users to the corresponding traffic types of the
template. Location-specific policies may also be established by the
network administrator. The policy server translates the high-level
policies inherent in the selected traffic template and location-specific
policies into a set of rules, which may include one or more access
control lists, and may combine several related rules into a single
transaction. Intermediate network devices, which may have one or more
roles assigned to their interfaces, are configured to request traffic
management information from the policy server which replies with a
particular set of transactions and rules. The rules, which may correspond
to the particular roles assigned to the interfaces, are then utilized by
the intermediate devices to configure their particular services and
traffic management mechanisms. Other rules are utilized by the
intermediate devices to classify packets with a particular priority
and/or service value and to treat classified packets in a particular
manner so as to realize the selected high-level policies within the
domain.