With the continuous development of computer technology and communication industry, today’s society has entered the information age, and how to ensure network’s security management effectively in the complex network topology has become a very important topic. Policy based network management technology can effectively separate the management and execution. So as to achieve the purpose of control, the administrator is only responsible for defining the policy, and network management system is responsible for transforming the policy into the format which equipment can identify. But conflicts between policies has been one of the key factors constraining the development of network management system.This paper puts forward a solution of policy conflict detection and resolution after the research on the policy conflict and the network management system based on strategy. By introducing the concept of risk assessment, the solution not only can simplify the implementation process of policy conflict detection and resolution, but can improve the reliability and stability of the network management system. The solution also puts forward the concept of conflict space and the conflict space separation algorithm, which conflict detection base on. And then using the method of the principle of the newest strategy and user priority to resolve policy conflict. The solution limit the impact of this process on the conflict within the conflict space, namely configuring the non-conflict part of policy, and only dealing with the conflict space.Compared with the existing solution of policy conflict detection and resolution, the solution this paper put forward has the following advantages. First, the solution makes the policy configuration more automated and intellectualized, and reduces some unnecessary process by proposing the concept of risk assessment. Secondly, the solution maximize the effective part of strategy, only dealing with the conflict space of conflict policies. Thirdly, the steps of the solution are smooth, compact and thoughtful. It is a high-performance solution.The paper also introduces in detail the architecture of the whole network management system design, and applying the solution to configuration module. It is proved to be an effective solution to detect and resolve the policy conflict. |