| I2RS working group | S. Hares |
| Internet-Draft | Q. Wu |
| Intended status: Standards Track | Huawei |
| Expires: January 3, 2015 | July 2, 2014 |
An Information Model for Basic Network Policy
draft-hares-i2rs-info-model-policy-03
This document contains three information Models: Basic Network Policy (BNP IM), Policy-Based Routing (PBR), I2RS Local-Config (I2RS-LC IM). The I2RRS-LC IM provides both an I2RS store of Policies plus a store of Policy Templates. The BNP IM has the following levels of Policy Hierarchy: Policy Set, Policy Group, Policy Rule, and conditional actions within the policy rule (conditional match and Action). The PBR IM, I2RS LC IM, BGP Information Model (BGP IM), Service Topology Information Model (SF-Topo IM), and the Service Forwarding Chaining IM (SFC IM) utilize and extend the BNP IM. This draft lists the extensions to the BNP IM that support these information models (PBR IM, I2RS LC IM, BGP IM, SSF-Topo IM and SFC-Policy IM).
The BNP IM is based on the concept of an extensible information model for representing policies. This concept is also found in the Policy Core Information Model (PCIM) (RFC3060) and the Quality of Service (QoS) Policy Information Model (QPIM)(RFC3644) and policy based routing.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2015.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The Interface to the Routing System (I2RS) provides read and write access to the information and state within the routing process within routing elements. The I2RS client interacts with one or more I2RS agents to collect information from network routing systems.
Processing of collected information at the I2RS agent may require the I2RS Agent to filter certain information or group pieces of information in order to reduce the data flow through the network to the I2RS client. Some applications that that utilize the services of I2RS client may also wish to require specific data in response to network events or conditions based on pre-established rules. This functionality is necessary to meet the requirements of i2rs enabled services which include service-layer routing improvements, and control of traffic flows and exit points.
This document introduces a Basic Network Policy information model (BNP IM) to handle policies related to the network. This basic policy model can be easily extended beyond the basic functions. The [I-D.ietf-i2rs-architecture] suggests that associated with the i2RS RIB model there will be "Policy-based Routing (ACLs)" and RIB "policy controls". These basic policy functions can operate as part of this functional blocks providing the basic model for policy operators. This model can also be considered as the substance of the policy templates.
The BNP IM is extensible allowing other extensions to make the BNP IM policy adaptable to specific I2RS protocol features. This policy model can be linked with other information models such as the following:
The BNP IM model is a product of the industry approach to I2RS that standardizes on a few basic functions network functions to obtain quick deployment of initial I2RS RIB modules, and build on this success to create network functions. Additional I2RS modules add I2RS interfaces to policy-based routing, BGP, Service topology creation, Service Chaining functions, and policy templates.
This information model leverages previous work done on extensible information model for representing policies, for example, the Policy Core Information Model (PCIM) [RFC3060] [RFC3060], and an extension to this model to address the need for QoS management, called the Quality of Service (QoS) Policy Information Model (QPIM) [RFC3644] [RFC3644].
Most policy within routing and forwarding systems has become hierarchical with individual specific policies being grouped as a set policy. The hierarchical policy rule definition enhances policy readability and reusability. Groups of network policies have labels to aid operational use. Named groups of policy are easily identified and reused as blocks.
The Basic Network Policy information model contains the following three components:
This draft contains the following Informational Models
I2RS needs its own implicit and explicit policy. This section provides an overview of the network policy model. The network policy model is defined by the following components, whose relationship is roughly depicted in the figure below.
+-----------------------+
| Network-Policy |
+-----------+-----------+
^
/|\
| "extends"
+-----------^-------------+
| Policy Set |
+--+-------------------+--+
^ ^ +---------------+
/|\ /|\ ---|PBR Policy-Rule|
| | | | Additions |
| | | +---------------+
| "extends" | "extends" | +---------------+
+--------^-------+ +-------^-------+ |--|LP Policy-Rule |
| Policy Group | | Policy Rule |<---| |Additions |
+----------------+ +---------------+ | +---------------+
: : | . . .
: : | +---------------+
......: :..... ---|RIB Policy-Rule|
: : | Additions |
: : +---------------+
: :
+---------V---------+ +-V-------------+
| Policy Condition | | Policy Action |
+-------------------+ +---------------+
: : : : : :
.....: . :..... .....: . :.....
: : : : : :
+----V---+ +---V----+ +--V---+ +-V------++--V-----++--V---+
| Match | |Policy | |Policy| | Set || Policy ||Policy|
|Operator| |Variable| |Value | |Operator||Variable|| Value|
+--------+ +--------+ +------+ +--------++--------++------+
Figure 1: Overall model BNP IM structure
Network_policy - contains sets of policies.
Policy-Set - is introduced to provide an abstraction for a set of rules. it is inserted into the inheritance hierarchy above both Policy-Group and Policy-Rule.
Policy-Group -defines the basic network policy Group model which combines the a list of Policy-Rules.
Policy Rule is represented by semantics “If Condition then Action”, therefore condition and action comprise Policy Rule model.
In Condition model, the ‘Match’ operator is usually implied while in the action model, the ‘Set operator is explicitly used.
Policy-Sets, Policy-Groups, and Policy-Rules have basic functionality (Policy-Basic IM) plus extensions defined by specific Information Models such as:
I2RS Client-Agents Information Models MAY support only the Policy-Basic IM, or MAY support any additional specific information models.
Each level of the Policy hierarchy (Policy-Set, Policy-Group, and Policy-Rules have both a read and write scope
The PolicySet structure has the following elements:
Figure 2 - Policy Set RBNF <Network_policy> ::= (<Policy_Set> ...) <Policy-Set> ::= <Policy-Set-Name> <Policy-Group_list> ::= (<Policy-Group> ...) (<Policy-Rule> ...) (<local_Config>) (<PBR_rule>)
In order to provide hierarchical policy definition and associate policy rule with other constraint, the basic policy group model needs to be defined. The corresponding extensions are introduced in a component, whose structure is informally depicted in the following diagram.
Figure 3 - Policy Group
+------------------------------------+ (optional)
| Policy Group |....
+------------------------------------+ :
* * * * * ^ :
| | | | | :....:
| | | | |
| | | | |
| | | | |
+--------+ +--------+ +--------+| +-----------+
|Identity| | Role | |Priority|| |Policy Rule|
+--------+ +--------+ +--------+| +-----------+
* * | * * *
| | | | | |
+--- | | +---+---+ | ++----+
| | | |Enabled| | |Usage|
| | | +-------+ | +-----+
+-----+----+ +------+ | |
| Resource | |Scope | | |
+----------+ +------+ | |
* * | +--+------+
| | +----+------+ |Mandatory|
| | | Precedence| +---------+
| | +-----------+
| |
+-----++-----+
| Read||Write|
|Scope||Scope|
+-----++-----+
The basic information model works as follows: Within the policy group information model, hierarchy is used to model context or scope for the sub-rule actions. A policy group contains Identity, scope, priority,precedence, and policy rule. Optionally, the policy group can contain a list of policy groups.
The elements of the Policy Group information model are as follows:
Figure 4 - Policy-Group RBNF
<Policy-Group> ::= <Policy-Group_Identity>
<Policy-Group_Roles>
<Policy-Group_priority>
<Policy-Group_precedence>
(<Policy-Rule-list>)
[<Supporting-Policy-Group>]
[<Policy-Group-Extension>]
<Policy-Group_Identity> ::= <Policy-Group-Name>
[<Policy-Group-Secure-Identity>]
<Policy-Group-priority> ::= INTEGER (0..255);
<Policy-Group-precedence> ::= INTEGER (0..250);
<Policy-Rule-list> ::= ((<Policy-Rule> <Policy-Rule-Status>) ...)
<Policy-Rule-Status> ::= <POLICY-RULE-ENABLE>
[<POLICY-RULE-MANDATORY>]
[<Policy-Rule_usage>]
<Policy-Rule_usage> ::== <Policy-Rule-REFCNT>
<Policy-Group-Roles> ::= (<Policy-Group-Role> ...)
<Policy-Group-Role> ::=<Node-RESOURCES> | <Policy-Group-Scope>
<Node-RESOURCES> ::= [<I2RS_AGENT_RESOURCE>]
<Policy-Group-Scope> ::= (<READ_SCOPE> <Policy-Group_Read_Scope>)
| (<WRITE_SCOPE> <Policy-Group_Write_Scope>)
<Policy-Group_Read_Scope> ::= <Policy-Group_Read_Scope_Type>
[<RIB-IM_READ_list>]
[<BGP-IM-READ_list>]
<Policy-Group_Read_Scope_Type> ::= <RIB-IM_READ_SCOPE_TYPE>
| <BGP-IM_READ_SCOPE_TYPE>
<Policy-Group_Write_Scope> ::= <Policy-Group_Write_Scope_Type>
[<RIB-IM_WRITE_list>]
[<BGP-IM-WRITE_list>]
<Policy-Group_Write_Scope_Type> ::= <RIB-IM_WRITE_SCOPE_TYPE>
| <BGP-IM_WRITE_SCOPE_TYPE>
<Supporting-Policy-Group> ::= <SUPPORT-POLICY-GROUP> (
<Policy-Group> ...)
<Policy-Group-Extension> ::= ... /* Vendor Specific Policy */
A more formal depiction in RBNF format follows below
Figure 5 - Policy Rule
+----------------+
| Policy Rule |<...
+----------------+ :
* * : :
| | :...:
| |
+---------+ +--------+
...>|Condition|<.......| Action |<...
: +---------+<.......+--------+ :
: : * * : :
:..... | : :... :
| :
+--------+...........:
|Operator|
+--------+
The following diagram contains an informal graphical depiction of the main elements of the information model:
Roughly speaking, the basic information model works as follows: A policy rule contains conditions and actions. Each condition or each action in turn contains operator. A operator connects variable and value in the action or condition. Condition can map onto and be supported by other condition, while action can map onto and be supported by other actions. Policy rule can map onto other, policy rules.
The elements of the Policy Rule information model are as follows:
Figure 6 Policy Rule RBNF
<Policy-Rule> ::= <Policy-Rule_identity>
<Policy-Rule_priority>
<Policy-Rule_precedence>
<Policy-Rule_Roles>
(<Policy-Rule_Condition>
<Policy-Rule_Action> ...)
<Policy-Rule_Security_model>
[<Policy-Rule_rule_extensions>]
<Policy-Rule_identity> ::= <Policy-Rule-Name>
[<Policy-Rule-Secure-Identity>]
<Policy-Rule_priority> ::= INTEGER (0..250);
<Policy-Rule_precedence> :;= INTEGER (0..250);
<Policy-Rule_Roles> ::= (<Policy_Rule_Role> ...);
<Policy-Rule_Role> ::=<RESOURCES> |
<Policy_Rule_Scope>
<RESOURCES> ::= [<I2RS_AGENT_RESOURCE>]
<Policy-Rule_Scope> ::= (<READ_SCOPE>
<Policy-Rule_Read_scope>)
| (<WRITE_SCOPE>
<Policy-Rule_Write_scope>)
<Policy-Rule_Read_scope> ::= ((<BNP_READ_SCOPE_TYPE>
<BNP_READ_SCOPE_list>) ...)
| [<Policy-Rule_Read_Scope_External>]
<Policy-Rule_Write_scope> ::= ((<BNP_WRITE_SCOPE_TYPE>
<BNP_WRITE_SCOPE_list>)...)
[<Policy-Rule_Write_Scope_External>]
<Policy-Rule_Condition> ::= <Policy-Rule_Match_node>
(<Policy-Rule_Match_value> ...)
[<Policy-Rule_mode>]
[<Policy-Rule_Match_Operator>]
[<Policy-Rule_Condition_extension>]
<Policy-Rule_Match_node> ::= [<Policy-Rule_Match_Node_BNP-IM>]
| [<Policy-Rule_Match_node_external]
<Policy-Rule_Match_value> ::= [<Policy-Rule_Match_Value_BNP-IM>]
| [<Policy-Rule_Match_Value_external]
<Policy-Rule_mode> ::= PERMIT | DENY ;
<Policy-Rule_Match_operator_external> ::=
[<Policy-Rule_Match_Operator_BNP-IM>]
| [<Policy-Rule_Match_Operator_external]
<Policy-Rule-action> ::= <Policy-Rule_Action_variable>
<Policy-Rule_Action_value>
<Policy-Rule_Set-Operator>
[<Policy-Rule_action-extension> ]
<Policy-Rule_Security-Model> ::= <First-Matching>
|<All-Matching>]
<Policy-Rule_rule_extension> ::=
<I2RS-LC-policy_rule_extensions>
<Policy-Rule-action> ::= <Policy-Rule_Action_variable>
<Policy-Rule_Action_value>
<Policy-Rule_Set-Operator>
[<Policy-Rule_action-extension> ]
<Policy-Rule_Action_variable> ::= <Policy-Rule_Action_var>
(<Policy-Rule_Action_value> ...)
[<Policy-Rule_Set_Operator>]
[<Policy-Rule_Action_extension>]
<Policy-Rule_Action_var> ::= [<Policy-Rule_Action_Vars_BNP-IM>]
| [<Policy-Rule_Action_external>]
<Policy-Rule_Action_value> ::= [<Policy-Rule_Action_Vars_BNP-IM>]
| [<Policy-Rule_Action_external>]
<Policy-Rule_Set_Operator> ::= [<Policy-Rule_Set_Operator_BNP-IM>]
| [<Policy-Rule_Set_Operator_external>]
<Policy-Rule-action-extension> ::=
[<Policy-Rule_act_ext_BNP-IM>]
| [<Policy-Rule_act_ext_external>]
<Policy-Rule-Match-Operator-Policy-IM> ::= <IS-SET-MEMBER'>
|<IN-INTEGER-RANGE>
|<IP-ADDRESS-AS-RESOLVED-BY-DNS>
|<Policy_IM-Match-Operator-extension>
<Policy-Rule_condition_extension> ::=
<Policy_Rule_condition_ext-BNP-IM>
[<Policy-Rule_Condition_ext_external>]
/* these scopes besides RIB IM are defined in each IM */
<PR_Read_Scope_RIB_IM> ::=<RIB-IM_READ_SCOPE_TYPE>
<RIB-IM_READ_list>
<PR_Read_Scope_RIB_IM> ::=<RIB-IM_READ_SCOPE_TYPE>
<RIB-IM_READ_list>
<RIB-IM_READ_list> ::= [<RIB-IM-Tree-Match> ...]
<RIB-IM_WRITE_list> ::= [<RIB-IM-Tree-Match> ...]
<RIB-IM-Tree-Match> ::= <RIB-IM-Match-routing-instance>
<RIB-IM-Match-interface-list>
<RIM-IM-Match-rib_list>
<RIB-IM-match-route-list>
/* extensions to other IM */
/* External Read and Write Scope */
<Policy-Rule_Read_Scope_External> ::=
[<PR_Read_Scope_RIB_IM>]
[<PR_Read_Scope_BGP_IM>]
[<PR_Read_Scope_PBR_IM>]
[<PR_Read_Scope_I2RSLC_IM>]
[<PR_Read_Scope_STopo_IM>]
[<PR_Read_Scope_SFC-Policy_IM>]
<Policy-Rule_Write_Scope_External> ::=
[<PR_Write_Scope_RIB_IM>]
[<PR_Write_Scope_BGP_IM>]
[<PR_WriteScope_PBR_IM>]
[<PR_Read_Scope_I2RSLC_IM>]
[<PR_Read_Scope_STopo_IM>]
[<PR_Read_Scope_SFC-PolicyIM>]
/* External Rule Conditionals */
<Policy-Rule_Match_node_external> ::=
[<Policy-Rule_Match_Node_RIB-IM>]
| [<Policy-Rule_Match_Node_PBR-IM>]
| [<Policy-Rule_match_Node_I2RSLC-IM>]
| [<Policy-Rule_Match_Node_BGP-IM>]
| [<Policy-Rule_Match_Node_STopo-IM>]
| [<Policy-Rule_Match_Node_SFC-Policy-IM>]
<Policy-Rule_Match_Value_external> ::=
[<Policy-Rule_Match_Value_RIB-IM>]
| [<Policy-Rule_Match_Value_PBR-IM>]
| [<Policy-Rule_Match_Value_I2RSLC-IM>]
| [<Policy-Rule_Match_Value_BGP-IM>]
| [<Policy-Rule_Match_Value_STopo-IM>]
| [<Policy-Rule_Match_Value_SFC-Policy-IM>]
<Policy-Rule_Match_operator_external> ::=
[<Policy-Rule_Match_Operator_RIB-IM>]
| [<Policy-Rule_Match_Operator_PBR-IM>]
| [<Policy-Rule_Match_Operator_I2RSLC-IM>]
| [<Policy-Rule_Match_Operator_BGP-IM>]
| [<Policy-Rule_Match_Operator_STopo-IM>]
| [<Policy-Rule_Match_Operator_SFC-Policy-IM>]
<Policy-Rule_Action_value_external> ::=
[<Policy-Rule_Action_Values_RIB-IM>]
| [<Policy-Rule_Action_Values_PBR-IM>]
| [<Policy-Rule_Match_Operator_I2RSLC-IM>]
| [<Policy-Rule_Action_Values_BGP-IM>]
| [<Policy-Rule_Set_Operator_STopo-IM>]
| [<Policy-Rule_Set_Operator_SFC-Policy-IM>]
<Policy-Rule_Set_Operator_external> :==
[<Policy-Rule_Set_Operator_RIB-IM>]
| [<Policy-Rule_Set_Operator_PBR-IM>]
| [<Policy-Rule_Match_Operator_I2RSLC-IM>]
| [<Policy-Rule_Set_Operator_RIB-IM>]
| [<Policy-Rule_Set_Operator_BGP-IM>]
| [<Policy-Rule_Set_Operator_STopo-IM>]
| [<Policy-Rule_Set_Operator_SFC-Policy-IM>]
<Policy-Rule_act_ext_external> ::=
[<Policy-Rule_extension_RIB-IM>]
| [<Policy-Rule_act_ext_PBR-IM>]
| [<Policy-Rule_act_ext_I2RSLC-IM>]
| [<Policy-Rule_act_ext_RIB-IM>]
| [<Policy-Rule_act_ext_BGP-IM>]
| [<Policy-Rule_act_ext_STopo-IM>]
| [<Policy-Rule_act_ext_SFC-Policy-IM>]
| [<I2RS_Vendor-Rule_act_ext>]/* other I2RS IM */
The information model for the Network-policy component is more formally shown in RBNF below:
This section specifies the network policy information model in Routing Backus-Naur Form (RBNF, [RFC5511]). It also provides diagrams of the main entities of which the information model is comprised.
<basic-network_policy_in> ::= (<policy-set> ...) <basic-network_policy_out> ::= (<policy-set> ...) <network-policy_rules_list> ::= (<policy-rule>...)
Policy based Routing is a technique used to make routing decisions based on policies set by the network administrator. PBR enables network administrator to forward the packet based on other criteria than the destination address in the packet, which is used to lookup an entry in the routing table.
The policy based routing problem can be viewed as a resource allocation problem that incorporates business decision with routing. Policy based routing provides many benefits, including cost saving, load balancing and basic QoS.
Routing decisions in policy based routing are based on several criteria beyond destination address, such as packet size, application, protocol used, and identity of the end system. Policy constraints are applied before applying QoS constraints since policy constraint overrides QoS constraint. Policy constraints may be exchanged by routing protocols while updating routing information.
The I2RS use cases which benefit from PBR are: [I-D.white-i2rs-use-case] and [I-D.krishnan-i2rs-large-flow-use-case],
PBR-Rules extends from Policy Basic Rule with a set of condition, action and attributes. Routing decisions in policy based routing are based on several criteria beyond destination address, such as packet size, application, protocol used, and identity of the end system.
One routing instance (named by an INSTANCE_NAME) can contain multiple PBR RIBs, and is associated with a set of interfaces, and a ROUTER-ID. The entries associated with each routing instance relating to the PBR are:
Each PBR RIB has the following:
The Route entry in a PRB has the following information:
The PRB route attributes include QOS Attributes as show in the policy list below.
Figure 7 - PBR Policy Rule
+-----------------------+
| Policy Rule |
+-----------+-----------+
^
/|\ "extends"
+-----------^-----------+
| PBR Rule |
+--+-----------------+--+
: :
: : .......
: : : :
+--------V-------+ +-------V-------+ :
| PBR Condition | | PBR Action |<...
+----------------+ +-+----------+--+
/|\ /|\
"extends"| | "extends"
+---+ +--------+
| |
+-------^-------+ +-----^---------+
| QoS Action | |Forward Action |
+---------------+ +---------------+
: : : : : :
....: : :..... .....: : :.....
: : : : : :
+----V---+ +---V----+ +--V---+ +-V------++--V-----++--V-----+
|Set | |QoS | |QoS | |Forward ||Next Hop||Next Hop|
|Operator| |Variable| |Value | |Operator||Variable||Value |
+--------+ +--------+ +------+ +--------++--+-----++--------+
/|\
| "extends"
+---^----+
|Next Hop|
|Type |
+--------+
Figure 3: Policy based routing IM structure
A PBR rule is constructed using condition, action and attributes that are inherited from Policy Group Component.
Figure 8 - PRB QOS RBNF /* policy rules */ <Policy-Rule_Match_Node_PBR-IM> ::= <IPv4_QoS_Node_Matches> | <IPv6_QoS_Node_Matches> <Policy-Rule_Match_Value_PBR-IM> ::= <IPv4_QoS_Value_Matches> | <IPv6_QoS_Value_Matches> <IPv4_QoS_Node_matches> = <IPv4-QOS_Matches> <IPv6_QoS_Node_matches> = <Pv6-QOS_Matches> <IPv4_QoS_Value_matches> = <IPv4-QOS_Matches> <IPv6_QoS_Value_matches> = <IPv6-QOS_Matches> <IPv4-QOS_Matches> ::= [<IPv4-SRC>] [<IPv4_DST>] [<IPv4_Proto>] [<IPv4_TOS-DSCP>] [<IPv4_ICMP_field>] [<IPv4_length>] <IPv6-QOS_Matches> ::= [<IPv6-SRC>] [<IPv6_DST>] [<IPv6_Proto>] [<IPv6_Flow>] [<IPv6_length>] <Policy-Rule_Match_Operator_PBR-IM> ::= [<Longest-prefix>] | [<Exact>] | [(<IPv4-RANGE> <IPv4-Low> <IPv4-High>)] | [(<IPv6-RANGE> <IPv6-Low> <IPv6-High>)] | [(<LENGTH-Range> <LENGTH_Low> <LENGTH_High>)] <IPv4_low> ::= <IPv4-Prefix> <IPv4_high> ::= <IPv4-Prefix> <IPv6_low> ::= <IPv6-Prefix> <IPv6_high> ::= <IPv6-Prefix> <Policy-Rule_Action_value_PBR-IM> ::= [<QOS_action>] [<FWD_action>] <QOS_action> ::= <QOS_IP-TOS_Set> | <QOS_DSCP> <FWD_action> ::= <Drop_packet> | <Drop_Packet_ICMP> | (<Forward_Specific> <next-hop>) | (<Forward_Default>) <Policy-Rule_Set_Operator_PBR-IM> ::= [<SET_QOS_BITS>] | [<SET_FWD_ACTION<]
The PBR QOS RBNF is below
As described in [I-D.ietf-i2rs-rib-info-model], each Routing instance contains a collection of RIBs, interfaces, and routing parameters including the following:
PIB and RIB can not be used at the same time, which means:
Policy constraints information either comes from RSVP,BGP/IGP, or comes from manual configuration or policy configuration tool. Therefore PBR uses from the RIB IM:
Figure 9 - PBR RBNF /* pbr defintion */ <pbr-routing-instance> ::= <PBR_INSTANCE_NAME> [<interface-list>] <pbr-rib_list> [<prb-default-rib>] [<Router-ID>] <pbr-rib-list> ::= <PRB_RIB_NAME> <PRB_rib_family> (<prb_rib> ...) <PRB_rib_family> ::=<IPv4_PRB_FAMILY> | <IPV6_PRB_FAIMILY> <prb_rib> ::= <PRB_RIB_NAME> <PRB_rib_family> <prb_policy_set> <prb_policy_set< ::= <BNP_policy_set> <RIB_policy_set_extensions> <PRB_policy_set_extensions> <BGP_policy_set_extensions> <QOS_policy_set_extensions> <prb_policy_set_exetensions> ::= <Policy-Rule_Match_Node_PBR-IM> <Policy-Rule_Match_Value_PBR-IM> <Policy-Rule_Match_Operator_PBR-IM> <Policy-Rule_Action_value_PBR-IM> <Policy-Rule_Set_Operator_PBR-IM>
Policy based routing MUST tackle the following difficult questions:
The Local Policy Information Model (LB IM) stores I2RS policy and policy templates that are used across many I2RS modules. The LB IM stores a set of policy and a set of policy templates. This section defines the LB IM extensions needed to the Basic Policy set at the Policy-set, Policy-Group, and Policy-Rule level. It also defines the optional extensions to this LP policy model as:
The key benefit of the I2RS Local Configure Information Model (Local- is that it provides a place to store I2RS policy, and I2RS templates. The LB IM MAY allow for: a) re-use of these policy templates across multiple I2RS client-I2RS agent sessions, b) storing of some policy into permanent configuration store
Figure 10 - Local I2RS Policy Story extensions <i2rs-Local-Policy> ::= <I2RS_LOCAL_POLICY_STORE> <Policy-Set> <Policy-Templates> <i2rs-condition-extension> :== [<I2RS-Client-Agent_transport_list>] [<I2RS_IPADRESS_DNS_resolve>] [<Policy-Template_match>] <I2RS-Client-Agent_transport_list> :== (< i2rs_transport > ...) <i2rs_transport< ::= [TCP][SCTP][SSL]; /* these actions allow local I2RS configure store could * write to local Node policy store */ <i2rs-action-extension> ::= [<i2rs_write_policy_config_store>] [<i2rs_write_bgp_config_store>] ...
The model extends the original network-policy model as follows:
Figure 11 - RIB Information Model Extensions
<RIB-IM_READ_list> ::= [<RIB-IM-Tree-Match ...]
<RIB-IM_WRITE_list> ::= [<RIB-IM-Tree-Match ...]
<RIB-IM-Tree-Match> ::= <RIB-IM-Match-routing-instance>
<RIB-IM-Match-interface-list>
<RIM-IM-Match-rib_list>
<RIB-IM-match-route-list;
/* BGP Info Module Tree Match */
<BGP-IM_READ_list> ::= [<BGP-IM-Tree-Match ...]
<BGP-IM_WRITE_list> ::= [<BGP-IM-Tree-Match ...]
<BGP-IM-Tree-Match> ::= <BGP-IM-Tree-Match-protocol-instance>
<BGP-IM-Match-Protocol-instance> ::= (<BGP_protocol> ...)
<prb_rib> ::= <bgp_route_list>
<bgp_route_list> ::= (<bgp_route> ...)
<bgp_route> ::= <BGP_ROUTE_TYPE>
<bgp_route_prefix>
<bgp_attribute_list>
<bgp_route_create>
<bgp_rt_state_info>
<basic-network_policy_in> ::= (<policy-set> ...)
<basic-network_policy_out> ::= (<policy-set> ...)
<network-policy_rules_list> ::= (<policy-rule>...)
Figure 12 - BGP Information Model Extensions <BGP-IM_READ_list> ::= [<BGP-IM-Tree-Match ...] <BGP-IM_WRITE_list> ::= [<BGP-IM-Tree-Match ...] <BGP-IM-Tree-Match> ::= <BGP-IM-Tree-Match-protocol-instance> <BGP-IM-Match-Protocol-instance> ::= (<BGP_protocol> ...)
Figure 13 - SFC Topology Information Model Extensions /* what part of the STopo Model can access */ <STopo-IM_READ_list> ::= [<STopo-IM-Tree-Match ...] <STopo-IM_WRITE_list> ::= [<STopo-IM-Tree-Match ...] <STopo-IM-Tree-Match> ::= <STopo-IM-Tree-Match-protocol-instance> <STopo-IM-Match-Protocol-instance> ::= (<STopo_protocol> ...)
Figure 14 - Traffic Steering Information Model Extensions /* what part of the STopo Model can access */ <SFC-Policy-IM_READ_list> ::= [<SF-Policy-IM-Tree-Match ...] <SFC-Policy-IM_WRITE_list> ::= [<SF-Policy-IM-Tree-Match ...] <SFC-Policy-IM-Tree-Match> ::= <SF-Policy-IM-Tree-Match-protocol-instance> <SFC-Policy-IM-Match-Protocol-instance> ::= <SF_instance_list>
This draft includes no request to IANA.
TBD.