Network Working Group W. Liu
Internet-Draft Huawei Technologies
Intended status: Informational C. Xie
Expires: January 4, 2018 China Telecom Beijing Research Institute
J. Strassner
G. Karagiannis
Huawei Technologies
M. Klyus
NetCracker
J. Bi
Tsinghua University
July 3, 2017

SUPA Policy-based Management Framework
draft-ietf-supa-policy-based-management-framework-02

Abstract

Simplified Use of Policy Abstractions (SUPA) defines base YANG data models to encode policy, which point to device-, technology-, and service-specific YANG models developed elsewhere. Policy rules within an operator's environment can be used to express high-level, possibly network-wide policies to a network management function (within a controller, an orchestrator, or a network element). The network management function can then control the configuration and/or monitoring of network elements and services. This document describes the SUPA basic framework, its elements and interfaces.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on January 4, 2018.

Copyright Notice

Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

Traffic flow over increasingly complex enterprise and service provider network becomes more and more important. Meanwhile, the rapid growth of the variety makes the task of network operations and management applications deploying new services much more difficult. Moreover, network operators want to deploy new services quickly and efficiently.

Policy rules within an operator's environment can be used to express high-level, possibly network-wide policies to a network management function (within a controller, an orchestrator, or a network element). The network management function can then control the configuration and/or monitoring of network elements and services.

Simplified Use of Policy Abstractions (SUPA) defines a generic policy information model (GPIM) [I-D.ietf-supa-generic-policy-info-model] for use in network operations and management applications. The GPIM defines concepts and terminology needed by policy management independent of the form and content of the policy rule. The Event-Condition-Action (ECA) Policy Rule Information Model (EPRIM) [I-D.ietf-supa-generic-policyinfo- model] extends the GPIM by defining how to build policy rules according to the event-condition-action paradigm.

Both the GPIM and the EPRIM are targeted at controlling the configuration and monitoring of network elements throughout the service development and deployment lifecycle. The GPIM and the EPRIM can both be translated into corresponding YANG [RFC6020][RFC6020bis] modules that define policy concepts, terminology, and rules in a generic and interoperable manner; additional YANG modules may also be derived from the GPIM and/or EPRIM to manage specific functions.

The key benefit of policy management is that it enables different network elements and services to be instructed to behave the same way, even if they are programmed differently. Management applications will benefit from using policy rules that enable scalable and consistent programmatic control over the configuration and monitoring of network elements and services.

2. Terminology

SUPA: Simplified Use of Policy Abstractions, is the working group name, which defines a data model, to be used to represent high-level, possibly network-wide policies, which can be input to a network management function (within a controller, an orchestrator, or a network element).

YANG: an acronym for "Yet Another Next Generation". YANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications.[RFC6020]

ECA: Event-Condition-Action, is a short-cut for referring to the structure of active rules in event driven architecture and active database systems.

EMS:Element Management System, software to monitor and control network elements (devices) in telecommunications.

NMS:Network Management System, a set of hardware and/or software tools that allow an IT professional to supervise the individual components of a network within a larger network management framework.

OSS:Operations/Operational Support System, are computer systems used by telecommunications service providers to manage their networks (e.g., telephone networks).

BSS:Business Support Systems, are used to support various end-to-end telecommunication services.

GPIM: Generic Policy Information Model, which defines concepts and terminology needed by policy management independent of the form and content of the policy rule.

EPRIM: ECA Policy Rule Information Model, which extends the GPIM by defining how to build policy rules according to the event-condition-action paradigm.

GPDM: Generic Policy Data Models [I-D.ietf-supa-generic-policy-data-model], are created from the GPIM. These YANG data model policies are used to control the configuration of network elements that model the service(s) to be managed. The relationship of information model (IM) and DM can be founded in [RFC3444].

Declarative Policy: policies that specify the goals to be achieved but not how to achieve those goals (also called "intent-based" policies). Please note that declarative policies are out of scope for the initial phase of SUPA.

3. Framework for Generic Policy-based Management

This section briefly describes the design and operation of the SUPA policy-based management framework.

3.1. Overview

Figure 1 shows a simplified functional architecture of how SUPA is used to define policies for creating network element configuration snippets. (Note from Editor: a "snippet" is a small piece of information (e.g., part of a sentence that was cut out).) SUPA uses the GPIM to define a consensual vocabulary that different actors can use to interact with network elements and services. The EPRIM defines a generic structure for imperative policies. The GPIM, and/or the combination of the GPIM and the EPRIM, is converted to generic YANG data modules.

In one possible approach (shown with asterisks in Figure 1), SUPA Generic Policy and SUPA ECA Policy YANG data modules together with the Resource and Service YANG data models specified in IETF (which define the specific elements that will be controlled by policies) are used by the Service Interface Logic. This Service Interface Logic creates appropriate input mechanisms for the operator to define policies (e.g., a web form or a script) for creating and managing the network configuration. The operator interacts with the interface, the policies input by operators are then translated to configuration snippets.

Note that the Resource and Service YANG models may not exist. In this case, the SUPA generic policy YANG data modules serve as an extensible basis to develop new YANG data models for the Service Interface Logic This transfers the work specified by the Resource and Service YANG data models specified in IETF into the Service Interface Logic.

                                    
                       +---------------------+
   +----------+       \|        SUPA         |
   |   IETF   |---+----+  Information Models |
   +----------+   |   /|    GPIM and EPRIM   |
                  |    +---------+-----------+
      Assignments |              | Defines Policy Concepts
      and Manage  |             \|/
        Content   |    +---------+-----------+
                  |   \|    SUPA Generic     |
                  +----+    & ECA Policy     |
                      /|  YANG Data modules  |
                       +---------+-----------+
                                 *  Possible Approach
   +-----------------------------*-----------------------------+
   |  Management System          *                             |
   |                            \*/                            |
   |            Fills  +---------+---------+  +-------------+  |
   | +--------+ Forms \| Service Interface |/ |Resource and |/ | +----+
   | |Operator|--------+       Logic       +--|Service YANG |----|IETF|
   | +--------+ Runs  /| (locally defined  |\ | Data Models |\ | +----+
   |           scripts |forms, scripts,...)|  +-------------+  |
   |                   +---------+---------+                   |
   |                            \|/                            |
   |                     +-------+--------+                    |
   |                     |  Local Devices |                    |
   |                     | and Management |                    |
   |                     |     Systems    |                    |
   |                     +----------------+                    |
   +-----------------------------------------------------------+

Figure 1: SUPA Framework

Figure 1 is exemplary. The Operator actor shown can interact with SUPA in other ways not shown in Figure 1. In addition, other actors (e.g., an application developer) that can interact with SUPA are not shown for simplicity.

The EPRIM defines an ECA policy as an example of imperative policies. An ECA policy rule is activated when its event clause is true; the condition clause is then evaluated and, if true, signals the execution of one or more actions in the action clause. This type of policy explicitly defines the current and desired states of the system being managed. Imperative policy rules require additional management functions, which are explained in section 2.2 below.

Figure 2 shows how the SUPA Policy Model is used to create policy data models step by step and how the policy rules are used to communicate among various network management functions located on different layers.

The Generic Policy Information Model (GPIM) is used to construct policies. The GPIM defines generic policy concepts, as well as two types of policies: ECA policy rules and declarative policy statements.

A set of Generic Policy Data Models (GPDM) are then created from the GPIM. These YANG data model policies are then used to control the configuration of network elements that model the service(s) to be managed.

Resource and Service YANG Data Models: models of the service as well as physical and virtual network topology including the resource attributes (e.g., data rate or latency of links) and operational parameters needed to support service deployment over the network topology.

                              |  SUPA Policy Model
                              |
                              |  +----------------------------------+
                              |  | Generic Policy Information Model |
                              |  +----------------------------------+
                              |        D                 D
                              |        D   +-------------v-------------+
 +----------------------+     |        D   |   ECA Policy Rule         |
 | OSS/BSS/Orchestrator <--+  |        D   |   Information Model       |
 +----------^-----------+  |  |        D   +---------------------------+
            C              |  |        D                          D
            C              |  |  +----+D+------------------------+D+---+
            C              +-----+     D  SUPA Policy Data Model  D    |
 +----------v-----------+     |  | ----v-----------------------+  D    |
 |  EMS/NMS/Controller  <--------+ | Generic Policy Data Model |  D    |
 +----------^-----------+     |  | ----------------------------+  D    |
            C              +-----+              D                 D    |
            C              |  |  |    +---------v-----------------v--+ |
 +----------v-----------+  |  |  |    |  ECA Policy Rule Data Model  | |
 |  Network Element     <--+  |  |    +------------------------------+ |
 +----------------------+     |  +-------------------------------------+
                              |
                              |

Figure 2: SUPA Policy Model Framework

In Figure 2:

The components within this framework are:

SUPA Policy Model: represents one or more policy modules that contain the following entities:

Generic Policy Information Model: a model for defining policy rules that are independent of data repository, data definition, query, implementation languages, and protocol. This model is abstract and is used for design; it MUST be turned into a data model for implementation.

Generic Policy Data Model: a model of policy rules that are dependent on data repository, data definition, query, implementation languages, and protocol.

ECA Policy Rule Information Model (EPRIM): represents a policy rule as a statement that consists of an event clause, a condition clause, and an action clause. This type of Policy Rule explicitly defines the current and desired states of the system being managed. This model is abstract and is used for design; it MUST be turned into a data model for implementation.

ECA Policy Rule Data Model: a model of policy rules, derived from EPRIM, while each policy rule consists of an event clause, a condition clause, and an action clause.

EMS/NMS/Controller: represents one or more entities that are able to control the operation and management of a network infrastructure (e.g., a network topology that consists of Network Elements).

Network Element (NE), which can interact with local or remote EMS/NMS/Controller in order to exchange information, such as configuration information, policy enforcement capabilities, and network status.

Relationship between Policy, Service and Resource models can be illustrated by the figure below.

                                    
      +---------------+                   +----------------+
      |    Policy     |         (1)       |    Service     |
      |               |*******************|                |
      |   ( SUPA )    |*******************| ( L3SM, ... )  |
      +---------------+                   +----------------+
             **                                  /*\
               **                                *
                 **                            *
              (2)  **                        *   (3)
                     **                    *
                       **                *
                         **            *
                     +-------------------+
                     |    Resource       |
                     |                   |
                     | (Inventory, ... ) |
                     +-------------------+

Figure 3: Relationship between Policy, Service and Resource models

In Figure 3:

Policies are used to control the management of resources and services, while data from resources and services are used to select and/or modify policies during runtime. More importantly, policies can be used to manage how resources are allocated and assigned to services. This enables a single policy to manage one or multiple services and resources as well as their dependencies. (1:1..n) in (1) and (2) below figure 3 shows one policy rule is able to manages and can adjust one or multiple services/resources. Line (1) and (2) connecting policy to resource and policy to service are the same, and line (3) connecting resource to service is different as it's navigable only from resource to service.

3.2. Operation

SUPA can be used to define various types of policies, including policies that affect services and/or the configuration of individual or groups of network elements. SUPA can be used by a centralized and/or distributed set of entities for creating, managing, interacting with, and retiring policy rules.

The SUPA scope is limited to policy information and data models. SUPA does not define network resource data models or network service data models; both are out of scope. Instead, SUPA makes use of network resource data models defined by other WGs or SDOs.

Declarative policies are out of scope for the initial phase of SUPA.

3.3. The GPIM and the EPRIM

The GPIM provides a common vocabulary for representing concepts that are common to different types of policy, but which are independent of language, protocol, repository, and level of abstraction. Hence, the GPIM defines concepts and vocabulary needed by policy management systems independent of the form and content of the policy. The EPRIM is a more specific model that refines the GPIM to specify policy rules in an event-condition-action form.

This enables different policies at different levels of abstraction to form a continuum, where more abstract policies can be translated into more concrete policies, and vice-versa. For example, the information model can be extended by generalizing concepts from an existing data model into the GPIM; the GPIM extensions can then be used by other data models.

3.4. Creation of Generic YANG Modules

An information model is abstract. As such, it cannot be directly instantiated (i.e., objects cannot be created directly from it). Therefore, both the GPIM and the combination of the GPIM and the EPRIM, are translated to generic YANG modules.

SUPA will provide guidelines for translating the GPIM (or the combination of the GPIM and the EPRIM) into concrete YANG data models that define how to manage and communicate policies between systems. Multiple imperative policy YANG data models may be instantiated from the GPIM (or the combination of the GPIM and the EPRIM). In particular, SUPA will specify a set of YANG data models that will consist of a base policy model for representing policy management concepts independent of the type or structure of a policy, and as well, an extension for defining policy rules according to the ECA paradigm.(Note from Editor: This means that policies can be defined using the GPIM directly, or using the combination of the GPIM and the EPRIM. If you use only the GPIM, you get a technology- and vendor-independent information model that you are free to map to the data model of your choice; note that the structure of a policy is NOT defined. If you use the GPIM and the EPRIM, you get a technology- and vendor-independent information model that defines policies as an event-condition-action (i.e., imperative) rule.)

The process of developing the GPIM, EPRIM and the derived/translated YANG data models is realized following the sequence shown below. After completing this process and if the implementation of the YANG data models requires it, the GPIM and EPRIM and the derived/translated YANG data models are updated and synchronized.

(1)=>(2)=>(3)=>(4)=>(3')=>(2')=>(1')

Where, (1)=GPIM; (2)=EPRIM; (3)=YANG data models; (4)= Implementation; (3')= update of YANG data models; (2')=update of EPRIM; (1') = update of GPIM

The YANG module derived from the GPIM contains concepts and terminology for the common operation and administration of policy- based systems, as well as an extensible structure for policy rules of different paradigms. The YANG module derived from the EPRIM extends the generic nature of the GPIM by representing policies using an event-condition-action structure.

The above sequence allows for the addition of new, as well as the editing of existing model elements in the GPIM and EPRIM. In practice, the implementation sequence may be much simpler. Specifically, it is unlikely that the GPIM will need to be changed. In addition, changes to the EPRIM will likely be focused on fine-tuning the behavior offered by a specific set of model elements.

4. Security Considerations

TBD

5. IANA Considerations

This document has no actions for IANA.

6. Contributors

The following people all contributed to creating this document, listed in alphabetical order:

7. Acknowledgements

This document has benefited from reviews, suggestions, comments and proposed text provided by the following members, listed in alphabetical order: Andy Bierman, Marc Blanchet, Benoit Claise, Joel Halpern, Jonathan Hansford, Diego R. Lopez, Johannes Merkle, Gunter Wang, Bert Wijnen, Tianran Zhou.

Part of the initial draft of this document was picked up from previous documents, and this section lists the acknowledgements from them.

From "SUPA Value Proposition" [I-D.klyus-supa-value-proposition]

The following people all contributed to creating this document, listed in alphabetical order:

This document has benefited from reviews, suggestions, comments and proposed text provided by the following members, listed in alphabetical order: H. Rafiee, J. Saperia and C. Zhou.

The authors of "SUPA Value Proposition" [I-D.klyus-supa-value-proposition] were:

The initial draft of this document merged one document, and this section lists the acknowledgements from it.

From "Problem Statement for Simplified Use of Policy Abstractions (SUPA)" [I-D.karagiannis-supa-problem-statement]

The authors of this draft would like to thank the following persons for the provided valuable feedback and contributions: Diego Lopez, Spencer Dawkins, Jun Bi, Xing Li, Chongfeng Xie, Benoit Claise, Ian Farrer, Marc Blancet, Zhen Cao, Hosnieh Rafiee, Mehmet Ersue, Simon Perreault, Fernando Gont, Jose Saldana, Tom Taylor, Kostas Pentikousis, Juergen Schoenwaelder, John Strassner, Eric Voit, Scott O. Bradner, Marco Liebsch, Scott Cadzow, Marie-Jose Montpetit. Tina Tsou, Will Liu and Jean-Francois Tremblay contributed to an early version of this draft.

The authors of "Problem Statement for Simplified Use of Policy Abstractions (SUPA)" [I-D.karagiannis-supa-problem-statement] were:

From "The Framework of Simplified Use of Policy Abstractions (SUPA)" [I-D.zhou-supa-framework]

The authors of this draft would like to thank the following persons for the provided valuable feedback: Diego Lopez, Jose Saldana, Spencer Dawkins, Jun Bi, Xing Li, Chongfeng Xie, Benoit Claise, Ian Farrer, Marc Blancet, Zhen Cao, Hosnieh Rafiee, Mehmet Ersue, Mohamed Boucadair, Jean Francois Tremblay, Tom Taylor, Tina Tsou, Georgios Karagiannis, John Strassner, Raghav Rao, Jing Huang.

The authors of "The Framework of Simplified Use of Policy Abstractions (SUPA)" [I-D.zhou-supa-framework] were:

8. References

8.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.

8.2. Informative References

[I-D.ietf-supa-generic-policy-data-model] Halpern, J. and J. Strassner, "Generic Policy Data Model for Simplified Use of Policy Abstractions (SUPA)", Internet-Draft draft-ietf-supa-generic-policy-data-model-04, June 2017.
[I-D.ietf-supa-generic-policy-info-model] Strassner, J., Halpern, J. and S. Meer, "Generic Policy Information Model for Simplified Use of Policy Abstractions (SUPA)", Internet-Draft draft-ietf-supa-generic-policy-info-model-03, May 2017.
[I-D.karagiannis-supa-problem-statement] Karagiannis, G., Strassner, J., Qiong, Q., Contreras, L., Yegani, P. and J. Bi, "Problem Statement for Simplified Use of Policy Abstractions (SUPA)", Internet-Draft draft-karagiannis-supa-problem-statement-07, June 2015.
[I-D.klyus-supa-value-proposition] Klyus, M., Strassner, J., (Will), S., Karagiannis, G. and J. Bi, "SUPA Value Proposition", Internet-Draft draft-klyus-supa-value-proposition-00, March 2016.
[I-D.zhou-supa-framework] Zhou, C., Contreras, L., Qiong, Q. and P. Yegani, "The Framework of Simplified Use of Policy Abstractions (SUPA)", Internet-Draft draft-zhou-supa-framework-02, May 2015.
[RFC3198] Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J. and S. Waldbusser, "Terminology for Policy-Based Management", RFC 3198, DOI 10.17487/RFC3198, November 2001.
[RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between Information Models and Data Models", RFC 3444, DOI 10.17487/RFC3444, January 2003.
[RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010.
[RFC7285] Alimi, R., Penno, R., Yang, Y., Kiesel, S., Previdi, S., Roome, W., Shalunov, S. and R. Woundy, "Application-Layer Traffic Optimization (ALTO) Protocol", RFC 7285, DOI 10.17487/RFC7285, September 2014.
[RFC7950] Bjorklund, M., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016.

Authors' Addresses

Will(Shucheng) Liu Huawei Technologies Bantian, Longgang District Shenzhen, 518129 P.R. China EMail: liushucheng@huawei.com
Chongfeng Xie China Telecom Beijing Research Institute China Telecom Information Technology Innovation Park Beijing, 102209 P.R. China EMail: xiechf.bri@chinatelecom.cn
John Strassner Huawei Technologies 2330 Central Expressway Santa Clara, 95138 CA USA EMail: john.sc.strassner@huawei.com
Georgios Karagiannis Huawei Technologies Hansaallee 205 Dusseldorf, 40549 Germany EMail: Georgios.Karagiannis@huawei.com
Maxim Klyus NetCracker Kozhevnicheskaya str.,7 Bldg. #1 Moscow, Russia EMail: klyus@netcracker.com
Jun Bi Tsinghua University Network Research Center, Tsinghua University Beijing, 100084 P.R. China EMail: junbi@tsinghua.edu.cn