Internet DRAFT - draft-chen-supa-eca-data-model
draft-chen-supa-eca-data-model
Network Working Group M. Chen
Internet Draft BBIX, Inc.
Intended status: Standard Track L.Contreras
Expires: April 26, 2016 Telefonica I+D
M. Hayashi
KDDI R&D Labs. Inc.
T. Tsou
Huawei Technologies
October 26, 2015
ECA Policy YANG Data Model
draft-chen-supa-eca-data-model-05
Abstract
This document describes a YANG data model for SUPA (Simplified Use
of Policy Abstractions) ECA (Event-Condition-Action) policies
using policy abstractions defined in [I-D. strassner-supa-generic-
policy-info-model]. The EPDM (ECA policy data model) is refined
from SGPIM (SUPA Generic Policy Information Model)and EPRIM (ECA
Policy Rule Information Model) to be applied to deliver various
management policies for controlling managed entities throughout
the service development and deployment lifecycle. The generic ECA
policy data model could be augmented by additional YANG data
modules modeling and configuring policy-related protocols and
functions. Reusability as the major advantage of this approach can
be realized. The policy data model described in this document
provides common building blocks for such extensions.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in
progress."
Chen, et al. Expires April 26 2016 [Page 1]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 26, 2016.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction ..................................................3
2. Conventions used in this document .............................4
2.1. Tree Diagrams ............................................4
3. SUPA Policy Modules Top Level Design ..........................5
3.1. supa-policy-target Design for ECA policy data model ......6
3.2. ECA Policy Data Model Design .............................6
3.2.1. supa-ECA-component sub class ........................7
3.3. supa-policy-statement Design for ECA policy data model ...8
3.3.1. supa-entity sub class ...............................8
3.3.2. supa-script sub class ...............................9
3.4. event-list sub class .....................................9
3.5. condition-list sub class ................................10
3.6. action-list sub class ...................................10
4. Generic ECA Policy Data Model ................................11
4.1. Abstract Generic ECA Policy Data Model Hierarchy ........11
4.2. SUPA Generic ECA Policy Data Model in YANG Module .......13
5. ECA Policy Data Model Example ................................20
5.1. Redefine the supa-policy-target .........................21
5.2. Define the supa-ECA-component ...........................21
5.3. Define Event, Condition and Action clause ...............22
6. Specific ECA Policy Data Model for service flow policy .......24
Chen, et al. Expires April 26, 2016 [Page 2]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
6.1. SUPA specific ECA Policy Data Model in YANG Module ......24
7. Security Considerations .....................................27
8. IANA Considerations ..........................................27
9. Contributor List ............................................27
10. Acknowledgments .............................................27
11. References ..................................................27
11.1. Normative References ...................................27
11.2. Informative References .................................27
1. Introduction
As defined in [I-D. strassner-supa-generic-policy-info-model],
policies either be used in a stand-alone policy rule or aggregated
into policy composite to perform more elaborate functions. The
SUPA policy is tree-structured and can be embedded into hierarchal
model.
In SUPA framework, the EPRIM is a set of subclasses that
specialize the concepts defined in the SGPIM for representing the
components of a Policy that uses ECA semantics. Note that, the
information model is independent of data repository, data
definition language, query language, implementation language, and
protocol. While the ECA policy has to be defined with data
repository, data definition language, query language,
implementation language, and protocol.
In this way, an ECA policy data model defines:
-An event or a set of events that trigger the evaluation of policy:
This is the trigger for the service management application to
evaluate if a policy needs to be applied. For example a user
action to provision a new VPN service can be an event.
-A set of conditions that need to be satisfied for the policy to
be applicable: This enables service management to select the right
policy by validating the conditions against the current network
state.
-A set of actions that should be triggered as part of the policy
execution: This enables the service management to provision the
service.
This document introduces YANG [RFC6020] [RFC6021] data models for
SUPA configuration. Such models can facilitate the standardization
for the interface of SUPA, as they are compatible to a variety of
protocols such as NETCONF [RFC6241] and [RESTCONF]. Please note
that in the context of SUPA, the term "application" refers to an
Chen, et al. Expires April 26, 2016 [Page 3]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
operational and management applications employed, and possibly
implemented, by an operator.
With respect to the scope, defining an information model for the
policy exchange between the policy manager and policy agent and a
corresponding data model based on yang to support specific DDC
service use case is initial goal. The protocol specific aspects
are deferred to respective implementations. Also certain
foundational concepts of the model are intentionally left open to
enable future extension.
2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in [RFC2119].
In this document, these words will appear with that interpretation
only when in ALL CAPS. Lower case uses of these words are not to
be interpreted as carrying [RFC2119] significance.
2.1. Tree Diagrams
A simplified graphical representation of the data model is used in
this document. The meaning of the symbols in these diagrams is as
follows:
-Each node is printed as:
<status> <flags> <name> <opts> <type>
<status> is one of:
+ for current
x for deprecated
o for obsolete
<flags> is one of:
rw for Read/Write
ro for ReadOnly
-x for rpcs (remote procedure calls)
-n for notifications
<name> is the name of the node
-If the node is augmented into the tree from another module, its
name is printed as <prefix>:<name>.
Chen, et al. Expires April 26, 2016 [Page 4]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
<opts> is one of:
? for an optional leaf or choice
! for a presence container
* for a leaf-list or list
[<keys>] for the keys of a particular list
Figure 1: Symbols Used in Diagrams in this Document
3. SUPA Policy Modules Top Level Design
In this section, a generic ECA policy data model is defined with
SGPIM to specify the top level sub-class. The SUPA policy is
constructed hierarchically with possible extension at each leaf
node. According to SGPIM framework, a supa-policy MUST have at
least one supa-policy-statement that is used to define the content
of the policy.
As shown in figure 2, the top level design policy data model is:
-supa-policy: The root of the SUPA generic ECA policy
data model
-supa-policy-target: The managed object that a supa-policy
monitors and/or controls the state of. The target will the where
the policy will be worked on, including domain, subnet and so on.
Also the managed object will be specified such as a VPN, flow,
link and so on. This class is specified by the user as the scope
and the object needs to be told.
-supa-policy-atomic: A Policy that can be used in a stand-alone
manner, and hierarchic policy and composite policy has not been
taken into account in this document. Here the atomic means there
is only one ECA policy rule in the policy data model. The major
advantage of this design fashion is the separation of policy data
and how to manage these policy data into policy rules. That means,
only change the supa-policy-atomic here can generate new policy
without redefine all the policy data.
-supa-policy-statement: It is used to define the content of a
supa-policy, all the event, condition and action clauses are
defined here. This part will not be affected by the changing of
policy structures or designs.
Chen, et al. Expires April 26, 2016 [Page 5]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
+--rw supa-policy
| ....
+--rw supa-policy-target
| | ....
+--rw supa-policy-atomic
| | ....
+--rw supa-policy-statement
| | ....
Figure 2: Top level design of SUPA generic policy data model
3.1. supa-policy-target Design for ECA policy data model
The supa-policy-target target defines the working object of the
policy. More specifically, the scope of the policy will be worked
on and the instance that the policy will be worked on. This part
should be the input from policy user and is not part of ECA policy
itself. E.g., if the bandwidth of a flow of voice stream reaches
threshold, more bandwidth will be assigned to guarantee the voice
service. Here, which flow is for voice service and will be
adjusted is specified by the user as the input of the ECA policy.
So some kind of template is needed here to allow users to provide
information of the working object of the policy.
As shown in figure 3, four attributes of supa-policy-target are
defined by the user to specify the working scope of the policy.
Then the instance defines the specific work object of the policy,
such as a VPN, a flow, a link and so on. Obviously, VPN, flow or
link needs different elements to be indicated, so it is can be
defined with a "augment" statement to indicate the working object.
E.g., if user wants to work on a flow, corresponding elements will
be defined within "flow" case.
+--rw supa-policy-target
+--rw profileType? string
+--rw asDomainName? string
+--rw adminSubnetwork? string
+--rw businessTypeName? string
+--rw instanceName
+--rw instanceElement? empty
Figure 3: The snippet of supa-policy-target
3.2. ECA Policy Data Model Design
A supa-ECA-policy-rule, is a subclasses of the supa-policy-atomic
class. Therefore, it can be used as part of a hierarchy of
Chen, et al. Expires April 26, 2016 [Page 6]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
Policies or in a stand-alone manner. The EPRIM specializes the
supa-policy-atomic class to create a supa-ECA-policy-rule; it also
specializes the supa-policy class to create a supa-ECA-component,
and the supa-policy-statement to create corresponding clauses. The
supa-ECA-policy-rule uses the rest of the SGPIM infrastructure to
define a complete Policy model according to ECA semantics.
+--rw supa-policy-atomic
+--rw supa-ECA-policy-rule
| ....
+--rw supa-ECA-component
| ....
Figure 4: The snippet of supa-policy-atomic with ECA policy rule
-A supa-ECA-policy-rule is defined as a subclass of the SGPIM
supa-policy-atomic class. All the related information of the ECA
policy are defined here with some basic attributes of the policy
and the supa-ECA-component sub class.
-A supa-ECA-component is one of core parts of the policy data
model; it defines how the event, condition and action clauses are
integrated into one working policy. Note that supa-ECA-component
does not define the content of the policy itself but the structure
as well the association of each policy statement clauses.
3.2.1. supa-ECA-component sub class
The principal subclasses of supa-policy-component that are defined
in this version of this document are supa-policy-events, supa-
policy-conditions, and supa-policy-actions. Each of the sub
classes take care the event, condition and action part of the ECA
policy respectively. The snippet of supa-ECA-component sub class
is shown in figure 5.
+--rw supa-ECA-component
+--rw supa-policy-events
| +--rw has-policy-events? boolean
+--rw supa-policy-conditions
| +--rw has-policy-conditions? boolean
| +--rw conjunctive-type? enumeration
+--rw supa-policy-actions
+--rw action-execution? enumeration
Figure 5: The snippet of supa-ECA-component objects
Chen, et al. Expires April 26, 2016 [Page 7]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
The supa-policy-events sub class has one leaf to specify whether
the policy has an event statement. If TRUE, the policy will take
the event clause defined in the supa-policy-statement class.
The supa-policy-conditions sub class defines two things: one, does
the policy has conditions, similar to the events part; two, if
more than one conditions, how all the conditions are integrated
into one single statement. Note that the ECA policy only makes the
evaluation of condition statement once. So all the condition
clauses needs to be integrated into one statement connected via
AND or OR operator. Conjunctive-type defines use AND or OR
operator to connect condition clauses.
The supa-policy-actions sub class defines how the action clause
defined in supa-policy-statement will be executed.
3.3. supa-policy-statement Design for ECA policy data model
This is a mandatory abstract class that separates the
representation of a supa-policy from its implementation. This
abstraction is missing in [RFC3060], [RFC3460]. Basically, all the
policy statements are defined here as clauses. SUPA use three
types of mechanisms to define policies, entity, script template
and Boolean clause. The statement has three part, event-list,
condition-list and action-list, each has one or more clauses.
-supa-entity, which is a mechanism to directly use existing
defined object as the input of event; this is described in more
detail in Section 3.3.1.
-supa-script, which is a mechanism to directly encode the content
of the supa-policy-statement into a script template and needs
further execution which is out of SUPA; this is described in more
detail in Section 3.3.2.
3.3.1. supa-entity sub class
This is a mandatory class that specializes a supa-policy-statement.
It is defined that then event object can use the predefined object
in existing module.
-entity can refer to an existing leaf node defined by other module.
An example will be given in the following section.
Chen, et al. Expires April 26, 2016 [Page 8]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
+--rw supa-entity
+--rw entity? empty
Figure 6: The snippet of supa-entity
The supa-entity has been defined as a "grouping" to improve
reusability.
3.3.2. supa-script sub class
This is a mandatory concrete class that specializes (i.e., is a
subclass of) a supa-policy-statement. It defines a generalized
extension scripting mechanism for representing supa-policy-
statement that has not been modeled with other supa policy objects.
Rather, the Policy Clause is directly encoded into script template
and then been executed in the network management
function/controller.
-supa-script-content defines the content of this script template.
It works with another attribute of the supa-script class, called
supa-script-type, which defines how to interpret this script.
These two attributes form a tuple, and together enable a machine
to understand the script and know how to execute the script. Note
that, the scripting approach is to improve the logic expression
without defining new logic terminologies. Anything supported by
script being used can be accommodated by SUPA.
-supa-script-type defines the type of this script being used. It
works with another attribute of the supa-script class, called
supa-script-content, which defines the content (i.e., the value)
of the script template.
+--rw supa-script
+--rw supa-script-type? scriptType
+--rw supa-script-content
Figure 7: The snippet of supa-script
The supa-script has been defined as a "grouping" to improve
reusability as the event and condition statement can both use the
script template.
3.4. event-list sub class
All the event clauses are defined here with either encoded clause
or Boolean clause. As shown in figure 8, each event can only be
and must one type of the two clauses. Each event clause is defined
Chen, et al. Expires April 26, 2016 [Page 9]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
by calling the predefined two types of clauses in a "choice"
statement.
+--rw event-list
+--rw event-name
+--rw (eventType)?
+--:(entity)
| +--rw entity? empty
+--:(script)
| +--rw supa-script-type? scriptType
| +--rw supa-script-content
Figure 8: The snippet of event-list sub class
3.5. condition-list sub class
All the condition clauses are defined using a "augment" statement.
If there is more than one condition clause, just simply add more
"container" to define more condition clause.
+--rw condition-list
+--rw condition-name empty
Figure 9: The snippet of condition-list sub class
3.6. action-list sub class
The action-list sub class defines all the action clauses those
will be executed while the condition statement is being evaluating
as TRUE. Since the action can only be defined by users as each
action may have different attributes and elements to configure,
the predefined structures and statements will not help. Not only
the value of the leaf but also the number of leafs will depend on
the type of actions. As shown in figure 10, here a "augment"
statement is designed to keep the structure of the action
statement stable while allows extensibility. The user can define
new action by adding more case statement with self-defined element
and statement structure without affecting existing one.
+--rw action-list
+--rw actionName
+--rw actionElement? empty
Figure 10: The snippet of action-list sub class
Chen, et al. Expires April 26, 2016 [Page 10]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
4. Generic ECA Policy Data Model
4.1. Abstract Generic ECA Policy Data Model Hierarchy
Figure 11 shows the structure of abstract SUPA Generic ECA policy
data model.
Chen, et al. Expires April 26, 2016 [Page 11]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
module: ietf-supa-policy
+--rw supa-policy
+--rw supa-policy-name? string
+--rw supa-policy-priority? uint8
+--rw supa-policy-validity-period
| +--rw start? yang:date-and-time
| +--rw end? yang:date-and-time
| +--rw duration? uint32
| +--rw periodicity? enumeration
+--rw supa-policy-target
| +--rw profileType? string
| +--rw asDomainName? string
| +--rw adminSubnetwork? string
| +--rw businessTypeName? string
| +--rw instance
+--rw supa-policy-atomic
| +--rw supa-ECA-policy-rule
| +--rw policy-rule-deploy-status? enumeration
| +--rw policy-rule-exec-status? enumeration
| +--rw supa-ECA-component
| +--rw supa-policy-events
| | +--rw has-policy-events? boolean
| +--rw supa-policy-conditions
| | +--rw has-policy-conditions? boolean
| | +--rw conjunctive-type? enumeration
| +--rw supa-policy-actions
| +--rw action-execution? enumeration
+--rw supa-policy-statement
+--rw event-list
| +--rw event-name
| +--rw (eventType)?
| +--:(entity)
| | +--rw entity? empty
| +--:(script)
| +--rw supa-script-type? scriptType
| +--rw supa-script-content
+--rw condition-list
+--rw action-list
Figure 11: The structure of abstract SUPA Generic ECA policy data
model
Chen, et al. Expires April 26, 2016 [Page 12]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
4.2. SUPA Generic ECA Policy Data Model in YANG Module
<CODE BEGINS> file "ietf-eca-policy@2015-10-10.yang"
module ietf-eca-policy {
namespace "urn:ietf:params:xml:ns:yang:ietf-eca-policy";
// replace with IANA namespace when assigned
prefix policy;
import ietf-yang-types {
prefix yang;
}
organization "IETF";
contact
"Editor: Maoke Chen";
description
"This YANG module defines a component that describing
the generic ECA policy data model refining from SGPIM and
EPRIM.
Terms and Acronyms
";
revision 2015-08-25 {
reference "";
}
container supa-policy{
description
"This defines a Generic ECA policy data model ";
leaf supa-policy-name {
type string;
description
"The name of the policy";
}
leaf supa-policy-priority {
type uint8;
description
"The priority of the defined policy";
}
container supa-policy-validity-period {
description
"The valid time of the policy. E.g., the policy will
be valid 9am-9am daily";
Chen, et al. Expires April 26, 2016 [Page 13]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
leaf start {
type yang:date-and-time;
description "date and time to start the policy";
}
leaf end {
type yang:date-and-time;
description "date and time to end the policy";
}
leaf duration {
type uint32;
description "duration of the policy";
}
leaf periodicity {
type enumeration {
enum daily {
value 0;
description "The policy is repeated daily";
}
enum monthly {
value 1;
description "The policy is repeated monthly";
}
}
description "How the policy is repeated";
}
}
container supa-policy-target {
description
"SUPAPolicyTarget is an abstract class that defines a
set of managed objects that may be affected by the
actions of a SUPAPolicyStatement.";
leaf profileType {
type string;
description
"Which profile the policy will be worked on";
}
leaf asDomainName {
type string;
description
"Which domain the policy will be worked on";
}
leaf adminSubnetwork {
type string;
description
"Which subnet the policy will be worked on";
}
leaf businessTypeName {
Chen, et al. Expires April 26, 2016 [Page 14]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
type string;
description
"Which business the policy will be worked on";
}
container instance {
description
"Which instance the policy will be worked on? E.g.,
a VPN, a flow or a link";
}
}
container supa-policy-atomic {
description
"Define a atomic ECA policy rule";
container supa-ECA-policy-rule {
description
"SUPA policy atomic defines a standalone policy
rule.";
leaf policy-rule-deploy-status {
type enumeration {
enum 0{
description "undefined";
}
enum 1{
description "deployed and enabled";
}
enum 2{
description "deployed and in test";
}
enum 3{
description "deployed but not enabled";
}
enum 4{
description "ready to be deployed";
}
enum 5{
description "not deployed";
}
}
description
"The deploy status of the policy.";
}
leaf policy-rule-exec-status {
type enumeration {
enum 0{
description "undefined";
}
Chen, et al. Expires April 26, 2016 [Page 15]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
enum 1{
description
"executed and SUCEEDED (operational mode)";
}
enum 2{
description
"executed and FAILED (operational mode)";
}
enum 3{
description
"currently executing (operational mode)";
}
enum 4{
description
"executed and SUCEEDED (test mode)";
}
enum 5{
description
"executed and FAILED (test mode)";
}
enum 6{
description
"currently executing (test mode)";
}
}
description
"The executing status of the policy.";
}
container supa-ECA-component{
description
"The component defines how the event, condition
and action clauses are constructed into policy";
container supa-policy-events {
description
"An event or a set of events that trigger the
evaluation of policy: This is the trigger for
the service management application to
evaluate if a policy needs to be applied. For
example a user action to provision a new VPN
service can be an event.";
leaf has-policy-events {
type boolean;
description
"Whether the policy has an event?";
}
}
container supa-policy-conditions {
Chen, et al. Expires April 26, 2016 [Page 16]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
description
"A set of conditions that need to be
satisfied for the policy to be applicable:
This enables service management to select the
right policy by validating the conditions
against the current network state.";
leaf has-policy-conditions {
type boolean;
description
"Whether the policy has an condition?";
}
leaf conjunctive-type {
type enumeration {
enum 0 {
description "AND: all the conditions
must be matched";
}
enum 1 {
description "OR: one or more of the
conditions are matched";
}
}
description
"Define how the condition clauses will be
conjuncted, AND or OR";
}
}
container supa-policy-actions {
description
"A set of actions that should be triggered as
part of the policy execution: This enables
the service management to provision the
service.";
leaf action-execution {
type enumeration{
enum 0 {
description "Single: execute one action";
}
enum 1 {
description "Sequenced: execute actions
one by one
in sequence";
}
}
description
"How the actions will be executed";
Chen, et al. Expires April 26, 2016 [Page 17]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
}
}
}
}
}
container supa-policy-statement {
description
"The individual policy statement clauses.";
/*typedef scriptTemplate {
type string;
description
"The script defined in the YANG model can be sent
to the policy engine to execute. Here is the
content of the script template";
}*/
typedef scriptType {
type enumeration{
enum 0{
description
"Python";
}
enum 1{
description
"Perl";
}
enum 2{
description
"Javascript";
}
}
description
"Here is the type of the script to be executed.
E.g., Python, Perl";
}
grouping supa-entity{
leaf entity{
type empty;
description
"The path of the reference node needs to be
specified when using this type to define event
or condition";
}
description
"Use predefined object to specify the event and
condition";
}
grouping supa-script{
Chen, et al. Expires April 26, 2016 [Page 18]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
description
"The script can be used to specify the event and
condition clauses. The script can be executed in
the policy engine.";
leaf supa-script-type {
type scriptType;
description
"Use which type of script, such as Python, Perl
and so on.";
}
anyxml supa-script-content {
description
"The script template that will be sent to the
policy engine to specify the event or condition
clause";
}
}
container event-list{
description
"The event clauses. Each one can be a predefined
network entity, a script or boolean clause,";
container event-name {
description
"The event clause of the policy.";
choice eventType{
description
"User define to use which type event.";
case entity{
uses supa-entity;
}
case script {
uses supa-script;
}
}
}
}
container condition-list{
description
"The condition clauses. Each one can be a
predefined network entity, a script or boolean
clause, and conjuncted by AND or OR";
}
container action-list{
description
Chen, et al. Expires April 26, 2016 [Page 19]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
"Defines actions clause here. Each action has
unique attributes so a choice statement here to
allow self-defined action without changing.";
}
}
}
}
<CODE ENDS>
5. ECA Policy Data Model Example
This section will provide one example to show how to use this
generic ECA policy data model to generate specific policy data
model a service flow policy that can be mapped into configurations.
The generic ECA policy data model contains no configuration
information and lack of action elements, it cannot be mapped into
configuration such as XML instance by just filling the value of
the leaves. In order to make a working ECA policy, the user needs
to define some part of the generic policy data model and fill in
some of the leaves but do not need change the structure. Basically,
instantiate a generic ECA policy data model into a specific ECA
policy data model only needs adding some leaves and specify some
values.
More specifically, for a service flow policy "If the bandwidth of
a voice stream flow exceeds 8Mbps, change the CIR to 20Mbps to
guarantee the voice service", how to use generic ECA data model to
generate a working data model to deploy this policy? Instructions
with data model will be given in next few sections. The major
steps are:
1. Fill in the basic attributes of the policy, such as name,
priority, valid period and so on.
2. Redefine the supa-policy-target
3. Specify the leaf value in supa-ECA-component to define how the
policy clauses in supa-policy-statement will be integrated into a
policy rule.
4. Define the event clause, condition clause and action clause
using augment statement.
Chen, et al. Expires April 26, 2016 [Page 20]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
5.1. Redefine the supa-policy-target
The first step is to redefine the target of the policy. As shown
in figure 12, the user fills in all the attributes to define the
working scope of the policy such as the profile, domain and
subnet. Then, in order to tell the system which flow to be worked
on, the user will define a flow filter with possible elements to
get the right flow. Here, dscp value, source IP, destination IP,
source port and destination port are attributes needed to indicate
a flow. For this working policy, user also fills in the value of
each leaf, dscp = 5, src-ip-addr = 10.111.10.1, dst-ip-addr =
10.112.10.1, src-port = 8080 and dst-port = 8090. After all this,
the desired voice stream flow (dscp=5) will be selected as policy
target.
augment /supa:supa-policy/supa:supa-policy-target/supa:instance:
+--rw flowFilter
+--rw dscp? uint32
+--rw src-ip-addr? string
+--rw dst-ip-addr? string
+--rw src-port? uint32
+--rw dst-port? uint32
Figure 12: The snippet of specific policy target
Note that, the supa-policy-target is reusable and extensible as
the user can add more instance into case statement without
affecting existing one. E.g., user could also add VPN with
elements such as VPNName, source IP and destination IP.
5.2. Define the supa-ECA-component
In order to define how the policy clauses are organized and
associated into one policy, the user needs to fill in all the leaf
value in supa-ECA-component. As shown in figure 13, the
corresponding value will be filled in. The policy has event and
condition, but only one condition. And the policy will execute a
single action if the condition being evaluated as TRUE.
Chen, et al. Expires April 26, 2016 [Page 21]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
+--rw supa-ECA-component
+--rw supa-policy-events
| +--rw has-policy-events? boolean //TRUE
+--rw supa-policy-conditions
| +--rw has-policy-conditions? boolean //TRUE
| +--rw conjunctive-type? enumeration//0: AND conjunctive
+--rw supa-policy-actions
+--rw action-execution? enumeration //0: single
Figure 13: The snippet of specific ECA component
5.3. Define Event, Condition and Action clause
The core part of ECA policy is the policy statement as individual
clauses. For the example policy, event is the flow entry,
condition is that its bandwidth >= 8M, and action is to do CAR
with CIR = 20M. As shown in figure 14, the user first needs to
choose the type of event and condition clause. In this case, event
clause should be entity and use predefined flow object. Condition
clause should be script template to send the bandwidth >= 8M
script to the controller. Then design the event and condition
clause by filling in the leaf. Note that the choice of clause type
does not include in YANG data model but will be accomplished in
NETCONF via <edit-config> operation.
More specifically, the path of leafref of entity is
"/supa:flows/supa:flow/supa:flowId", which pointed to anther
module. We suppose that module has already defined the object
"flow".
For the condition part, the condition elements are defined using
augment statement. "bandwidth" and "threshold" leaf are added into
"condition-bandwidth" class.
Chen, et al. Expires April 26, 2016 [Page 22]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
augment /supa:supa-policy/supa:supa-policy-statement/supa:condition-
list:
+--rw condition-bandwidth
+--rw bandwidth? uint32
+--rw threshold? uint32
augment /supa:supa-policy/supa:supa-policy-statement/supa:action-list:
+--rw action-redirect
+--rw cir? uint32
+--rw pir? uint32
+--rw Cbs? uint32
+--rw Pbs? uint32
Figure 14: The snippet of specific policy statement
The design of action clause is more complicated as different
action has different number and type of attributes to be specified.
And the action is only valid when the condition is evaluated as
TRUE. So here a "when" statement is used to do the augment. The
"when" expression is the Xpath expression to evaluate if the
predefined "bandwidth" exceeds the "threshold".
Finally, with the refined ECA policy data model as shown in
section 6, with working policy "If the bandwidth of a voice stream
flow exceeds 8Mbps, change the CIR to 20Mbps to guarantee the
voice service" can be mapped into XML instance.
Chen, et al. Expires April 26, 2016 [Page 23]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
6. Specific ECA Policy Data Model for service flow policy
6.1. SUPA specific ECA Policy Data Model in YANG Module
<CODE BEGINS> file "ietf-supa-service-flow-policy@2015-10-10.yang"
module ietf-supa-service-flow-policy {
namespace "urn:ietf:params:xml:ns:yang:ietf-supa-service-flow-"
+"policy";
// replace with IANA namespace when assigned
prefix flow;
/*import ietf-yang-types {
prefix yang;
}*/
import ietf-inet-types {
prefix inet;
}
import ietf-eca-policy {
prefix supa;
}
organization "IETF";
contact
"Editor: Maoke Chen";
description
"This YANG module defines a component that describing
the specific ECA policy data model for service flow
refining from SGPIM and EPRIM.
Terms and Acronyms
";
revision 2015-08-25 {
reference "";
}
//flow filter parameters for a flow
augment "/supa:supa-policy/supa:supa-policy-
target/supa:instance" {
description
"Use the base ECA policy model to define service flow
policy.";
container flowFilter{
description
Chen, et al. Expires April 26, 2016 [Page 24]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
"Self defined flow filter to specify the policy
target.";
leaf dscp {
type uint32;
description
"dscp value of the indicated flow";
}
leaf src-ip-addr{
type inet:ipv4-address;
description
"source ip addresses of the flow";
}
leaf dst-ip-addr{
type inet:ipv4-address;
description
"destination ip addresses of the flow";
}
leaf src-port{
type uint32;
description
"source port number of the flow";
}
leaf dst-port{
type uint32;
description
"destination port number of the flow";
}
}
}
//Add condition clauses into the condition list
augment "/supa:supa-policy/supa:supa-policy-statement/supa:"
+"condition-list" {
description
"Define the condition clause with parameters.";
container condition-bandwidth{
description
"Define the bandwidth with threshold value.";
leaf bandwidth{
type uint32;
description
"The flow bandwidth, unit is Mbps";
}
leaf threshold{
type uint32;
description
"The threshold to trigger the action.";
}
Chen, et al. Expires April 26, 2016 [Page 25]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
}
}
//action node is depending on the condition
augment "/supa:supa-policy/supa:supa-policy-
statement/supa:action-"
+"list" {
container action-redirect{
when "/ietf-supa-policy/supa-policy/supa-policy-
statement/"
+"condition-list/condition-bandwidth/bandwidth>/ietf-
supa-"
+"policy/supa-policy/supa-policy-statement/condition-
list/"
+"condition-bandwidth/threshold"{
description
"If the condition has been evaluated as TRUE, then
the action is added to the policy.";
}
leaf cir {
type uint32;
description
"Committed information rate";
}
leaf pir {
type uint32;
description
"Peak information rate";
}
leaf Cbs {
type uint32;
description
"Committed burst size";
}
leaf Pbs {
type uint32;
description
"Peak burst size";
}
description
"Define the action clause in the policy statement.";
}
description
"The augment of the action node is only valid when the
condition is evaluated as TRUE";
}
}
<CODE ENDS>
Chen, et al. Expires April 26, 2016 [Page 26]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
7. Security Considerations
TBD
8. IANA Considerations
This document has no actions for IANA.
9. Contributor List
Andy Bierman
YumaWorks, Inc.
Email: andy@yumaworks.com
10. Acknowledgments
This document has benefited from reviews, suggestions, comments
and proposed text provided by the following members, listed in
alphabetical order: Liya Zhang, John Strassner, Juergen
Schoenwaelder.
11. References
11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the
Network Configuration Protocol (NETCONF)", RFC 6020,
October 2010.
[RFC6021] Schoenwaelder, J., "Common YANG Data Types", RFC 6021,
October 2010.
[RFC3272] Awduche, D., Chiu, A., Elwalid, A., Widjaja, I., and X.
Xiao, "Overview and Principles of Internet Traffic
Engineering", RFC 3272, May 2002.
11.2. Informative References
[I-D. strassner-supa-generic-policy-info-model] John Strassner,
"Generic Policy Information Model for Simplified Use of Policy
Chen, et al. Expires April 26, 2016 [Page 27]
�
Internet-Draft SUPA ECA Policy Data Model October 2015
Abstractions (SUPA)", draft-strassner-supa-generic-policy-info-
model-01 (work in progress), May 2015.
[RESTCONF] Bierman, A., Bjorklund, M., Watsen, K., and R. Fernando,
"RESTCONF Protocol", draft-ietf-netconf-restconf (work in
progress), July 2014.
[POLICY MODEL] Z. Wang, L. Dunbar, Q. Wu, "Network Policy YANG
Data Model" draft-wang-netmod-yang-policy-dm, January 2015.
Authors' Addresses
Maoke Chen
BBIX, Inc.
Tokyo Shiodome Building, Higashi-Shimbashi 1-9-1
Minato-ku, Tokyo, 105-7310, Japan
Email: maoke@bbix.net
Luis M. Contreras
Telefonica I+D
Ronda de la Comunicacion, Sur-3 building, 3rd floor
Madrid 28050, Spain
Email: luismiguel.contrerasmurillo@telefonica.com
URI: http://people.tid.es/LuisM.Contreras/
Michiaki Hayashi
KDDI R&D Labs. Inc.
2-1-15 Ohara, Fujimino, Saitama, Japan. 356-8502
Email: mc-hayashi@kddilabs.jp
Tina Tsou
Huawei Technologies
Email: Tina.Tsou.Zouting@huawei.com
Chen, et al. Expires April 26, 2016 [Page 28]
�
