[netmod] ECA Policy: When to detect and resolve policy conflicts?
Qin Wu <bill.wu@huawei.com> Wed, 10 March 2021 08:25 UTC
Return-Path: <bill.wu@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 291053A1EF3 for <netmod@ietfa.amsl.com>; Wed, 10 Mar 2021 00:25:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wdTZ8LA5_11S for <netmod@ietfa.amsl.com>; Wed, 10 Mar 2021 00:25:28 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBA093A1EF2 for <netmod@ietf.org>; Wed, 10 Mar 2021 00:25:27 -0800 (PST)
Received: from fraeml708-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4DwPgz4zcpz67sn1; Wed, 10 Mar 2021 16:02:39 +0800 (CST)
Received: from fraeml708-chm.china.huawei.com (10.206.15.36) by fraeml708-chm.china.huawei.com (10.206.15.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 10 Mar 2021 09:08:36 +0100
Received: from DGGEML401-HUB.china.huawei.com (10.3.17.32) by fraeml708-chm.china.huawei.com (10.206.15.36) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.2106.2 via Frontend Transport; Wed, 10 Mar 2021 09:08:36 +0100
Received: from DGGEML511-MBS.china.huawei.com ([169.254.4.181]) by DGGEML401-HUB.china.huawei.com ([fe80::89ed:853e:30a9:2a79%31]) with mapi id 14.03.0513.000; Wed, 10 Mar 2021 16:08:32 +0800
From: Qin Wu <bill.wu@huawei.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, 'NETMOD Group' <netmod@ietf.org>
Thread-Topic: ECA Policy: When to detect and resolve policy conflicts?
Thread-Index: AdcVg3g45rpKy13fRu2py1vAM+lobw==
Date: Wed, 10 Mar 2021 08:08:31 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABAADE4F3E0@dggeml511-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.123.117]
Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAADE4F3E0dggeml511mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/EOUDI-MuEkzzcdRxBSBolyv2jO8>
Subject: [netmod] ECA Policy: When to detect and resolve policy conflicts?
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2021 08:25:32 -0000
Hi, Juergen: From ECA Policy injected into the network device/NETCONF server, to ECA service logic execution, it comprises of 1. Extract standard policy variables from Event 2. Mapping Policy variable into XPATH variables 3. ECA XPATH Evaluation 4. ECA Action Execution Four phase, we think policy conflict may happen in the phase of ECA XPATH Evaluation or ECA Action Execution phase, In both phases, if Policy conflict is detected, the ECA exception will be logged and inform to the local management function. In addition, Policy conflict can also be detected in the Policy design/definition stage. Last, we also introduce ECA policy verification function, i.e., use Diagnostic event to debug the policy conflict before the policy can be enforced in the network device. -Qin (on behalf of authors) -----邮件原件----- 发件人: netmod [mailto:netmod-bounces@ietf.org] 代表 Juergen Schoenwaelder 发送时间: 2020年12月30日 2:56 收件人: Adrian Farrel <adrian@olddog.co.uk> 抄送: 'NETMOD Group' <netmod@ietf.org> 主题: Re: [netmod] Adoption poll for draft-wwx-netmod-event-yang-10 Adrian, some key issues when it comes to policy-based management systems: - What is an adequate abstraction level to express policies and intent? This question has no simple answer. I believe policies need to be readable and hence they need to be expressed at a high level of abstraction and in a suitable _language_. High-level policy expression may be compiled down into more verbose primitive representations that are closer to an execution abstraction. A common pitfall is to start somewhere in the middle of several layers of abstraction and then getting stuck with something awkward to put a clean higher layer abstract onto and to compile things down to _efficient_ instrumentations. - Where are policies executed? This can range from a logically centralized policy execution engine, which is part of what people call an orchestrator these days, to fully distributed policy execution models. In reality, you likely want to distribute functions dynamically but this makes solutions technically much more complicated. Given today's scalable computing and networking capabilities, logically centralized solutions are on the rise and have replaced the distributed approaches of the 90s. - When to detect and resolve policy conflicts? Detecting and resolving conflicts in larger collections of policies is non-trivial. This includes problems ranging from micro timescale atomicity issues to larger timescale stability issues (interacting policy control loops). If policy execution is distributed (or the event / information sources are distributed), this ultimately resolves to problems such as taking consistent snapshots or finding ways to work with inconsistent observations of a distributed system that are guaranteed to converge to stable states (self-stabilizing algorithms). - Who is interested in interoperable policy representations / languages? The IETF is about interoperability. What are the business models that push for interoperable policy based management standards? Who benefits from having an interoperable standard and how much effort are organizations willing to invest into engineering a reasonable solution addressing the other (non-trivial) questions raised above? Will they be implementing the solution in their products? My position is that there are way too many difficult technical issues to resolve for this work to be viable for the IETF. Instead, I suggest that people go and work out solutions and once the silver bullet has been found, bring it to the IETF. (Historically, all attempts to cast policies into existing data models such as MIB modules or LDAP schema led to something awkward and unusable. I believe YANG modules are no different.) /js Some relevant RFCs (there may be more): 3052 Service Management Architectures Issues and Review. M. Eder, S. Nag. January 2001. (Format: TXT, HTML) (Status: INFORMATIONAL) (DOI: 10.17487/RFC3052) 3084 COPS Usage for Policy Provisioning (COPS-PR). K. Chan, J. Seligson, D. Durham, S. Gai, K. McCloghrie, S. Herzog, F. Reichmeyer, R. Yavatkar, A. Smith. March 2001. (Format: TXT, HTML) (Status: HISTORIC) (DOI: 10.17487/RFC3084) 3159 Structure of Policy Provisioning Information (SPPI). K. McCloghrie, M. Fine, J. Seligson, K. Chan, S. Hahn, R. Sahita, A. Smith, F. Reichmeyer. August 2001. (Format: TXT, HTML) (Status: HISTORIC) (DOI: 10.17487/RFC3159) 3318 Framework Policy Information Base. R. Sahita, Ed., S. Hahn, K. Chan, K. McCloghrie. March 2003. (Format: TXT, HTML) (Status: HISTORIC) (DOI: 10.17487/RFC3318) 3460 Policy Core Information Model (PCIM) Extensions. B. Moore, Ed.. January 2003. (Format: TXT, HTML) (Updates RFC3060) (Status: PROPOSED STANDARD) (DOI: 10.17487/RFC3460) 3644 Policy Quality of Service (QoS) Information Model. Y. Snir, Y. Ramberg, J. Strassner, R. Cohen, B. Moore. November 2003. (Format: TXT, HTML) (Status: PROPOSED STANDARD) (DOI: 10.17487/RFC3644) 3198 Terminology for Policy-Based Management. A. Westerinen, J. Schnizlein, J. Strassner, M. Scherling, B. Quinn, S. Herzog, A. Huynh, M. Carlson, J. Perry, S. Waldbusser. November 2001. (Format: TXT, HTML) (Status: INFORMATIONAL) (DOI: 10.17487/RFC3198) 4011 Policy Based Management MIB. S. Waldbusser, J. Saperia, T. Hongal. March 2005. (Format: TXT, HTML) (Status: PROPOSED STANDARD) (DOI: 10.17487/RFC4011) 4104 Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS). M. Pana, Ed., A. Reyes, A. Barba, D. Moron, M. Brunner. June 2005. (Format: TXT, HTML) (Updates RFC3703) (Status: PROPOSED STANDARD) (DOI: 10.17487/RFC4104) 8328 Policy-Based Management Framework for the Simplified Use of Policy Abstractions (SUPA). W. Liu, C. Xie, J. Strassner, G. Karagiannis, M. Klyus, J. Bi, Y. Cheng, D. Zhang. March 2018. (Format: TXT, HTML) (Status: INFORMATIONAL) (DOI: 10.17487/RFC8328) WGs/RGs that at least partially related to policy-based management: - Simplified Use of Policy Abstractions WG (supa) (2015 - 2017) - Policy Framework WG (policy) (1998 - 2004) - Resource Allocation Protocol WG (rap) (1997 - 2005) - Distributed Management WG (disman) (1996 - 2006) - Services Management RG (smrg) (2019? - 2001?) - Network Management RG (nmrg) - draft-clemm-nmrg-dist-intent (2017-2019) - draft-irtf-nmrg-ibn-concepts-definitions-02.txt (2019-2020) Other resources: - https://en.wikipedia.org/wiki/Policy-based_management - https://www.youtube.com/watch?v=E_v-of582xg - Boutaba, R. and I. Aib, "Policy-Based Management: A Historical Perspective". Journal of Network and Systems Management (JNSM), Springer, Vol. 15 (4), December 2007. https://doi.org/10.1007/s10922-007-9083-8 - Pavlou, G., "On the Evolution of Management Approaches, Frameworks and Protocols: A Historical Perspective". Journal of Network and Systems Management (JNSM), Springer, Vol. 15 (4), December 2007. https://doi.org/10.1007/s10922-007-9082-9 - Strassner, J., "Policy-Based Network Management: Solutions for the Next Generation", Morgan Kaufmann, December 2003. On Tue, Dec 29, 2020 at 04:26:12PM -0000, Adrian Farrel wrote: > Hi Juergen, > > What you say about learning lessons from the past is wise and valuable. > > Sadly (well, it's a good thing, really) we have new people in the IETF > and the memory of events over the last 20 years are not immediately > accessible to them. Others, who are old and grey, have been around > that long but were not necessarily involved in previous ECA discussions. > > Since "intent-based networking" is a big thing once again (see recent > reports of acquisitions in this sector) the excitement about ECA may > be forgiven, but it would help to ground the discussions if those who > can remember previous efforts would share their experiences or at > least some pointers. > > Best, > Adrian > > -----Original Message----- > From: netmod <netmod-bounces@ietf.org<mailto:netmod-bounces@ietf.org>> On Behalf Of Juergen > Schoenwaelder > Sent: 23 December 2020 18:09 > To: Andy Bierman <andy@yumaworks.com<mailto:andy@yumaworks.com>> > Cc: NetMod WG Chairs <netmod-chairs@ietf.org<mailto:netmod-chairs@ietf.org>>; NETMOD Group > <netmod@ietf.org<mailto:netmod@ietf.org>> > Subject: Re: [netmod] Adoption poll for draft-wwx-netmod-event-yang-10 > > On Wed, Dec 23, 2020 at 07:05:44AM -0800, Andy Bierman wrote: > > On Wed, Dec 23, 2020 at 3:14 AM tom petch <ietfc@btconnect.com<mailto:ietfc@btconnect.com>> wrote: > > > > > From: netmod <netmod-bounces@ietf.org<mailto:netmod-bounces@ietf.org>> on behalf of Dhruv Dhody < > > > dhruv.ietf@gmail.com<mailto:dhruv.ietf@gmail.com>> > > > Sent: 21 December 2020 17:12 > > > > > > Hi Lou, WG, > > > > > > I find the motivation in the Introduction to be focused on ECA at > > > the network devices (with all the talk about issues with > > > Centralized network management). > > > > > > I see the value of ECA on the controller as well, say a customer > > > network controller or an orchestrator can set the ECA on a central > > > controller (reference ACTN in TEAS WG). Perhaps you would consider > > > adding a sentence to describe this as well. The client-server > > > terminology in the rest of the document covers it already. > > > > > > And I do see value in this and support adoption. > > > > > > <tp> > > > My take is that the I-D is unclear on what ECA is. > > > > > > ECA has been worked on in at least two IETF WG AFAICT. It cropped > > > up in I2RS but as I recall, it was along the lines of 'This is > > > ECA' 'No It is not' 'Yes it is' which gave me the impression > > > that ECA is not a well-defined, or well-understood, term. > > > > > > More recently, I2NSF have produced a YANG capability-data-model > > > which is > > > 55 pages of ECA. Lacking a definition in this netmod I-D, I am > > > unclear what the relationship is between the I2NSF I-D and the > > > netmod I-D, > whether > > > or not they are using ECA in the same sense. > > > > > > > > Hi Tom, > > > > It usually helps to agree on the problem-space before focusing on > > the solution-space. > > ECA seems like a methodology (ala MVC) more than anything else. > > The problem statement seems to be that some client tasks need to be > handled > > on the > > server using ECA methodology, instead of on the client. > > Which tasks? Seems to be any task of arbitrary purpose or complexity. > > And now the scope is supposed to include controllers (just another > client), > > so the problem-stmt > > is even less clear. > > > > The traditional approach is to pick specific client tasks to move to > > the server. > > The example of detecting and reporting route-flaps has been used. > > (No ECA example of this complexity has been provided yet). > > The traditional approach would be to write a route-flap-detection > > YANG module with some configuration, monitoring data, and > > notification events. > > > > The generalized approach is likely to be extremely complex to > > standardize and implement. > > > > ECA work has a long 20+ year tradition in the IETF and several > specifications have been published over the years by various working > groups. As far as I can tell, none of them got traction in terms of > signifiant deployment of interoperable implementations. > > I would have hoped that the next iteration of ECA work would have > started with a deep reflection about why all the previous attempts > failed to gain traction and some genuine insights how to design things > differently in order to improve the likelihood to have impact. > > /js > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > Fax: +49 421 200 3103 <https://www.jacobs-university.de/> > > _______________________________________________ > netmod mailing list > netmod@ietf.org<mailto:netmod@ietf.org> > https://www.ietf.org/mailman/listinfo/netmod > -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/> _______________________________________________ netmod mailing list netmod@ietf.org<mailto:netmod@ietf.org> https://www.ietf.org/mailman/listinfo/netmod