Re: [Supa] question on the SUPA data model.
John Strassner <strazpdj@gmail.com> Thu, 16 March 2017 20:39 UTC
Return-Path: <strazpdj@gmail.com>
X-Original-To: supa@ietfa.amsl.com
Delivered-To: supa@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E08EF129A79 for <supa@ietfa.amsl.com>; Thu, 16 Mar 2017 13:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQE3hllF6YPR for <supa@ietfa.amsl.com>; Thu, 16 Mar 2017 13:39:02 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCFB5129A74 for <supa@ietf.org>; Thu, 16 Mar 2017 13:39:01 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id a6so25410198lfa.0 for <supa@ietf.org>; Thu, 16 Mar 2017 13:39:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9OAmrCeGErHz0ahY3dscd57KyPQloDj4h6cB7Mw4Abw=; b=f69nRzrWXvtRHY9UbNnPTo3Db8oynGdO+WeAhsB4bH90RlUxXIWYWo0yJY6BSVxxeR wJKawdRU9xAzgp6nC7rQHxORaffEajHlZS0HBKNLvRylYZ+UBqQEAqnQxqVcDfukH1V7 0ciCzKSlgzaQiUd3PjqDz4KJhye54uh54TjxIkmpG3AxEKAQZXBTIEHjPLVqYiuOzPXd UkGCv/ZJUEeWOdOPKYS2zenuaI3AAhc6SodxjDf89WKFPNBu9KZXUPnLOQ28yQP5VanC zN8G98Oy/7fSElKeWVjHp1cUIMSjWg15p9LoRoC4N1SyZFpJ20bzWWdYkIboMqDOwMr0 9aiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9OAmrCeGErHz0ahY3dscd57KyPQloDj4h6cB7Mw4Abw=; b=T/q7MrcorgMnE7rAZQnbkIkvMOrP+VtQPyjLsr2Q1yD198fZFBxicB6sGJ/e9Qj+ib pqg65ynqrUBrn+JE4k6gLYKs/w74wBm7jgP/zoCxe6o4GusleET+msauvo7KUEVjlsHH PHYcxEsvALiNGbxIGYOihwoM1+wA15unBE8aMv8HyRlTj0jpBSpY5IixzQmZR2EeYW6Q DRsJyStHpscKSpzds3b2l+7HQkcpdFIar4s+y1DntAZvd1Lpu0KBbAOX9m+8QlNFwos3 IkcBxxxvYliU9Wx77oXosQ0CAbMRLvs0sOyqyJcl2VQDraJxueDeod6y3XajxuDYSSTN hEIg==
X-Gm-Message-State: AFeK/H28Xw4OPWhefzjR+IhQ+imAnkrY5vcuEsylXyCJ/DJn5f1s4+gm5FfDUUxBe0TT5uIlSMfdyyQF2zd9Ig==
X-Received: by 10.46.88.9 with SMTP id m9mr3865351ljb.58.1489696739971; Thu, 16 Mar 2017 13:38:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.15.229 with HTTP; Thu, 16 Mar 2017 13:38:59 -0700 (PDT)
In-Reply-To: <d0177c8d-e90b-c335-24df-5c058b4458f8@joelhalpern.com>
References: <C9B5F12337F6F841B35C404CF0554ACB898C4654@SZXEMA509-MBS.china.huawei.com> <CAJwYUrEv8Af=XNTbmRNm7tkKcTYiA3HF3B8BBWSnZL+UuKQX8g@mail.gmail.com> <7AD05E972D7A0F47B3368775A9FF85FC9A4E4E@DGGEMM505-MBS.china.huawei.com> <d0177c8d-e90b-c335-24df-5c058b4458f8@joelhalpern.com>
From: John Strassner <strazpdj@gmail.com>
Date: Thu, 16 Mar 2017 13:38:59 -0700
Message-ID: <CAJwYUrF_axPv+8LTrqFuWoA_PbVr2B51GFhYqRe-cCNu0Kc=Ug@mail.gmail.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, John Strassner <strazpdj@gmail.com>
Cc: youlizhao <youlizhao@huawei.com>, "Liushucheng (Will Liu)" <liushucheng@huawei.com>, supa <supa@ietf.org>
Content-Type: multipart/alternative; boundary="f4030438860c025b02054adf0dc5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/supa/2FBdFoa6fNyIgsItJx_J5Ye1efE>
Subject: Re: [Supa] question on the SUPA data model.
X-BeenThere: supa@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This list is to discuss SUPA \(Simplified Use of Policy Abstractions\) related issues." <supa.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/supa>, <mailto:supa-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/supa/>
List-Post: <mailto:supa@ietf.org>
List-Help: <mailto:supa-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/supa>, <mailto:supa-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 20:39:06 -0000
Hi Leo,
I agree with Joel's comments on Actions. It depends on whether
you are talking **model** or **implementation**.
Assuming you are talking model, you could do this in a number
of ways:
1) follow a similar course to that outlined in the SNMP blocking
example, part 1 (section X.1.3), and use a generic
SUPAPolicyAction. This is good for generic solutions, but
is NOT YANG. So, this object would be passed to software
that knew how to translate it to YANG and Netconf.
2) follow a similar course to that outlined in the SNMP blocking
example, part 2 (section X.1.4), by creating a subclass of
SUPAPolicyAction, called (for example)
SUPAPolicyActionNetConf, and populate its three
exemplar attributes in a manner similar to that shown
If you are talking what the YANG would look like, or something
else, please let us know, and we're happy to help.
best regards,
John
On Thu, Mar 16, 2017 at 7:44 AM, Joel M. Halpern <jmh@joelhalpern.com>
wrote:
> I am not sure what youa re asking.
> In building an actual policy system, there need to be subclasses of
> "Action". For example, One might have a subclass which is "invoke YANG
> RPC". It has attributes for the YANG Verb, the XPATh target and the
> parameters.
> I presume one could have a subclass for "invoke OVSDB configuration".
>
> One might want more specific subclasses to enable better modeling and
> analysis. So while one might be using YANG for sending policies from a
> higher level system to a lower level one, one could also have a more
> specific class for "configure child policy". Not sure if it is needed, but
> it is certainly possible.
>
> Yours,
> Joel
>
> On 3/16/17 8:36 AM, youlizhao wrote:
>
>> Hi John,
>>
>>
>>
>> Thanks a lot for your detailed guidance.
>>
>> One remaining question is that, if I want to define an Action, do we
>> follow the similar approach? It seems that it is difficult to define
>> Actions based on a uniform format. Does it mean that we need the Augment
>> clause as defined in the YANG language?
>>
>>
>>
>> Thanks.
>>
>>
>>
>>
>>
>> Regards,
>>
>> Leo
>>
>> ------------------------------------------------------------
>> ----------------------------------//
>>
>> /Lizhao (Leo) You, PhD/
>>
>> /Senior Research Engineer/
>>
>> /Huawei Technologies Co.,Ltd/
>>
>> /youlizhao@huawei.com/ <mailto:youlizhao@huawei.com>//
>>
>> /Tel: +86-1304-942-7487/
>>
>> /www.linkedin.com/in/lizhao-you/
>>
>> ------------------------------------------------------------
>> ----------------------------------//
>>
>>
>>
>> *From:*John Strassner [mailto:strazpdj@gmail.com]
>> *Sent:* 2017年3月3日3:57
>> *To:* Liushucheng (Will Liu) <liushucheng@huawei.com>; John Strassner
>> <strazpdj@gmail.com>
>> *Cc:* draft-ietf-supa-generic-policy-data-model@ietf.org; supa
>> <supa@ietf.org>; youlizhao <youlizhao@huawei.com>
>> *Subject:* Re: [Supa] question on the SUPA data model.
>>
>>
>>
>> Hi Will,
>>
>>
>>
>> The answer to your question depends on how you plan to use these five
>> attributes. My **guess** is that you want to use them as variables in
>> condition or action clauses. If this is correct, then there are several
>> ways to model your five attributes; the two simplest are
>>
>> 1) as SUPAEncodedClauses, where the expression involving the
>> attribute is encoded into an attribute value
>> 2) as SUPAPolicyTerms (e.g., using a combination of
>> SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue)
>>
>>
>> #1 is the simplest approach; #2 is useful **if** the terms in the
>> SUPAPolicyClause are common objects whose attributes are manipulated.
>> In effect, it makes each of the {variable, operator, value} terms in the
>> canonical form of a SUPAPolicyClause reusable.
>>
>> There is another important difference between the two approaches. A
>> SUPAEncodedClause represents a **complete** SUPAPolicyClause. In
>> contrast, SUPAPolicyTerms are used to define SUPAPolicyVariables,
>> SUPAPolicyOperators, and SUPAPolicyValues as **reusable objects**;
>> this means that you "attach", or "wrap", them to a subclass of
>> SUPAPolicyClause. Put another way, the first method allows you to build
>> a complete SUPAPolicyClause in one object, while the second method
>> allows you to define a SUPAPolicyClause in terms of reusable objects.
>> The second method is preferable when you have to dynamically substitute
>> elements of a SUPAPolicyClause (e.g., variables).
>>
>> The following shows how to build a simple example using both approaches.
>>
>> Let's assume you want to be able to write:
>>
>> IF source_port == 67
>>
>>
>> Method #1: Using SUPAEncodedClause
>>
>> Defining a SUPAEncodedClause is straightforward, as you are **not**
>> (typically) using any of the SUPAPolicyComponentDecorator subclasses,
>> since the SUPAEncodedClause is, itself, a complete SUPAPolicyClause. You
>> have a single object to represent the entire SUPAPolicyClause, which is
>> an instance of the SUPAEncodedClause class. Its attributes are:
>>
>> supaEncodedClauseContent: "IF source_port == 67"
>> supaEncodedClauseEncoding: 9 // string_instance_id
>> supaEncodedClauseLanguage: 2 // text
>> supaEncodedClauseResponse: TRUE // this is meant to be set at
>> //
>> runtime after evaluation of the
>>
>> //
>> clause by the PolicyEngine
>>
>> Now, if you want to say:
>>
>> IF source_port = 67 OR source_port = 68
>>
>> Then simply modify the text of supaEncodedClauseContent.
>>
>>
>> Method #2: Using SUPAPolicyTerms
>>
>> In this method, the first task is to build three objects:
>>
>> SUPAPolicyVariable, with its attribute supaPolVarName set to
>> "source_port" (a string)
>> SUPAPolicyOperator, with its attribute supaPolOpType set to 6 (which
>> signifies "equal to")
>> SUPAPolicyValue, with its attributes supaPolValContent and
>> supaPolValEncoding set to 67 and 3 (3 means "integer"), respectively
>>
>> These all subclass from SUPAPolicyComponentDecorator, which means that
>> they can decorate a SUPAPolicyClause. Now, the second task is to choose
>> a subclass of SUPAPolicyClause to attach these three objects to. Let's
>> assume that you choose SUPABooleanClauseAtomic. The attribute values of
>> SUPABoolean clause are:
>>
>> supaBoolClauseIsNegated is set to FALSE
>> supaBoolClauseBindValue is set to 1
>> supaBoolClauseIsCNF is set to TRUE
>>
>> Note that in -02 of the IM document, the latter two attributes were
>> defined only in the SUPABooleanClauseComposite class. This has been
>> changed in the upcoming -03 IM document (to be published soon), and all
>> three of the above attributes are moved to SUPABooleanClause, so that
>> they are available to both of its subclasses.
>>
>> Now, if you want to say:
>>
>> IF source_port = 67 OR source_port = 68
>>
>> Then simply repeat the above procedure to create another set of
>> SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue objects,
>> form another SUPABooleanClauseAtomic object (whose
>> supaBoolClauseBindValue is now set to 2, but whose other attributes
>>
>> remain the same*), and now create a new
>>
>> SUPABooleanClauseComposite object to bind them together.
>>
>>
>>
>> * Note that A OR B is in conjunctive normal form, because it can be
>>
>> seen as the conjunction of the two single-literal clauses. Note also that
>>
>> both A OR B and A AND B can also be seen as being in DNF.
>>
>>
>>
>>
>>
>> best regards,
>>
>> John and Joel
>>
>>
>>
>> On Thu, Feb 16, 2017 at 12:20 AM, Liushucheng (Will)
>> <liushucheng@huawei.com <mailto:liushucheng@huawei.com>> wrote:
>>
>> Hi all,
>>
>>
>>
>> I received a question to SUPA data model from a developer. I’m
>> forwarding it here so that the discussion here will help other
>> developer to better understand how to use supa data model.
>>
>>
>>
>> --start—
>>
>> Dear SUPA YANG model authors,
>>
>>
>>
>> Thanks for drafting the SUPA Generic Policy YANG data model
>> (draft-ietf-supa-generic-policy-data-model-02), and it explains the
>> concept well. However, I met some difficulties when applying the
>> data model to real systems. In particular, I tried to define an ECA
>> YANG model, and used the ECA YANG model to develop a real working
>> system.
>>
>>
>>
>> In my system, there are some concrete elements such as <source_ip,
>> source_port>, <dest_ip, dest_port>, port_bandwidth, and ECA policies
>> are defined on these elements. I wondered how to deal with these
>> elements/policies in the Generic YANG model
>> (draft-ietf-supa-generic-policy-data-model-02)? (e.g., enrich some
>> container?)
>>
>>
>>
>> I would greatly appreciate it if you kindly give me some advice.
>> Many thanks!
>>
>>
>>
>> Regards,
>>
>> Leo
>>
>> --end--
>>
>>
>>
>> Regards,
>>
>> Will (Shucheng LIU)
>>
>>
>>
>>
>> _______________________________________________
>> Supa mailing list
>> Supa@ietf.org <mailto:Supa@ietf.org>
>> https://www.ietf.org/mailman/listinfo/supa
>>
>>
>>
>>
>> --
>>
>> regards,
>>
>> John
>>
>>
>>
>> _______________________________________________
>> Supa mailing list
>> Supa@ietf.org
>> https://www.ietf.org/mailman/listinfo/supa
>>
>>
--
regards,
John
- [Supa] question on the SUPA data model. Liushucheng (Will)
- Re: [Supa] question on the SUPA data model. John Strassner
- Re: [Supa] question on the SUPA data model. youlizhao
- Re: [Supa] question on the SUPA data model. Joel M. Halpern
- Re: [Supa] question on the SUPA data model. John Strassner
- Re: [Supa] question on the SUPA data model. youlizhao
- Re: [Supa] question on the SUPA data model. Joel M. Halpern
- Re: [Supa] question on the SUPA data model. Joel M. Halpern
- Re: [Supa] question on the SUPA data model. John Strassner