IETF Logo Mail Archive

Re: [Supa] question on the SUPA data model.

"Joel M. Halpern" <jmh@joelhalpern.com> Wed, 22 March 2017 03:52 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: supa@ietfa.amsl.com
Delivered-To: supa@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 444F413144B for <supa@ietfa.amsl.com>; Tue, 21 Mar 2017 20:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SUuemqKwY0gs for <supa@ietfa.amsl.com>; Tue, 21 Mar 2017 20:52:47 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 695AB120726 for <supa@ietf.org>; Tue, 21 Mar 2017 20:52:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 50296245B49; Tue, 21 Mar 2017 20:52:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1490154767; bh=9vBmXX3LrlGBlvFG8dkfLfJofHPPLXCRAB4CRmF792I=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=XaVmu1s56nGQeHxaHnD7Q1yWTGCoMwvwbousVMKAUixBRaRR4tSXGOgewanCj9xRG Qf7Lec/eNTieaC2yB5v0G4Fl46tg7PcxAuMZ18BiZuWTfDEYRA67tP5ibNlhW+l/FB kOMiDbBoq/TjyLhihqpoxujy6SJwwkKs2o/4Gv/4=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 72AF8240C56; Tue, 21 Mar 2017 20:46:36 -0700 (PDT)
To: youlizhao <youlizhao@huawei.com>, John Strassner <strazpdj@gmail.com>
References: <C9B5F12337F6F841B35C404CF0554ACB898C4654@SZXEMA509-MBS.china.huawei.com> <CAJwYUrEv8Af=XNTbmRNm7tkKcTYiA3HF3B8BBWSnZL+UuKQX8g@mail.gmail.com> <7AD05E972D7A0F47B3368775A9FF85FC9A4E4E@DGGEMM505-MBS.china.huawei.com> <d0177c8d-e90b-c335-24df-5c058b4458f8@joelhalpern.com> <CAJwYUrF_axPv+8LTrqFuWoA_PbVr2B51GFhYqRe-cCNu0Kc=Ug@mail.gmail.com> <7AD05E972D7A0F47B3368775A9FF85FC9AA9DE@DGGEMM505-MBS.china.huawei.com>
Cc: "Liushucheng (Will Liu)" <liushucheng@huawei.com>, supa <supa@ietf.org>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <dfef78cd-43f7-b01f-25dd-e365686aa74e@joelhalpern.com>
Date: Tue, 21 Mar 2017 23:46:05 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <7AD05E972D7A0F47B3368775A9FF85FC9AA9DE@DGGEMM505-MBS.china.huawei.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/supa/6fUpm01ukNr78-A5wmyiWcLO_KI>
Subject: Re: [Supa] question on the SUPA data model.
X-BeenThere: supa@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This list is to discuss SUPA \(Simplified Use of Policy Abstractions\) related issues." <supa.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/supa>, <mailto:supa-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/supa/>
List-Post: <mailto:supa@ietf.org>
List-Help: <mailto:supa-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/supa>, <mailto:supa-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 03:52:50 -0000

That is close.  I would not describe SUPA as a meta-model, but rather as 
the upper levels of abstraction which define the structure within which 
the more detailed elements will fit.

Yours,
Joel

On 3/21/17 10:41 PM, youlizhao wrote:
> Hi John and Joel,
>
>
>
> I am sorry for being unclear. I hoped to figure out what the Action YANG
> model looks like, and how to implement it.
>
>
>
> John’s email made me realize there were some discussions (e.g., the SNMP
> blocking example). I will digest the discussions to see if I can design
> a similar model for my system.
>
>
>
> I thought ECA YANG model should similar to some service models such as
> L2SM/L3SM which have well-defined properties to follow.  It seems that
> different systems may have different definitions of
> Event/Condition/Action, and the meta-YANG model is what SUPA wants to
> define. Am I correct?
>
>
>
> Thanks.
>
>
>
> Regards,
>
> Leo
>
>
>
> *From:*John Strassner [mailto:strazpdj@gmail.com]
> *Sent:* 2017年3月17日4:39
> *To:* Joel M. Halpern <jmh@joelhalpern.com>; John Strassner
> <strazpdj@gmail.com>
> *Cc:* youlizhao <youlizhao@huawei.com>; Liushucheng (Will Liu)
> <liushucheng@huawei.com>; supa <supa@ietf.org>
> *Subject:* Re: [Supa] question on the SUPA data model.
>
>
>
> Hi Leo,
>
>
>
> I agree with Joel's comments on Actions. It depends on whether
>
> you are talking **model** or **implementation**.
>
>
>
> Assuming you are talking model, you could do this in a number
>
> of ways:
>
>
>
>    1) follow a similar course to that outlined in the SNMP blocking
>
>        example, part 1 (section X.1.3), and use a generic
>
>        SUPAPolicyAction. This is good for generic solutions, but
>
>        is NOT YANG. So, this object would be passed to software
>        that knew how to translate it to YANG and Netconf.
>
>    2) follow a similar course to that outlined in the SNMP blocking
>
>        example, part 2 (section X.1.4), by creating a subclass of
>
>        SUPAPolicyAction, called (for example)
>
>        SUPAPolicyActionNetConf, and populate its three
>
>        exemplar attributes in a manner similar to that shown
>
>
>
> If you are talking what the YANG would look like, or something
>
> else, please let us know, and we're happy to help.
>
>
>
> best regards,
>
> John
>
>
>
> On Thu, Mar 16, 2017 at 7:44 AM, Joel M. Halpern <jmh@joelhalpern.com
> <mailto:jmh@joelhalpern.com>> wrote:
>
>     I am not sure what youa re asking.
>     In building an actual policy system, there need to be subclasses of
>     "Action".  For example, One might have a subclass which is "invoke
>     YANG RPC".  It has attributes for the YANG Verb, the XPATh target
>     and the parameters.
>     I presume one could have a subclass for "invoke OVSDB configuration".
>
>     One might want more specific subclasses to enable better modeling
>     and analysis.  So while one might be using YANG for sending policies
>     from a higher level system to a lower level one, one could also have
>     a more specific class for "configure child policy".  Not sure if it
>     is needed, but it is certainly possible.
>
>     Yours,
>     Joel
>
>     On 3/16/17 8:36 AM, youlizhao wrote:
>
>         Hi John,
>
>
>
>         Thanks a lot for your detailed guidance.
>
>         One remaining question is that, if I want to define an Action, do we
>         follow the similar approach? It seems that it is difficult to define
>         Actions based on a uniform format. Does it mean that we need the
>         Augment
>         clause as defined in the YANG language?
>
>
>
>         Thanks.
>
>
>
>
>
>         Regards,
>
>         Leo
>
>         ----------------------------------------------------------------------------------------------//
>
>         /Lizhao (Leo) You, PhD/
>
>         /Senior Research Engineer/
>
>         /Huawei Technologies Co.,Ltd/
>
>         /youlizhao@huawei.com/ <http://youlizhao@huawei.com/>
>         <mailto:youlizhao@huawei.com <mailto:youlizhao@huawei.com>>//
>
>         /Tel: +86-1304-942-7487 <tel:%2B86-1304-942-7487>/
>
>         /www.linkedin.com/in/lizhao-you/
>         <http://www.linkedin.com/in/lizhao-you/>
>
>         ----------------------------------------------------------------------------------------------//
>
>
>
>         *From:*John Strassner [mailto:strazpdj@gmail.com
>         <mailto:strazpdj@gmail.com>]
>         *Sent:* 2017年3月3日3:57
>         *To:* Liushucheng (Will Liu) <liushucheng@huawei.com
>         <mailto:liushucheng@huawei.com>>; John Strassner
>         <strazpdj@gmail.com <mailto:strazpdj@gmail.com>>
>         *Cc:* draft-ietf-supa-generic-policy-data-model@ietf.org
>         <mailto:draft-ietf-supa-generic-policy-data-model@ietf.org>; supa
>         <supa@ietf.org <mailto:supa@ietf.org>>; youlizhao
>         <youlizhao@huawei.com <mailto:youlizhao@huawei.com>>
>         *Subject:* Re: [Supa] question on the SUPA data model.
>
>
>
>         Hi Will,
>
>
>
>         The answer to your question depends on how you plan to use these
>         five
>         attributes. My **guess** is that you want to use them as
>         variables in
>         condition or action clauses. If this is correct, then there are
>         several
>         ways to model your five attributes; the two simplest are
>
>            1) as SUPAEncodedClauses, where the expression involving the
>                attribute is encoded into an attribute value
>            2) as SUPAPolicyTerms (e.g., using a combination of
>                SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue)
>
>
>         #1 is the simplest approach; #2 is useful **if** the terms in the
>         SUPAPolicyClause are common objects whose attributes are
>         manipulated.
>         In effect, it makes each of the {variable, operator, value}
>         terms in the
>         canonical form of a SUPAPolicyClause reusable.
>
>         There is another important difference between the two approaches. A
>         SUPAEncodedClause represents a **complete** SUPAPolicyClause. In
>         contrast, SUPAPolicyTerms are used to define SUPAPolicyVariables,
>         SUPAPolicyOperators, and SUPAPolicyValues as **reusable objects**;
>         this means that you "attach", or "wrap", them to a subclass of
>         SUPAPolicyClause. Put another way, the first method allows you
>         to build
>         a complete SUPAPolicyClause in one object, while the second method
>         allows you to define a SUPAPolicyClause in terms of reusable
>         objects.
>         The second method is preferable when you have to dynamically
>         substitute
>         elements of a SUPAPolicyClause (e.g., variables).
>
>         The following shows how to build a simple example using both
>         approaches.
>
>         Let's assume you want to be able to write:
>
>            IF source_port == 67
>
>
>         Method #1: Using SUPAEncodedClause
>
>         Defining a SUPAEncodedClause is straightforward, as you are **not**
>         (typically) using any of the SUPAPolicyComponentDecorator
>         subclasses,
>         since the SUPAEncodedClause is, itself, a complete
>         SUPAPolicyClause. You
>         have a single object to represent the entire SUPAPolicyClause,
>         which is
>         an instance of the SUPAEncodedClause class. Its attributes are:
>
>            supaEncodedClauseContent:      "IF source_port == 67"
>            supaEncodedClauseEncoding:    9         // string_instance_id
>            supaEncodedClauseLanguage:   2         // text
>            supaEncodedClauseResponse:  TRUE  // this is meant to be set at
>
>            //
>         runtime after evaluation of the
>
>
>            //
>         clause by the PolicyEngine
>
>         Now, if you want to say:
>
>            IF source_port = 67 OR source_port = 68
>
>         Then simply modify the text of supaEncodedClauseContent.
>
>
>         Method #2: Using SUPAPolicyTerms
>
>         In this method, the first task is to build three objects:
>
>            SUPAPolicyVariable, with its attribute supaPolVarName set to
>               "source_port" (a string)
>            SUPAPolicyOperator, with its attribute supaPolOpType set to 6
>         (which
>               signifies "equal to")
>            SUPAPolicyValue, with its attributes supaPolValContent and
>              supaPolValEncoding set to 67 and 3 (3 means "integer"),
>         respectively
>
>         These all subclass from SUPAPolicyComponentDecorator, which
>         means that
>         they can decorate a SUPAPolicyClause. Now, the second task is to
>         choose
>         a subclass of SUPAPolicyClause to attach these three objects to.
>         Let's
>         assume that you choose SUPABooleanClauseAtomic. The attribute
>         values of
>         SUPABoolean clause are:
>
>            supaBoolClauseIsNegated is set to FALSE
>            supaBoolClauseBindValue is set to 1
>            supaBoolClauseIsCNF is set to TRUE
>
>         Note that in -02 of the IM document, the latter two attributes were
>         defined only in the SUPABooleanClauseComposite class. This has been
>         changed in the upcoming -03 IM document (to be published soon),
>         and all
>         three of the above attributes are moved to SUPABooleanClause, so
>         that
>         they are available to both of its subclasses.
>
>         Now, if you want to say:
>
>            IF source_port = 67 OR source_port = 68
>
>         Then simply repeat the above procedure to create another set of
>         SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue objects,
>         form another SUPABooleanClauseAtomic object (whose
>         supaBoolClauseBindValue is now set to 2, but whose other attributes
>
>         remain the same*), and now create a new
>
>         SUPABooleanClauseComposite object to bind them together.
>
>
>
>         * Note that A OR B is in conjunctive normal form, because it can be
>
>         seen as the conjunction of the two single-literal clauses. Note
>         also that
>
>         both A OR B and A AND B can also be seen as being in DNF.
>
>
>
>
>
>         best regards,
>
>         John and Joel
>
>
>
>         On Thu, Feb 16, 2017 at 12:20 AM, Liushucheng (Will)
>         <liushucheng@huawei.com <mailto:liushucheng@huawei.com>
>         <mailto:liushucheng@huawei.com <mailto:liushucheng@huawei.com>>>
>         wrote:
>
>             Hi all,
>
>
>
>             I received a question to SUPA data model from a developer. I’m
>             forwarding it here so that the discussion here will help other
>             developer to better understand how to use supa data model.
>
>
>
>             --start—
>
>             Dear SUPA YANG model authors,
>
>
>
>             Thanks for drafting the SUPA Generic Policy YANG data model
>             (draft-ietf-supa-generic-policy-data-model-02), and it
>         explains the
>             concept well. However, I met some difficulties when applying the
>             data model to real systems. In particular, I tried to define
>         an ECA
>             YANG model, and used the ECA YANG model to develop a real
>         working
>             system.
>
>
>
>             In my system, there are some concrete elements such as
>         <source_ip,
>             source_port>, <dest_ip, dest_port>, port_bandwidth, and ECA
>         policies
>             are defined on these elements. I wondered how to deal with these
>             elements/policies in the Generic YANG model
>             (draft-ietf-supa-generic-policy-data-model-02)? (e.g.,
>         enrich some
>             container?)
>
>
>
>             I would greatly appreciate it if you kindly give me some advice.
>             Many thanks!
>
>
>
>             Regards,
>
>             Leo
>
>             --end--
>
>
>
>             Regards,
>
>             Will (Shucheng LIU)
>
>
>
>
>             _______________________________________________
>             Supa mailing list
>             Supa@ietf.org <mailto:Supa@ietf.org> <mailto:Supa@ietf.org
>         <mailto:Supa@ietf.org>>
>             https://www.ietf.org/mailman/listinfo/supa
>
>
>
>
>         --
>
>         regards,
>
>         John
>
>
>
>         _______________________________________________
>         Supa mailing list
>         Supa@ietf.org <mailto:Supa@ietf.org>
>         https://www.ietf.org/mailman/listinfo/supa
>
>
>
>
> --
>
> regards,
>
> John
>

v2.23.0 | Report a Bug | By Email