IETF Logo Mail Archive

Re: [Supa] question on the SUPA data model.

John Strassner <strazpdj@gmail.com> Thu, 02 March 2017 19:57 UTC

Return-Path: <strazpdj@gmail.com>
X-Original-To: supa@ietfa.amsl.com
Delivered-To: supa@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27D60129625; Thu, 2 Mar 2017 11:57:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KoznwzLemZ7k; Thu, 2 Mar 2017 11:57:26 -0800 (PST)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36DF4129624; Thu, 2 Mar 2017 11:57:23 -0800 (PST)
Received: by mail-lf0-x22e.google.com with SMTP id y193so38600653lfd.3; Thu, 02 Mar 2017 11:57:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eDW2wyr7lYz7evNelJECMM/cUMvenU/neaE+er8pkm0=; b=Qo68LQgjMjAV6mVBT0uFam366+/JOlqIEM3zlX29eTp/F4EgkSTaKvSVbliLEXtgmB 15D55d9yJ9yJZH4e0HsQqJy6OIImXuGdnQOBIhyi//SldnV/p1ho+cYX8/mWCy573+cp z95A30R+LyQzImFo5Hgh7DQCdvDHGw/6jbs4LZrBW8IigzCw/tYnyYXxTEhVJd0uPLEH efGXS5sOt57yALJ0yGKwVG3F3zUnHFkWYOat1xBHzaydlzWToXQg9aLeiRs/ijRYQ7N4 LNnR/5qidcIvNWvCBVFBKBBvNvirm8LxOTuuceSrtgcgOMRVAi11vskL+haWjnvufmOz tNcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eDW2wyr7lYz7evNelJECMM/cUMvenU/neaE+er8pkm0=; b=W4ozo9bNORcLyO+4xlrtE8NB4Qqu1OWItc/XfEyd0z8Wfjv990W/4bXaUZR38BcCoL WHNuZswkF/OaIy8lU/82Np6co6vWv4cBZmw79KkbFvFs4idA2MCmw6WX9dm1dtsm8ZsP HteIY8HE8x9Pn0OxPtXLQA92k1+/JaxlI+ercClg2Z175QC4Q0EXA/kxHjnEluYe9CuL UCBv4Vc9mC9WRK/tNfHwyrfqmz4aZKsj5fGq7BE/GkyIWxFj1622PyU9Fe/UJ5y5Sk3Z qkyOcud89V6UZtZYNJtVD7AeLEn0Gm+9B8mvDrWbKozMSwG+wsTNgr28vXGLFqvuknjF EuQA==
X-Gm-Message-State: AMke39ktFYEtEZ5GK9bzi3xYF5YuUmCBEzilQTOWvaDUnQoqKKxt8rsxtm/+T1oaqXAfz1qIx8v+uQ4OaFPS3w==
X-Received: by 10.25.99.153 with SMTP id v25mr5045559lfi.170.1488484641259; Thu, 02 Mar 2017 11:57:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.15.229 with HTTP; Thu, 2 Mar 2017 11:57:20 -0800 (PST)
In-Reply-To: <C9B5F12337F6F841B35C404CF0554ACB898C4654@SZXEMA509-MBS.china.huawei.com>
References: <C9B5F12337F6F841B35C404CF0554ACB898C4654@SZXEMA509-MBS.china.huawei.com>
From: John Strassner <strazpdj@gmail.com>
Date: Thu, 02 Mar 2017 11:57:20 -0800
Message-ID: <CAJwYUrEv8Af=XNTbmRNm7tkKcTYiA3HF3B8BBWSnZL+UuKQX8g@mail.gmail.com>
To: "Liushucheng (Will)" <liushucheng@huawei.com>, John Strassner <strazpdj@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c0d8e3a4bc9d60549c4d647"
Archived-At: <https://mailarchive.ietf.org/arch/msg/supa/Y2Sf1BGXr-k26tSk6WnKam-mVYw>
Cc: youlizhao <youlizhao@huawei.com>, "draft-ietf-supa-generic-policy-data-model@ietf.org" <draft-ietf-supa-generic-policy-data-model@ietf.org>, supa <supa@ietf.org>
Subject: Re: [Supa] question on the SUPA data model.
X-BeenThere: supa@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss SUPA \(Simplified Use of Policy Abstractions\) related issues." <supa.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/supa>, <mailto:supa-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/supa/>
List-Post: <mailto:supa@ietf.org>
List-Help: <mailto:supa-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/supa>, <mailto:supa-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 19:57:29 -0000

Hi Will,

The answer to your question depends on how you plan to use these five
attributes. My **guess** is that you want to use them as variables in
condition or action clauses. If this is correct, then there are several
ways to model your five attributes; the two simplest are

   1) as SUPAEncodedClauses, where the expression involving the
       attribute is encoded into an attribute value
   2) as SUPAPolicyTerms (e.g., using a combination of
       SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue)

#1 is the simplest approach; #2 is useful **if** the terms in the
SUPAPolicyClause are common objects whose attributes are manipulated.
In effect, it makes each of the {variable, operator, value} terms in the
canonical form of a SUPAPolicyClause reusable.

There is another important difference between the two approaches. A
SUPAEncodedClause represents a **complete** SUPAPolicyClause. In
contrast, SUPAPolicyTerms are used to define SUPAPolicyVariables,
SUPAPolicyOperators, and SUPAPolicyValues as **reusable objects**;
this means that you "attach", or "wrap", them to a subclass of
SUPAPolicyClause. Put another way, the first method allows you to build
a complete SUPAPolicyClause in one object, while the second method
allows you to define a SUPAPolicyClause in terms of reusable objects.
The second method is preferable when you have to dynamically substitute
elements of a SUPAPolicyClause (e.g., variables).

The following shows how to build a simple example using both approaches.

Let's assume you want to be able to write:

   IF source_port == 67

Method #1: Using SUPAEncodedClause

Defining a SUPAEncodedClause is straightforward, as you are **not**
(typically) using any of the SUPAPolicyComponentDecorator subclasses,
since the SUPAEncodedClause is, itself, a complete SUPAPolicyClause. You
have a single object to represent the entire SUPAPolicyClause, which is
an instance of the SUPAEncodedClause class. Its attributes are:

   supaEncodedClauseContent:      "IF source_port == 67"
   supaEncodedClauseEncoding:    9         // string_instance_id
   supaEncodedClauseLanguage:   2         // text
   supaEncodedClauseResponse:  TRUE  // this is meant to be set at
                                                                   //
runtime after evaluation of the
                                                                   //
clause by the PolicyEngine

Now, if you want to say:

   IF source_port = 67 OR source_port = 68

Then simply modify the text of supaEncodedClauseContent.


Method #2: Using SUPAPolicyTerms

In this method, the first task is to build three objects:

   SUPAPolicyVariable, with its attribute supaPolVarName set to
      "source_port" (a string)
   SUPAPolicyOperator, with its attribute supaPolOpType set to 6 (which
      signifies "equal to")
   SUPAPolicyValue, with its attributes supaPolValContent and
     supaPolValEncoding set to 67 and 3 (3 means "integer"), respectively

These all subclass from SUPAPolicyComponentDecorator, which means that
they can decorate a SUPAPolicyClause. Now, the second task is to choose
a subclass of SUPAPolicyClause to attach these three objects to. Let's
assume that you choose SUPABooleanClauseAtomic. The attribute values of
SUPABoolean clause are:

   supaBoolClauseIsNegated is set to FALSE
   supaBoolClauseBindValue is set to 1
   supaBoolClauseIsCNF is set to TRUE

Note that in -02 of the IM document, the latter two attributes were
defined only in the SUPABooleanClauseComposite class. This has been
changed in the upcoming -03 IM document (to be published soon), and all
three of the above attributes are moved to SUPABooleanClause, so that
they are available to both of its subclasses.

Now, if you want to say:

   IF source_port = 67 OR source_port = 68

Then simply repeat the above procedure to create another set of
SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue objects,
form another SUPABooleanClauseAtomic object (whose
supaBoolClauseBindValue is now set to 2, but whose other attributes
remain the same*), and now create a new
SUPABooleanClauseComposite object to bind them together.

* Note that A OR B is in conjunctive normal form, because it can be
seen as the conjunction of the two single-literal clauses. Note also that
both A OR B and A AND B can also be seen as being in DNF.


best regards,
John and Joel

On Thu, Feb 16, 2017 at 12:20 AM, Liushucheng (Will) <liushucheng@huawei.com
> wrote:

> Hi all,
>
>
>
> I received a question to SUPA data model from a developer. I’m forwarding
> it here so that the discussion here will help other developer to better
> understand how to use supa data model.
>
>
>
> --start—
>
> Dear SUPA YANG model authors,
>
>
>
> Thanks for drafting the SUPA Generic Policy YANG data model
> (draft-ietf-supa-generic-policy-data-model-02), and it explains the
> concept well. However, I met some difficulties when applying the data model
> to real systems. In particular, I tried to define an ECA YANG model, and
> used the ECA YANG model to develop a real working system.
>
>
>
> In my system, there are some concrete elements such as <source_ip,
> source_port>, <dest_ip, dest_port>, port_bandwidth, and ECA policies are
> defined on these elements. I wondered how to deal with these
> elements/policies in the Generic YANG model (draft-ietf-supa-generic-policy-data-model-02)?
> (e.g., enrich some container?)
>
>
>
> I would greatly appreciate it if you kindly give me some advice. Many
> thanks!
>
>
>
> Regards,
>
> Leo
>
> --end--
>
>
>
> Regards,
>
> Will (Shucheng LIU)
>
>
>
> _______________________________________________
> Supa mailing list
> Supa@ietf.org
> https://www.ietf.org/mailman/listinfo/supa
>
>


-- 
regards,
John

v2.23.0 | Report a Bug | By Email