Re: [Supa] question on the SUPA data model.
John Strassner <strazpdj@gmail.com> Thu, 02 March 2017 19:57 UTC
Return-Path: <strazpdj@gmail.com>
X-Original-To: supa@ietfa.amsl.com
Delivered-To: supa@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27D60129625; Thu, 2 Mar 2017 11:57:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KoznwzLemZ7k; Thu, 2 Mar 2017 11:57:26 -0800 (PST)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36DF4129624; Thu, 2 Mar 2017 11:57:23 -0800 (PST)
Received: by mail-lf0-x22e.google.com with SMTP id y193so38600653lfd.3; Thu, 02 Mar 2017 11:57:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eDW2wyr7lYz7evNelJECMM/cUMvenU/neaE+er8pkm0=; b=Qo68LQgjMjAV6mVBT0uFam366+/JOlqIEM3zlX29eTp/F4EgkSTaKvSVbliLEXtgmB 15D55d9yJ9yJZH4e0HsQqJy6OIImXuGdnQOBIhyi//SldnV/p1ho+cYX8/mWCy573+cp z95A30R+LyQzImFo5Hgh7DQCdvDHGw/6jbs4LZrBW8IigzCw/tYnyYXxTEhVJd0uPLEH efGXS5sOt57yALJ0yGKwVG3F3zUnHFkWYOat1xBHzaydlzWToXQg9aLeiRs/ijRYQ7N4 LNnR/5qidcIvNWvCBVFBKBBvNvirm8LxOTuuceSrtgcgOMRVAi11vskL+haWjnvufmOz tNcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eDW2wyr7lYz7evNelJECMM/cUMvenU/neaE+er8pkm0=; b=W4ozo9bNORcLyO+4xlrtE8NB4Qqu1OWItc/XfEyd0z8Wfjv990W/4bXaUZR38BcCoL WHNuZswkF/OaIy8lU/82Np6co6vWv4cBZmw79KkbFvFs4idA2MCmw6WX9dm1dtsm8ZsP HteIY8HE8x9Pn0OxPtXLQA92k1+/JaxlI+ercClg2Z175QC4Q0EXA/kxHjnEluYe9CuL UCBv4Vc9mC9WRK/tNfHwyrfqmz4aZKsj5fGq7BE/GkyIWxFj1622PyU9Fe/UJ5y5Sk3Z qkyOcud89V6UZtZYNJtVD7AeLEn0Gm+9B8mvDrWbKozMSwG+wsTNgr28vXGLFqvuknjF EuQA==
X-Gm-Message-State: AMke39ktFYEtEZ5GK9bzi3xYF5YuUmCBEzilQTOWvaDUnQoqKKxt8rsxtm/+T1oaqXAfz1qIx8v+uQ4OaFPS3w==
X-Received: by 10.25.99.153 with SMTP id v25mr5045559lfi.170.1488484641259; Thu, 02 Mar 2017 11:57:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.15.229 with HTTP; Thu, 2 Mar 2017 11:57:20 -0800 (PST)
In-Reply-To: <C9B5F12337F6F841B35C404CF0554ACB898C4654@SZXEMA509-MBS.china.huawei.com>
References: <C9B5F12337F6F841B35C404CF0554ACB898C4654@SZXEMA509-MBS.china.huawei.com>
From: John Strassner <strazpdj@gmail.com>
Date: Thu, 02 Mar 2017 11:57:20 -0800
Message-ID: <CAJwYUrEv8Af=XNTbmRNm7tkKcTYiA3HF3B8BBWSnZL+UuKQX8g@mail.gmail.com>
To: "Liushucheng (Will)" <liushucheng@huawei.com>, John Strassner <strazpdj@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c0d8e3a4bc9d60549c4d647"
Archived-At: <https://mailarchive.ietf.org/arch/msg/supa/Y2Sf1BGXr-k26tSk6WnKam-mVYw>
Cc: youlizhao <youlizhao@huawei.com>, "draft-ietf-supa-generic-policy-data-model@ietf.org" <draft-ietf-supa-generic-policy-data-model@ietf.org>, supa <supa@ietf.org>
Subject: Re: [Supa] question on the SUPA data model.
X-BeenThere: supa@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss SUPA \(Simplified Use of Policy Abstractions\) related issues." <supa.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/supa>, <mailto:supa-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/supa/>
List-Post: <mailto:supa@ietf.org>
List-Help: <mailto:supa-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/supa>, <mailto:supa-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 19:57:29 -0000
Hi Will, The answer to your question depends on how you plan to use these five attributes. My **guess** is that you want to use them as variables in condition or action clauses. If this is correct, then there are several ways to model your five attributes; the two simplest are 1) as SUPAEncodedClauses, where the expression involving the attribute is encoded into an attribute value 2) as SUPAPolicyTerms (e.g., using a combination of SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue) #1 is the simplest approach; #2 is useful **if** the terms in the SUPAPolicyClause are common objects whose attributes are manipulated. In effect, it makes each of the {variable, operator, value} terms in the canonical form of a SUPAPolicyClause reusable. There is another important difference between the two approaches. A SUPAEncodedClause represents a **complete** SUPAPolicyClause. In contrast, SUPAPolicyTerms are used to define SUPAPolicyVariables, SUPAPolicyOperators, and SUPAPolicyValues as **reusable objects**; this means that you "attach", or "wrap", them to a subclass of SUPAPolicyClause. Put another way, the first method allows you to build a complete SUPAPolicyClause in one object, while the second method allows you to define a SUPAPolicyClause in terms of reusable objects. The second method is preferable when you have to dynamically substitute elements of a SUPAPolicyClause (e.g., variables). The following shows how to build a simple example using both approaches. Let's assume you want to be able to write: IF source_port == 67 Method #1: Using SUPAEncodedClause Defining a SUPAEncodedClause is straightforward, as you are **not** (typically) using any of the SUPAPolicyComponentDecorator subclasses, since the SUPAEncodedClause is, itself, a complete SUPAPolicyClause. You have a single object to represent the entire SUPAPolicyClause, which is an instance of the SUPAEncodedClause class. Its attributes are: supaEncodedClauseContent: "IF source_port == 67" supaEncodedClauseEncoding: 9 // string_instance_id supaEncodedClauseLanguage: 2 // text supaEncodedClauseResponse: TRUE // this is meant to be set at // runtime after evaluation of the // clause by the PolicyEngine Now, if you want to say: IF source_port = 67 OR source_port = 68 Then simply modify the text of supaEncodedClauseContent. Method #2: Using SUPAPolicyTerms In this method, the first task is to build three objects: SUPAPolicyVariable, with its attribute supaPolVarName set to "source_port" (a string) SUPAPolicyOperator, with its attribute supaPolOpType set to 6 (which signifies "equal to") SUPAPolicyValue, with its attributes supaPolValContent and supaPolValEncoding set to 67 and 3 (3 means "integer"), respectively These all subclass from SUPAPolicyComponentDecorator, which means that they can decorate a SUPAPolicyClause. Now, the second task is to choose a subclass of SUPAPolicyClause to attach these three objects to. Let's assume that you choose SUPABooleanClauseAtomic. The attribute values of SUPABoolean clause are: supaBoolClauseIsNegated is set to FALSE supaBoolClauseBindValue is set to 1 supaBoolClauseIsCNF is set to TRUE Note that in -02 of the IM document, the latter two attributes were defined only in the SUPABooleanClauseComposite class. This has been changed in the upcoming -03 IM document (to be published soon), and all three of the above attributes are moved to SUPABooleanClause, so that they are available to both of its subclasses. Now, if you want to say: IF source_port = 67 OR source_port = 68 Then simply repeat the above procedure to create another set of SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue objects, form another SUPABooleanClauseAtomic object (whose supaBoolClauseBindValue is now set to 2, but whose other attributes remain the same*), and now create a new SUPABooleanClauseComposite object to bind them together. * Note that A OR B is in conjunctive normal form, because it can be seen as the conjunction of the two single-literal clauses. Note also that both A OR B and A AND B can also be seen as being in DNF. best regards, John and Joel On Thu, Feb 16, 2017 at 12:20 AM, Liushucheng (Will) <liushucheng@huawei.com > wrote: > Hi all, > > > > I received a question to SUPA data model from a developer. I’m forwarding > it here so that the discussion here will help other developer to better > understand how to use supa data model. > > > > --start— > > Dear SUPA YANG model authors, > > > > Thanks for drafting the SUPA Generic Policy YANG data model > (draft-ietf-supa-generic-policy-data-model-02), and it explains the > concept well. However, I met some difficulties when applying the data model > to real systems. In particular, I tried to define an ECA YANG model, and > used the ECA YANG model to develop a real working system. > > > > In my system, there are some concrete elements such as <source_ip, > source_port>, <dest_ip, dest_port>, port_bandwidth, and ECA policies are > defined on these elements. I wondered how to deal with these > elements/policies in the Generic YANG model (draft-ietf-supa-generic-policy-data-model-02)? > (e.g., enrich some container?) > > > > I would greatly appreciate it if you kindly give me some advice. Many > thanks! > > > > Regards, > > Leo > > --end-- > > > > Regards, > > Will (Shucheng LIU) > > > > _______________________________________________ > Supa mailing list > Supa@ietf.org > https://www.ietf.org/mailman/listinfo/supa > > -- regards, John
- [Supa] question on the SUPA data model. Liushucheng (Will)
- Re: [Supa] question on the SUPA data model. John Strassner
- Re: [Supa] question on the SUPA data model. youlizhao
- Re: [Supa] question on the SUPA data model. Joel M. Halpern
- Re: [Supa] question on the SUPA data model. John Strassner
- Re: [Supa] question on the SUPA data model. youlizhao
- Re: [Supa] question on the SUPA data model. Joel M. Halpern
- Re: [Supa] question on the SUPA data model. Joel M. Halpern
- Re: [Supa] question on the SUPA data model. John Strassner