IETF Logo Mail Archive

Re: [Supa] question on the SUPA data model.

"Joel M. Halpern" <jmh@joelhalpern.com> Thu, 16 March 2017 14:44 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: supa@ietfa.amsl.com
Delivered-To: supa@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E38CC1294E7 for <supa@ietfa.amsl.com>; Thu, 16 Mar 2017 07:44:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YP2XpBrdrGsL for <supa@ietfa.amsl.com>; Thu, 16 Mar 2017 07:44:24 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55078129501 for <supa@ietf.org>; Thu, 16 Mar 2017 07:44:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 3C7F5247368; Thu, 16 Mar 2017 07:44:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1489675464; bh=fQtDGejz1im4FbjnM0/CkAGUPbhNraCaVKybrCf6JQA=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=EZOy/WRXVI5Qpw9jawrNXp2Ww9JqHXjjfGg7S4SjB2LdD4gvD+ReepmD/4cUz+Vn/ gfuiRYDQ9nnrPuIxikuwj+OSyyHbijrsr35iaMq9ngdsX5ePxy85B9aCssIr+Ehmdv Qo+EGdJXrrZQYpMGqF06gCP3G2cEsf2o+xFIJF3U=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 824F3240303; Thu, 16 Mar 2017 07:44:23 -0700 (PDT)
To: youlizhao <youlizhao@huawei.com>, John Strassner <strazpdj@gmail.com>
References: <C9B5F12337F6F841B35C404CF0554ACB898C4654@SZXEMA509-MBS.china.huawei.com> <CAJwYUrEv8Af=XNTbmRNm7tkKcTYiA3HF3B8BBWSnZL+UuKQX8g@mail.gmail.com> <7AD05E972D7A0F47B3368775A9FF85FC9A4E4E@DGGEMM505-MBS.china.huawei.com>
Cc: "Liushucheng (Will Liu)" <liushucheng@huawei.com>, supa <supa@ietf.org>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <d0177c8d-e90b-c335-24df-5c058b4458f8@joelhalpern.com>
Date: Thu, 16 Mar 2017 10:44:22 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <7AD05E972D7A0F47B3368775A9FF85FC9A4E4E@DGGEMM505-MBS.china.huawei.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/supa/v-zYbUxSASRNTme6aTyZzqOPgt4>
Subject: Re: [Supa] question on the SUPA data model.
X-BeenThere: supa@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This list is to discuss SUPA \(Simplified Use of Policy Abstractions\) related issues." <supa.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/supa>, <mailto:supa-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/supa/>
List-Post: <mailto:supa@ietf.org>
List-Help: <mailto:supa-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/supa>, <mailto:supa-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 14:44:27 -0000

I am not sure what youa re asking.
In building an actual policy system, there need to be subclasses of 
"Action".  For example, One might have a subclass which is "invoke YANG 
RPC".  It has attributes for the YANG Verb, the XPATh target and the 
parameters.
I presume one could have a subclass for "invoke OVSDB configuration".

One might want more specific subclasses to enable better modeling and 
analysis.  So while one might be using YANG for sending policies from a 
higher level system to a lower level one, one could also have a more 
specific class for "configure child policy".  Not sure if it is needed, 
but it is certainly possible.

Yours,
Joel

On 3/16/17 8:36 AM, youlizhao wrote:
> Hi John,
>
>
>
> Thanks a lot for your detailed guidance.
>
> One remaining question is that, if I want to define an Action, do we
> follow the similar approach? It seems that it is difficult to define
> Actions based on a uniform format. Does it mean that we need the Augment
> clause as defined in the YANG language?
>
>
>
> Thanks.
>
>
>
>
>
> Regards,
>
> Leo
>
> ----------------------------------------------------------------------------------------------//
>
> /Lizhao (Leo) You, PhD/
>
> /Senior Research Engineer/
>
> /Huawei Technologies Co.,Ltd/
>
> /youlizhao@huawei.com/ <mailto:youlizhao@huawei.com>//
>
> /Tel: +86-1304-942-7487/
>
> /www.linkedin.com/in/lizhao-you/
>
> ----------------------------------------------------------------------------------------------//
>
>
>
> *From:*John Strassner [mailto:strazpdj@gmail.com]
> *Sent:* 2017年3月3日3:57
> *To:* Liushucheng (Will Liu) <liushucheng@huawei.com>; John Strassner
> <strazpdj@gmail.com>
> *Cc:* draft-ietf-supa-generic-policy-data-model@ietf.org; supa
> <supa@ietf.org>; youlizhao <youlizhao@huawei.com>
> *Subject:* Re: [Supa] question on the SUPA data model.
>
>
>
> Hi Will,
>
>
>
> The answer to your question depends on how you plan to use these five
> attributes. My **guess** is that you want to use them as variables in
> condition or action clauses. If this is correct, then there are several
> ways to model your five attributes; the two simplest are
>
>    1) as SUPAEncodedClauses, where the expression involving the
>        attribute is encoded into an attribute value
>    2) as SUPAPolicyTerms (e.g., using a combination of
>        SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue)
>
>
> #1 is the simplest approach; #2 is useful **if** the terms in the
> SUPAPolicyClause are common objects whose attributes are manipulated.
> In effect, it makes each of the {variable, operator, value} terms in the
> canonical form of a SUPAPolicyClause reusable.
>
> There is another important difference between the two approaches. A
> SUPAEncodedClause represents a **complete** SUPAPolicyClause. In
> contrast, SUPAPolicyTerms are used to define SUPAPolicyVariables,
> SUPAPolicyOperators, and SUPAPolicyValues as **reusable objects**;
> this means that you "attach", or "wrap", them to a subclass of
> SUPAPolicyClause. Put another way, the first method allows you to build
> a complete SUPAPolicyClause in one object, while the second method
> allows you to define a SUPAPolicyClause in terms of reusable objects.
> The second method is preferable when you have to dynamically substitute
> elements of a SUPAPolicyClause (e.g., variables).
>
> The following shows how to build a simple example using both approaches.
>
> Let's assume you want to be able to write:
>
>    IF source_port == 67
>
>
> Method #1: Using SUPAEncodedClause
>
> Defining a SUPAEncodedClause is straightforward, as you are **not**
> (typically) using any of the SUPAPolicyComponentDecorator subclasses,
> since the SUPAEncodedClause is, itself, a complete SUPAPolicyClause. You
> have a single object to represent the entire SUPAPolicyClause, which is
> an instance of the SUPAEncodedClause class. Its attributes are:
>
>    supaEncodedClauseContent:      "IF source_port == 67"
>    supaEncodedClauseEncoding:    9         // string_instance_id
>    supaEncodedClauseLanguage:   2         // text
>    supaEncodedClauseResponse:  TRUE  // this is meant to be set at
>                                                                    //
> runtime after evaluation of the
>
>                                                                    //
> clause by the PolicyEngine
>
> Now, if you want to say:
>
>    IF source_port = 67 OR source_port = 68
>
> Then simply modify the text of supaEncodedClauseContent.
>
>
> Method #2: Using SUPAPolicyTerms
>
> In this method, the first task is to build three objects:
>
>    SUPAPolicyVariable, with its attribute supaPolVarName set to
>       "source_port" (a string)
>    SUPAPolicyOperator, with its attribute supaPolOpType set to 6 (which
>       signifies "equal to")
>    SUPAPolicyValue, with its attributes supaPolValContent and
>      supaPolValEncoding set to 67 and 3 (3 means "integer"), respectively
>
> These all subclass from SUPAPolicyComponentDecorator, which means that
> they can decorate a SUPAPolicyClause. Now, the second task is to choose
> a subclass of SUPAPolicyClause to attach these three objects to. Let's
> assume that you choose SUPABooleanClauseAtomic. The attribute values of
> SUPABoolean clause are:
>
>    supaBoolClauseIsNegated is set to FALSE
>    supaBoolClauseBindValue is set to 1
>    supaBoolClauseIsCNF is set to TRUE
>
> Note that in -02 of the IM document, the latter two attributes were
> defined only in the SUPABooleanClauseComposite class. This has been
> changed in the upcoming -03 IM document (to be published soon), and all
> three of the above attributes are moved to SUPABooleanClause, so that
> they are available to both of its subclasses.
>
> Now, if you want to say:
>
>    IF source_port = 67 OR source_port = 68
>
> Then simply repeat the above procedure to create another set of
> SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue objects,
> form another SUPABooleanClauseAtomic object (whose
> supaBoolClauseBindValue is now set to 2, but whose other attributes
>
> remain the same*), and now create a new
>
> SUPABooleanClauseComposite object to bind them together.
>
>
>
> * Note that A OR B is in conjunctive normal form, because it can be
>
> seen as the conjunction of the two single-literal clauses. Note also that
>
> both A OR B and A AND B can also be seen as being in DNF.
>
>
>
>
>
> best regards,
>
> John and Joel
>
>
>
> On Thu, Feb 16, 2017 at 12:20 AM, Liushucheng (Will)
> <liushucheng@huawei.com <mailto:liushucheng@huawei.com>> wrote:
>
>     Hi all,
>
>
>
>     I received a question to SUPA data model from a developer. I’m
>     forwarding it here so that the discussion here will help other
>     developer to better understand how to use supa data model.
>
>
>
>     --start—
>
>     Dear SUPA YANG model authors,
>
>
>
>     Thanks for drafting the SUPA Generic Policy YANG data model
>     (draft-ietf-supa-generic-policy-data-model-02), and it explains the
>     concept well. However, I met some difficulties when applying the
>     data model to real systems. In particular, I tried to define an ECA
>     YANG model, and used the ECA YANG model to develop a real working
>     system.
>
>
>
>     In my system, there are some concrete elements such as <source_ip,
>     source_port>, <dest_ip, dest_port>, port_bandwidth, and ECA policies
>     are defined on these elements. I wondered how to deal with these
>     elements/policies in the Generic YANG model
>     (draft-ietf-supa-generic-policy-data-model-02)? (e.g., enrich some
>     container?)
>
>
>
>     I would greatly appreciate it if you kindly give me some advice.
>     Many thanks!
>
>
>
>     Regards,
>
>     Leo
>
>     --end--
>
>
>
>     Regards,
>
>     Will (Shucheng LIU)
>
>
>
>
>     _______________________________________________
>     Supa mailing list
>     Supa@ietf.org <mailto:Supa@ietf.org>
>     https://www.ietf.org/mailman/listinfo/supa
>
>
>
>
> --
>
> regards,
>
> John
>
>
>
> _______________________________________________
> Supa mailing list
> Supa@ietf.org
> https://www.ietf.org/mailman/listinfo/supa
>

v2.23.0 | Report a Bug | By Email