Re: [Supa] question on the SUPA data model.
youlizhao <youlizhao@huawei.com> Thu, 16 March 2017 12:37 UTC
Return-Path: <youlizhao@huawei.com>
X-Original-To: supa@ietfa.amsl.com
Delivered-To: supa@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0318912948D; Thu, 16 Mar 2017 05:37:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVJSWz80v19a; Thu, 16 Mar 2017 05:36:58 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B09AE129487; Thu, 16 Mar 2017 05:36:57 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml706-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DIZ34512; Thu, 16 Mar 2017 12:36:54 +0000 (GMT)
Received: from NKGEML412-HUB.china.huawei.com (10.98.56.73) by lhreml706-cah.china.huawei.com (10.201.108.47) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 16 Mar 2017 12:36:53 +0000
Received: from DGGEMM406-HUB.china.huawei.com (10.3.20.214) by nkgeml412-hub.china.huawei.com (10.98.56.73) with Microsoft SMTP Server (TLS) id 14.3.235.1; Thu, 16 Mar 2017 20:36:50 +0800
Received: from DGGEMM505-MBS.china.huawei.com ([169.254.2.69]) by DGGEMM406-HUB.china.huawei.com ([10.3.20.214]) with mapi id 14.03.0301.000; Thu, 16 Mar 2017 20:36:42 +0800
From: youlizhao <youlizhao@huawei.com>
To: John Strassner <strazpdj@gmail.com>
CC: "draft-ietf-supa-generic-policy-data-model@ietf.org" <draft-ietf-supa-generic-policy-data-model@ietf.org>, supa <supa@ietf.org>, "Liushucheng (Will Liu)" <liushucheng@huawei.com>
Thread-Topic: [Supa] question on the SUPA data model.
Thread-Index: AdKILVdZaFCoHpcMQQSu7QtTJX6F4wLHs30AAsE91NA=
Date: Thu, 16 Mar 2017 12:36:43 +0000
Message-ID: <7AD05E972D7A0F47B3368775A9FF85FC9A4E4E@DGGEMM505-MBS.china.huawei.com>
References: <C9B5F12337F6F841B35C404CF0554ACB898C4654@SZXEMA509-MBS.china.huawei.com> <CAJwYUrEv8Af=XNTbmRNm7tkKcTYiA3HF3B8BBWSnZL+UuKQX8g@mail.gmail.com>
In-Reply-To: <CAJwYUrEv8Af=XNTbmRNm7tkKcTYiA3HF3B8BBWSnZL+UuKQX8g@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.63.184.92]
Content-Type: multipart/alternative; boundary="_000_7AD05E972D7A0F47B3368775A9FF85FC9A4E4EDGGEMM505MBSchina_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020201.58CA86E6.05D8, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.2.69, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 4e254d82bbe5d126ba4f57ca3110aafd
Archived-At: <https://mailarchive.ietf.org/arch/msg/supa/ysprPasd-DtIsI80O4mUjzDMroc>
Subject: Re: [Supa] question on the SUPA data model.
X-BeenThere: supa@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This list is to discuss SUPA \(Simplified Use of Policy Abstractions\) related issues." <supa.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/supa>, <mailto:supa-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/supa/>
List-Post: <mailto:supa@ietf.org>
List-Help: <mailto:supa-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/supa>, <mailto:supa-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 12:37:02 -0000
Hi John, Thanks a lot for your detailed guidance. One remaining question is that, if I want to define an Action, do we follow the similar approach? It seems that it is difficult to define Actions based on a uniform format. Does it mean that we need the Augment clause as defined in the YANG language? Thanks. Regards, Leo ---------------------------------------------------------------------------------------------- Lizhao (Leo) You, PhD Senior Research Engineer Huawei Technologies Co.,Ltd youlizhao@huawei.com<mailto:youlizhao@huawei.com> Tel: +86-1304-942-7487 www.linkedin.com/in/lizhao-you ---------------------------------------------------------------------------------------------- From: John Strassner [mailto:strazpdj@gmail.com] Sent: 2017年3月3日 3:57 To: Liushucheng (Will Liu) <liushucheng@huawei.com>; John Strassner <strazpdj@gmail.com> Cc: draft-ietf-supa-generic-policy-data-model@ietf.org; supa <supa@ietf.org>; youlizhao <youlizhao@huawei.com> Subject: Re: [Supa] question on the SUPA data model. Hi Will, The answer to your question depends on how you plan to use these five attributes. My **guess** is that you want to use them as variables in condition or action clauses. If this is correct, then there are several ways to model your five attributes; the two simplest are 1) as SUPAEncodedClauses, where the expression involving the attribute is encoded into an attribute value 2) as SUPAPolicyTerms (e.g., using a combination of SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue) #1 is the simplest approach; #2 is useful **if** the terms in the SUPAPolicyClause are common objects whose attributes are manipulated. In effect, it makes each of the {variable, operator, value} terms in the canonical form of a SUPAPolicyClause reusable. There is another important difference between the two approaches. A SUPAEncodedClause represents a **complete** SUPAPolicyClause. In contrast, SUPAPolicyTerms are used to define SUPAPolicyVariables, SUPAPolicyOperators, and SUPAPolicyValues as **reusable objects**; this means that you "attach", or "wrap", them to a subclass of SUPAPolicyClause. Put another way, the first method allows you to build a complete SUPAPolicyClause in one object, while the second method allows you to define a SUPAPolicyClause in terms of reusable objects. The second method is preferable when you have to dynamically substitute elements of a SUPAPolicyClause (e.g., variables). The following shows how to build a simple example using both approaches. Let's assume you want to be able to write: IF source_port == 67 Method #1: Using SUPAEncodedClause Defining a SUPAEncodedClause is straightforward, as you are **not** (typically) using any of the SUPAPolicyComponentDecorator subclasses, since the SUPAEncodedClause is, itself, a complete SUPAPolicyClause. You have a single object to represent the entire SUPAPolicyClause, which is an instance of the SUPAEncodedClause class. Its attributes are: supaEncodedClauseContent: "IF source_port == 67" supaEncodedClauseEncoding: 9 // string_instance_id supaEncodedClauseLanguage: 2 // text supaEncodedClauseResponse: TRUE // this is meant to be set at // runtime after evaluation of the // clause by the PolicyEngine Now, if you want to say: IF source_port = 67 OR source_port = 68 Then simply modify the text of supaEncodedClauseContent. Method #2: Using SUPAPolicyTerms In this method, the first task is to build three objects: SUPAPolicyVariable, with its attribute supaPolVarName set to "source_port" (a string) SUPAPolicyOperator, with its attribute supaPolOpType set to 6 (which signifies "equal to") SUPAPolicyValue, with its attributes supaPolValContent and supaPolValEncoding set to 67 and 3 (3 means "integer"), respectively These all subclass from SUPAPolicyComponentDecorator, which means that they can decorate a SUPAPolicyClause. Now, the second task is to choose a subclass of SUPAPolicyClause to attach these three objects to. Let's assume that you choose SUPABooleanClauseAtomic. The attribute values of SUPABoolean clause are: supaBoolClauseIsNegated is set to FALSE supaBoolClauseBindValue is set to 1 supaBoolClauseIsCNF is set to TRUE Note that in -02 of the IM document, the latter two attributes were defined only in the SUPABooleanClauseComposite class. This has been changed in the upcoming -03 IM document (to be published soon), and all three of the above attributes are moved to SUPABooleanClause, so that they are available to both of its subclasses. Now, if you want to say: IF source_port = 67 OR source_port = 68 Then simply repeat the above procedure to create another set of SUPAPolicyVariable, SUPAPolicyOperator, and SUPAPolicyValue objects, form another SUPABooleanClauseAtomic object (whose supaBoolClauseBindValue is now set to 2, but whose other attributes remain the same*), and now create a new SUPABooleanClauseComposite object to bind them together. * Note that A OR B is in conjunctive normal form, because it can be seen as the conjunction of the two single-literal clauses. Note also that both A OR B and A AND B can also be seen as being in DNF. best regards, John and Joel On Thu, Feb 16, 2017 at 12:20 AM, Liushucheng (Will) <liushucheng@huawei.com<mailto:liushucheng@huawei.com>> wrote: Hi all, I received a question to SUPA data model from a developer. I’m forwarding it here so that the discussion here will help other developer to better understand how to use supa data model. --start— Dear SUPA YANG model authors, Thanks for drafting the SUPA Generic Policy YANG data model (draft-ietf-supa-generic-policy-data-model-02), and it explains the concept well. However, I met some difficulties when applying the data model to real systems. In particular, I tried to define an ECA YANG model, and used the ECA YANG model to develop a real working system. In my system, there are some concrete elements such as <source_ip, source_port>, <dest_ip, dest_port>, port_bandwidth, and ECA policies are defined on these elements. I wondered how to deal with these elements/policies in the Generic YANG model (draft-ietf-supa-generic-policy-data-model-02)? (e.g., enrich some container?) I would greatly appreciate it if you kindly give me some advice. Many thanks! Regards, Leo --end-- Regards, Will (Shucheng LIU) _______________________________________________ Supa mailing list Supa@ietf.org<mailto:Supa@ietf.org> https://www.ietf.org/mailman/listinfo/supa -- regards, John
- [Supa] question on the SUPA data model. Liushucheng (Will)
- Re: [Supa] question on the SUPA data model. John Strassner
- Re: [Supa] question on the SUPA data model. youlizhao
- Re: [Supa] question on the SUPA data model. Joel M. Halpern
- Re: [Supa] question on the SUPA data model. John Strassner
- Re: [Supa] question on the SUPA data model. youlizhao
- Re: [Supa] question on the SUPA data model. Joel M. Halpern
- Re: [Supa] question on the SUPA data model. Joel M. Halpern
- Re: [Supa] question on the SUPA data model. John Strassner