One document matched: draft-hares-i2rs-bnp-info-model-01.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC3060 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3060.xml">
<!ENTITY RFC3460 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3460.xml">
<!ENTITY RFC3644 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3644.xml">
<!ENTITY RFC5511 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5511.xml">
<!ENTITY I-D.ietf-i2rs-architecture SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-i2rs-architecture.xml">
<!ENTITY I-D.ietf-i2rs-rib-info-model SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-i2rs-rib-info-model.xml">
<!ENTITY I-D.atlas-i2rs-policy-framework SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.atlas-i2rs-policy-framework.xml">
<!ENTITY I-D.hares-i2rs-usecase-reqs-summary SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.hares-i2rs-usecase-reqs-summary.xml">
<!ENTITY I-D.white-i2rs-use-case SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.white-i2rs-use-case.xml">
<!ENTITY I-D.hares-i2rs-bgp-im SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.hares-i2rs-bgp-im.xml">
<!ENTITY I-D.hares-i2rs-info-model-service-topo SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.hares-i2rs-info-model-service-topo.xml">
<!ENTITY I-D.bogdanovic-netmod-acl-model SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.bogdanovic-netmod-acl-model.xml">
<!ENTITY I-D.zhdankin-netmod-bgp-cfg SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.zhdankin-netmod-bgp-cfg.xml">
<!ENTITY I-D.hares-i2rs-pbr-info-model SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.hares-i2rs-pbr-im.xml">
<!ENTITY I-D.ietf-netconf-restconf SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-netconf-restconf.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<?rfc iprnotified="no" ?>
<?rfc strict="no" ?>
<rfc category="std" docName="draft-hares-i2rs-bnp-info-model-01" ipr="trust200902">
<front>
<title abbrev="IM for policy">An Information Model for Basic Network Policy </title>
<author fullname="Susan Hares" initials="S" surname="Hares">
<organization>Huawei</organization>
<address>
<postal>
<street>7453 Hickory Hill</street>
<city>Saline</city>
<region>MI</region>
<code>48176</code>
<country>USA</country>
</postal>
<email>shares@ndzh.com</email>
</address>
</author>
<author fullname="Qin Wu" initials="Q." surname="Wu">
<organization>Huawei</organization>
<address>
<postal>
<street>101 Software Avenue, Yuhua District</street>
<city>Nanjing</city>
<region>Jiangsu</region>
<code>210012</code>
<country>China</country>
</postal>
<email>bill.wu@huawei.com</email>
</address>
</author>
<date year="2014" />
<area>Routing Area</area>
<workgroup>I2RS working group</workgroup>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>I2RS</keyword>
<abstract>
<t>This document contains the Basic Network Policy (BNP IM)
Information Model which an instantiation and extension
of the PCIM work (RFC3060, RFC 3460, RFC 3644)
that supports both the configuration models and the
I2RS ephemeral models. The PCIM work contains a Policy Core Information Model
(PCIM) (RFC3060) and the Quality of Service (QoS) Policy Information
Model (QPIM)(RFC3644) and policy based routing.
The PCIM work provided a framework to incorporate ACL filters,
prefix filters, and more complex filters. This extension to PCIM model
incorporate ACLs, Prefix-filtering, and complex policy (match, set, modify, set)
into the PCIM framework. Complex policy is need by I2RS programmatic interface to BGP,
flow specification filtering, Policy Based Routing (PBR),
MPLS topology management, and flow specification filtering.
</t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t>The Interface to the Routing System (I2RS) provides read and write
access to the information and state within the routing process within
routing elements. The I2RS client interacts with one or more I2RS agents
to collect information from network routing systems.
The processing of collecting information at the I2RS agent may require the
I2RS Agent to filter certain information, group pieces of information, or
perform actions on the I2RS collected information based on specific
I2RS policies.</t>
<t> The generic policy work done in PCIM WG has been
has been recast into I2RS work. The PCIM work contains a Policy Core Information Model
(PCIM) <xref target="RFC3060"></xref>, Policy Core Informational Model Extensions
<xref target="RFC3460"></xref> and the Quality of Service (QoS) Policy Information
Model (QPIM) (<xref target="RFC3644"></xref>)
The basic concept of PCIM is that there are policy rules which are combined into
policy groups. If nesting and aggregation of policy groups is necessary,
the PCIM work defines a policy set that operates under specific rules.
Policy Groups can be used without using policy sets. This concept of
a policy group as an entity that contains a set of policy rules
is also reference utilized by the OpenDaylight group policy
project. </t>
<t>
In initial work for I2RS or netmod, the policy
group that simply combines and orders policies rules will be sufficient. </t>
<t>
Policy rules may include specific filters such as ACL or prefix filters by
simple reference. The following drafts provide these more specific filters;
<list style="symbols">
<t> ACL policy <xref target="I-D.bogdanovic-netmod-acl-model"></xref> </t>
<t> BGP Prefix filter policy <xref target="I-D.zhdankin-netmod-bgp-cfg"></xref></t>
</list>
</t>
</section>
<section title="Definitions and Acronyms">
<t><list>
<t>BGP: Border Gateway Protocol </t>
<t>CLI: Command Line Interface</t>
<t>IGP: Interior Gateway Protocol</t>
<t>Information Model: An abstract model of a conceptual domain,
independent of a specific implementations or data representation</t>
<t>INSTANCE: Routing Code often has the ability to spin up multiple
copies of itself into virtual machines. Each Routing code instance or
each protocol instance is denoted as Foo_INSTANCE in the text below. </t>
<t>NETCONF: The Network Configuration Protocol</t>
<t> PCIM - Policy Core Information Model </t>
<t> RESTconf - http programmatic protocol to access yang modules </t>
</list>
</t>
</section>
<section title="PCIM Overview">
<t>The PCIM work created the concepts of Policy Set, Policy Group, and
Policy Rule. This section reviews these concepts as background for the
application of these concepts to current configuration and I2RS policy.
In addition, this section suggests placement of policy rule concepts.
</t>
<t>
The basic PCIM concepts are:
<list style="hanging">
<t hangText="Policy Set"><vspace blankLines="1" /> is a class
which derived from Policy, and it is inserted into the
inheritance hierarchy above both PolicyGroup and
PolicyRule (as figure 1 shows). The Policy set is
a coherent set of rules that has two properties of
PolicyDecisionStrategy and PolicyRoles, and supports
PolicySetComponent subclass. The PolicySetComponent
is an aggregation class that allows aggregation of
policy groups and under policy groups the a set of rules.
The PolicySet contains rules for nesting policies that include
matching strategies (all-matching or first-match), priorities
between rules, and roles. One of the roles that must be conditionally
matched is the models denotation of "read-only" or "read-write".
</t>
<t hangText="Policy Group"><vspace blankLines="1" />Policy is
described by a set of policy rules that may be grouped into subsets.
<xref target="RFC3060"></xref> defines policy groups as either
a group of policy rules or group of policy groups - but not both.
A policy group is used to provide a hierarchical policy definition
that provides the model context or scope for sub-rule actions. The
policy group is identified by a policy group name, and contains
policy rules. Policy groups can be nested within other policy rules
only within Policy sets.</t>
<t hangText="Policy Rule"><vspace blankLines="1" />
A Policy Rule is represented by the semantics “If Condition then Action”.
A Policy Rule may have a priority assigned to it.
</t>
</list>
</t>
<t>
<figure>
<artwork>
| "nests and aggregates policy-group"
+-----------^-------------+
| Policy Set |
+--+-------------------+--+
^ ^
/|\ /|\
+------------+ +--------------+
|Policy Group| | Policy Group |
+------------+ +--------------+
^ ^ +------------------+
| | ---| ACL Policy-Rule |
| | | | Additions |
| | | +------------------+
| | | +------------------+
+--------^-------+ +-------^-------+ |--|Prefix Policy-Rule|
| Policy Rule | | Policy Rule |<----| Additions |
+----------------+ +---------------+ | +------------------+
: : | . . .
: : | +------------------+
......: :..... ---|Other Policy-Rule |
: : | Additions |
: : +------------------+
: :
+---------V---------+ +-V-------------+
| Policy Condition | | Policy Action |
+-------------------+ +---------------+
: : : : : :
.....: . :..... .....: . :.....
: : : : : :
+----V---+ +---V----+ +--V---+ +-V------++--V-----++--V---+
| Match | |Policy | |Policy| | Set || Policy ||Policy|
|Operator| |Variable| |Value | |Operator||Variable|| Value|
+--------+ +--------+ +------+ +--------++--------++------+
Figure 1: Overall model BNP IM structure
</artwork>
</figure>
</t>
</section>
<section title="Top-Down yang Diagram for PCIM">
<t> The top down architecture has policy sets, policy groups, and
policy rules. It is not necessary to have policy sets to have policy rules.
</t>
<section title="Policy Set Structures">
<t>
Per PCIM, the PolicySet contains rules for nesting policies that include
matching strategies (all-matching or first-match), priorities
between rules, and roles. The Yang diagram is below.
<figure>
<artwork>
Figure 2 - Policy Set Yang
module: ietf-pcim
+--rw policy-set [policy-set-name]
| +--rw policy-set-name string
| +--rw matching-strategy enumeration
| +--rw policy-roles enumeration
| +--rw default-rule-priority uint16
| +--rw policy-group* [policy-group-name]
Figure 2 - PSET Yang level
</artwork>
</figure>
</t>
</section>
<section title="Policy Group Expansion for Basic Network Policy (BNP)">
<t> Policy groups within the PCIM work have
a name that identifies the grouping of policy rules.
In PCIM, the policy rule has a name, status, priority, match condition with an
action. The status for the policy rule is enabled or disabled.
The priority is the priority within the policy rule order.
This expansion of the PCIM policy rule adds a policy-rule order field,
a reference count (pr-refcnt). It expands the PCIM match/condition
methods to include a reference to other match-action fields. </t>
<t>
I2RS which requires that a read/write scope be tied to a particular portion of the
ephemeral tree. This requirement is instantiated as the I2RS-role
at the policy group level. However, it is anticipated this
will be replaced by an expansion of <xref target="I-D.ietf-netconf-restconf"></xref>
functionality surrounding the xpath feature. This element is left in this model to
until these restconf xpath additions have been finalized. </t>
<t>
The logical structure is below in figure 3 with
an expansion of the pcim match-action-operation in
figure 4.
<figure>
<artwork>
Figure 3 - Policy Group
+-------------------------------------+ (optional)
| Policy Group |....
+--------------------------------------+ :
* * * ^ :
| | :....:
| | | |
| | | |
| | | |
+------+ +----+ +-----------------------+
| Name | |I2RS| | Policy Rule |
| | |Role| | |
+------+ +----+ +-----------------------+
* * *
| | |
+--+ | | +----------+
| | |-| Name |
| | | +----------+
+----+---+ ++----+ | +----------+
| | |I2RS | | + Policy |
|Resource| |Scope| | +rule order|
+--------+ +-----+ |-+----------+
* * | +----------+
+------+ | | |-| Status |
|read |--| | | +----------+
|scope | | | | +----------+
+------+ | | |-| priority |
+------+ | | +----------+
|write |------| | +----------+
|scope | |-| refcnt |
+------+ | +----------+
| +--------------+
|-| PCIM |
| | match/action |
| +--------------+
| +--------------+
|-| ACL |
| | match/action |
| +--------------+
|-+--------------+
| Prefix-list |
| match/action |
+--------------+
</artwork>
</figure>
</t>
<t>
<figure>
<artwork>
Figure 5 - Policy Rule's match-condition
+----------------+
| PCIM |
| Policy Rule |
+----------------+
* *
| |
| |
+---------+ +--------+
...>|Condition|<.......| Action |<...
: +---------+<.......+--------+ :
: : * * : :
:..... | : :... :
| :
+--------+...........:
|Operator|
+--------+
</artwork>
</figure>
</t>
<t> The basic yang high-level structure for the
policy group is included below in figure 6.
<figure>
<artwork>
Figure 6
module: ietf-pcim
+--rw policy-set [policy-set-name]
| ....
| +--rw policy-group* [policy-group-name]
| | +--rw policy-group-name
| | +--rw i2rs-scope
| | | +--tree-xpath
| | | +--access enumeration
| | +--rw policy-rule* [policy-rule-name]
| | | +--rw pr-name string
| | | +--rw pr-order unit16
| | | +--rw pr-status enumeration
| | | +--rw pr-priority unit16
| | | +--rw pr-refcnt unit16
| | | +--rw pr-match-act
| | | | +--rw pr-match-act-type
| | | | +case: pcim match-act ref-cnt
| | | | +case: acl acl-ref
| | | | +case: Prefix-list prefix-list-ref
| | | + +case: pbr-pcim-match-act pbr-pcim-match-act-ref
</artwork>
</figure>
</t>
</section>
</section>
<section title="Example of use in BGP ">
<t>
The PCIM suggests a patch structure of match-field, operator for match, action (send packet), and
set value. The following is an example is an example structure for the pcim of the match-condition
applied to BGP. </t>
<t>
<figure>
<artwork>
figure 7
+--rw bnp-match-act
| +--rw bnp-match-act-bgp-i2rs
| | +--rw bgp-match-field
| | | +--rw bgp-afi
| | | +--rw bgp-local-rib
| | | +--rw bgp-peer
| | | +--rw bgp-rib-in
| | | | +--bgp-rib-in-policy-type
| | | | +--bgp-rib-in-policy
| | | | +--case: policy-set pcim-policy-set-name
| | | | +--case: policy-group pcim-policy-group-name
| | | +--rw bgp-rib-out
| | | | +--bgp-rib-out-policy-type
| | | | +--bgp-rib-out-policy
| | | | +--case: policy-set pcim-policy-set-name
| | | | +--case: policy-group pcim-policy-group-name
| | | +--rw bgp-route-prefix
| | | | .. prefix or prefix-range
| | | +--rw bgp-attribute-list
| | | | ... bgp attributes
| | | +--rw bgp-state-info
| | | | ... bgp state
| | +--rw bgp-match-operator
| | | +--rw operator-type enumeration
| | | +--rw bgp-prefix-range-operator
| | | +--rw bgp-attribute-operator
| | | +--rw bgp-state-operator
| | +--rw bgp-action
| | | +--bgp-act enumeration
| | | +--bgp-act value
| | +--rw bgp-set
| | | +--bgp-set enumeration
| | | +--bgp-set value
</artwork>
</figure>
</t>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This draft includes no request to IANA.</t>
</section>
<section title="Security Considerations">
<t>TBD</t>
</section>
</middle>
<back>
<references title="Informative References">
&RFC2119;
&RFC3060;
&RFC3460;
&RFC3644;
&RFC5511;
&I-D.ietf-i2rs-architecture;
&I-D.ietf-i2rs-rib-info-model;
&I-D.hares-i2rs-usecase-reqs-summary;
&I-D.hares-i2rs-bgp-im;
&I-D.bogdanovic-netmod-acl-model;
&I-D.zhdankin-netmod-bgp-cfg;
&I-D.ietf-netconf-restconf;
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 01:36:46 |