1 / 20

Policy-Based Management with SNMP and Comparison with COPS-PR

Policy-Based Management with SNMP and Comparison with COPS-PR. Steve Waldbusser waldbusser@nextbeacon.com 5/16/01. Policy Based Management. A policy binds an action (simple or complex) to a filter rule that determines what elements the action should be applied to

dyllis
Download Presentation

Policy-Based Management with SNMP and Comparison with COPS-PR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Policy-Based Management with SNMP and Comparison with COPS-PR Steve Waldbusser waldbusser@nextbeacon.com 5/16/01

  2. Policy Based Management • A policy binds an action (simple or complex) to a filter rule that determines what elements the action should be applied to • I.e. if (an element has certain characteristics) then (apply operation to that element) • Alternately: if (policyFilter) then (policyAction)

  3. Trunk Ethernet Gold 100Mb Trunk Ethernet 100Mb Trunk Ethernet Silver 100Mb A Conceptual policy Trunk AND Ethernet AND 100Mb: Trunk Ethernet Gold 100Mb Trunk ATM Gold 45Mb Trunk Ethernet 100Mb Access Ethernet Gold 10Mb Access Ethernet Silver 10Mb AutonegotiateOff AutonegotiateOff Access Ethernet 10Mb Trunk Ethernet Silver 100Mb Access Ethernet Gold 100Mb Trunk Frame 45Mb Access Frame Gold 512Kb AutonegotiateOff Access Frame Silver 512Kb Access Frame 128Kb Access Ethernet Bronze 10Mb Access Ethernet Gold 10Mb

  4. Access Ethernet Gold 10Mb Access Ethernet Gold 100Mb Access Ethernet Gold 10Mb A Conceptual policy Ethernet AND Access AND Gold: Trunk Ethernet Gold 100Mb Trunk ATM Gold 45Mb Trunk Ethernet 100Mb Access Ethernet Gold 10Mb Access Ethernet Silver 10Mb DSCP = 5 Access Ethernet 10Mb Trunk Ethernet Silver 100Mb Access Ethernet Gold 100Mb Trunk Frame 45Mb Access Frame Gold 512Kb DSCP = 5 Access Frame Silver 512Kb Access Frame 128Kb Access Ethernet Bronze 10Mb Access Ethernet Gold 10Mb Access Ethernet Gold 10Mb Access Ethernet Gold 10Mb DSCP = 5 DSCP = 5 .

  5. The Policy-Based Management MIB • The Policy Management MIB (PM MIB) provides a way to describe and install policies for any domain: • QOS • Security • Routing • etc. • PM MIB Policies can manage any type of element • Interfaces • Circuits • Queues • Processes • Software • others...

  6. PM MIB Goals • Leverage existing infrastructure and tools • Resulting simplicity will accelerate time to market • Leverage existing MIBs • Don’t start from scratch in our data models • Flexibility for real-world policy • Simple or complex filters • Simple or complex actions • Meet operational requirements • Policy-based management is *very* different • End-users will need new tools and practices

  7. PolicyFilter PolicyAction ifType == FastEthernet&& roleString == trunk fullDuplexMode = ON ifType == Ethernet&& roleString == GOLD Set QOS parametersto provide EF PHB Policy Operation Policies (Usually local operations in which SNMP packets on network are unnecessary) Existing SNMP MIBs

  8. Elements of the Policy MIB Architecture • PolicyScript Language • Interpreted language that policy filters and actions are expressed in • Accessor Function Library • Standard set of library functions available for PolicyScript code • PM MIB • Objects and attributes that describe policies, schedules and supporting information

  9. PolicyScript Language • Least Common Denominator of C, Perl, C++, TCL, Python, and Javascript • No pointers, structures, typed variables, objects, classes, etc. • Does contain expressions, variables, looping

  10. Accessor Function Library • Library of 41 standard functions for policy processing • Convenience SNMP Functions • getvar, exists, setvar, searchcolumn, setRowStatus, counterRate, ... • General SNMP Functions • newPDU, readVar, writeVar, snmpsend • Policy Functions • roleMatch, elementName, setScratchPad, getScratchPad, signalException, getParameters • Utility Functions • regexp, regexp_replace, oidlen, oidncmp, insubtree, subid, substr, ... • Library Functions • strncmp, strncasecmp, strlen, random, sprintf, sscanf • Extensible • Vendors and others can add new accessor functions (e.g., setCLI())

  11. policyFilter PseudoCode Pseudocode: (is an ethernet AND is operational AND gets gold or silver service) Scripted As: (getvar(“ifType.$*”) == ethernet-csmacd && getvar(“ifOperStatus.$*”) == up && (roleMatch("gold") || roleMatch("silver")))

  12. Execution Example • Filter:(getvar(“ifType.$*”) == ethernet-csmacd && !(roleMatch("gold") || roleMatch("silver"))) • Action: setvar(“ifAdminStatus.$*”, down(2), Integer)

  13. Example Policy • Web Hosting Provider gives shell accounts but prohibits long-running programs • Filter: // if it's an application and it's // consumed more than 5 minutes of CPU time (getvar("hrSWRunType.$*") == 4 // app, not OS or driver && getvar("hrSWRunPerfCPU.$*") > 30000) // 300 seconds • Action:// Kill it setvar("hrSWRunStatus.$*", invalid(4), Integer); // invalid(4) kills it

  14. MIB Objects • Policy Table: Contains filter, action, scheduling info, execution instructions, debugging info, etc. • Policy installation consists of creating rows in this table ... • Other Tables in PM MIB for scheduling, roles and capabilities, operational tools, debugging, etc.

  15. Protocol Interaction Initial Configuration • No Polling • No Traps Manager Config Req (Get/Getnext) Config Data Policy Installation (Set) Managed System Ack

  16. Protocol Interaction Policy Change • No Polling • No Traps Manager Policy Install/Modify (Set) Ack Managed System

  17. Protocol Interaction Config State Change • No Polling • No Traps Manager State Change (Inform) Ack Managed System Policy Install/Modify (Set) Ack

  18. Features of Policy MIB • Scripting • Very flexible and understandable way to express policy • IT Personnel like the power of scripting • Much more flexible than string matching • Policies based on operational status • Capabilities, status of interface, utilization, etc. • Allows much more rich sets of policies than using human-input strings • Scheduling • Business calendars: “M-F 9-5” or “Last Friday of every month” • Videoconference from 12PM to 1PM • Conflict resolution • Follows a precedence tree to find best policy in case of conflict • COPS punts conflict resolution to the manager • Error Recovery • Scripting allows you to fallback to an alternate mechanism, an alternate policy, or to raise an alarm

  19. Operational Requirements • Tools for Policy Creation • Need to allow an engineer to test a policy • Answer question: will this filter match the proper elements? • Tools for Ongoing Operations • Notifications if a policy undergoes errors • When debugging a problem, want to know: what policies are managing this element • May want to disable a policy on an element so operator can take back control (“limp-home mode”) until policy is fixed • Must document this ad-hoc decision

  20. Advantages of the PM MIB • Built with existing infrastructure and tools • Leverages existing MIBs • Flexibility • Complete Architecture • Includes operational tools

More Related