draft-ietf-policy-pcim-ext-04.txt   draft-ietf-policy-pcim-ext-05.txt 
skipping to change at page 1, line 18 skipping to change at page 1, line 18
A. Westerinen A. Westerinen
Cisco Systems Cisco Systems
R. Chadha R. Chadha
Telcordia Technologies Telcordia Technologies
M. Brunner M. Brunner
NEC NEC
R. Cohen R. Cohen
Ntear LLC Ntear LLC
J. Strassner J. Strassner
INTELLLIDEN, Inc. INTELLLIDEN, Inc.
September 2001 October 2001
Policy Core Information Model Extensions Policy Core Information Model Extensions
<draft-ietf-policy-pcim-ext-04.txt> <draft-ietf-policy-pcim-ext-05.txt>
Tuesday, September 04, 2001, 2:35 PM Thursday, October 11, 2001, 12:08 PM
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts. may also distribute working documents as Internet-Drafts.
skipping to change at page 2, line 34 skipping to change at page 2, line 34
4.2. Reusable Policy Elements....................................14 4.2. Reusable Policy Elements....................................14
4.3. Policy Sets.................................................15 4.3. Policy Sets.................................................15
4.4. Nested Policy Rules.........................................15 4.4. Nested Policy Rules.........................................15
4.4.1. Usage Rules for Nested Rules..............................15 4.4.1. Usage Rules for Nested Rules..............................15
4.4.2. Motivation................................................16 4.4.2. Motivation................................................16
4.5. Priorities and Decision Strategies..........................17 4.5. Priorities and Decision Strategies..........................17
4.5.1. Structuring Decision Strategies...........................18 4.5.1. Structuring Decision Strategies...........................18
4.5.2. Side Effects..............................................19 4.5.2. Side Effects..............................................19
4.5.3. Multiple PolicySet Trees For a Resource...................20 4.5.3. Multiple PolicySet Trees For a Resource...................20
4.5.4. Deterministic Decisions...................................21 4.5.4. Deterministic Decisions...................................21
4.6. Policy Roles................................................21 4.6. Policy Roles................................................22
4.6.1. Comparison of Roles in PCIM with Roles in snmpconf........22 4.6.1. Comparison of Roles in PCIM with Roles in snmpconf........22
4.6.2. Addition of PolicyRoleCollection to PCIMe.................22 4.6.2. Addition of PolicyRoleCollection to PCIMe.................22
4.6.3. Roles for PolicyGroups....................................23 4.6.3. Roles for PolicyGroups....................................23
4.7. Compound Policy Conditions and Compound Policy Actions......25 4.7. Compound Policy Conditions and Compound Policy Actions......25
4.7.1. Compound Policy Conditions................................25 4.7.1. Compound Policy Conditions................................25
4.7.2. Compound Policy Actions...................................25 4.7.2. Compound Policy Actions...................................25
4.8. Variables and Values........................................26 4.8. Variables and Values........................................26
4.8.1. Simple Policy Conditions..................................26 4.8.1. Simple Policy Conditions..................................26
4.8.2. Using Simple Policy Conditions............................27 4.8.2. Using Simple Policy Conditions............................27
4.8.3. The Simple Condition Operator.............................28 4.8.3. The Simple Condition Operator.............................28
4.8.4. SimplePolicyActions.......................................31 4.8.4. SimplePolicyActions.......................................31
4.8.5. Policy Variables..........................................32 4.8.5. Policy Variables..........................................32
4.8.6. Explicitly Bound Policy Variables.........................33 4.8.6. Explicitly Bound Policy Variables.........................33
4.8.7. Implicitly Bound Policy Variables.........................34 4.8.7. Implicitly Bound Policy Variables.........................34
4.8.8. Structure and Usage of Pre-Defined Variables..............34 4.8.8. Structure and Usage of Pre-Defined Variables..............35
4.8.9. Rationale for Modeling Implicit Variables as Classes......35 4.8.9. Rationale for Modeling Implicit Variables as Classes......36
4.8.10. Policy Values............................................36 4.8.10. Policy Values............................................37
4.9. Packet Filtering............................................37 4.9. Packet Filtering............................................37
4.9.1. Domain-Level Packet Filters...............................37 4.9.1. Domain-Level Packet Filters...............................38
4.9.2. Device-Level Packet Filters...............................39 4.9.2. Device-Level Packet Filters...............................39
4.10. Conformance to PCIM and PCIMe..............................39 4.10. Conformance to PCIM and PCIMe..............................39
5. Class Definitions................................................40 5. Class Definitions................................................40
5.1. The Abstract Class "PolicySet"..............................40 5.1. The Abstract Class "PolicySet"..............................40
5.2. Update PCIM's Class "PolicyGroup"...........................41 5.2. Update PCIM's Class "PolicyGroup"...........................41
5.3. Update PCIM's Class "PolicyRule"............................41 5.3. Update PCIM's Class "PolicyRule"............................41
5.4. The Class "SimplePolicyCondition"...........................42 5.4. The Class "SimplePolicyCondition"...........................42
5.5. The Class "CompoundPolicyCondition".........................42 5.5. The Class "CompoundPolicyCondition".........................43
5.6. The Class "CompoundFilterCondition".........................43 5.6. The Class "CompoundFilterCondition".........................43
5.7. The Class "SimplePolicyAction"..............................43 5.7. The Class "SimplePolicyAction"..............................44
5.8. The Class "CompoundPolicyAction"............................44 5.8. The Class "CompoundPolicyAction"............................44
5.9. The Abstract Class "PolicyVariable".........................45 5.9. The Abstract Class "PolicyVariable".........................46
5.10. The Class "PolicyExplicitVariable".........................46 5.10. The Class "PolicyExplicitVariable".........................46
5.10.1. The Single-Valued Property "ModelClass"..................46 5.10.1. The Single-Valued Property "ModelClass"..................46
5.10.2. The Single-Valued Property ModelProperty.................46 5.10.2. The Single-Valued Property ModelProperty.................47
5.11. The Abstract Class "PolicyImplicitVariable"................47 5.11. The Abstract Class "PolicyImplicitVariable"................47
5.11.1. The Multi-Valued Property "ValueTypes"...................47 5.11.1. The Multi-Valued Property "ValueTypes"...................47
5.12. Subclasses of "PolicyImplicitVariable" Specified in PCIMe..47 5.12. Subclasses of "PolicyImplicitVariable" Specified in PCIMe..48
5.12.1. The Class "PolicySourceIPv4Variable".....................47 5.12.1. The Class "PolicySourceIPv4Variable".....................48
5.12.2. The Class "PolicySourceIPv6Variable".....................48 5.12.2. The Class "PolicySourceIPv6Variable".....................48
5.12.3. The Class "PolicyDestinationIPv4Variable"................48 5.12.3. The Class "PolicyDestinationIPv4Variable"................48
5.12.4. The Class "PolicyDestinationIPv6Variable"................48 5.12.4. The Class "PolicyDestinationIPv6Variable"................48
5.12.5. The Class "PolicySourcePortVariable".....................49 5.12.5. The Class "PolicySourcePortVariable".....................49
5.12.6. The Class "PolicyDestinationPortVariable"................49 5.12.6. The Class "PolicyDestinationPortVariable"................49
5.12.7. The Class "PolicyIPProtocolVariable".....................49 5.12.7. The Class "PolicyIPProtocolVariable".....................50
5.12.8. The Class "PolicyIPVersionVariable"......................50 5.12.8. The Class "PolicyIPVersionVariable"......................50
5.12.9. The Class "PolicyIPToSVariable"..........................50 5.12.9. The Class "PolicyIPToSVariable"..........................50
5.12.10. The Class "PolicyDSCPVariable"..........................50 5.12.10. The Class "PolicyDSCPVariable"..........................50
5.12.11. The Class "PolicyFlowIdVariable"........................50 5.12.11. The Class "PolicyFlowIdVariable"........................51
5.12.12. The Class "PolicySourceMACVariable".....................51 5.12.12. The Class "PolicySourceMACVariable".....................51
5.12.13. The Class "PolicyDestinationMACVariable"................51 5.12.13. The Class "PolicyDestinationMACVariable"................51
5.12.14. The Class "PolicyVLANVariable"..........................51 5.12.14. The Class "PolicyVLANVariable"..........................51
5.12.15. The Class "PolicyCoSVariable"...........................51 5.12.15. The Class "PolicyCoSVariable"...........................52
5.12.16. The Class "PolicyEthertypeVariable".....................52 5.12.16. The Class "PolicyEthertypeVariable".....................52
5.12.17. The Class "PolicySourceSAPVariable".....................52 5.12.17. The Class "PolicySourceSAPVariable".....................52
5.12.18. The Class "PolicyDestinationSAPVariable"................52 5.12.18. The Class "PolicyDestinationSAPVariable"................52
5.12.19. The Class "PolicySNAPVariable"..........................52 5.12.19. The Class "PolicySNAPVariable"..........................53
5.12.20. The Class "PolicyFlowDirectionVariable".................53 5.12.20. The Class "PolicyFlowDirectionVariable".................53
5.13. The Abstract Class "PolicyValue"...........................53 5.13. The Abstract Class "PolicyValue"...........................53
5.14. Subclasses of "PolicyValue" Specified in PCIMe.............53 5.14. Subclasses of "PolicyValue" Specified in PCIMe.............54
5.14.1. The Class "PolicyIPv4AddrValue"..........................53 5.14.1. The Class "PolicyIPv4AddrValue"..........................54
5.14.2. The Class "PolicyIPv6AddrValue...........................55 5.14.2. The Class "PolicyIPv6AddrValue...........................55
5.14.3. The Class "PolicyMACAddrValue"...........................56 5.14.3. The Class "PolicyMACAddrValue"...........................56
5.14.4. The Class "PolicyStringValue"............................56 5.14.4. The Class "PolicyStringValue"............................56
5.14.5. The Class "PolicyBitStringValue".........................57 5.14.5. The Class "PolicyBitStringValue".........................57
5.14.6. The Class "PolicyIntegerValue"...........................57 5.14.6. The Class "PolicyIntegerValue"...........................58
5.14.7. The Class "PolicyBooleanValue"...........................58 5.14.7. The Class "PolicyBooleanValue"...........................59
5.15. The Class "PolicyRoleCollection"...........................59 5.15. The Class "PolicyRoleCollection"...........................59
5.15.1. The Single-Valued Property "PolicyRole"..................59 5.15.1. The Single-Valued Property "PolicyRole"..................59
5.16. The Class "ReusablePolicyContainer"........................59 5.16. The Class "ReusablePolicyContainer"........................59
5.17. Deprecate PCIM's Class "PolicyRepository"..................59 5.17. Deprecate PCIM's Class "PolicyRepository"..................60
5.18. The Abstract Class "FilterEntryBase".......................60 5.18. The Abstract Class "FilterEntryBase".......................60
5.19. The Class "IpHeadersFilter"................................60 5.19. The Class "IpHeadersFilter"................................60
5.19.1. The Property HdrIpVersion................................61 5.19.1. The Property HdrIpVersion................................61
5.19.2. The Property HdrSrcAddress...............................61 5.19.2. The Property HdrSrcAddress...............................61
5.19.3. The Property HdrSrcMask..................................61 5.19.3. The Property HdrSrcMask..................................61
5.19.4. The Property HdrDestAddress..............................61 5.19.4. The Property HdrDestAddress..............................62
5.19.5. The Property HdrDestMask.................................62 5.19.5. The Property HdrDestMask.................................62
5.19.6. The Property HdrProtocolID...............................62 5.19.6. The Property HdrProtocolID...............................62
5.19.7. The Property HdrSrcPortStart.............................62 5.19.7. The Property HdrSrcPortStart.............................62
5.19.8. The Property HdrSrcPortEnd...............................62 5.19.8. The Property HdrSrcPortEnd...............................63
5.19.9. The Property HdrDestPortStart............................63 5.19.9. The Property HdrDestPortStart............................63
5.19.10. The Property HdrDestPortEnd.............................63 5.19.10. The Property HdrDestPortEnd.............................63
5.19.11. The Property HdrDSCP....................................63 5.19.11. The Property HdrDSCP....................................64
5.19.12. The Property HdrFlowLabel...............................64 5.19.12. The Property HdrFlowLabel...............................64
5.20. The Class "8021Filter".....................................64 5.20. The Class "8021Filter".....................................64
5.20.1. The Property 8021HdrSrcMACAddr...........................64 5.20.1. The Property 8021HdrSrcMACAddr...........................65
5.20.2. The Property 8021HdrSrcMACMask...........................64 5.20.2. The Property 8021HdrSrcMACMask...........................65
5.20.3. The Property 8021HdrDestMACAddr..........................65 5.20.3. The Property 8021HdrDestMACAddr..........................65
5.20.4. The Property 8021HdrDestMACMask..........................65 5.20.4. The Property 8021HdrDestMACMask..........................65
5.20.5. The Property 8021HdrProtocolID...........................65 5.20.5. The Property 8021HdrProtocolID...........................65
5.20.6. The Property 8021HdrPriorityValue........................65 5.20.6. The Property 8021HdrPriorityValue........................66
5.20.7. The Property 8021HdrVLANID...............................65 5.20.7. The Property 8021HdrVLANID...............................66
5.21. The Class FilterList.......................................66 5.21. The Class FilterList.......................................66
5.21.1. The Property Direction...................................66 5.21.1. The Property Direction...................................67
6. Association and Aggregation Definitions..........................67 6. Association and Aggregation Definitions..........................67
6.1. The Aggregation "PolicySetComponent"........................67 6.1. The Aggregation "PolicySetComponent"........................67
6.2. Deprecate PCIM's Aggregation "PolicyGroupInPolicyGroup".....67 6.2. Deprecate PCIM's Aggregation "PolicyGroupInPolicyGroup".....68
6.3. Deprecate PCIM's Aggregation "PolicyRuleInPolicyGroup"......68 6.3. Deprecate PCIM's Aggregation "PolicyRuleInPolicyGroup"......68
6.4. The Abstract Association "PolicySetInSystem"................68 6.4. The Abstract Association "PolicySetInSystem"................68
6.5. Update PCIM's Weak Association "PolicyGroupInSystem"........69 6.5. Update PCIM's Weak Association "PolicyGroupInSystem"........69
6.6. Update PCIM's Weak Association "PolicyRuleInSystem".........69 6.6. Update PCIM's Weak Association "PolicyRuleInSystem".........70
6.7. The Abstract Aggregation "PolicyConditionStructure".........70 6.7. The Abstract Aggregation "PolicyConditionStructure".........70
6.8. Update PCIM's Aggregation "PolicyConditionInPolicyRule".....70 6.8. Update PCIM's Aggregation "PolicyConditionInPolicyRule".....70
6.9. The Aggregation "PolicyConditionInPolicyCondition"..........70 6.9. The Aggregation "PolicyConditionInPolicyCondition"..........71
6.10. The Abstract Aggregation "PolicyActionStructure"...........71 6.10. The Abstract Aggregation "PolicyActionStructure"...........71
6.11. Update PCIM's Aggregation "PolicyActionInPolicyRule".......71 6.11. Update PCIM's Aggregation "PolicyActionInPolicyRule".......71
6.12. The Aggregation "PolicyActionInPolicyAction"...............71 6.12. The Aggregation "PolicyActionInPolicyAction"...............71
6.13. The Aggregation "PolicyVariableInSimplePolicyCondition"....71 6.13. The Aggregation "PolicyVariableInSimplePolicyCondition"....72
6.14. The Aggregation "PolicyValueInSimplePolicyCondition".......72 6.14. The Aggregation "PolicyValueInSimplePolicyCondition".......72
6.15. The Aggregation "PolicyVariableInSimplePolicyAction".......73 6.15. The Aggregation "PolicyVariableInSimplePolicyAction".......73
6.16. The Aggregation "PolicyValueInSimplePolicyAction"..........73 6.16. The Aggregation "PolicyValueInSimplePolicyAction"..........74
6.17. The Association "ReusablePolicy"...........................74 6.17. The Association "ReusablePolicy"...........................74
6.18. Deprecate PCIM's "PolicyConditionInPolicyRepository".......74 6.18. Deprecate PCIM's "PolicyConditionInPolicyRepository".......75
6.19. Deprecate PCIM's "PolicyActionInPolicyRepository"..........75 6.19. Deprecate PCIM's "PolicyActionInPolicyRepository"..........75
6.20. The Association ExpectedPolicyValuesForVariable............75 6.20. The Association ExpectedPolicyValuesForVariable............75
6.21. The Aggregation "ContainedDomain"..........................76 6.21. The Aggregation "ContainedDomain"..........................76
6.22. Deprecate PCIM's "PolicyRepositoryInPolicyRepository"......76 6.22. Deprecate PCIM's "PolicyRepositoryInPolicyRepository"......76
6.23. The Aggregation "EntriesInFilterList"......................76 6.23. The Aggregation "EntriesInFilterList"......................76
6.23.1. The Reference GroupComponent.............................77 6.23.1. The Reference GroupComponent.............................77
6.23.2. The Reference PartComponent..............................77 6.23.2. The Reference PartComponent..............................77
6.23.3. The Property EntrySequence...............................77 6.23.3. The Property EntrySequence...............................77
6.24. The Aggregation "ElementInPolicyRoleCollection"............77 6.24. The Aggregation "ElementInPolicyRoleCollection"............77
6.25. The Weak Association "PolicyRoleCollectionInSystem"........78 6.25. The Weak Association "PolicyRoleCollectionInSystem"........78
7. Intellectual Property............................................78 7. Intellectual Property............................................79
8. Acknowledgements.................................................79 8. Acknowledgements.................................................79
9. Security Considerations..........................................79 9. Security Considerations..........................................79
10. References......................................................79 10. References......................................................79
11. Authors' Addresses..............................................80 11. Authors' Addresses..............................................80
12. Full Copyright Statement........................................82 12. Full Copyright Statement........................................82
13. Appendix A: Closed Issues.......................................82 13. Appendix A: Closed Issues.......................................82
1. Introduction 1. Introduction
This document (PCIM Extensions, abbreviated here to PCIMe) proposes a This document (PCIM Extensions, abbreviated here to PCIMe) proposes a
skipping to change at page 20, line 26 skipping to change at page 20, line 26
4.5.3. Multiple PolicySet Trees For a Resource 4.5.3. Multiple PolicySet Trees For a Resource
As shown in the example in Figure 3. , PolicySet trees are defined by the As shown in the example in Figure 3. , PolicySet trees are defined by the
PolicySet subclass instances and the PolicySetComponent aggregation PolicySet subclass instances and the PolicySetComponent aggregation
instances between them. Each PolicySet tree has a defined set of instances between them. Each PolicySet tree has a defined set of
decision strategies and evaluation priorities. In section 4.6 we discuss decision strategies and evaluation priorities. In section 4.6 we discuss
some improvements in the use of PolicyRoles that cause the parent some improvements in the use of PolicyRoles that cause the parent
PolicySet.PolicyRoles to be applied to all contained PolicySet instances. PolicySet.PolicyRoles to be applied to all contained PolicySet instances.
However, a given resource may still have multiple, disjoint PolicySet However, a given resource may still have multiple, disjoint PolicySet
trees that are collected from different roles and role combinations. trees regardless of how they are collected. These top-level PolicySet
These top-level PolicySet instances are called "unrooted". instances are called "unrooted" relative to the given resource.
A PolicySet instance is defined to be unrooted in the context of a So, a PolicySet instance is defined to be rooted or unrooted in the
particular managed element; the relationship to the managed element is context of a particular managed element; the relationship to the managed
usually established by the policy roles of the PolicySet instance and of element is usually established by the policy roles of the PolicySet
the managed element (see 4.6 "Policy Roles"). A PolicySet instance is instance and of the managed element (see 4.6 "Policy Roles"). A
unrooted in that context if and only if there is no PolicySetComponent PolicySet instance is unrooted in that context if and only if there is no
association to a parent PolicySet that is also related to the same PolicySetComponent association to a parent PolicySet that is also related
managed element. Figure 4. shows an example where instance A has role A, to the same managed element. These PolicySetComponent aggregations are
instance B has role B and so on. In this example, in the context of traversed up the tree without regard to how a PolicySet instance came to
interface X, B, and C are unrooted and, because roles are inherited, be related with the ManagedElement. Figure 4. shows an example where
instances D, E, and F are all rooted. instance A has role A, instance B has role B and so on. In this example,
in the context of interface X, instances B, and C are unrooted and
instances D, E, and F are all rooted. In the context of interface Y,
instance A is unrooted and instances B, C, D, E and F are all rooted.
+---+ +-----------+ +---+ +-----------+ +-----------+
| A | | I/F X | | A | | I/F X | | I/F Y |
+---+ | has roles | +---+ | has roles | | has roles |
/ \ | B & C | / \ | B & C | | A & B |
/ \ +-----------+ / \ +-----------+ +-----------+
+---+ +---+ +---+ +---+
| B | | C | | B | | C |
+---+ +---+ +---+ +---+
/ \ \ / \ \
/ \ \ / \ \
+---+ +---+ +---+ +---+ +---+ +---+
| D | | E | | F | | D | | E | | F |
+---+ +---+ +---+ +---+ +---+ +---+
Figure 4. Unrooted PolicySet Instances Figure 4. Unrooted PolicySet Instances
For those cases where there are multiple unrooted PolicySet instances For those cases where there are multiple unrooted PolicySet instances
that apply to the same managed resource (i.e., not in a common that apply to the same managed resource (i.e., not in a common
PolicySetComponent tree), the decision strategy among these disjoint PolicySetComponent tree), the decision strategy among these disjoint
PolicySet instances is the FirstMatching strategy. The priority used PolicySet instances is the FirstMatching strategy. The priority used
with this FirstMatching strategy is defined in the PolicySetInSystem with this FirstMatching strategy is defined in the PolicySetInSystem
association. association. The PolicySetInSystem subclass instances are present for all
PolicySet instances (it is a required association) but the priority is
only used as a default for unrooted PolicySet instances in a given
ManagedElement context.
The FirstMatching strategy is used among all PolicySet instances that The FirstMatching strategy is used among all unrooted PolicySet instances
apply to a given resource for a given functional domain. So, for that apply to a given resource for a given functional domain. So, for
example, the PolicySet instances that are used for QOS policy and the example, the PolicySet instances that are used for QoS policy and the
instances that are used for IKE policy, although they are disjoint, are instances that are used for IKE policy, although they are disjoint, are
not joined in a FirstMatching decision strategy. Instead, they are not joined in a FirstMatching decision strategy. Instead, they are
evaluated independently of one another. evaluated independently of one another.
4.5.4. Deterministic Decisions 4.5.4. Deterministic Decisions
As previously discussed, PolicySetComponent.Priority values MUST be As previously discussed, PolicySetComponent.Priority values MUST be
unique within a containing PolicySet and PolicySetInSystem.Priority unique within a containing PolicySet and PolicySetInSystem.Priority
values MUST be unique for an associated System. Each PolicySet, then, has values MUST be unique for an associated System. Each PolicySet, then, has
a deterministic behavior based upon the decision strategy and uniquely a deterministic behavior based upon the decision strategy and uniquely
 End of changes. 35 change blocks. 
59 lines changed or deleted 65 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/