[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf well, back to work




>>>>> David Harrington writes:

David> 3) We need to plan the agenda for the next interim.

[...]

David> If anybody has any topics they want on the agenda, please speak
David> up.

I am not sure whether I will be able to attend the next interim (nor
did I read the minutes from the last one yet - so the comments below
may be out of line), but I am seriously concerned about some issues.

I believe that the split between a filter script and an action script
is not useful. In fact, this level of granularity will just turn out
to be very impractical if you express real-world policies. I actually
believe that the unit of concern should be a set of logically related
policy rules. (This probably maps to the concept of a PolicyGroup in
PCIM.)

I expect that a device which will be able to parse and execute the
"policy language" for filters and actions will also be able to parse
and execute a "policy language" for sets of policy rules. The
syntactic details you need to separate rules and actions from filters
should be easy to deal with. In fact, not having to expose the filters
and actions in separate MIB objects will save you code since the
policy language compiler/interpreter can now choose the internal
representation that fits best the execution environment. I also expect
that network operators will prefer to write and handle sets of
logically related policy rules in a single language and to store them
in a single file which they push to the managed devices. I don't see
much value in taking such a file on the manager side, to tokenize it a
bit, turn it into chunks of MIB objects that are pushed to the agent
by populating perhaps multiple tables and then ask the agent to
reassemble the data and tokenize the rest into a format that can be
executed.

I certainly like the idea to use languages to implement policies. But
we should be careful that we get the granularity right at the policy
abstraction level and that we divide the processing load in a
reasonable way. Doing a bit parsing here, a bit parsing there and
requiring the agent to provide SNMP access at the granularity of
single filters and actions is will lead to more complexity on both
ends.

Of course, once you accept the idea that policy rule sets are the
right granularity for distribution at the policy level, you can just
use RFC 2592 to distribute and invoke policy rule sets.  All which is
left to do is to reach agreement on a policy language and we are done
with it.

While reading the minutes form the Friday meeting, I got the feeling
that RFC 2592 actually provides answers for quite a few of the issues
discussed in Pittsburgh such as identifying language versions,
language extensions, handling and reporting of syntactic errors,
handling and reporting of execution errors, etc. I recommend that this
WG leverages existing work and focuses the resources that are
available on the new stuff that is in front of us and that the WG
reconsiders the granularity needed to distribute policies to
policy-enabled managed devices.

/js

-- 
Juergen Schoenwaelder      Technical University Braunschweig
<schoenw@ibr.cs.tu-bs.de>  Dept. Operating Systems & Computer Networks
Phone: +49 531 391 3289    Bueltenweg 74/75, 38106 Braunschweig, Germany
Fax:   +49 531 391 5936    <URL:http://www.ibr.cs.tu-bs.de/~schoenw/>