[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

snmpconf issue #5 More examples.




hi all

I tried to put the example in text, presented in last IETF meeting.

Work Item:
5.More examples?
Issue: Bert raised the question about more examples in the BCP.
We should probably add one or two to the BCP for the policy
section as examples of good ways to use the system.
Essentially, this boils down to putting Hongal's example in the
document in addition to the example that's already there.



Examples

E.1 Configuring DiffServ DataPath using PolicyScript,Policy MIB
and DiffServ Template.

DataPath
--------

We can have couple of datapaths from diffserv model
  	1. Classify Mark
	2. Classify Meter Mark
	3. Classify Meter Mark Shape/Drop


Policy Definition and Service Definition
----------------------------------------
Apply 'Gold' policy on inbound traffic
Where
	1.The role of interface is equal to 'Gold'
	2. And element type is Fast Ethernet
Example definition of 'Gold' policy
1. All udp traffic limit to 500 Kb with Max burst 800Kb
2. All tcp traffic limit to 600 Kb with Max burst 800K
3. Drop the packets if out of profile
4. Mark all the in-profile traffic with EF11


The above example can be realized  using the diffServMIB
With 'Classify Meter Mark' type of datapath and diffServPolicyMib.

DiffServ DataPath and Parameter Tables to realize above policy


   +---------------------+                    +-----------+
   |diffPolicyDPCTable   |               +--->|Action     |
   |Id=1                 |               |    |Id=EF11-a  |
   |                     |    +------+   |    |Next       |
   |Configration --------+--->|Clfr  |   |    |Specific   |
   +---------------------+    | Id=1 |   |    |Type=other |
                              +------+   |    +-----------+
                                         |
   +------------+      +--------------+  |    +-----------+
   |ClfrElement |  +-->|Meter         |  | +->|Action     |
   | Id=udp     |  |   | Id=udp       |  | |  | Id=drop1  |
   | ClfrId=1   |  |   | SucceedNext--+--+ |  | Next 0.0  |
   | Order=NA   |  |   | FailNext ----+----+  | Specific  |
   | Next ------+--+   | Specific -+  |       | Type=absDp|
   | Specific --+-+    +-----------+--+       +-----------+
   +------------+ |                |
                  |                |
                  |                +--+
                  |   +-----------+   |   +----------+
                  +-->|Filter udp |   +-->|TBMeterUdp|
                      +-----------+       +----------+

                                              +-----------+
                                         +--->|Action     |
                                         |    |Id=EF11-b  |
                                         |    |Next       |
                                         |    |Specific   |
                                         |    |Type=other |
                                         |    +-----------+
                                         |
   +------------+      +--------------+  |    +-----------+
   |ClfrElement |  +-->|Meter         |  | +->|Action     |
   | Id=tcp     |  |   | Id=tcp       |  | |  | Id=drop2  |
   | ClfrId=1   |  |   | SucceedNext--+--+ |  | Next 0.0  |
   | Order=NA   |  |   | FailNext ----+----+  | Specific  |
   | Next ------+--+   | Specific -+  |       | Type=absDp|
   | Specific --+-+    +-----------+--+       +-----------+
   +------------+ |                |
                  |                |
                  |                +--+
                  |   +-----------+   |   +----------+
                  +-->|Filter Tcp |   +-->|TBMeterTcp|
                      +-----------+       +----------+


  Fig 1.  DiffPolicyDPCTable pointing to the DataPath ClfrId.1


ClfrId.1 is the start of datapath and diffServDPCTable entry
Has an valid entry pointing to the datapath template.In the
next picture we can see  that 'Gold' policy is been applied
on the selected interface.



   +---------------------+                    +-----------+
   |DataPath             |               +--->|Action     |
   | IfIndex=1           |               |    |Id=EF11-c  |
   | IfDirection=Ingress |    +------+   |    |Next       |
   | Start --------------+--->|Clfr  |   |    |Specific   |
   +---------------------+    | Id=2 |   |    |Type=other |
                              +------+   |    +-----------+
                                         |
   +------------+      +--------------+  |    +-----------+
   |ClfrElement |  +-->|Meter         |  | +->|Action     |
   | Id=udp2    |  |   | Id=udp2      |  | |  | Id=drop3  |
   | ClfrId=2   |  |   | SucceedNext--+--+ |  | Next 0.0  |
   | Order=NA   |  |   | FailNext ----+----+  | Specific  |
   | Next ------+--+   | Specific -+  |       | Type=absDp|
   | Specific --+-+    +-----------+--+       +-----------+
   +------------+ |                |
                  |                |
                  |                +--+
                  |   +-----------+   |   +----------+
                  +-->|Filter udp |   +-->|TBMeterUdp|
                      +-----------+       +----------+

                                              +-----------+
                                         +--->|Action     |
                                         |    |Id=EF11-d  |
                                         |    |Next       |
                                         |    |Specific   |
                                         |    |Type=other |
                                         |    +-----------+
                                         |
   +------------+      +--------------+  |    +-----------+
   |ClfrElement |  +-->|Meter         |  | +->|Action     |
   | Id=tcp2    |  |   | Id=tcp2      |  | |  | Id=drop4  |
   | ClfrId=2   |  |   | SucceedNext--+--+ |  | Next 0.0  |
   | Order=NA   |  |   | FailNext ----+----+  | Specific  |
   | Next ------+--+   | Specific -+  |       | Type=absDp|
   | Specific --+-+    +-----------+--+       +-----------+
   +------------+ |                |
                  |                |
                  |                +--+
                  |   +-----------+   |   +----------+
                  +-->|Filter Tcp |   +-->|TBMeterTcp|
                      +-----------+       +----------+

Fig 2.  DataPath table having the cloned policy ClfrId.2
         Applied on the interface, result of policy execution.

PolicyScript and pmPolicyTable

  PmPolicy execution model evaluates the pmPolicyFilter on interface
index, and if its role is 'GOLD' and of FastEthernet. The pmPolicyCondition
gets executed on that interface. Here comes the use of accessory function
getCloneOID(). The whole purpose of this accessory function is it returns
the OID of clone data path for a given datapath OID.  More work need to
be done on the Semantics and functionality of this function, it can be
left to the vendor how it should operate.

   +----------------------------+   +--------------------------------+
   |pmRoleTable                 |   |pmElementTypeRegTable           |
   |Element      ---------------+--->index=1                         |
   |String = Gold               |   |oid=1.3.6.1.2.1.2.2.1 //ifEntry |
   |Context                     |   |Name=ifEntry                    |
   +----------------------------+   +--------------------------------+

   +--------------+
   |pmPolicyTable |
   |Filter=1 -----+----+
   |Action=2 -----+----|-----------------------+
   +--------------+    |                       |
                       |                       |
          +------------V-----+        +--------V----------+
          |pmPolicyCodeTable |        |pmPolicyCodeTable  |
          |Index =1          |        |Index=2            |
          |Segment=1         |        |Segment=1          |
	   +--------+---------+        +--------+----------+
                   |                           |
                   |                           |
   +---------------V-----------+   +-----------V---------------------+
   |//if the interface is gold |   |//Action ..Apply 'Gold' policy on|
   |//and ifSpeed==100         |   |//selected interface             |
   |if(insubtree(elementName(),|   |var pdu, diffServCloneOID;       |
   |"ifEntry")&&               |   |var goldPolicyOID;               |
   | roleMatch("gold") &&      |   |var createAndGo = 3 ;            |
   | getVar("ifSpeed.",iv(0))==|   |goldPolicyOID="1.3.6..."         |
   | 100)                      |   |pdu pdu = newPDU();              |
   | return 1                  |   |diffServCloneOID =               |
   | return 0;                 |   |  getCloneOID(goldPolicyOID);    |
   +---------------------------+   |                                 |
   +-------------------------------+                                 |
   |writeVar(pdu,0, " diffServDatapathStart.",iv(0)+".1",            |
   |                                           diffServCloneOID,Oid);|
   |writeVar(pdu,0,"diffServDatapathStatus.",iv(0)+".1",             |
   |                                            createAndGo,Integer);|
   |snmpsend(pdu,2,OP_SET);                                          |
   +-----------------------------------------------------------------+


  E.2: Configuring Hello and Dead interval in OSPF routing domain
       on common networks by policy.

This example depicts how the policyScript can be used to
maintain common Hello and Dead interval

Across different subnet in a OSPF routing domain.

        The 'ospfIfHelloInterval' is the length of time, in seconds,
between the Hello packets that the router sends on the interface.
This value must be same for all routers attached to a common network.
The 'ospfIfRtrDeadInterval' is the number of seconds that a router's
Hello packets have not been seen before its neighbors declare the
router down. This value must be the same for all routers attached to
a common network.

A policy to maintain common Hello and Dead interval across different
sub-net can be like this:

           If  network is 10.50.5.0/24
   set ospfIfHelloInterval =15 and ospfIfRtrDeadInterval = 60
.........
.........
          else  /* default value */
   set ospfIfHelloInterval =10 and ospfIfRtrDeadInterval = 40

The picture below depicts realization of this policy using policyScript.
   +--------------------------------+
   |pmElementTypeRegTable           |
   |index=1  //ospfIfEntry          |
   |oid=1.3.6.1.2.1.14.7.1          |
   |Name =  ospfIfEntry             |
   +--------------------------------+

   +--------------+
   |pmPolicyTable |
   |Filter=1 -----+----+
   |Action=2 -----+----|-----------------------+
   +--------------+    |                       |
                       |                       |
          +------------V-----+        +--------V----------+
          |pmPolicyCodeTable |        |pmPolicyCodeTable  |
          |Index =1          |        |Index=2            |
          |Segment=1         |        |Segment=1          |
	    +--------+---------+        +-----------------+-+
                   |                                    |
                   |                                    |
   +---------------V------------------------------+     |
   |                                              |     |
   |   if(insubtree(elementName(),"ospfIfEntry")&&|     |
   |     (getvar("ospfIfStatus."+iv(0) )==1)&&    |     |
   |   (inSubNet(getvar("ospfIfIpAddress.$0"),    |     |
   |                     "10.50.5.0/24")= 0))     |     |
   |    return 0;                                 |     |
   | else                                         |     |
   | 	return 1;                                   |     |
   +----------------------------------------------+     |
                                                        |
   +----------------------------------------------------V---------+
   |  var pdu;                                                    |
   |  int HELLO_INTERVAL1=15;   /* 15 seconds */                  |
   |  int RTRDEAD_INTERVAL1=60; /*  60 seconds */                 |
   |  var = newPDU();                                             |
   |  writeVar(pdu,0, "ospfIfHelloInterval",iv(0),                |
   |                                           HELLO_INTERVAL1);  |
   |  writeVar(pdu,0, "ospfIfRtrDeadInterval",iv(0),              |
   |                                           RTRDEAD_INTERVAL1);|
   |  snmpsend(pdu,2,OP_SET);                                     |
   +--------------------------------------------------------------+

thanks
hongal

Thippanna Hongal
Riverstone Networks Inc.
Santa Clara CA 95054