[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf BCP re: policy layering



Greetings all...

I'm wondering where we are at on this issue, as the discussion on it seemed 
to die except for a lively discussion between myself, Steve (W.), and Jon.

To briefly summarize, Steve (W.) had a concern that the taxonomy as 
presented in the most recent versions of the BCP lacked sufficient 
sophistication, or rather, had an error in its relative 
one-dimensionality.  Specfically, where the taxonomy listed the notions of 
specificity at levels (from most general to least general): a) 
service-level-specific, b) domain-specific, c) mechanism-specific, d) 
implementation-specific, and e) instance-specific, Steve did not find that 
a particularly meaningful abstraction without one significant change.  That 
change is to take a) through d) above, and draw them into two categories, 
being that content which is instance specific and that which is 
instance-independent.  Steve (W.), I'm trying to be objective here, please 
correct me if my summary of your point is inaccurate as presented.

For my own purposes, while I'll stipulate it's *possible* for me to contort 
my mental model to adjust to this core redefinition or refinement, I don't 
find it particularly useful or necessary.  I think it creates a significant 
number of "dead spots" in the model matrix (to coin a phrase), and any 
problems this "fixes" can be accommodated by relaxing any inferred or 
explicit rules in how one interprets the model.  Let history record that 
for just this once, I'm arguing the case for simplicity :), particularly in 
the face of where we stand now with the Best Current Practices draft and 
moving it forward.

Now, I had a lengthy and illuminating one-on-one conversation with Steve 
week before last on this topic and at the very least, I do understand one 
reason he sees the world as defined by this taxonomy differently than I do.

Let me start with that difference in the Steve (W.) perspective from my 
own.  To the extent one appreciates working deployment of practices before 
one advances them to the iesg :), we have actually come to use the terms in 
the taxonomy *including* the instance-specific notion here at Gold Wire for 
the particular purpose for which I see this entire taxonomy as being most 
directly pertinent.  That is, to describe the scope of policy content and 
operational impact upon application of that policy.  To understand the 
significance, imagine a policy-based configuration manager which is *not* 
resident on a single managed element but on a server system which 
transcends many managed elements and nodes (up to the point of the 
snmpconf/pm-based architecture, I think this describes most 
implementations).  So, I may have a policy that describes 
neighbor-hello-intervals and link metrics for OSPF for my entire enterprise 
as a default.  That is scope specific to a  mechanism (OSPF), under the 
auspices of a greater domain (Intra-Gateway routing).  Now, I may have a 
lower hello interval and higher link metric defined for those interfaces on 
my OSPF backbone area.  That is overriding my prior scope with values which 
are specific to an *instance* of the protocol--a specific 
interface.  Hence, we have simply refined the specification to that 
instance-level containment.

Now, if you buy this example, what Steve (W.) may get excited about :) is 
that I've effectively "skipped" a level there, and did so intentionally for 
this example.  Specifically, there is nothing refined in an intermediate 
"implementation-specific" way--I'm assuming that, e.g., the integers I use 
for intervals and metrics will be portable between IOS and JunOS, I 
suppose.  What I specifically see, however, is that there is nothing to 
*preclude* the idea of a level of policy containment specificity being 
"hopped" or "bypassed" in the spiral-of-specificity which the taxonomy 
prescribes.

There is a lot of precedent for this.  The grandpappy of all taxonomies, 
the OSI Reference Model, for all of its warts and bruises, does have 
significant parallels (in specifying an application-level entity, how many 
times do I completely bypass the presentation or session layers in 
describing the instance architecture in OSI terms?).  For whatever reason, 
I've been assuming this same capability was present in the 
policy-specificity-taxonomy from the very first time I even heard about it, 
long before I read or started my dubious editing contributions on the BCP.

I said earlier that I understand a difference in perspective between myself 
and Steve (W.)--briefly, I now understand he wants the same taxonomy to 
pertain to the very *MIB objects* acting as parameters to policy.  In other 
words (and he can explain this better than I), that ifInOctets is a rather 
broad notion whose values are meaningless outside of the context of a 
specific instance.

I have never tried to make this connection, perhaps just because I've been 
living so long in policy-based configuration environments that are only 
partially (if at all) SNMP based, and as I said earlier, those which 
transcend the single managed element (consider *anything* needing to do 
end-to-end circuit setup based upon QoS parameters, for example).  It's not 
the *MIB Objects* (which act as parameters or output bindings to the 
policies) that I believe the taxonomy covers, however, it's the content of 
the *policy* itself...in the network engineering sense, how broadly is a 
policy defined?  The answer, without failure in my experience, can be found 
in one discrete value, or rather path of values to be formalized, from the 
enumerated levels of the taxonomy.

Briefly, here's a few more practical and perhaps utterly subjective reasons 
I find this need to expand the taxonomy at this time less than compelling:

-- I personally have never needed to draw this to be such a "two 
dimensional" distinction otherwise.  I warned you I'd be subjective. :)

-- We have had well over a year of this document being pored over without 
this need for fundamental refinement.  Mind you, we've discussed this 
taxonomy a lot, so it's not like people just never bothered to read that 
far into the thing.  People smarter than myself like Joel Halpern, R. E. 
Bob Moore, Jeff Case, and Dan Romanescu, who probably will forget more 
about reference modelling in a bad week than I'll ever know, haven't 
advanced or chimed in on this need for greater sophistication/complication 
(although if you folks have just been watching this constructive debate and 
avoiding comment, now's your time to jump in :).

-- I will advance (upon request :), how I think boring this out to be "two 
dimensions" does in fact create a number of awkward "undefined" squares in 
the matrix.  Briefly, I don't know what it means to have that which is 
service-level-specific-without-regard-to-underlying-refinements *but* 
instance specific, vs. that which is not.  And I wouldn't know as I sit 
here now how to write text into the BCP to describe that.

-- When in times of trouble, I draw on precedent.  My best precedent here, 
the OSI (work with me on this one, OK? :), only had one legitimate case 
that I recall for network functionality which truly "transcended" all of 
the layers of the model, and whose absence really hurt the model.  As most 
people here know, that was the network management "layer" which really 
needed to be a bolt-on  column in the whole reference model and with its 
own potential bolted-row-column to bolted-row-column interface concerns.  I 
don't see anything in this instance-specific thing which bodes a similarly 
profound resonance through the model.

Anyways, with all respect to Steve (W.) and the constructive advancement of 
his argument he has made, this is the reason I don't see needing to uncork 
this now to introduce this new ingredient.  With my name on the masthead, 
though, I'm not an ideal source of refutation of the argument, and I'd 
appreciate any other commentary on this which has been silently festering 
so we can figure out how to deal with this one way or another and advance 
this puppy.

Sorry for the length of this, but it's hard to subdivide my arguments on this.

Regards,
Wayne

--------

Wayne F. Tackabury              Internet: wayne@goldwiretech.com
Gold Wire Technology            Phone: (781) 398-8819
411 Waverley Oaks Rd., Ste 304
Waltham, MA  02452             Cell: (617) 699-6156