idnits 2.17.1 draft-hares-i2rs-bnp-info-model-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 324 has weird spacing: '...-access enume...' == Line 336 has weird spacing: '...tch-act pbr-p...' -- The document date (October 27, 2014) is 3469 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.hares-i2rs-bgp-im' is defined on line 397, but no explicit reference was found in the text == Unused Reference: 'I-D.hares-i2rs-usecase-reqs-summary' is defined on line 402, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-i2rs-architecture' is defined on line 407, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-i2rs-rib-info-model' is defined on line 413, but no explicit reference was found in the text == Unused Reference: 'RFC2119' is defined on line 428, but no explicit reference was found in the text == Unused Reference: 'RFC5511' is defined on line 442, but no explicit reference was found in the text == Outdated reference: A later version (-02) exists of draft-hares-i2rs-bgp-im-01 == Outdated reference: A later version (-02) exists of draft-hares-i2rs-usecase-reqs-summary-00 == Outdated reference: A later version (-15) exists of draft-ietf-i2rs-architecture-05 == Outdated reference: A later version (-17) exists of draft-ietf-i2rs-rib-info-model-03 == Outdated reference: A later version (-18) exists of draft-ietf-netconf-restconf-02 Summary: 0 errors (**), 0 flaws (~~), 14 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 I2RS working group S. Hares 3 Internet-Draft Q. Wu 4 Intended status: Standards Track Huawei 5 Expires: April 30, 2015 October 27, 2014 7 An Information Model for Basic Network Policy 8 draft-hares-i2rs-bnp-info-model-01 10 Abstract 12 This document contains the Basic Network Policy (BNP IM) Information 13 Model which an instantiation and extension of the PCIM work (RFC3060, 14 RFC 3460, RFC 3644) that supports both the configuration models and 15 the I2RS ephemeral models. The PCIM work contains a Policy Core 16 Information Model (PCIM) (RFC3060) and the Quality of Service (QoS) 17 Policy Information Model (QPIM)(RFC3644) and policy based routing. 18 The PCIM work provided a framework to incorporate ACL filters, prefix 19 filters, and more complex filters. This extension to PCIM model 20 incorporate ACLs, Prefix-filtering, and complex policy (match, set, 21 modify, set) into the PCIM framework. Complex policy is need by I2RS 22 programmatic interface to BGP, flow specification filtering, Policy 23 Based Routing (PBR), MPLS topology management, and flow specification 24 filtering. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on April 30, 2015. 43 Copyright Notice 45 Copyright (c) 2014 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 3 62 3. PCIM Overview . . . . . . . . . . . . . . . . . . . . . . . . 3 63 4. Top-Down yang Diagram for PCIM . . . . . . . . . . . . . . . 5 64 4.1. Policy Set Structures . . . . . . . . . . . . . . . . . . 5 65 4.2. Policy Group Expansion for Basic Network Policy (BNP) . . 6 66 5. Example of use in BGP . . . . . . . . . . . . . . . . . . . . 9 67 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 68 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 69 8. Informative References . . . . . . . . . . . . . . . . . . . 10 70 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 72 1. Introduction 74 The Interface to the Routing System (I2RS) provides read and write 75 access to the information and state within the routing process within 76 routing elements. The I2RS client interacts with one or more I2RS 77 agents to collect information from network routing systems. The 78 processing of collecting information at the I2RS agent may require 79 the I2RS Agent to filter certain information, group pieces of 80 information, or perform actions on the I2RS collected information 81 based on specific I2RS policies. 83 The generic policy work done in PCIM WG has been has been recast into 84 I2RS work. The PCIM work contains a Policy Core Information Model 85 (PCIM) [RFC3060], Policy Core Informational Model Extensions 86 [RFC3460] and the Quality of Service (QoS) Policy Information Model 87 (QPIM) ([RFC3644]) The basic concept of PCIM is that there are policy 88 rules which are combined into policy groups. If nesting and 89 aggregation of policy groups is necessary, the PCIM work defines a 90 policy set that operates under specific rules. Policy Groups can be 91 used without using policy sets. This concept of a policy group as an 92 entity that contains a set of policy rules is also reference utilized 93 by the OpenDaylight group policy project. 95 In initial work for I2RS or netmod, the policy group that simply 96 combines and orders policies rules will be sufficient. 98 Policy rules may include specific filters such as ACL or prefix 99 filters by simple reference. The following drafts provide these more 100 specific filters; 102 o ACL policy [I-D.bogdanovic-netmod-acl-model] 104 o BGP Prefix filter policy [I-D.zhdankin-netmod-bgp-cfg] 106 2. Definitions and Acronyms 108 BGP: Border Gateway Protocol 110 CLI: Command Line Interface 112 IGP: Interior Gateway Protocol 114 Information Model: An abstract model of a conceptual domain, 115 independent of a specific implementations or data representation 117 INSTANCE: Routing Code often has the ability to spin up multiple 118 copies of itself into virtual machines. Each Routing code 119 instance or each protocol instance is denoted as Foo_INSTANCE in 120 the text below. 122 NETCONF: The Network Configuration Protocol 124 PCIM - Policy Core Information Model 126 RESTconf - http programmatic protocol to access yang modules 128 3. PCIM Overview 130 The PCIM work created the concepts of Policy Set, Policy Group, and 131 Policy Rule. This section reviews these concepts as background for 132 the application of these concepts to current configuration and I2RS 133 policy. In addition, this section suggests placement of policy rule 134 concepts. 136 The basic PCIM concepts are: 138 Policy Set 140 is a class which derived from Policy, and it is inserted into the 141 inheritance hierarchy above both PolicyGroup and PolicyRule (as 142 figure 1 shows). The Policy set is a coherent set of rules that 143 has two properties of PolicyDecisionStrategy and PolicyRoles, and 144 supports PolicySetComponent subclass. The PolicySetComponent is 145 an aggregation class that allows aggregation of policy groups and 146 under policy groups the a set of rules. The PolicySet contains 147 rules for nesting policies that include matching strategies (all- 148 matching or first-match), priorities between rules, and roles. 149 One of the roles that must be conditionally matched is the models 150 denotation of "read-only" or "read-write". 152 Policy Group 154 Policy is described by a set of policy rules that may be grouped 155 into subsets. [RFC3060] defines policy groups as either a group 156 of policy rules or group of policy groups - but not both. A 157 policy group is used to provide a hierarchical policy definition 158 that provides the model context or scope for sub-rule actions. 159 The policy group is identified by a policy group name, and 160 contains policy rules. Policy groups can be nested within other 161 policy rules only within Policy sets. 163 Policy Rule 165 A Policy Rule is represented by the semantics "If Condition then 166 Action". A Policy Rule may have a priority assigned to it. 168 | "nests and aggregates policy-group" 169 +-----------^-------------+ 170 | Policy Set | 171 +--+-------------------+--+ 172 ^ ^ 173 /|\ /|\ 174 +------------+ +--------------+ 175 |Policy Group| | Policy Group | 176 +------------+ +--------------+ 177 ^ ^ +------------------+ 178 | | ---| ACL Policy-Rule | 179 | | | | Additions | 180 | | | +------------------+ 181 | | | +------------------+ 182 +--------^-------+ +-------^-------+ |--|Prefix Policy-Rule| 183 | Policy Rule | | Policy Rule |<----| Additions | 184 +----------------+ +---------------+ | +------------------+ 185 : : | . . . 186 : : | +------------------+ 187 ......: :..... ---|Other Policy-Rule | 188 : : | Additions | 189 : : +------------------+ 190 : : 191 +---------V---------+ +-V-------------+ 192 | Policy Condition | | Policy Action | 193 +-------------------+ +---------------+ 194 : : : : : : 195 .....: . :..... .....: . :..... 196 : : : : : : 197 +----V---+ +---V----+ +--V---+ +-V------++--V-----++--V---+ 198 | Match | |Policy | |Policy| | Set || Policy ||Policy| 199 |Operator| |Variable| |Value | |Operator||Variable|| Value| 200 +--------+ +--------+ +------+ +--------++--------++------+ 202 Figure 1: Overall model BNP IM structure 204 4. Top-Down yang Diagram for PCIM 206 The top down architecture has policy sets, policy groups, and policy 207 rules. It is not necessary to have policy sets to have policy rules. 209 4.1. Policy Set Structures 211 Per PCIM, the PolicySet contains rules for nesting policies that 212 include matching strategies (all-matching or first-match), priorities 213 between rules, and roles. The Yang diagram is below. 215 Figure 2 - Policy Set Yang 217 module: ietf-pcim 218 +--rw policy-set [policy-set-name] 219 | +--rw policy-set-name string 220 | +--rw matching-strategy enumeration 221 | +--rw policy-roles enumeration 222 | +--rw default-rule-priority uint16 223 | +--rw policy-group* [policy-group-name] 225 Figure 2 - PSET Yang level 227 4.2. Policy Group Expansion for Basic Network Policy (BNP) 229 Policy groups within the PCIM work have a name that identifies the 230 grouping of policy rules. In PCIM, the policy rule has a name, 231 status, priority, match condition with an action. The status for the 232 policy rule is enabled or disabled. The priority is the priority 233 within the policy rule order. This expansion of the PCIM policy rule 234 adds a policy-rule order field, a reference count (pr-refcnt). It 235 expands the PCIM match/condition methods to include a reference to 236 other match-action fields. 238 I2RS which requires that a read/write scope be tied to a particular 239 portion of the ephemeral tree. This requirement is instantiated as 240 the I2RS-role at the policy group level. However, it is anticipated 241 this will be replaced by an expansion of [I-D.ietf-netconf-restconf] 242 functionality surrounding the xpath feature. This element is left in 243 this model to until these restconf xpath additions have been 244 finalized. 246 The logical structure is below in figure 3 with an expansion of the 247 pcim match-action-operation in figure 4. 249 Figure 3 - Policy Group 250 +-------------------------------------+ (optional) 251 | Policy Group |.... 252 +--------------------------------------+ : 253 * * * ^ : 254 | | :....: 255 | | | | 256 | | | | 257 | | | | 258 +------+ +----+ +-----------------------+ 259 | Name | |I2RS| | Policy Rule | 260 | | |Role| | | 261 +------+ +----+ +-----------------------+ 262 * * * 263 | | | 264 +--+ | | +----------+ 265 | | |-| Name | 266 | | | +----------+ 267 +----+---+ ++----+ | +----------+ 268 | | |I2RS | | + Policy | 269 |Resource| |Scope| | +rule order| 270 +--------+ +-----+ |-+----------+ 271 * * | +----------+ 272 +------+ | | |-| Status | 273 |read |--| | | +----------+ 274 |scope | | | | +----------+ 275 +------+ | | |-| priority | 276 +------+ | | +----------+ 277 |write |------| | +----------+ 278 |scope | |-| refcnt | 279 +------+ | +----------+ 280 | +--------------+ 281 |-| PCIM | 282 | | match/action | 283 | +--------------+ 284 | +--------------+ 285 |-| ACL | 286 | | match/action | 287 | +--------------+ 288 |-+--------------+ 289 | Prefix-list | 290 | match/action | 291 +--------------+ 293 Figure 5 - Policy Rule's match-condition 295 +----------------+ 296 | PCIM | 297 | Policy Rule | 298 +----------------+ 299 * * 300 | | 301 | | 302 +---------+ +--------+ 303 ...>|Condition|<.......| Action |<... 304 : +---------+<.......+--------+ : 305 : : * * : : 306 :..... | : :... : 307 | : 308 +--------+...........: 309 |Operator| 310 +--------+ 312 The basic yang high-level structure for the policy group is included 313 below in figure 6. 315 Figure 6 317 module: ietf-pcim 318 +--rw policy-set [policy-set-name] 319 | .... 320 | +--rw policy-group* [policy-group-name] 321 | | +--rw policy-group-name 322 | | +--rw i2rs-scope 323 | | | +--tree-xpath 324 | | | +--access enumeration 325 | | +--rw policy-rule* [policy-rule-name] 326 | | | +--rw pr-name string 327 | | | +--rw pr-order unit16 328 | | | +--rw pr-status enumeration 329 | | | +--rw pr-priority unit16 330 | | | +--rw pr-refcnt unit16 331 | | | +--rw pr-match-act 332 | | | | +--rw pr-match-act-type 333 | | | | +case: pcim match-act ref-cnt 334 | | | | +case: acl acl-ref 335 | | | | +case: Prefix-list prefix-list-ref 336 | | | + +case: pbr-pcim-match-act pbr-pcim-match-act-ref 338 5. Example of use in BGP 340 The PCIM suggests a patch structure of match-field, operator for 341 match, action (send packet), and set value. The following is an 342 example is an example structure for the pcim of the match-condition 343 applied to BGP. 345 figure 7 347 +--rw bnp-match-act 348 | +--rw bnp-match-act-bgp-i2rs 349 | | +--rw bgp-match-field 350 | | | +--rw bgp-afi 351 | | | +--rw bgp-local-rib 352 | | | +--rw bgp-peer 353 | | | +--rw bgp-rib-in 354 | | | | +--bgp-rib-in-policy-type 355 | | | | +--bgp-rib-in-policy 356 | | | | +--case: policy-set pcim-policy-set-name 357 | | | | +--case: policy-group pcim-policy-group-name 358 | | | +--rw bgp-rib-out 359 | | | | +--bgp-rib-out-policy-type 360 | | | | +--bgp-rib-out-policy 361 | | | | +--case: policy-set pcim-policy-set-name 362 | | | | +--case: policy-group pcim-policy-group-name 363 | | | +--rw bgp-route-prefix 364 | | | | .. prefix or prefix-range 365 | | | +--rw bgp-attribute-list 366 | | | | ... bgp attributes 367 | | | +--rw bgp-state-info 368 | | | | ... bgp state 369 | | +--rw bgp-match-operator 370 | | | +--rw operator-type enumeration 371 | | | +--rw bgp-prefix-range-operator 372 | | | +--rw bgp-attribute-operator 373 | | | +--rw bgp-state-operator 374 | | +--rw bgp-action 375 | | | +--bgp-act enumeration 376 | | | +--bgp-act value 377 | | +--rw bgp-set 378 | | | +--bgp-set enumeration 379 | | | +--bgp-set value 381 6. IANA Considerations 383 This draft includes no request to IANA. 385 7. Security Considerations 387 TBD 389 8. Informative References 391 [I-D.bogdanovic-netmod-acl-model] 392 Bogdanovic, D., Sreenivasa, K., Huang, L., and D. Blair, 393 "Network Access Control List (ACL) YANG Data Model", 394 draft-bogdanovic-netmod-acl-model-02 (work in progress), 395 October 2014. 397 [I-D.hares-i2rs-bgp-im] 398 Hares, S., Wang, L., and S. Zhuang, "An I2RS BGP 399 Information Model", draft-hares-i2rs-bgp-im-01 (work in 400 progress), October 2014. 402 [I-D.hares-i2rs-usecase-reqs-summary] 403 Hares, S., "Summary of I2RS Use Case Requirements", draft- 404 hares-i2rs-usecase-reqs-summary-00 (work in progress), 405 July 2014. 407 [I-D.ietf-i2rs-architecture] 408 Atlas, A., Halpern, J., Hares, S., Ward, D., and T. 409 Nadeau, "An Architecture for the Interface to the Routing 410 System", draft-ietf-i2rs-architecture-05 (work in 411 progress), July 2014. 413 [I-D.ietf-i2rs-rib-info-model] 414 Bahadur, N., Folkes, R., Kini, S., and J. Medved, "Routing 415 Information Base Info Model", draft-ietf-i2rs-rib-info- 416 model-03 (work in progress), May 2014. 418 [I-D.ietf-netconf-restconf] 419 Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 420 Protocol", draft-ietf-netconf-restconf-02 (work in 421 progress), October 2014. 423 [I-D.zhdankin-netmod-bgp-cfg] 424 Alex, A., Patel, K., and A. Clemm, "Yang Data Model for 425 BGP Protocol", draft-zhdankin-netmod-bgp-cfg-01 (work in 426 progress), October 2014. 428 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 429 Requirement Levels", BCP 14, RFC 2119, March 1997. 431 [RFC3060] Moore, B., Ellesson, E., Strassner, J., and A. Westerinen, 432 "Policy Core Information Model -- Version 1 433 Specification", RFC 3060, February 2001. 435 [RFC3460] Moore, B., "Policy Core Information Model (PCIM) 436 Extensions", RFC 3460, January 2003. 438 [RFC3644] Snir, Y., Ramberg, Y., Strassner, J., Cohen, R., and B. 439 Moore, "Policy Quality of Service (QoS) Information 440 Model", RFC 3644, November 2003. 442 [RFC5511] Farrel, A., "Routing Backus-Naur Form (RBNF): A Syntax 443 Used to Form Encoding Rules in Various Routing Protocol 444 Specifications", RFC 5511, April 2009. 446 Authors' Addresses 448 Susan Hares 449 Huawei 450 7453 Hickory Hill 451 Saline, MI 48176 452 USA 454 Email: shares@ndzh.com 456 Qin Wu 457 Huawei 458 101 Software Avenue, Yuhua District 459 Nanjing, Jiangsu 210012 460 China 462 Email: bill.wu@huawei.com