Internet DRAFT - draft-liu-supa-policy-based-management-framework

draft-liu-supa-policy-based-management-framework



SUPA                                                             W.Liu
Internet Draft                                            J. Strassner
Intended status: Informational                          G. Karagiannis
Expires: October 2016                              Huawei Technologies
                                                              M. Klyus
                                                            NetCracker
                                                                  J.Bi
                                                   Tsinghua University
                                                         April 5, 2016



                  SUPA policy-based management framework
          draft-liu-supa-policy-based-management-framework-00.txt


Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.
   
   Internet-Drafts are working documents of the Internet
   Engineering Task Force (IETF).  Note that other groups may also
   distribute working documents as Internet-Drafts.  The list of
   current Internet-Drafts is at
   http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   This Internet-Draft will expire on October 5, 2016.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.




Liu, et al.            Expires October 5, 2016                [Page 1]

Internet-Draft SUPA policy based management framework       April 2016


Abstract

   Simplified Use of Policy Abstractions (SUPA) defines a set of rules
   that define how services are designed, delivered, and operated
   within an operator's environment independent of any one particular
   service or networking device. This document describes the SUPA basic
   architecture, its elements and interfaces.

Table of Contents


   1. Introduction ................................................ 2
   2. Framework for Generic Policy-based Management................ 3
      2.1. Overview ............................................... 3
      2.2. Operation .............................................. 7
      2.3. The GPIM and the EPRIM.................................. 8
      2.4. Creation of Generic YANG Modules........................ 8
   3. Security Considerations...................................... 9
   4. IANA Considerations ......................................... 9
   5. Contributors ................................................ 9
   6. Acknowledgments ............................................. 9
   7. References ................................................. 11
      7.1. Normative References................................... 11
      7.2. Informative References................................. 12

1. Introduction

   The rapid growth in the variety and importance of traffic flowing
   over increasingly complex enterprise and service provider network
   architectures makes the task of network operations and management
   applications and deploying new services much more difficult. In
   addition, network operators want to deploy new services quickly and
   efficiently. Two possible mechanisms for dealing with this growing
   difficulty are the use of software abstractions to simplify the
   design and configuration of monitoring and control   operations and
   the use of programmatic control over the configuration and operation
   of such networks. Policy-based management can be used to combine
   these two mechanisms into an extensible framework.

   Policy rules can be used to express high-level network operator
   requirements directly, or from a set of management applications, to
   a network management or element system. The network management or
   element system can then control the configuration and/or monitoring
   of network elements and services.

   Simplified Use of Policy Abstractions (SUPA) will define a generic
   policy information model (GPIM) [SUPA-info-model] for use in network


Liu, et al.            Expires October 5, 2016                [Page 2]

Internet-Draft SUPA policy based management framework       April 2016


   operations and management applications. The GPIM defines concepts
   and terminology needed by policy management indepednent of the form
   and content of the policy rule. The ECA Policy Rule Information
   Model (EPRIM) [SUPA-info-model] extends the GPIM to define how to
   build policy rules according to the event-condition-action paradigm.

   Both the GPIM and the EPRIM are targeted at controlling the
   configuration and monitoring of network elements throughout the
   service development and deployment lifecycle. The GPIM and the EPRIM
   will both be translated into corresponding YANG [RFC6020] modules
   that define policy concepts, terminology, and rules in a generic and
   interoperable manner; additional YANG modules may also be defined
   from the GPIM and/or EPRIM to manage specific functions.

   The key benefit of policy management is that it enables different
   network elements and services to be instructed to behave the same
   way, even if they are programmed differently. Management
   applications will benefit from using policy rules that enable
   scalable and consistent programmatic control over the
   configuration and monitoring of network elements and services.

2. Framework for Generic Policy-based Management

   This section briefly describes the design and operation of the SUPA
   policy-based management framework.

2.1. Overview

   Figure 1 shows a simplified functional architecture of how SUPA is
   used to define policies for creating network element configuration
   and monitoring snippets. SUPA uses the GPIM to define a consensual
   vocabulary that different actors can use to interact with network
   elements and services. The EPRIM defines a generic structure for
   imperative policies. The GPIM, as well as the combination of the
   GPIM and EPRIM, are converted to generic YANG data modules. The
   IETF produces the modules, and IANA is used to register the module
   and changes to it.

   In one possible approach, SUPA Generic & ECA Policy YANG Data
   modules together with the Resource and Service YANG data models
   specified in IETF (which define the specific elements that will be
   controlled by policies) are used by the Service Interface Logic.
   This Service Interface Logic creates appropriate input mechanisms
   for the operator to define policies   (e.g., a web form or a script)
   for creating and managing the network configuration. The operator
   interacts with the interface, which is then translated to
   configuration snippets.


Liu, et al.            Expires October 5, 2016                [Page 3]

Internet-Draft SUPA policy based management framework       April 2016


   Note that YANG models may not exist. In this case, the SUPA generic
   policy YANG data modules serve as an extensible basis to develop new
   YANG data models for the Service Interface Logic to create
   appropriate input mechanisms for the operator to define policies.
   This transfers the work specified by the Resource and Service YANG
   data models specified in IETF into the Service Interface Logic,
   which is then translated to configuration snippets.



                            +---------------------+
        +----------+       \| SUPA Generic Policy |
        |   IETF   |---+----+  Information Model  |
        +----------+   |   /|                     |
                       |    +---------+-----------+
                       |              |
           Assignments |              | Defines Policy Concepts
            and Manage |              |
             Content   |             \|/
                       |    +---------+-----------+
                       |   \| SUPA GPIM and EPRIM |
                       +----+    Generic YANG     |
                           /|    Data Modules     |
                            +---------+-----------+
                                      *
                                      *  Possible
                                      *  Approach
                                      *
     +--------------------------------*----------------------------------+
     |  Management System             *                                  |
     |                                *                                  |
     |                               \*/                                 |
     |             Fills   +----------+----------+    +---------------+  |
     | +--------+  Forms  \|  Service Interface  |/   | Resource and  |/ |   +------+
     | |Operator|----------+        Logic        +----| Service YANG  |------| IETF |
     | +--------+  Runs   /|  (locally defined   |\   |  Data Models  |\ |   +-------
     |            Scripts  | forms, scripts,...) |    +---------------+  |
     |                     +----------+----------+                       |
     |                                |                                  |
     |                               \|/                                 |
     |                        +-------+--------+                         |
     |                        |  Local Devices |                         |
     |                        | and Management |                         |
     |                        |     Systems    |                         |
     |                        +----------------+                         |
     +-------------------------------------------------------------------+

                          Figure 1 SUPA Framework



Liu, et al.            Expires October 5, 2016                [Page 4]

Internet-Draft SUPA policy based management framework       April 2016




   Figure 1 is exemplary. The Operator actor shown in Figure 1 can
   interact with SUPA in other ways not shown in Figure 1. In addition,
   other actors (e.g., an application developer) that can interact with
   SUPA are not shown for simplicity.

   The EPRIM defines an Event-Condition-Action (ECA) policy as an
   example of imperative policies. An ECA policy rule is activated
   when its event clause is true; the condition clause is then
   evaluated and, if true, signals the execution of one or more
   actions in the action clause. Imperative policy rules require
   additional management functions, which are explained in section 2.2
   below.

   Figure 2 shows a SUPA Policy Model creating and communicating policy
   rules to two different Network Manager and  Network Controller
   elements.

   The Generic Policy Information Model (GPIM) was used to construct
   policies. The GPIM defines generic policy concepts, as well as two
   types of policies: ECA policy rules and declarative policy
   statements.

   An ECA policy rule is activated when its event clause is true; the
   condition clause is then evaluated and, if true, signals the
   execution of one or more actions in the action clause. This type of
   policy explicitly defines the current and desired states of the
   system being managed.

   A set of Generic Policy Data Models are then created from the GPIM.
   These YANG data model policies are then used to control the
   configuration of network elements that model the service(s) to be
   managed using policy.



     +-----------------------------------------------------------------+
     |                       SUPA Policy Model                         |
     |                                                                 |
     |              +----------------------------------+               |
     |              | Generic Policy Information Model |               |
     |              +----+------------------------+----+               |
     |                   D                        D                    |
     |                   D                       \ /                   |
     |                   D           +------------+--------------+     |
     |                   D           | ECAPolicyRule Information |     |


Liu, et al.            Expires October 5, 2016                [Page 5]

Internet-Draft SUPA policy based management framework       April 2016


     |                   D           | Model (EPRIM)             |     |
     |                   D           +------------+--------------+     |
     |  +----------------D------------------------D----------------+   |
     |  |                D SUPA Policy Data Model D                |   |
     |  |               \ /                       D                |   |
     |  |+---------------+-----------+            D                |   |
     |  || Generic Policy Data Model |            D                |   |
     |  |+-------------------+-------+            D                |   |
     |  |                    D                    D                |   |
     |  |                   \ /                  \ /               |   |
     |  |                 +--+--------------------+--------------+ |   |
     |  |                 |    ECA PolicyRule Data Model         | |   |
     |  |                 +--------------------------------------+ |   |
     |  +------------------------------+---------------------------+   |
     |                                 |                               |
     |                                 |                               |
     +---------------------------------|-------------------------------+
                                       |
                                       |   NETCONF/RESTCONF
                         +-------------+--------+
                         C                      C
                         C                      C
                        \ /                    \ /
        +----------------+-----------+  +-------+--------------------+
        | Network Manager/Controller |  | Network Manager/Controller |
        |   +--------------------+   |  |   +---------------------+  |
        |   |  Network Resource  |   |  |   |    Network Resource |  |
        |   |     Data Model     |   |  |   |       Data Model    |  |
        |   +--------------------+   |  |   +---------------------+  |
        +---+---+---+----------------+  +-----+---+---+--------------+
           / \ / \ / \                       / \ / \ / \
            C   C   C                         C   C   C
            C   C   C                         C   C   C
            C   C   C                         C   C   C
           \ / \ / \ /                       \ / \ / \ /
           NE1 NE2 NEn                       NE1 NE2 NEn


                   Figure 2 SUPA Policy Model Framework

   In Figure 2:

   A double-headed arrow with Cs means communication;
   A double-headed arrow with Ds means derived from;


   The network elements used in this framework are:




Liu, et al.            Expires October 5, 2016                [Page 6]

Internet-Draft SUPA policy based management framework       April 2016


   SUPA Policy Model: represents one or more policy modules that
   contain the following entities:

   Generic Policy Information Model: a model for defining policy
   rules that are independent of data repository, data definition,
   query, and implementation languages, and protocol. This model is
   abstract and is used for design; it MUST be turned into a data model
   for implementation.

   Generic Policy Data Model: a model of policy rules for that are
   dependent of data repository, data definition, query, and
   implementation languages, and protocol.

   ECA Policy Rule Information Data Model (EPRIM): represents a policy
   rule as a statement that consists of an event clause, a condition
   clause, and an action clause. This type of Policy Rule explicitly
   defines the current and desired states of the system being managed.
   This model is abstract and is used for design; it MUST be turned
   into a data model for implementation.

   ECA Policy Rule Data Model: a model of policy rules derived from
   EPRIM, consist of an event clause, a condition clause, and an action
   clause.

   NM/NC: Network Manager / Controller, which represents one or more
   entities that are able to control the operation and management of a
   network infrastructure (e.g., a network topology that consists of
   Network Elements).

   Network Resource Data Model: a model of the physical and virtual
   network topology including the resource attributes (e.g., data rate
   or latency of links) and operational parameters needed to support
   service deployment over the network topology. An example of a
   network resource data model can be found in [ID.draft-contreras-
   supa-yang-network-topo].

   Network Element (NE), which can interact with local or remote NM/NC
   in order to exchange information, such as configuration information,
   policy enforcement capabilities, and network status.

2.2. Operation

   SUPA can be used to define various types of policies, including
   policies that affect services and/or the configuration of
   individual or groups of network elements. SUPA can be used by a
   centralized and/or distributed set of entities for creating,
   managing, interacting with, and retiring policy rules.


Liu, et al.            Expires October 5, 2016                [Page 7]

Internet-Draft SUPA policy based management framework       April 2016


   The SUPA scope is limited to policy information and data models.
   SUPA will not define network resource data models or network
   service data models; both are out of scope. Instead, SUPA will make
   use of network resource data models defined by other WGs or SDOs.

   Declarative policies that specify the goals to achieve but not how
   to achieve those goals (also called "intent-based" policies) are out
   of scope for the initial phase of SUPA.

2.3. The GPIM and the EPRIM

   The GPIM provides a common vocabulary for representing concepts
   that are common to expressing different types of policy, but which
   are independent of language, protocol, repository, and level of
   abstraction.

   This enables different policies at different levels of abstraction
   to form a continuum, where more abstract policies can be translated
   into more concrete policies, and vice-versa. For example, the
   information model can be extended by generalizing concepts from an
   existing data model into the GPIM; the GPIM extensions can then be
   used by other data models.

   The SUPA working group develops models for expressing policy at
   different levels of abstraction. Specifically, two models are
   envisioned (both of which are contained in the Generic Policy
   Information Model block in Figure 1:

   1. a generic model (the GPIM) that defines concepts and vocabulary
      needed by policy management systems independent of the form and
      content of the policy

   2. a more specific model (the EPRIM) that refines the GPIM to
      specify policy rules in an event-condition-action form

2.4. Creation of Generic YANG Modules

   An information model is abstract. As such, it cannot be directly
   instantiated (i.e., objects cannot be created directly from it).
   Therefore, both the GPIM, as well as the combination of the GPIM
   and the EPRIM, are translated to generic YANG modules.

   SUPA will provide guidelines for translating the GPIM (or the
   combination of the GPIM and the EPRIM) into concrete YANG data
   models    that define how to manage and communicate policies between
   systems.   Multiple imperative policy YANG data models may be
   instantiated   from the GPIM (or the combination of the GPIM and the


Liu, et al.            Expires October 5, 2016                [Page 8]

Internet-Draft SUPA policy based management framework       April 2016


   EPRIM). In   particular, SUPA will specify a set of YANG data models
   that will   consist of a base policy model for representing policy
   management   concepts independent of the type or structure of a
   policy, and as   well, an extension for defining policy rules
   according to the ECA   paradigm.

   The process of developing the GPIM, EPRIM and the derived/translated
   YANG data models is realized following the sequence shown below.
   After completing this process and if the implementation of the YANG
   data models requires it, the GPIM and EPRIM and the
   derived/translated YANG data models are updated and synchronized.

   (1)=>(2)=>(3)=>(4)=>(3')=>(2')=>(1')

   Where, (1)=GPIM; (2)=EPRIM; (3)=YANG data models; (4)=
   Implementation; (3')= update of YANG data models; (2')=update of
   EPRIM; (1') = update of GPIM

   The YANG module derived from the GPIM contains concepts and
   terminology for the common operation and administration of policy-
   based systems, as well as an extensible structure for policy rules
   of different paradigms. The YANG module derived from the EPRIM
   extends the generic nature of the GPIM to represent policies using
   an event-condition-action structure.

3. Security Considerations

   TBD

4. IANA Considerations

   This document has no actions for IANA.

5. Contributors

   The following people all contributed to creating this document,
   listed in alphabetical order:

   TBD.

6. Acknowledgments

   This document has benefited from reviews, suggestions, comments and
   proposed text provided by the following members, listed in
   alphabetical order: Andy Bierman.




Liu, et al.            Expires October 5, 2016                [Page 9]

Internet-Draft SUPA policy based management framework       April 2016


   Part of the initial draft of this document was picked up from
   previous documents, and this section lists the acknowledgements from
   them.



   From "SUPA Value Proposition" [Klyus2016]

   The following people all contributed to creating this document,
   listed in alphabetical order:

         Vikram Choudhary, Huawei Technologies
         Luis M. Contreras, Telefonica I+D
         Dan Romascanu, Avaya
         J. Schoenwaelder, Jacobs University, Germany
         Qiong Sun, China Telecom
         Parviz Yegani, Juniper Networks

   This document has benefited from reviews, suggestions, comments and
   proposed text provided by the following members, listed in
   alphabetical order: H. Rafiee, J. Saperia and C. Zhou.

   The authors of "SUPA Value Proposition" [Klyus2016] were:

         Maxim Klyus, Ed. , NetCracker
         John Strassner, Ed. , Huawei Technologies
         Will(Shucheng) Liu, Huawei Technologies
         Georgios Karagiannis, Huawei Technologies
         Jun Bi, Tsinghua University


   The initial draft of this document merged one document, and this
   section lists the acknowledgements from it.



   From "Problem Statement for Simplified Use of Policy Abstractions
   (SUPA)"   [Karagiannis2015]

   The authors of this draft would like to thank the following persons
   for the provided valuable feedback and contributions: Diego Lopez,
   Spencer Dawkins, Jun Bi, Xing Li, Chongfeng Xie, Benoit Claise, Ian
   Farrer, Marc Blancet, Zhen Cao, Hosnieh Rafiee, Mehmet Ersue, Simon
   Perreault, Fernando Gont, Jose Saldana, Tom Taylor, Kostas
   Pentikousis, Juergen Schoenwaelder, John Strassner, Eric Voit,
   Scott O. Bradner, Marco Liebsch, Scott Cadzow, Marie-Jose Montpetit.



Liu, et al.            Expires October 5, 2016               [Page 10]

Internet-Draft SUPA policy based management framework       April 2016


   Tina Tsou, Will Liu and Jean-Francois Tremblay contributed to an
   early version of this draft.

   The authors of "Problem Statement for Simplified Use of Policy
   Abstractions (SUPA)"   [Karagiannis2015] were:

         Georgios Karagiannis, Huawei Technologies
         Qiong Sun, China Telecom
         Luis M. Contreras, Telefonica
         Parviz Yegani, Juniper
         John Strassner, Huawei Technologies
         Jun Bi, Tsinghua University


   From "The Framework of Simplified Use of Policy Abstractions (SUPA)"
   [Zhou2015]

   The authors of this draft would like to thank the following persons
   for the provided valuable feedback: Diego Lopez, Jose Saldana,
   Spencer Dawkins, Jun Bi, Xing Li, Chongfeng Xie, Benoit Claise, Ian
   Farrer, Marc Blancet, Zhen Cao, Hosnieh Rafiee, Mehmet Ersue,
   Mohamed Boucadair, Jean Francois Tremblay, Tom Taylor, Tina Tsou,
   Georgios Karagiannis, John Strassner, Raghav Rao, Jing Huang.

   Early version of this draft can be found here:
   https://tools.ietf.org/html/draft-zhou-supa-architecture-00
   At the early stage of SUPA, we think quite some issues are left open,
   it is not so suitable to call this draft as "architecture". We would
   like to rename it to "framework". Later there may be a dedicated
   architecture document.

   The authors of "The Framework of Simplified Use of Policy
   Abstractions (SUPA)" [Zhou2015] were:

         Cathy Zhou, Huawei Technologies
         Luis M. Contreras, Telefonica
         Qiong Sun, China Telecom
         Parviz Yegani, Juniper


7. References

7.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, March 1997.



Liu, et al.            Expires October 5, 2016               [Page 11]

Internet-Draft SUPA policy based management framework       April 2016


7.2. Informative References

   [RFC3198]   Westerinen, A., Schnizlein, J., Strassner, J.,
   Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry,
   J., Waldbusser, S., "Terminology for Policy-Based Management", RFC
   3198, November, 2001

   [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the
   Network Configuration Protocol (NETCONF)", RFC 6020, October 2010.

   [RFC7285] R. Alimi, R. Penno, Y. Yang, S. Kiesel, S. Previdi, W.
   Roome, S. Shalunov, R. Woundy "Application-Layer Traffic
   Optimization (ALTO) Protocol", September 2014

   [SUPA-info-model] J. Strassner, J. Halpern, J. Coleman, "Generic
   Policy Information Model for Simplified Use of Policy Abstractions
   (SUPA)", IETF Internet draft, draft-strassner-supa-generic-policy-
   info-model-04, February 2016

   [TR235] J. Strassner, ed., "ZOOM Policy Architecture and
   Information Model Snapshot", TR245, part of the TM Forum ZOOM
   project, October 26, 2014

   [Karagiannis2015] G. Karagiannis, ed., "Problem Statement for
   Simplified Use of Policy Abstractions (SUPA)", IETF Internet draft,
   draft-karagiannis-supa-problem-statement-07, June 5, 2015

   [Klyus2016] M. Klyus, ed., "SUPA Value Proposition", IETF Internet
   draft, draft-klyus-supa-value-proposition-00, Mar 21, 2016

   [Zhou2015] C. Zhou, ed., "The Framework of Simplified Use of Policy
   Abstractions (SUPA)", draft-zhou-supa-framework-02, May 08, 2015
















Liu, et al.            Expires October 5, 2016               [Page 12]

Internet-Draft SUPA policy based management framework       April 2016


Authors' Addresses

   Will(Shucheng) Liu
   Huawei Technologies
   Bantian, Longgang District, Shenzhen 518129
   P.R. China

   Email: liushucheng@huawei.com


   John Strassner
   Huawei Technologies
   2330 Central Expressway
   Santa Clara, CA 95138 USA

   Email: john.sc.strassner@huawei.com


   Georgios Karagiannis
   Huawei Technologies
   Hansaallee 205, 40549 Dusseldorf
   Germany

   Email: Georgios.Karagiannis@huawei.com


   Maxim Klyus
   NetCracker
   Kozhevnicheskaya str.,7 Bldg. #1
   Moscow, Russia

   E-mail: klyus@netcracker.com


   Jun Bi
   Tsinghua University
   Network Research Center, Tsinghua University
   Beijing  100084
   P.R. China

   Email: junbi@tsinghua.edu.cn








Liu, et al.            Expires October 5, 2016               [Page 13]