1 / 19

SNMP Infrastructure for Policy-Based Management: Capabilities, Role, and Time Tables

This document outlines the implementation of SNMP infrastructure for policy-based management, focusing on Capabilities, Role, and Time Tables for defining policies in network devices. It covers the structure and usage of these tables and their related functions like roleMatch and capMatch for policy filtering. Operational requirements such as policy creation and troubleshooting in the field are also discussed, along with advantages of this approach. The document emphasizes leveraging existing MIBs and operational tools for flexibility and a complete architecture.

wentworth-bruno
Download Presentation

SNMP Infrastructure for Policy-Based Management: Capabilities, Role, and Time Tables

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Policy-Based Management MIB Steve Waldbusser Jon Saperia Thippanna Hongal

  2. PolicyFilter PolicyAction ifType == FastEthernet&& roleString == trunk fullDuplexMode = ON ifType == Ethernet&& roleString == GOLD Set QOS parametersto provide EF PHB Infrastructure Policy Table SNMP MIBs

  3. PolicyFilter PolicyAction ifType == FastEthernet&& roleString == trunk fullDuplexMode = ON ifType == Ethernet&& roleString == GOLD Set QOS parametersto provide EF PHB Infrastructure Policy Table Role Table Capabilities Table Time Objects SNMP MIBs

  4. PolicyTable PmPolicyEntry ::= SEQUENCE { pmPolicyIndex Integer32, pmPolicyFilter OCTET STRING, pmPolicyAction OCTET STRING, pmPolicyDescription SnmpAdminString, pmPolicyMatches Gauge32, pmPolicyStatus RowStatus }

  5. PolicyTable

  6. Policy Filter Expressions • Need to define a way to express a filter • Probably a parenthesized logical and arithmetic expression • Probably doesn’t need iteration • Strong preference for simplicity and “obviousness”

  7. Expression Details • Implicit SNMP retrievals • e.g.: if (ifType == ethernet) then (…) • Wildcarding • Self-defeating filter: ifType.7 == ethernet • Need wildcarding • Maybe: if (ifType.$1 == ethernet) then (ifAdminStatus.$1 = on) • Accessors • Function calls that retrieve data in a convenient way • e.g.: roleMatch(“gold”) • Searches for any matching role for this element • Expect from 3 to 10 accessors to be defined

  8. Role Table Purpose: • Writable table that allows strings to be downloaded to agent: • Multiple strings can be assigned to any element PmRoleESTable element string status gold ifIndex.1 active access ifIndex.1 active active headquarters ifIndex.1 trunk ifIndex.99 active

  9. Role Table PmRoleESEntry ::= SEQUENCE { pmRoleESElement OBJECT IDENTIFIER, pmRoleESString SnmpAdminString, pmRoleESStatus RowStatus } PmRoleSEEntry ::= SEQUENCE { pmRoleSEString SnmpAdminString, pmRoleSEElement OBJECT IDENTIFIER }

  10. Role Table • Accessor Function: • Need an accessor function for use in policyFilter • Something like roleMatch(“argument”) • Returns true if the element has that role string defined

  11. CapabilitiesTable Purpose: • We want policies to be executed only on devices that have certain capabilities • Need those capabilities to be in a MIB so that policy servers can determine which policies to download • Values for type are assigned by the working group • Values for subType are assignable by the implementor index type subType 1 WFQ AcmeWFQ 2 Pentium 3 RoundRobinQ

  12. Capabilities Table • Accessor Function: • Need an accessor function for use in policyFilter • Something like capMatch(“argument”) • Returns true if the element has that capability • NOTE: • capabilitiesTable not referenced by element • Only used to determine which filters to download • On the other hand, capMatch has a per-element resolution • It must apply policies to only the proper elements

  13. Time • We want policies to be executed only at certain times • Need time to be in a MIB so that filters can read them • Needs to provide two views of time • Globally consistent (i.e., UTCTime) • Local “Business Time” (i.e., M-F 9-5 local time)

  14. Time Three choices: • policyCalendarPtr - points to rfc2591 • Accessor Function • Like: If (dayOfWeek(“MTWTF”)) then (policyAction) • Three mib objects • timeOfDay • dayofWeek • dayOfMonth • ... • if (timeOfDay.0 > 9 && timeOfDay.0 < 17)

  15. Operational Requirements • Policy Creation • Need to allow an engineer to “debug” a policy • policyActions can be debugged in a lab • Debugging of policyFilters consists of ensuring that the filter selects the intended set of elements (not more, not less) • Need to see where a policy would be executed • Table that shows where a policy is executed • For debugging, set policyAction to no-op

  16. pmPolicyDebugPETable PEPolicyIndex PEElement PEStatus 1 ifIndex.4 ON 1 ifIndex.8 ON 1 ifIndex.9 ON 2 ifIndex.4 ON 2 ifIndex.8 ON

  17. Operational Requirements • Troubleshooting in Field • Engineers will occasionally find that a device is misconfigured due to policy • Need to find out which policy is causing the misconfiguration • Need to see where policies are bound • Table that shows what policies are executed here • Ad-hoc disabling of a policy binding • Granularity: 1 policy on 1 element • Turn status off in pmPolicyDebugEPTable • Need to provide facility so that this is documented in policyServer

  18. pmPolicyDebugEPTable PEPolicyIndex PEElement PEStatus ifIndex.4 ON 1 ifIndex.4 2 ON ifIndex.8 1 ON ifIndex.8 2 ON ifIndex.9 1 ON

  19. Advantages of the Approach • Built with existing infrastructure and tools • Leverages existing MIBs • Flexibility • Complete Architecture • Includes operational tools

More Related