Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May...
-
Upload
elwin-patrick -
Category
Documents
-
view
219 -
download
0
description
Transcript of Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May...
![Page 1: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/1.jpg)
Slide 105/05/23
Policy-Based Management With SNMP
SNMPCONF Working Group - Interim Meeting May 2000
Jon Saperia
![Page 2: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/2.jpg)
Slide 205/05/23
Presentation Goals
Provide a common starting point for our discussions by:– Defining common terms - terms in common with Policy
Framework Working Group– Presenting an architectural overview of current work– Describing how the proposed process of policy-based
management works with SNMP
Identify areas that need further refinement
![Page 3: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/3.jpg)
Slide 305/05/23
Presentation Outline
Definition of Terms– Policy and Levels of Abstraction– Examples
SNMP Architecture– The basic elements– The Policy MIB Module– Mechanism and Device Specific MIB Modules– Support for access in managed devices at multiple levels of
abstraction
![Page 4: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/4.jpg)
Slide 405/05/23
Presentation Outline - Continued
Process of Configuration Management with a policy-enabled framework based on SNMP– User definition of policy– Initialization of policy components in managed devices– Configuration of the mechanism specific sub system– Manager interaction with managed devices to learn capabilities– Definition of roles– Policy transfer to managed devices– Device evaluation of policy – Mechanism/Device specific policy module interactions– Device feedback to policy management applications
![Page 5: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/5.jpg)
Slide 505/05/23
Policy Definition
Policy means many things to different people - different levels of abstraction– The high-level -the business level - few
technical details• All authorized IP phone calls have to get enough bandwidth
for TDM equivalent telephone service
– Increasing technical detail down to the most ‘refined’ level - individual parameters for specific instances in specific devices.
![Page 6: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/6.jpg)
Slide 605/05/23
Policy Abstraction - Domains
A general area of technology such as service quality or security.
Example domains– IPSec– Differentiated Services
More than 1 domain may be needed to fully represent business level goals.
![Page 7: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/7.jpg)
Slide 705/05/23
Policy Abstraction - Mechanism dependence/independence
Mechanisms are technologies used within a particular domain such as:– RED– WFQ
Policies expressed at a higher levels of abstraction are mechanism independent.
![Page 8: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/8.jpg)
Slide 805/05/23
Policy Abstraction Implementation dependence/independence
Possible to express policy in mechanism dependent and device independent way.
Expect that it will be common to combine mechanism and device dependent layers together.– This is analogous to standard MIB Modules and vendor
extensions. Even when the standard is sufficient, many vendors require additional parameters for monitoring and control.
– A policy that is defined using RED could have start and stop probabilities defined that have either different queue parameters for different vendors, or other objects that are vendor specific.
![Page 9: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/9.jpg)
Slide 905/05/23
Policy Abstraction - Instance dependence/independence
A policy can be distributed to a managed device in an instance independent or dependent way.
The policy MIB Module is configured with the rules that the managed device use to identify which instances should have the device and mechanism specific policy applied.
![Page 10: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/10.jpg)
Slide 1005/05/23
Policy Information at Different Levels of AbstractionLevel of Abstraction Level Specific Data
Domain, Device, Mechanism andInstance independent.
Authorized IP phone calls get enoughbandwidth for TDM equivalent telephoneservice.
Domain Specific (DIFFSERV), Device,Mechanism and Instance independent.
if sourceIPAddress == 172.3.128.0/15, &&if DSCP == 101110 THEN treat voicetraffic with Expedited Forwarding.
Domain, Mechanism, and DeviceSpecific, Instance Independent.
For DSCP value == 101110 then setWeighted Fair Queuing Parameters suchas bandwidth limits
Domain, Mechanism, Device andInstance Specific.
Instances for each of the values abovewould be visible and should beconfigurable. Interface 5 queue 3.
![Page 11: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/11.jpg)
Slide 1105/05/23
SNMP Architecture - Basic Elements
ManagedElements
SNMP AgentThe MIB
i.e., MIB Modules
The SNMP Protocol
SNMP Managerswith one or more applications
![Page 12: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/12.jpg)
Slide 1205/05/23
The Policy MIB Module - Overview
Filters to apply for selection of instances
Role information used in instance selection• Ethernet interface• Serves the executive offices
Pointers for schedule information
Pointers to mechanism/device dependent MIB Modules
![Page 13: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/13.jpg)
Slide 1305/05/23
Policy MIB Module - Overview Continued
Policy state information
Optionally usage information
Device capabilities:– Domains such as quality of service or IPSec– Mechanism appropriate to specific technologies
• WFQ• WRED
Information about which instances are associated with specific roles.
![Page 14: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/14.jpg)
Slide 1405/05/23
The Policy Module and other MIB Modules
SNMP AgentThe MIB
Other ‘traditional’Policy MIBModule
Policy Module communicateswith other modules as neededor with local instrumentation.
device and instance specificMIB Modules
![Page 15: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/15.jpg)
Slide 1505/05/23
Mechanism, Implementation and Instance Specific MIB Modules
SNMP Agent
Policy MIB Module
Diff. Serv. Policy MIB Module - converts mechanism and implementation specific
information to instance specific level
Instance Specific MIB Module(s). Can contain vendor extensions
Dotted lines indicate that indicated level of policy information is available to management applications, e.g., all levels are available
Solid lines represent possible interactions between components containing different levels of information.
![Page 16: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/16.jpg)
Slide 1605/05/23
Table and Information RelationshipsRole Definitions and filters for each policy Schedule Information Implementation and Mechanism
dependent information for each policy
Policy Management Application(s)
Calendar/Schedule Objects
Policy Table (an entry for every policy on the
managed element.
Role Table - roles are added to
instance specific objects (e.g., interfaces)
Capabilities Table
Mechanism and device specific
MIB Modules or tables
![Page 17: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/17.jpg)
Slide 1705/05/23
The Entire System - Overview
Administratively defined policy
Device, Instance and Mechanism Independent ‘default’ information
Policy System allows users to create expressions of policy for each domain.
Management Application Distributes Policy Information
Configuration commands to device, mechanism, and instance specific MIB Module(s) or ‘raw’ device instrumentation
Device Dependent, Instance Independent,Mechanism Dependent information
Mechanism specific Modules expand, defaults to instances for policy from info from Policy Module
Policy MIB Module
![Page 18: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/18.jpg)
Slide 1805/05/23
Sequence of Operations
Users provide information to management applications:– Filters/rules that managed elements used to determine which
instances to apply specific policies - to pmPolicyFilter.– Schedule information - Policy and Schedule Modules– Device and Mechanism specific information (when needed).– Assignment of roles to instances
Mechanism specific subsystem(s) register with Policy Module.
Managers learn devices capabilities from the Policy Module.
![Page 19: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/19.jpg)
Slide 1905/05/23
Sequence of Operations - Continued
Management software sets roleStrings in each device
Management software sends policies to devices– Mechanism and device information sent to devices and
appropriate MIB Modules as necessary.
Managed devices evaluate policyFilter and policyAction objects to determine instance targets for policy.
Device/Mechanism dependent modules set necessary values - via communication with other MIB Modules.
![Page 20: Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.](https://reader033.fdocuments.in/reader033/viewer/2022051202/5a4d1b767f8b9ab0599b732c/html5/thumbnails/20.jpg)
Slide 2005/05/23
Operations - An Ongoing Activity
Monitor policy status
Monitor resource utilization
Monitor fault status