General policy configuration
Overview
|
CAUTION Service Disruption |
The code samples in this section show the structures for object creation or modification, and do not include all of the properties required to create a working policy.
See the XML API SDK Sample Code Navigator for working samples.
Policy configuration and examples
The XML API supports the creation and modification of policies. A unique numeric ID or unique name (a string) is used to uniquely identify a policy. Some policies have a default policy, which is automatically created by the NFM-P and in general, cannot be deleted or modified. There are exceptions to this. The ID is usually 1 or name of default.
The following example shows the minimum XML parameter tags required to develop an XML request to create the basic policy.
The genericObject.configureChildInstance method is used to create a policy. The request response uses the <objectFullName> element to identify the new policy.
Policy creation parameters
-
distinguishedName—see Table 18-4, Policy objects and associated distinguishedName . The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference
-
childConfigInfo—creates and configures the following policy parameters:
-
Policy object - see Table 18-4, Policy objects and associated distinguishedName
-
• <id> - assigns a unique numeric ID
• <displayedName> - assigns a unique name
-
The following table lists the most commonly deployed policies. See policy.PolicyType in the XML API Reference for a complete list.
Table 18-4: Policy objects and associated distinguishedName
|
Policy |
Policy object |
distinguishedName |
|---|---|---|
|
Access Egress |
aengr.Policy |
Access Egress |
|
Access Ingress |
aingr.Policy |
Access Ingress |
|
Network |
niegr.Policy |
Network |
|
Network Queue |
nqueue.Policy |
Network Queue |
|
Slope |
slope.Policy |
Slope |
|
Shared Queue |
squeue.Policy |
Shared Queue |
|
Scheduler |
vs.Policy |
Scheduler |
|
ACL IP Filter |
aclfilter.IpFilter |
IP Filter |
|
ACL MAC Filter |
aclfilter.MacFilter |
MAC Filter |
|
ACL IPv6 Filter |
acfilter.Ipv6Filter |
IPv6 Filter |
|
Routing: AS Path Community Damping Statement Prefix List |
rp.ASPath rp.Community rp.Damping rp.PolicyStatement rp.PrefixList |
rpASPath rpCommunity rpDamping rpStatement rpPrefixList |
|
Accounting |
accounting.Policy |
Accounting |
|
File |
file.Policy |
File |
Access Egress
Access egress policies define egress service queues, map forwarding class flows to queues, are applied to access egress interfaces, and specify the QoS on egress.
Access egress policy creation parameters
-
distinguishedName—Access Egress. The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference.
-
childConfigInfo—creates and configures the following policy parameters:
-
<id> - (optional) assigns a unique numeric ID. If the ID is not specified, the NFM-P automatically assigns the ID.
-
<children-Set>—tag to enclose children objects
• Queue object - aengr.Queue
• actionMask - specifies the create operation
• <id> - (optional) assigns a unique queue ID. If the ID is not specified, the NFM-P automatically assigns the ID.
• Forwarding class object - aengr.ForwardingClass
• actionMask - specifies the create operation
Figure 18-2: Access egress policy creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0"> |
<deployer>immediate</deployer> |
<distinguishedName>Access Egress</distinguishedName> |
<childConfigInfo> |
<aengr.Policy> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<id>99</id> |
<children-Set> |
<aengr.Queue> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<id>2</id> |
.. |
</aengr.Queue> |
<aengr.ForwardingClass> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
. |
</aengr.ForwardingClass> |
</children-Set> |
</aengr.Policy> |
</childConfigInfo> |
</generic.GenericObject.configureChildInstance> |
ACL IP Filter
Filter policies specify a forward, drop, or HTTP redirect action for packets based on information specified as the match criteria. ACL IP filter policies are applied to network and access IP interfaces and service tunnels.
ACL IP filter policy creation parameters
-
distinguishedName—IP Filter. The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference.
-
childConfigInfo—creates and configures the following policy parameters:
-
<id> - (optional) assigns a unique numeric ID. If the ID is not specified, the NFM-P automatically assigns the ID.
-
<children-Set>—tag to enclose children objects
• IP filter entry object - aclfilter.IpFilterEntry
• actionMask - specifies the create operation
• <id> - assigns a unique queue ID. If the ID is not specified, the NFM-P automatically assigns the ID.
• <action> - select an action
• set other parameters for IP filter entry
Figure 18-3: ACL IP filter policy creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0"> |
<deployer>immediate</deployer> |
<distinguishedName>IP Filter</distinguishedName> |
<childConfigInfo> |
<aclfilter.IpFilter> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<id>1000</id> |
<defaultAction>forward</defaultAction> |
<children-Set> |
<aclfilter.IpFilterEntry> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<id>20</id> |
<action>drop</action> |
<protocol>UDP</protocol> |
<destinationIpAddress>4.4.4.4</destinationIpAddress> |
<destinationIpAddressMask>32</destinationIpAddressMask> |
<destinationPort1>1</destinationPort1> |
<destinationPort2>6</destinationPort2> |
<destinationOperator>RANGE</destinationOperator> |
</aclfilter.IpFilterEntry> |
</children-Set> |
</aclfilter.IpFilter> |
</childConfigInfo> |
</generic.GenericObject.configureChildInstance> |
Routing policy statement
Routing policies, also known as route redistribution policies, control the size and content of the routing tables, the routes that are advertised, and the best route to take to reach a destination.
Routing policy statement creation parameters
-
distinguishedName—rpStatement. The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference.
-
childConfigInfo—creates and configures the following policy parameters:
-
<children-Set>—tag to enclose children objects
• Statement entry object - rp.PolicyStatementEntry
• actionMask - specifies the create operation
• <entryId> - assigns an entry ID.
• <action> - select an action
• <children-Set>—tag to enclose children objects
• Statement action object - rp.Action
• actionMask - specifies the create operation
• <communityAction1> - select a community action
• <communityName1> - assigns a community name
• Statement from criteria object - rp.FromCriteria
• actionMask - specifies the create operation
• <communityName1> - assign community
• <prefixList> - assigns a prefix list
Figure 18-4: Routing policy statement creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0"> |
<deployer>immediate</deployer> |
<distinguishedName>rpStatement</distinguishedName> |
<childConfigInfo> |
<rp.PolicyStatement> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<policyStatementName>Test Sample</policyStatementName> |
<children-Set> |
<rp.PolicyStatementEntry> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<entryId>5</entryId> |
<action>accept</action> |
<children-Set> |
<rp.Action> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<communityAction1>replace</communityAction1> |
<communityName1>c20</communityName1> |
</rp.Action> |
<rp.FromCriteria> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<communityName>c30</communityName> |
<prefixList1>IP Address 32</prefixList1> |
</rp.FromCriteria> |
</children-Set> |
</rp.PolicyStatementEntry> |
</children-Set> |
</rp.PolicyStatement> |
</childConfigInfo> |
</generic.GenericObject.configureChildInstance> |
File and accounting policies
NEs collect accounting statistics using an accounting policy and as associated file policy that are assigned to a SAP, an SDP, a network port, or a subscriber profile.
A file policy specifies the relative size, storage location, and backup location of the files on the NE that contain accounting statistics data. An NE collects accounting statistics based on the collection interval specified for a SAP, network port, or subscriber in an accounting policy. The NE writes the statistics data in XML format to a file on the NE.
File policy creation parameters
-
distinguishedName—File. The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference.
-
childConfigInfo—creates and configures the following policy parameters:
Figure 18-5: File policy creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0"> |
<deployer>immediate</deployer> |
<distinguishedName>File</distinguishedName> |
<childConfigInfo> |
<file.Policy> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<id>88</id> |
<collectionInterval>600</collectionInterval> |
<retentionInterval>12</retentionInterval> |
<drive>cf1A</drive> |
</file.Policy> |
</childConfigInfo> |
</generic.GenericObject.configureChildInstance> |
An accounting policy specifies an accounting statistics record type, a collection interval, an administrative state, and a file policy.
Accounting policy creation parameters
-
distinguishedName—Accounting. The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference.
-
childConfigInfo—creates and configures the following policy parameters:
-
<id> - (optional) assigns a unique numeric ID. If the ID is not specified, the NFM-P automatically assigns the ID.
-
<fileObjectPointer> - assigns a file policy. See the Parent Hierarchy of the class file.Policy for the FDN.
-
<recordType> - selects a predefined type of accounting record to be written to the accounting file
-
<collectionInterval> - sets the statistics collection interval
Figure 18-6: Accounting policy creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0"> |
<deployer>immediate</deployer> |
<distinguishedName>Accounting</distinguishedName> |
<childConfigInfo> |
<accounting.Policy> |
<actionMask> |
<bit>create</bit> |
</actionMask> |
<id>89</id> |
<fileObjectPointer>File:88</fileObjectPointer> |
<recordType>svcEgressPkt</recordType> |
<collectionInterval>5</collectionInterval> |
</accounting.Policy> |
</childConfigInfo> |
</generic.GenericObject.configureChildInstance> |
Policy distribution
After the policy is created in the NFM-P , the policy must be distributed before the configuration is received by the NEs. The following table lists the methods in the policy package to distribute policy configurations to the NEs.
Note: Distribution performed from the GUI or via the OSSI method policy.PolicyDefinition.distribute does not generate the PolicyDistributeEvent. Only distribution performed via the OSSI method policy.PolicyDefinition.distributeV2 will generate the PolicyDistributeEvent.
Table 18-5: Policy distribution methods
|
Method |
Description |
|---|---|
|
policy.PolicyDefinition.distribute |
The global policy is distributed to the NEs specified in the siteIds. If the distribution fails the NFM-P validation for one NE, the global policy is not distributed to any of the NEs. |
|
policy.PolicyDefinition.distributeV2 |
The global policy is distributed to the NEs specified in the siteIds. If the distribution fails the NFM-P validation for one NE, distribution continues to the other NEs. A JMS message is sent back to indicate the failed site. The JMS PolicyDistributeStatusEvent will indicate whether the distribution failed or succeeded for each NE. A failure is indicated if an NE is not reachable, an NE is not present, or an NE is in the Local Edit Only mode. |
See the XML API Reference for information about policy distribution methods and the required input parameters. See “Policy distribution” in the NSP NFM-P Classic Management User Guide for information about policy distribution.
The following example shows the minimum XML parameter tags required to develop an XML request to distribute a policy.
Policy distribution parameters
-
instanceFullName—Access Egress: ${*id}. The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference
-
siteIds—the site ID list for distribution. An empty list means that the global policy is distributed to all applicable NEs.
Figure 18-7: Policy distribution request example
<policy.PolicyDefinition.distribute xmlns="xmlapi_1.0"> |
<deployer>immediate</deployer> |
<instanceFullName>Access Egress:99</instanceFullName> |
<siteIds> |
<string>198.51.100.55</string> |
</siteIds> |
</policy.PolicyDefinition.distribute> |
Policy configuration mode
The configuration mode parameter specifies the mode in which the global policy is configured, and determines whether the policy can be distributed to the NEs. The following table describes the policy configuration modes.
Table 18-6: Configuration mode
|
Option |
Description |
|---|---|
|
Draft |
The policy is not reviewed or approved for distribution to NEs. The policy cannot be distributed (see information below for the exception to this). |
|
Released |
The policy is reviewed and approved for distribution to NEs. The policy can be distributed. |
The isPolicyConfigurationModeUsed parameter in the server configuration determines the configuration mode in which a policy is created using the XML API. By default, the parameter is set to false, as shown in the following:
<policyOssiConfig isPolicyConfigurationModeUsed="false" />
When the parameter is set to false, the following occurs:
-
A global policy that is created using the XML API is set to the Released configuration mode. To distribute the policy, the policy.PolicyDefinition.distribute method may be used. See Policy distribution in this section for more information.
-
Any modification to the global policy in Released configuration mode, the changes are automatically distributed to local policies belonging to the global policy according to the following:
-
If the local policy is in SyncWithGlobal distribution mode, the applicable configuration on the global policy is set on the local policy and distributed to the corresponding NE.
-
If the local policy is in LocalEditOnly distribution mode, changes to the global policy do not affect the local policy. Therefore, changes are not distributed to the corresponding NE.
-
When the parameter is set to false and you attempt to distribute a global policy that is in Draft configuration mode, the policy is distributed to local policies in SyncWithGlobal distribution mode and to the corresponding NEs.
When the parameter is set to true, the following occurs:
-
A global policy that is created using the XML API is set to the Draft configuration mode. The policy must be set to the Released mode before the policy can be distributed. To distribute the policy, the policy.PolicyDefinition.distribute method may be used. See Policy distribution in this section for more information. The policy.PolicyDefinition.setConfigurationModeToReleased method may be used to release a draft policy.
-
Any modification to the global policy in Released configuration mode, the XML API returns the policy to Draft mode. Before the policy is distributed, the policy must be set to the Released mode.
-
-
If the local policy is in SyncWithGlobal distribution mode, the applicable configuration on the global policy is set on the local policy and distributed to the corresponding NE.
-
If the local policy is in LocalEditOnly distribution mode, changes to the global policy do not affect the local policy. Therefore, no changes are distributed to the corresponding NE.
-
To modify the isPolicyConfigurationModeUsed parameter, contact Nokia technical support.
Policy distribution mode
The distribution mode parameter specifies whether the local policy is synchronized with the associated global policy. Local policies can be different from each other as well as may differ from the global policy. The following table describes the policy distribution modes
Table 18-7: Distribution mode
|
Option |
Option description |
|---|---|
|
Sync With Global |
The local policy is synchronized with the global policy. The local instance cannot be modified. 1 When you distribute a global policy, local policies in this distribution mode allow the NEs to receive the policy. |
|
Local Edit Only |
You can modify the local instance only, which affects the associated network element. Local policies in this distribution mode do not allow the NE to receive the distribution of a global policy. Changes to the global policy do not affect the local policy unless a synchronization operation is manually performed. |
Notes:
WARNING - this is applicable if the operation is attempted using the NFM-P GUI. Using the XML API or CLI on the router, modifications on the local policy is possible and may cause the local and global policies to be out of synchronization even though the distribution mode on the local policy remains in SyncWithGlobal mode. Synchronization methods may be performed to synchronize the policies.
Policy modification workflows
The following workflow describes modification for global policy.
-
Set the policy to Released mode if it is in Draft mode. See Policy configuration mode in this section for information.
-
Distribute the policy. Local policies in SyncWithGlobal mode and the corresponding NEs receive the changes.
The following workflow describes modification for local policy.
-
If you want to set properties on a specific local policy that is to be different from the global policy, the policy must be in LocalEditOnly distribution mode.
Policy modification examples
Global Policy
The following example shows the minimum XML parameter tags required to modify an access egress global policy. This method can be used for other types of policies. The find method can be used to retrieve the FDN of the object. See Chapter 13, Inventory management for information about how to use the find method.
Global policy modification parameters
-
distinguishedName—Access Egress:${*id}. The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference
-
configInfo—creates and configures the following parameters:
-
<children-Set> - tag to enclose children objects
• Queue object - aengr.Queue
• actionMask - specifies the modify operation
• <objectFullName> - Access Egress:${*id}:queue-${*id}
• Properties that are modifiable
• Forwarding class object - aengr.ForwardingClass
• <objectFullName> - Access Egress:${*id}:forwarding-class-${forwardingClass}
• Properties that are modifiable
Figure 18-8: Global access egress policy modification request example
<generic.GenericObject.configureInstance xmlns="xmlapi_1.0"> |
<deployer>immediate</deployer> |
<distinguishedName>Access Egress:99</distinguishedName> |
<configInfo> |
<aengr.Policy> |
<actionMask> |
<bit>modify</bit> |
</actionMask> |
Properties to modify |
.. |
<children-Set> |
<aengr.Queue> |
<actionMask> |
<bit>modify</bit> |
</actionMask> |
<objectFullName>Access Egress:99:queue-2</objectFullName> |
Properties to modify |
.. |
</aengr.Queue> |
<aengr.ForwardingClass> |
<actionMask> |
<bit>modify</bit> |
</actionMask> |
<objectFullName>Access Egress:99:forwarding-class-be</objectFullName> |
Properties to modify |
.. |
</aengr.ForwardingClass> |
</children-Set> |
</aengr.Policy> |
</configInfo> |
</generic.GenericObject.configureInstance> |
Local Policy
It is recommended that the local policy be set to LocalEditOnly mode first before being modified.
The following example shows the minimum XML parameter tags required to set the distribution mode of a policy.
Policy distribution mode parameters
-
method—policy.PolicyDefinition.setDistributionModeToLocalEditOnly
-
instanceFullName—Access Egress: ${*id}. The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference.
-
siteIds—the site ID list for setting distribution mode
Figure 18-9: Policy distribution mode request example
<policy.PolicyDefinition.setDistributionModeToLocalEditOnly xmlns="xmlapi_1.0"> |
<deployer>immediate</deployer> |
<instanceFullName>Access Egress:99</instanceFullName> |
<siteIds> |
<string>198.51.100.55</string> |
</siteIds> |
</policy.PolicyDefinition.setDistributionModeToLocalEditOnly> |
The following example shows the minimum XML parameter tags required to modify an access egress local policy. This method can be used for other types of policies.
Local policy modification parameters
-
distinguishedName—network:${*systemAddress}:Access Egress:${*id}. The FDN can be determined by looking at the Parent Hierarchy of the class to be created in the XML API Reference
-
configInfo—creates and configures the following parameters:
-
<children-Set> - tag to enclose children objects
• Queue object - aengr.Queue
• actionMask - specifies the modify operation
• <objectFullName> - network:${systemAddress}:Access Egress:${*id}:queue-${*id}
• Properties that are modifiable
• Forwarding class object - aengr.ForwardingClass
• <objectFullName> - network:${systemAddress}:Access Egress:${*id}:forwarding-class-${forwardingClass}
• Properties that are modifiable
Figure 18-10: Local access egress policy modification request example
<generic.GenericObject.configureInstance xmlns="xmlapi_1.0"> |
<deployer>immediate</deployer> |
<distinguishedName>network:198.51.100.55:Access Egress:99</distinguishedName> |
<configInfo> |
<aengr.Policy> |
<actionMask> |
<bit>modify</bit> |
</actionMask> |
Properties to modify |
.. |
<children-Set> |
<aengr.Queue> |
<actionMask> |
<bit>modify</bit> |
</actionMask> |
<objectFullName>network:198.51.100.55:Access Egress:99:queue-2</objectFullName> |
Properties to modify |
.. |
</aengr.Queue> |
<aengr.ForwardingClass> |
<actionMask> |
<bit>modify</bit> |
</actionMask> |
<objectFullName>network:198.51.100.55:Access Egress:99:forwarding-class-be</objectFullName> |
Properties to modify |
.. |
</aengr.ForwardingClass> |
</children-Set> |
</aengr.Policy> |
</configInfo> |
</generic.GenericObject.configureInstance> |
© 2023 Nokia. Nokia Confidential Information
Use subject to agreed restrictions on disclosure and use.