Policy distribution

General Information

The NFM-P creates a global policy in Draft mode. This is the mode used to configure a policy before distributing it to the NEs. Once a policy is configured and ready for distribution, you change its configuration mode to Released. Whether you’re dealing with a new or existing policy, changing its mode to Released opens the Distribute window. If the policy was previously distributed to a group of NEs, then only those NEs are shown in the Distribute window. By default, all the NEs are selected in the window. You can deselect the NEs you want, or use the current selection to distribute the policy. If the policy was not previously distributed, or its local versions are non-existent (deleted either by a user or an NE), then the Distribute window displays a list of compatible NEs. You must then select which NEs to distribute the policy to. Alternatively, you can use the drop-down menu in the Distribute window to select a Policy Distribute Group for the distribution.

The NFM-P also supports the partial distribution of global policies. Before a global policy is distributed to the NEs, the NFM-P determines whether the global policy, policy properties, and the policy entries are applicable for each NE to which the policy is to be applied. If an NE does not support the policy, property, or entry defined in a global policy, the policy is partially distributed to the NE. The inapplicable policy, property, or entry is not distributed to the NE. An alarm is not raised if a policy is partially distributed. When you use the NFM-P GUI or OSS, failure of distribution to an NE does not affect distribution to other NEs.

You can monitor policy distribution either in the Distribute window or by using the Task Manager. The NFM-P saves the latest released version of the global policy. If you select a Policy Distribute Group, the NEs contained within the group will be shown in the Selected Objects panel once the distribution begins. This allows you to monitor the distribution progress at the individual NE level.

You can also interrupt or completely stop an ongoing policy distribution. See To stop a policy distribution currently in progress for more information.

Distribution considerations

Consider the following before distributing policies using the NFM-P:

Scaling policy deployments

The NFM-P allows policies to be distributed to numerous NE sites in a single operation. To accomplish this effectively, the NFM-P can use multiple deployers to distribute the policies. A deployer in this context is a thread within the NFM-P that executes a task. Releasing a large global policy to multiple NEs using only one deployer may degrade system performance. Scaling policy deployments using multiple deployers helps to maintain system performance.

To avoid or minimize system degradation, an operator can configure the maximum number of managed objects that a single deployer is allowed to send during policy distribution. The default value is 10,000 managed objects per deployer. A managed object in this context is basically a configuration entry within a policy. For example, in an ACL IP filter policy, each IP filter entry is considered to be one managed object. Therefore a single global policy can often contain numerous managed objects.

When an operator sets the “policyDistributionMaxObjectsPerDeployer” parameter to a desired value, the NFM-P uses this value, along with the actual number of managed objects in the policy to be distributed, to calculate the maximum number of NE sites that can receive the policy per deployer. If the number of sites selected for the policy’s distribution exceeds this number, additional deployer requirements are automatically calculated and used by the NFM-P. This applies to the distribution of single as well as multiple global policies. For a single global policy, the values are calculated as follows:

Maximum number of NE sites allowed per deployer = Maximum number of objects per deployer / Number of objects in the global policy to be distributed

Number of deployers used to distribute the global policy = Total number of local NE sites to receive the global policy / Maximum number of sites per deployer

For the distribution of multiple policies, the number of deployers required is determined on a per policy basis.

Table 49-2, Example of policy deployment provides an example of deploying a single global policy that contains 1,000 managed objects. Note that if the maximum number of objects per deployer setting is less than the actual number of managed objects in the policy, the NFM-P will only use one deployer per site. However, if the setting for the maximum number of objects per deployer is very large, the NFM-P might use a single deployer for a very large number of sites, which could degrade system performance. See To configure the maximum number of policy objects per deployer for more information on configuring the maximum number of managed objects allowed per deployer.

Table 49-2: Example of policy deployment

Maximum number of managed objects allowed per deployer

Number of managed objects in a single global policy

Maximum number of NEs (sites) per deployer

0

All sites

1

1 site

500

1,000

1 site

1,000

1,000

1 site

5,000

1,000

5 sites

10,000

1,000

10 sites

100,000

1,000

100 sites

When configuring the “policyDistributionMaxObjectsPerDeployer” parameter, the user also has the option to set the value to "0" or "1". A value of "0" means that only one deployer will be used for all NE sites that are to receive the policy. A value of “1” means that one deployer per site will be used. When distributing global policies with a large number of managed objects to a large number of NEs, Nokia recommends setting a value between 2,000 and 100,000 for this parameter.