General policy configuration

Overview
CAUTION 

CAUTION

Service Disruption

The code samples in this section show the structures for object creation or modification, and do not include all of the properties required to create a working policy.

See the XML API SDK Sample Code Navigator for working samples.

Policy configuration and examples

The XML API supports the creation and modification of policies. A unique numeric ID or unique name (a string) is used to uniquely identify a policy. Some policies have a default policy, which is automatically created by the NFM-P and in general, cannot be deleted or modified. There are exceptions to this. The ID is usually 1 or name of default.

The following example shows the minimum XML parameter tags required to develop an XML request to create the basic policy.

The genericObject.configureChildInstance method is used to create a policy. The request response uses the <objectFullName> element to identify the new policy.

Policy creation parameters

The following table lists the most commonly deployed policies. See policy.PolicyType in the XML API Reference for a complete list.

Table 18-4: Policy objects and associated distinguishedName

Policy

Policy object

distinguishedName

Access Egress

aengr.Policy

Access Egress

Access Ingress

aingr.Policy

Access Ingress

Network

niegr.Policy

Network

Network Queue

nqueue.Policy

Network Queue

Slope

slope.Policy

Slope

Shared Queue

squeue.Policy

Shared Queue

Scheduler

vs.Policy

Scheduler

ACL IP Filter

aclfilter.IpFilter

IP Filter

ACL MAC Filter

aclfilter.MacFilter

MAC Filter

ACL IPv6 Filter

acfilter.Ipv6Filter

IPv6 Filter

Routing:

AS Path

Community

Damping

Statement

Prefix List

rp.ASPath

rp.Community

rp.Damping

rp.PolicyStatement

rp.PrefixList

rpASPath

rpCommunity

rpDamping

rpStatement

rpPrefixList

Accounting

accounting.Policy

Accounting

File

file.Policy

File

Access Egress

Access egress policies define egress service queues, map forwarding class flows to queues, are applied to access egress interfaces, and specify the QoS on egress.

Access egress policy creation parameters

Figure 18-2: Access egress policy creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0">
   <deployer>immediate</deployer>
   <distinguishedName>Access Egress</distinguishedName>
   <childConfigInfo>
      <aengr.Policy>
         <actionMask>
            <bit>create</bit>
         </actionMask>
         <id>99</id>
         <children-Set>
            <aengr.Queue>
               <actionMask>
                  <bit>create</bit>
               </actionMask>
               <id>2</id>
                ..
            </aengr.Queue>
            <aengr.ForwardingClass>
               <actionMask>
                  <bit>create</bit>
               </actionMask>
                .
            </aengr.ForwardingClass>
         </children-Set>
      </aengr.Policy>
   </childConfigInfo>
</generic.GenericObject.configureChildInstance>
ACL IP Filter

Filter policies specify a forward, drop, or HTTP redirect action for packets based on information specified as the match criteria. ACL IP filter policies are applied to network and access IP interfaces and service tunnels.

ACL IP filter policy creation parameters

Figure 18-3: ACL IP filter policy creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0">
   <deployer>immediate</deployer>
   <distinguishedName>IP Filter</distinguishedName>
   <childConfigInfo>
      <aclfilter.IpFilter>
         <actionMask>
            <bit>create</bit>
         </actionMask>
         <id>1000</id>
         <defaultAction>forward</defaultAction>
         <children-Set>
            <aclfilter.IpFilterEntry>
               <actionMask>
                  <bit>create</bit>
               </actionMask>
               <id>20</id>
               <action>drop</action>
               <protocol>UDP</protocol>
               <destinationIpAddress>4.4.4.4</destinationIpAddress>
               <destinationIpAddressMask>32</destinationIpAddressMask>
               <destinationPort1>1</destinationPort1>
               <destinationPort2>6</destinationPort2>
               <destinationOperator>RANGE</destinationOperator>
            </aclfilter.IpFilterEntry>
         </children-Set>
      </aclfilter.IpFilter>
   </childConfigInfo>
</generic.GenericObject.configureChildInstance>
Routing policy statement

Routing policies, also known as route redistribution policies, control the size and content of the routing tables, the routes that are advertised, and the best route to take to reach a destination.

Routing policy statement creation parameters

Figure 18-4: Routing policy statement creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0">
   <deployer>immediate</deployer>
   <distinguishedName>rpStatement</distinguishedName>
   <childConfigInfo>
      <rp.PolicyStatement>
         <actionMask>
            <bit>create</bit>
         </actionMask>
         <policyStatementName>Test Sample</policyStatementName>
         <children-Set>
            <rp.PolicyStatementEntry>
               <actionMask>
                  <bit>create</bit>
               </actionMask>
               <entryId>5</entryId>
               <action>accept</action>
               <children-Set>
                  <rp.Action>
                     <actionMask>
                        <bit>create</bit>
                     </actionMask>
                     <communityAction1>replace</communityAction1>
                     <communityName1>c20</communityName1>
                  </rp.Action>
                  <rp.FromCriteria>
                     <actionMask>
                        <bit>create</bit>
                     </actionMask>
                     <communityName>c30</communityName>
                     <prefixList1>IP Address 32</prefixList1>
                  </rp.FromCriteria>
               </children-Set>
            </rp.PolicyStatementEntry>
         </children-Set>
      </rp.PolicyStatement>
   </childConfigInfo>
</generic.GenericObject.configureChildInstance>
File and accounting policies

NEs collect accounting statistics using an accounting policy and as associated file policy that are assigned to a SAP, an SDP, a network port, or a subscriber profile.

A file policy specifies the relative size, storage location, and backup location of the files on the NE that contain accounting statistics data. An NE collects accounting statistics based on the collection interval specified for a SAP, network port, or subscriber in an accounting policy. The NE writes the statistics data in XML format to a file on the NE.

File policy creation parameters

Figure 18-5: File policy creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0">
   <deployer>immediate</deployer>
   <distinguishedName>File</distinguishedName>
   <childConfigInfo>
      <file.Policy>
         <actionMask>
            <bit>create</bit>
         </actionMask>
         <id>88</id>
         <collectionInterval>600</collectionInterval>
         <retentionInterval>12</retentionInterval>
         <drive>cf1A</drive>
      </file.Policy>
   </childConfigInfo>
</generic.GenericObject.configureChildInstance>

An accounting policy specifies an accounting statistics record type, a collection interval, an administrative state, and a file policy.

Accounting policy creation parameters

Figure 18-6: Accounting policy creation request example
<generic.GenericObject.configureChildInstance xmlns="xmlapi_1.0">
   <deployer>immediate</deployer>
   <distinguishedName>Accounting</distinguishedName>
   <childConfigInfo>
      <accounting.Policy>
         <actionMask>
            <bit>create</bit>
         </actionMask>
         <id>89</id>
         <fileObjectPointer>File:88</fileObjectPointer>
         <recordType>svcEgressPkt</recordType>
         <collectionInterval>5</collectionInterval>
      </accounting.Policy>
   </childConfigInfo>
</generic.GenericObject.configureChildInstance>
Policy distribution

After the policy is created in the NFM-P , the policy must be distributed before the configuration is received by the NEs. The following table lists the methods in the policy package to distribute policy configurations to the NEs.

Note: Distribution performed from the GUI or via the OSSI method policy.PolicyDefinition.distribute does not generate the PolicyDistributeEvent. Only distribution performed via the OSSI method policy.PolicyDefinition.distributeV2 will generate the PolicyDistributeEvent.

Table 18-5: Policy distribution methods

Method

Description

policy.PolicyDefinition.distribute

The global policy is distributed to the NEs specified in the siteIds. If the distribution fails the NFM-P validation for one NE, the global policy is not distributed to any of the NEs.

policy.PolicyDefinition.distributeV2

The global policy is distributed to the NEs specified in the siteIds. If the distribution fails the NFM-P validation for one NE, distribution continues to the other NEs. A JMS message is sent back to indicate the failed site. The JMS PolicyDistributeStatusEvent will indicate whether the distribution failed or succeeded for each NE. A failure is indicated if an NE is not reachable, an NE is not present, or an NE is in the Local Edit Only mode.

See the XML API Reference for information about policy distribution methods and the required input parameters. See “Policy distribution” in the NSP NFM-P Classic Management User Guide for information about policy distribution.

The following example shows the minimum XML parameter tags required to develop an XML request to distribute a policy.

Policy distribution parameters

Figure 18-7: Policy distribution request example
<policy.PolicyDefinition.distribute xmlns="xmlapi_1.0">
   <deployer>immediate</deployer>
   <instanceFullName>Access Egress:99</instanceFullName>
   <siteIds>
      <string>198.51.100.55</string>
   </siteIds>
</policy.PolicyDefinition.distribute>
Policy configuration mode

The configuration mode parameter specifies the mode in which the global policy is configured, and determines whether the policy can be distributed to the NEs. The following table describes the policy configuration modes.

Table 18-6: Configuration mode

Option

Description

Draft

The policy is not reviewed or approved for distribution to NEs. The policy cannot be distributed (see information below for the exception to this).

Released

The policy is reviewed and approved for distribution to NEs. The policy can be distributed.

The isPolicyConfigurationModeUsed parameter in the server configuration determines the configuration mode in which a policy is created using the XML API. By default, the parameter is set to false, as shown in the following:

<policyOssiConfig isPolicyConfigurationModeUsed="false" /> 

When the parameter is set to false, the following occurs:

When the parameter is set to false and you attempt to distribute a global policy that is in Draft configuration mode, the policy is distributed to local policies in SyncWithGlobal distribution mode and to the corresponding NEs.

When the parameter is set to true, the following occurs:

To modify the isPolicyConfigurationModeUsed parameter, contact Nokia technical support.

Policy distribution mode

The distribution mode parameter specifies whether the local policy is synchronized with the associated global policy. Local policies can be different from each other as well as may differ from the global policy. The following table describes the policy distribution modes

Table 18-7: Distribution mode

Option

Option description

Sync With Global

The local policy is synchronized with the global policy. The local instance cannot be modified. 1

When you distribute a global policy, local policies in this distribution mode allow the NEs to receive the policy.

Local Edit Only

You can modify the local instance only, which affects the associated network element. Local policies in this distribution mode do not allow the NE to receive the distribution of a global policy. Changes to the global policy do not affect the local policy unless a synchronization operation is manually performed.

Notes:
  1. WARNING - this is applicable if the operation is attempted using the NFM-P GUI. Using the XML API or CLI on the router, modifications on the local policy is possible and may cause the local and global policies to be out of synchronization even though the distribution mode on the local policy remains in SyncWithGlobal mode. Synchronization methods may be performed to synchronize the policies.

Policy modification workflows

The following workflow describes modification for global policy.

  1. Make the proper changes.

  2. Set the policy to Released mode if it is in Draft mode. See Policy configuration mode in this section for information.

  3. Distribute the policy. Local policies in SyncWithGlobal mode and the corresponding NEs receive the changes.

The following workflow describes modification for local policy.

  1. If you want to set properties on a specific local policy that is to be different from the global policy, the policy must be in LocalEditOnly distribution mode.

  2. Make the proper changes.

Policy modification examples

Global Policy

The following example shows the minimum XML parameter tags required to modify an access egress global policy. This method can be used for other types of policies. The find method can be used to retrieve the FDN of the object. See Chapter 13, Inventory management for information about how to use the find method.

Global policy modification parameters

Figure 18-8: Global access egress policy modification request example
<generic.GenericObject.configureInstance xmlns="xmlapi_1.0">
   <deployer>immediate</deployer>
   <distinguishedName>Access Egress:99</distinguishedName>
   <configInfo>
      <aengr.Policy>
         <actionMask>
            <bit>modify</bit>
         </actionMask>
           Properties to modify
            ..
         <children-Set>
            <aengr.Queue>
               <actionMask>
                  <bit>modify</bit>
               </actionMask>
               <objectFullName>Access Egress:99:queue-2</objectFullName>
                 Properties to modify
                 ..
            </aengr.Queue>
            <aengr.ForwardingClass>
               <actionMask>
                  <bit>modify</bit>
               </actionMask>
               <objectFullName>Access Egress:99:forwarding-class-be</objectFullName>
                 Properties to modify
                 ..
            </aengr.ForwardingClass>
         </children-Set>
      </aengr.Policy>
   </configInfo>
</generic.GenericObject.configureInstance>
Local Policy

It is recommended that the local policy be set to LocalEditOnly mode first before being modified.

The following example shows the minimum XML parameter tags required to set the distribution mode of a policy.

Policy distribution mode parameters

Figure 18-9: Policy distribution mode request example
<policy.PolicyDefinition.setDistributionModeToLocalEditOnly xmlns="xmlapi_1.0">
   <deployer>immediate</deployer>
   <instanceFullName>Access Egress:99</instanceFullName>
   <siteIds>
      <string>198.51.100.55</string>
   </siteIds>
</policy.PolicyDefinition.setDistributionModeToLocalEditOnly>

The following example shows the minimum XML parameter tags required to modify an access egress local policy. This method can be used for other types of policies.

Local policy modification parameters

Figure 18-10: Local access egress policy modification request example
<generic.GenericObject.configureInstance xmlns="xmlapi_1.0">
   <deployer>immediate</deployer>
   <distinguishedName>network:198.51.100.55:Access Egress:99</distinguishedName>
   <configInfo>
      <aengr.Policy>
         <actionMask>
            <bit>modify</bit>
         </actionMask>
           Properties to modify
            ..
         <children-Set>
            <aengr.Queue>
               <actionMask>
                  <bit>modify</bit>
               </actionMask>
               <objectFullName>network:198.51.100.55:Access Egress:99:queue-2</objectFullName>
                 Properties to modify
                 ..
            </aengr.Queue>
            <aengr.ForwardingClass>
               <actionMask>
                  <bit>modify</bit>
               </actionMask>
               <objectFullName>network:198.51.100.55:Access Egress:99:forwarding-class-be</objectFullName>
                 Properties to modify
                 ..
            </aengr.ForwardingClass>
         </children-Set>
      </aengr.Policy>
   </configInfo>
</generic.GenericObject.configureInstance>