...
PolicyExecution uses the PAP and PDPs to monitor execution of the policies in the ExecutablePolicySet on the PDPGroup.
Observations (Requirements??? use thesaurus)
- Policy Monitoring Protocol starts with lifecycle management, can be extended to do instance monitoring, monitoring of PDPs in real time etc.
- PAP must manage (or at least be aware of) deployment of PDPs as well as deployment of policies and versions of policies
- PDPs of all type must scale horizontally under whatever containerization or virtual infrastructure is in use for a given ONAP deployment. Having the PAP scale horizontally probably not a very urgent requirement.
- Database off PAP (PDPs report back to PAP, don’t access database directly)
- Database could be replaced by/interchangeable with some ONAP persistence system (DMaaP or DCAE)?
- Should Policy Management Protocol/Policy Deployment Protocol/Policy Monitoring Protocol/Policy Persistence Protocol use DMaaP?
- Inter-PDP protocol is the protocol that instances of any PDP type can use to communicate with each other to manage state and deployment
- Intra-PDP protocol is the protocol that instances of a particular PDP type use to communicate with each other, to manage state and deployment
- Load balancing of events towards PDP pools could be done with DMaap using the underlying Kafka consumer group mechanisms
TODO: How to create policies? models? templates?
2.1 Policy Design Architecture
...
- The PAP will do life cycle monitoring of policy and context as well as deployment.
- PDPs of all type must scale horizontally under whatever containerization or virtual infrastructure is in use for a given ONAP deployment. Having the PAP scale horizontally probably not a very urgent requirement.
2.3 Policy Execution Architecture
...
- The PAP will do run time monitoring of policy and context .
- Policy does instance monitoring, monitoring of PDPs in real time etc.
- Inter-PDP protocol is the protocol that instances of any PDP type can use to communicate with each other to manage state and deployment
- Intra-PDP protocol is the protocol that instances of a particular PDP type use to communicate with each other, to manage state and deployment
- Load balancing of events towards PDP pools could be done with DMaap using the underlying Kafka consumer group mechanisms
3. APIs Provided by the Policy Framework and how to use them
- Should Policy Management Protocol/Policy Deployment Protocol/Policy Monitoring Protocol/Policy Persistence Protocol use DMaaP?
3.1 Policy Design APIs
3.2 Policy Deployment APIs
PAP to all PDPs in PDP group
| Deploy Policy | Deploy a policy artifact version taken from Nexus to all PDPs in the PDP group |
| Retire Policy | Remove a policy artifact from all PDPs in the PDP group |
| Activate Policy in Safe Mode | Activate a policy version in safe mode, no updates made to the network/system |
| Activate Policy in Live Mode | Activate a policy version running live |
| Upgrade Policy | Replace an active policy with a more recent version of the same policy |
| Rollback Policy | Replace an active policy with an older version of the same policy |
- Update of policies across PDPs in a PDP group use "eventually consistent" semantics, transactions or ACID semantics will not be supported
- Event though PDPs could listen or monitor Nexus for updates to policies, the PAP should be the component responsible for deciding if and what policy upgrades are propagated to the entire PDP group.
PDP Group Admin in PAP
| Create PDP group | Define the parameters for the PDP group including the type of PDP |
| Update PDP group | Change the parameters of the PDP group |
| Delete PDP group | - |
| Add PDP to PDP Group | Add a PDP to the PDP group, is the PDP spun up separately or does the PAP initiate the spinning up of the PDP? |
| Update PDP in PDP group | Update parameters of the PDP in the PDP group |
| Remove PDP from PDP group | - |
- Can a PDP be in more than one PDP group??? .....I hope not!
- We'll assume a single PAP for now.
3.3 Policy Execution APIs
PAP to all PDPs in PDP group
| Modify Policy Parameters* | Change the parameters of a policy |
| Get Status | Report on the state of the policy artifacts running in the PDPs |
| Get State | Report on the execution status of the policies running on the PDPs |
- *A policy may be parameterized. There are two ways to handle this
- Combine a raw policy into a parameterized policy and deploy the parameterized policy at run time
- Have the raw policy and its parameters as separate artifacts and deploy them separately
- Do not consider the parameters as an artifact but allow them to be modified directly by users setting them using an interface towards the PAP at run time
Policy Execution (Users to PDP Group pr PDP)
| Execute policy on PDP group synchronously | Run a policy on any PDP in a PDP group and await the response |
| Execute policy on PDP group asynchronously | Run a policy on any PDP in a PDP group, fire and forget |
| Execute policy on PDP synchronously** | Run a policy on a specific PDP and await the response (Deprecate) |
| Execute policy on PDP asynchronously** | Run a policy on a specific PDP, fire and forget (Deprecate) |
- **Applications using the Policy Framework should not be aware of specific PDPs, we should only support this behaviour for existing users and deprecate this usage.
- Load Balancing across PDP group......Stateless PDPs no problem.....set up stateful transfer between PDPs if supported....Address specific PDPs
4. The Policy Framework Implementation
- Database off PAP (PDPs report back to PAP, don’t access database directly)
- Database could be replaced by/interchangeable with some ONAP persistence system (DMaaP or DCAE)?
4.1 Policy Design Implementation
...