• Created by Unknown User (fay), last modified by Unknown User (rnnavarro) on Jan 10, 2017

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 48 Next »

The Policy component of OpenECOMP provides a centralized environment for the creation and management of easily-updatable conditional rules. This subsystem enables users to validate policies and rules, identify and resolve overlaps and conflicts, and derive additional policies where needed. Policies can support infrastructure, products and services, operation automation, and security. Users, who can be a variety of stakeholders such as network and service designers, operations engineers, and security experts, can easily create, change, and manage policy rules from the  Policy Manager in the OpenECOMP Portal.

Policies are used to control, to influence, and to help ensure compliance with goals. A policy can be defined at a high level to create a condition, requirement, constraint, or need that must be provided, maintained, and enforced. A policy can also be defined at a lower or functional level, such as a machine-readable rule or software condition/assertion which enables actions to be taken based on a trigger or request, specific to particular selected conditions in effect at that time.  Some examples of types of policies are

  • VM placement — rules governing where VNFs should be placed, including affinity rules
  • Data and feed management — what data to collect and when, retention periods, and when to send alarms about issues
  • Access control — who (or what) can have access to which data
  • Trigger conditions and actions — what conditions are actionable, and what to do under those conditions
  • Interactions — how interactions between change management and fault/performance management are handled (for example, should closed loops be disabled during maintenance?)

OpenECOMP supports XACML policies, Drools rules, and lower-level policies that are embodied in modeling languages such as YANG and TOSCA.  Several configuration and operational policies are pre-loaded.

Once validated and corrected for any conflicts, the policies are placed in an appropriate repository, and are made available to the other subsystems and components that might make use of them. In addition, the decisions and actions taken by the policy are distributed. Policies are distributed either in conjunction with installation packages (if for example, the policy is related to service instantiation) or independently, if the policy is unrelated to a particular service.  With this methodology, policies will already be available when needed by a component, minimizing real-time requests to a central policy engine or PDP (Policy Decision Point). This improves scalability and reduces latency.


Policy Creation

The Policy Creation component of the Policy subsystem enables creation of new policies and modification of existing polices, both online and offline.

 Once policies are created, Policy Creation also provides:

  • Offline analysis of performance, fault, and closed-loop actions, enabling the discovery of new and signatures and refinement of existing ones
  • Derivation of lower-level policies from higher-level policies
  • Identification of conflicts and mitigation of them before deployment
     

Policy Distribution

After a policy has been initially created or an existing policy has been modified, the Policy Distribution Framework sends the policy from the repository to its points of use, known as Policy Distribution Points, before it is actually needed.

Separate notifications or events communicate the link or URL for a policy to the components that need it.  Then, when a component needs the policy, it uses the link to fetch it. Components in some cases might also publish events indicating that they need new policies, eliciting a response with updated links or URLs. Also, in some cases, policies can indicate to components that they should subscribe to one or more policies, so that they receive automatic updates to those policies as they become available.

Policy Decision and Enforcement

Run-time policy enforcement is performed by OpenECOMP subsystems that are called from the policy. For example, policy rules for data collection are enforced by the data collection functionality of DCAE. Analytic policy rules, identification of anomalous or abnormal conditions, and publication of events signaling detection of such conditions are enforced by DCAE analytic applications. Policy rules for associated remedial actions, or for further diagnostics, are enforced by the correct component in a control loop such as the MSO, a Controller, or DCAE.


Figure 1 depicts the Policy architecture.


Policy Unification and Organization

Because the policy framework is expandable and multipurpose, it might contain many types of policies, which users might want to organize according to some useful dimensions.  Users can define attributes that specify the scope of policies, and these attributes can be extended to the policy-enabled functions and components. Useful policy organizing dimensions might include:

  • Policy type or category (taxonomical)
  • Policy ownership or administrative domain
  • Geographic area or location, 
  • Technology type  
  • Policy language and version 
  • Security level or other security-related values, specifiers, or limiters

Attributes can be specified for each dimension. In addition to being defined for individual policies themselves, these attributes can be used to define the scope of these additional additional policy-related functions:

  • Policy events or requests/triggers 
  • Policy decision, enforcement, or other functions 
  • Virtual functions of any type 

Policy-writers can define attributes so that policy events or requests self-indicate their scope. The scope is then examined by a suitable function and subsequently acted upon accordingly. Policy decisions and enforcement functions can self-indicate their scope of decision-making, enforcement, or other capabilities. Virtual functions can be automatically attached to the appropriate Policy Framework and distribution mechanisms.

Policy Use 

At runtime, policies that were previously distributed to policy-enabled components are used by those components to control or influence their functionality and behavior, including any actions that are taken.

In many cases, those policies will be used to make decisions, where these decisions will often be conditional upon the current situation. An example of this approach is the feedback/control loop pattern that is driven by DCAE. Many specific control loops can be defined. Each component in a particular control loop  (for example, orchestrator, controller, DCAE, virtual function) receives policies that determine how it should function as part of that loop. All of the policies for that loop will have been previously created together, ensuring correct and coordinated closed-loop action.  DCAE can receive specific policies for data collection (for example, what data to collect, how to collect, and how often), data analysis (for example, what type and depth of analysis to perform), and signature and event publishing (for example., what analysis results to look for as well as the specifics of the event to be published upon detecting those results). Remaining components of the loop (such as orchestrators and controllers) can receive specific policies that determining the actions to take upon receiving the triggered event from DCAE. Each component in the loop can also receive policies that specify the events to which the component subscribes.






















  • No labels