The Jasmin Script MIB Implementation and its Use for Policy-based - - PowerPoint PPT Presentation

the jasmin script mib implementation and its use for
SMART_READER_LITE
LIVE PREVIEW

The Jasmin Script MIB Implementation and its Use for Policy-based - - PowerPoint PPT Presentation

May 17, 2023 33 likes •215 views

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 1 The Jasmin Script MIB Implementation and its Use for Policy-based Management Frank Strau Institute of Operating Systems and Computer Networks Technical

slide-1
SLIDE 1

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 1

The Jasmin Script MIB Implementation and its Use for Policy-based Management

Frank Strauß Institute of Operating Systems and Computer Networks Technical University Braunschweig M¨ uhlenpfordtstraße 23 38106 Braunschweig Germany strauss@ibr.cs.tu-bs.de http://www.ibr.cs.tu-bs.de/users/strauss/

  • 1. The Script MIB
  • 2. The Jasmin Project
  • 3. Application for Policy-based Management
  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-2
SLIDE 2

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 2

The Script MIB

  • Designed and standardized by the IETF Distributed Management (DISMAN) Working Group
  • First Proposed Standard: RFC 2592, May 1999
  • Updated Proposed Standard: RFC 3165, August 2001
  • A MIB for the delegation of management functions based on the Internet management framework:

– Transfer of management scripts to a distributed manager (push and pull model), – Initiating, suspending, resuming and terminating management scripts, – Accessing results of running and terminated management scripts.

  • Security based on

– SNMPv3 security (USM and VACM) – Script runtime engine security models (sandbox)

  • There six tables:

– smLangTable and smExtsnTable: supported script languages and language extensions – smScriptTable and optional smCodeTable: scripts known to the agent – smLaunchTable: characteristics to start a script and control its lifetime – smRunTable: ‘process table’ with some additional object to control ‘processes’ and represent results

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-3
SLIDE 3

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 3

The Distributed Management by Delegation (MbD) Architecture

Higher−Level Manager Distributed Manager Management Agent

Configuration & Monitoring

(Executing Scripts) (Managed Objects)

Script Upload Monitoring & Control (SNMP, ...) (SNMP) Script Download (SNMP, FTP, HTTP, ...)

Script Repository

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-4
SLIDE 4

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 4

The Jasmin Project

  • A joint project:

– Technical University of Braunschweig – Network Laboratories, NEC Europe Ltd.

  • Goals: Evaluate and enhance the Script MIB Standard

by providing an implementation and studying use-cases

  • Developed several open source (GPLed) software components
  • Contributions to the IETF DISMAN Working Group
  • Various conference and journal publications
  • Raised significant interest in our prototype implementations,

primarily for interoperability tests and educational purposes

  • Project members:

@NEC: Marcus Brunner, Cornelia Kappler, Paloma Martinez, J¨ urgen Quittek, Thiemo Schwarz, Raghuveer Singh (and others?) @IBR: Matthias Bolz, Sven Brandenburg, Torsten Klie, Sven Mertens, J¨ urgen Sch¨

  • nw¨

alder, Frank Strauß

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-5
SLIDE 5

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 5

The Jasmin Script MIB Agent Implementation

management jasmin kernel handling interf. SMX config timer / event engine Tcl engine runtime engines storage script

  • ther

engines Java SNMP toolkit binding sub−agent core Script MIB implementation

(toolkit independent)

master agent process dynamically loaded sub−agent module runtime engine process(es) agent master

(toolkit dependent)

agent SNMP NET SNMP

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-6
SLIDE 6

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 6

A Schedule MIB Implementation (RFC 2591)

  • Also based the NET-SNMP agent.

The disman Java Package

  • A high level API to manage Script MIB and Schedule MIB objects in an OO-fashion.

Smurf

  • A human friendly GUI application
  • Allows to manage Script MIB and Schedule MIB agents
  • Based on the disman package
  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-7
SLIDE 7

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 7

JAX

  • A Java toolkit for high-level AgentX (RFC 2741) sub-agent development
  • Components:

– a class package for the core AgentX sub-agent functions – a MIB compiler (based on libsmi) to generate Java stub and skeleton classes from MIB definitions.

  • Example: A prototype implementation of the 5 core tables of the WWW-MIB for the W3C Jigsaw HTTP

server took just 20 lines of code added to existing Jigsaw code, approx. 250 lines of two new classes, and a few lines filled into the generated skeleton classes.

Java Monitoring Scripts

  • A set of Java scripts for some distributed monitoring functions, e.g.

– interface and process load monitors, – SMTP, HTTP, FTP, POP3, NNTP service monitors, – TCP connection monitors, – Mail server monitors, etc.

  • Based on core classes for monitor initialization and scheduling
  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-8
SLIDE 8

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 8 Jasmin Schedule−MIB sub−agent

SMX SMX

Java runtime engine with security manager

AgentX master using JAX exports results a script that script monitoring an SNMP a script managing

  • ther scripts ...

...

AgentX

  • ther SNMP agents
  • ther Script−MIB agents

monitoring extension SNMP JAX extension DISMAN manager extension SNMP extension (JMGMT) SNMP

Tcl runtime engine

...

NET−SNMP agent

...

Jasmin Script−MIB sub−agent

agent host manager host SNMP

... ...

any Tcl scripts Tnm extension SNMP DISMAN management package SNMP package (JMGMT)

Smurf

dynamic loading interface dynamic loading interface

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-9
SLIDE 9

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 9

Policy-based Management

  • Motivation and general concepts:

– The traditional management of individual device-specific configurations is complex and error-prone. – However, the general policies behind those configurations are almost always relatively simple. – → Let the administrator manage just those policies, and – → use automagic to apply them to the individual devices. – Common approach: A Policy represents a number of Rules, where each rule is triggered by an Event and consists of an Action if a Condition is evaluated to true:

  • n <event(s)> if <condition> do <action(s)>
  • There are several approaches to express policies:

– A traditional programming language + a language extension for policies – A specific policy definition language, e.g. PONDER – The Policy Core Information Model (PCIM) – an extension to the IETF/DMTF Core Information Model (CIM)

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-10
SLIDE 10

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 10

The Policy-based Management (PBM) Architecture

Policy Management Application Policy Decision Point (PDP) Policy Enforcement Point (PEP)

Configuration & Monitoring (HTTP, CLI, COPS−PR, SNMP, ...) Monitoring & Control Policy Download Policy Upload

Policy Repository

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-11
SLIDE 11

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 11

MbD vs. PBM

Higher−Level Manager Distributed Manager Management Agent

Configuration & Monitoring

(Executing Scripts) (Managed Objects)

Script Upload Monitoring & Control (SNMP, ...) (SNMP) Script Download (SNMP, FTP, HTTP, ...)

Script Repository Policy Management Application Policy Decision Point (PDP) Policy Enforcement Point (PEP)

Configuration & Monitoring (HTTP, CLI, COPS−PR, SNMP, ...) Monitoring & Control Policy Download Policy Upload

Policy Repository

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-12
SLIDE 12

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 12

Architecture of the Script MIB based PBM System

SNMP HTTP or FTP

Script MIB Access Library Policy Class Library Web Server Policy Management Application

for agent communication policies to construct

Policy / Script Repository Script

etc.

Agent MIB Script MIB Runtime Engine Network Elements Policy Manager / Higher−Level Manager

SNMP, COPS−PR, SSH+CLI,

Policy Decision Point / Distributed Manager Policy Enforcement Points / Agents Policy DB

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-13
SLIDE 13

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 13

Different Levels of PDP Distribution

Policy Manager PDP P P E P P E P P E P P E P P E Policy Manager P P E P P E P P E P P E P P E PDP PDP Policy Manager P P E P P E P P E P P E P P E P P D P P D P P D P P D P P D (c) strongly distributed (b) weakly distributed (a) centralized

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-14
SLIDE 14

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 14

We Have Implemented Two Approaches

evaluation process application domain specific configuration interface network element configuration language runtime engine application domain specific configuration interface policy runtime engine network element configuration policy ’scripts’

  • bjects

policy policy ’scripts’

(a) policies as programs (b) policies as objects

policy program

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-15
SLIDE 15

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 15

Scripts Using Policy-specific Language Extensions

engine: within the runtime Usual script code

Policy scripts Policy specific extension Application and config−mechanism specific Application domain specific network element extension

extensions: Script MIB language

Script MIB language runtime engine

drivers

scripts using classes

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-16
SLIDE 16

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 16

Classes for Policy-based DiffServ Configuration Management

StartCondition KeyDatePolicy

+main(args:String[])

StopCondition StartAction StopAction

policyMgmt

Element

+Element(driver:Driver) +setRole(role:String) +getRole(): String +commit() +remove() «interface»

Driver

+elements(): Enumeration +commitElement(element:Element) +removeElement(element:Element) «interface»

Condition

+getFreeIdents(): Hashtable +evaluate(event:Event,elements:Hashtable): boolean «Thread»

Policy

+registerRule(event:Event,rule:Rule) +registerDriver(driver:Driver) +process(event:Event) +newEvent(event:Event) +run() diffServ

Classifier

+addFilter(filter:Filter) +removeFilter(filter:Filter)

JtcDriver

+JtcDriver(hostname:String,port:int) «interface»

Action

+perform(event:Event,elements:Hashtable)

Rule

+addFreeIdent(name:String,classname:String) +getFreeIdents(): Hashtable +addCondition(condition:Condition) +addAction(action:Action) +isConditions(event:Event,elements:Hashtable): boolean +doActions(event:Event,elements:Hashtable) «EventObject»

Event

+Event(src:Object) +setRole(role:String) +getRole(): String «interface»

EventGenerator

+addEventDrain(policy:Policy) «Thread»

Timer

+setParam(p:TimerParameter) +run()

CalendarTimer

+CalendarTimer(when:Date,policy:Policy) +addDate(when:Date)

TimeEvent

+TimeEvent(when:Date,src:Object) +getTime(): Date generates 1 * executes 1 * evaluates 1 * contains 1 * handles 1 * notifies * 1 instantiates 1 *

DiffServElement

+addInput(element:DiffServElement) +setOutput(element:DiffServElement) +removeInput(element:DiffServElement) +getInputs(): Vector * instantiates 1 * reads modifies ...and further classes jtc

QDisc Filter TCClass DSMarkQDisc DSMarkClass U32Filter

...and further classes handles jtc objects 1 * tc service on the managed device. It accepts tc commands from the JtcDriver via a TCP connection. talking to tc service 1 1 a policy script

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-17
SLIDE 17

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 17

Conclusions

  • The Script MIB has been designed for the Management-by-Delegation Paradigm.
  • Tools on top of the Script MIB can make work with it quite trivial.
  • Releasing the developed software under the GPL turned out to be the right decision.
  • Using the Script MIB for Policy-based Management is an obvious and straight-forward alternative.
  • No need to re-invent things like

– a PDP internal architecture – a protocol to transfer policies to the PDP – a PDP-PEP protocol – a security model

  • Depending on the chosen approach, it can be

– cheap, by using the existing Script MIB and runtime infracstructure, while policy scripts become more complex, – standards based, by applying the PCIM and using a special policy runtime engine, – user friendly, by using a policy definition language (not implemented by us). Project Web Page: http://www.ibr.cs.tu-bs.de/projects/jasmin/

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07

slide-18
SLIDE 18

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 18

Thanks! Q & A

  • F. Strauß, IBR, TU Braunschweig

Kolloquium on QoS Management in IP Networks, Network Laboratories, NEC Europe Ltd., Heidelberg, 2001-12-07