5 Extending IP Service Activator with Configuration Policies

This chapter explains how configuration policies extend the capabilities of Oracle Communications IP Service Activator.This chapter includes the following:

  • An overview of configuration policies.

  • Loading and accessing configuration policies.

  • Customizing the organization of configuration policies in the GUI.

  • Adding configuration policy files to Policy Types.

  • Exporting policy files from Policy Types.

  • Applying configuration policies.

  • Applying configuration policies at the device level.

About Configuration Policies

Configuration policies extend the services supported by IP Service Activator. They are applied through the Configuration Policy functionality of the IP Service Activator GUI.

Configuration policies are used to add a variety of services to IP Service Activator and can be applied to object model targets at various points in the object hierarchy, depending on the nature of the service.

You can access configuration policies through the Add Configuration Policy context menu item for Customer, Site, Network, Device, Interface or Sub-interface objects. The information gathered through the HTML interface on the Configuration Policy dialog box is configured on devices through the Network Processor and appropriate underlying cartridge support.

Note:

IP Service Activator will not prevent you from applying configuration policies to objects in the object model that do not support them. You can confirm the appropriate targets a configuration policy by referring to its detailed field-level description topic in IP Service Activator online Help.

Obtaining and Creating Configuration Policies

A large number of ready-to-use configuration policies are provided with IP Service Activator and can be used as-is for various purposes.

Alternatively, you can use the IP Service Activator SDK to create and customize configuration policies as well as a service cartridge to support the implementation of the services that the configuration policy provides.

Getting More Information About Configuration Policies

For detailed information about particular configuration policies, including descriptions of all fields and ranges supported on the HTML input screen, see IP Service Activator online Help.

For details on how to use the IP Service Activator SDK to create configuration policies, see IP Service Activator SDK Configuration Policy Extension Developer Guide. Additional concepts including the integration of configuration policies with service cartridges are also described.

Configuration Policy Groupings

For easier access, available configuration policies are grouped by functionality in sub-folders of the Policy Types folder in the Policy tab. This hierarchy is also used to organize available configuration policy choices when choosing from the Add Configuration Policy pop-up menu.

When .policy files are created, information is included which dictates their initial sub-folder organization when they are loaded into IP Service Activator.

These sub-folders include:

  • Interface: Contains interface-oriented configuration policies

  • Service: Contains configuration policies for particular modelled services

  • Unclassified: Contains miscellaneous configuration policy not oriented to a modelled service

There may be additional sub-folders in the hierarchy as well. These can be from custom configuration policies that have been loaded or from your own Policy Type sub-folder customizations.

Note:

The menu hierarchy in which configuration policies are presented when you right-click on a target object and select Add Configuration Policy matches the hierarchy of the sub-folders and configuration policies in the Policy Type folder in the Policy tab. When you customize the organization of configuration policies in the Policy Type folder, this also affects the menu organization.

Viewing and Customizing the Organization of Configuration Policies

You can set permissions to configuration policies on their Ownership property page. Denied permission can be selected on the Ownership property page for users who must not access specific configuration policies. For more information, see IP Service Activator User's Guide.

To view the configuration policies currently loaded into IP Service Activator:

  1. On the Global Setup window, double-click a Domain from the Hierarchy pane to open it.

  2. Select the Policy tab.

  3. Expand the Policy Types folder.

  4. Explore the hierarchy by expanding sub-folders to see which configuration policies are available.

To create a new configuration policy sub-folder:

  1. Right-click on the parent folder and select Add Folder.

    The Policy Type Folder dialog box is displayed.

  2. On the Policy Type Folder property page, enter a value for the Name.

  3. Optionally, select the Ownership property page and specify user permissions for the folder.

  4. Click OK.

  5. Commit the transaction.

    The new folder is created in the Policy Types hierarchy.

To move a configuration policy, drag it from the source to the target folder under the Policy Types folder hierarchy and commit the transaction. There are restrictions on which folders particular configuration policies can be placed, based on their functional grouping. If a configuration policy can't be placed in a particular folder, you will not be able to drag and drop it to that location.

Note:

Once you move a configuration policy from its original location, do not reload it.

To delete a configuration policy from the GUI:

  1. Right-click on the target configuration policy and select Delete.

  2. Commit the transaction.

    The target configuration policy is deleted.

To delete a configuration policy sub-folder:

  1. Right-click on the target folder and select Delete.

  2. Commit the transaction.

    The target folder and its contents are deleted.

    Note:

    When you delete a configuration policy subfolder, its contents and any sub-folders and their contents are also deleted.

Applying Configuration Policies

Configuration policies are applied to various types of target objects in the object model, depending on their function and design. See "Applying Configuration Policies at the Device Level" for information on device-level configuration policies.

Applied configuration policies employ the normal IP Service Activator concepts of inheritance and roles. In order for a configuration policy to be successfully applied it must match a device and interface role and create a concrete at the interface, sub-interface or VC object level.

Note:

Configuration policies must be installed before you can use them in the GUI. See IP Service Activator Administrator's Guide for details.

To apply a configuration policy:

  1. Click either the Service or Topology tab.

  2. Locate the Customer, Site, Network, Device, Interface or Sub-interface target.

  3. Right click the target, and select Add Configuration Policy... from the pop-up menu and choose the desired configuration policy from the cascading menu.

    The Configuration Policy dialog box displays the properties of a selected Configuration Policy, which allows the entry of either a set of raw XML commands, or an HTML-based entry form to collect information which is then converted to XML.

  4. Provide the required information in the HTML-based entry form.

  5. Click OK.

  6. Commit the transaction.

For complete details on the fields in each configuration policy and the ranges of values that can be entered, see the individual configuration policy topics in IP Service Activator online Help.

Disabling Applied Configuration Policies

The Disable check box disables a configuration policy that is provisioned at the device level and applied to numerous interfaces through inheritance. This will disable the policy for all the interfaces it has been applied to.

Checking the Disable check box at the interface level disables the configuration policy only from the currently selected interface.

Applying Configuration Policies at the Device Level

Some configuration policies are designed to apply device-level commands (that is, commands that are not applied in the context of an interface). You can define configuration policies to apply either at the device or interface level. For a device level policy, only the device role has to match.

To apply configuration policies:

  1. Create a new interface role called Device Policy.

  2. Set the Device Policy role on the selected interface on each device (for example, Loopback0).

  3. Apply the desired device-level configuration policy to the device and on the Role property page of the Configuration Policy dialog, set the configuration policy interface role to Device Policy.

General Device-Level Configuration Policies

A number of general use configuration policies are provided with IP Service Activator that are applied at the device-level. These are organized into the Policy Types > Service > General hierarchy. These configuration policies place specific data on the device, or configure particular resources on the device that may be required for other services. They are not used to configure a modelled service by themselves.

See "Applying Configuration Policies at the Device Level" for details on applying configuration policies at the device level.

When you load the GeneralPolicyTypes.policy file, the general usage configuration polices loaded include the following:

  • Banner

  • IP Pools

  • Key Chain

  • Prefix List

  • SNMP Community

  • SNMP Host

  • Static Route

  • User Authentication

  • User Data

The function of most of these configuration policies is self-evident from their name. The Banner configuration policy configures MOTD type banners on devices, and most of the other policies configure data in accordance with their name. For complete details on the fields included in each configuration policy, see its topic in IP Service Activator online Help.

User Authentication Configuration Policy

This configuration policy can be used to configure additional separate local user accounts on the device, rather than having to perform this task manually. Using the configuration policy has the advantage that the account data is maintained in IP Service Activator, rather than having to be configured and maintained manually.

see the appropriate cartridge guides to determine device support for this policy.

Note:

Within the IP Service Activator system, the password for accounts configured with the User Authentication configuration policy is not protected.

User Data Configuration Policy

This configuration policy is unique in that it is not intended to configure any service or configuration on the device and has no pre-defined purpose. The use of the User Data configuration policy is to provide a system-integrated method of attaching free form user data to objects which are modelled in IP Service Activator. The data is stored as name/value pairs, making it easier to process or manage this information outside IP Service Activator, through the OJDL API for example.

When you apply the User Data configuration policy to an object, it must be done in such a way that no concrete is generated. The network processor will generate errors if a concrete is created.

When you apply the configuration policy to a target, before you commit the transaction:

  • Ensure that no roles are specified for the configuration policy.

  • check the Disable check box in the Rule Status pane of the Configuration Policy property page of the Configuration Policy dialog box.

Using Collection-Based Configuration Policies

Some configuration policies such as Static Route and Banner allow for multiple definitions either within the same policy definition, or across multiple policy instances on the same device. This allows for the creation of groups of definitions that may be defined at different levels in the policy inheritance hierarchy.

For example, a general banner policy can be defined at the Network level with a common login and incoming banner definition that would apply to all devices, while a separate MOTD (message of the day) banner could be defined specifically at the device level. See Figure 5-1 for an example of banners.

Each collection based policy must contain at least one valid definition. If the last definition is removed, the policy must either be disabled or deleted from the device.

QoS and Attachment Configuration Policies

Included with IP Service Activator are a number of configuration policies to extend the QoS capabilities of IP Service Activator on various devices.

In cases where IP Service Activator does not support the exact QoS mechanism you need, or for whatever reason, you choose not to use IP Service Activator's QoS provisioning capabilities, you can use attachment configuration policies to attach the QoS configuration elements already configured your router to a service or interface within IP Service Activator.

For complete details on the fields and controls in specific configuration policies, see IP Service Activator online Help.

Vendor Cartridge Support for Various QoS Configuration Policies

For details on specific vendor support for this configuration policy, see the appropriate vendor-specific Cartridge guide.

Overview of Attachment QoS Policies

Attachment QoS policies allow you to use IP Service Activator to link existing QoS configuration elements pre-existing on devices with targets in the object model.

The qosCosAttachment configuration policy allows you to create references to existing QoS (quality of service) and/or CoS (class of service) policies on interfaces or PVCs on Cisco devices.

Overview of Vendor-Specific QoS Policies

The supplied vendor-specific QoS policies provide additional QoS capabilities on various vendors' equipment.

QoS Configuration Policies

Various configuration policies provide the ability to configure additional QoS elements on various platforms.

  • catOSPolicingRule: CatOS does not support MQC PHBs. This configuration policy enables policing-type QoS on these devices.

  • rate-limit: Provides rate-limiting on Brocade devices.

Installation of QoS and Attachment Configuration Policies

Configuration policies must be installed before they can be applied to target objects. Before using the complementary QoS configuration policies you must load the following .policy files:

  • CiscoCatOSQoSPolicyTypes.policy

  • CiscoIOSQoSPolicyTypes.policy

  • FoundryIronWareQoSPolicyTypes.policy

  • ExtensionPackCPolicyTypes.policy

For complete details on how to install configuration policies, see IP Service Activator System Administrator's Guide.

Role-based Inheritance

As with other configuration policies, IP Service Activator's role-based inheritance rules apply to QoS and attachment configuration policies. The inheritance model enables policy defined at a high level, such as the domain or network, to be inherited to lower level objects, such as devices and interfaces. Roles enable you to group devices and interfaces by, for example, customer and service package, and create policies targeted at that group. Policies can be directed towards specific groups of devices and interfaces.

For details on roles, see IP Service Activator User's Guide.

Attachment QoS Configuration Policies

Attachment QoS policies allow you to use IP Service Activator to link existing QoS configuration elements on devices with targets in the object model.

There may be cases where IP Service Activator does not support the QoS capabilities you want to implement. Or, you may prefer to define QoS configurations outside of IP Service Activator.

On new installations, there may be a significant investment in QoS configuration already on existing devices that you don't want to reproduce in the IP Service Activator object model.

In these cases, you can use IP Service Activator to apply QoS configurations defined on devices to interfaces on those devices through the use of an attachment configuration policy. One advantage of this approach is that IP Service Activator will not remove the QoS configuration from the device, even when it is unlinked from targets in the object model

qosCosAttachment

This configuration policy allows you to create references to QoS (quality of service) and/or CoS (class of service) policies on interfaces or PVCs, primarily on Cisco devices.

The QoSCosAttachment configuration policy allows you to use predefined QoS policy on a device in a manner similar to a template and attach it to target interfaces. A single QoS definition can be attached to multiple interfaces. For example, if you provide the name of the policy map, IP Service Activator maintains the link between the interface and the defined policy map. In the interface, IP Service Activator issues configuration commands to link the policy map to the interface.

Note:

You can link both a QoS and a CoS with one instance of this configuration policy.

Vendor-Specific QoS Configuration Policies

This section describes vendor-specific configuration policies that extend the QoS capabilities of IP Service Activator.

Cisco QoS Configuration Policies

The following sections describe the possible Cisco QoS configuration policies.

CatOSPolicingRule

This configuration policy allows you to create a Layer 2 QoS aggregate policer with ACL configuration for IP, MAC and IPX traffic types on an Ethernet interface or VLAN. At least one classification must be declared as part of the policy definition. This configuration policy is supported for the Cisco CatOS cartridge only.

This policy is applied to interfaces and VLANs, with one policy per target. CatOS doesn't support MQC PHBs. This configuration policy enables policing-type QoS on these devices.

Other QoS Configuration Policies

This section describes other QoS configuration policies.

rate-limit

This configuration policy allows you to configure Rate Limiting on Layer 2 targets on Brocade devices. This policy is used at the device level, allowing one rate limiting policy per interface.