search

openconfig / public

Repository for publishing OpenConfig models, documentation, and other material for the community.
Apache License 2.0
893 stars 652 forks source link

[OC-NI-PF Enhancement] Policy sharing Across Multiple Network Instances #500

Closed rajatiet closed 2 months ago

rajatiet commented 2 years ago

Hi OC-Team,

My name is Rajat Rastogi (Company: Juniper Networks)

While configuring policy via openconfig-network-instances on Juniper Routers, the following problem was faced. Please go through the problem statement.

Problem Statement

In the present openconfig-network-instances-policy-forwarding (OC-NI-PF) model, there is a tight coupling between policy-forwarding and network-instance. Due to this, sharing of policy across multiple network-instance cannot be done and we end up creating a unique policy per network instance in HW.

Due to this, for some use-cases, we are not able to share the policy across multiple network instances and HW resource consumption for policy is on the higher side. If policy could be defined outside network-instance then sharing of policy can be easily done for such use-cases.

Proposed Solution

To satisfy this requirement, we need to enhance the model to define the policy outside the network-instance node as well. Once such a policy is defined, it can be applied across multiple network instances based upon requirements.

The following are the advantages of using the mentioned design: -Policy needs to be defined once and applied across multiple network-instances -This will result in saving of hardware resources

A shared policy can be defined as below

[edit] root@evovbrackla-RE0# set openconfig-network-instance:network-instances ? Possible completions:

network-instance Network instances configured on the local system policy-forwarding-shared Configuration and operational state relating to shared policy-forwarding [edit] root@evovbrackla-RE0#

[edit] root@evovbrackla-RE0# set openconfig-network-instance:network-instances policy-forwarding-shared ? Possible completions:

network-instances Configuration and operational state relating policy forwarding on network-instance. path-selection-groups Surrounding container for the path selection groups defined within the policy forwarding model. policies Forwarding policies defined to enact policy-based forwarding on the local system. [edit] root@evovbrackla-RE0#

As you can see policy definition is outside of network-instance. Once the policy is defined, policy can be applied as usual as a regular policy.

Please let me know your inputs.

Thanks and regards Rajat Rastogi

robshakir commented 2 years ago

This does not necessarily (to me) seem like something that we should support. It would appear (to me) to be rare that from an operational perspective there is a policy being applied in a context that doesn't consider the network instance. I'd suggest that the re-use of hardware resources should be something that the local implementation can handle. It would appear relatively trivial to detect identical policies and optimise this with a reasonable translation layer.

Cheers, r.

github-actions[bot] commented 4 months ago

This issue is stale because it has been open 180 days with no activity. If you wish to keep this issue active, please remove the stale label or add a comment, otherwise will be closed in 14 days.