main_policy module¶
This module is part of the nmeta suite running on top of Ryu SDN controller to provide network identity and flow metadata.
It provides an object for the main policy and includes ingesting the policy from file on class instatiation and validating its syntax.
-
class
main_policy.
Identity
(logger, policy)¶ Bases:
object
Represents the portion of main policy off the root key ‘identity’
-
IDENTITY_KEYS
= ('arp', 'lldp', 'dns', 'dhcp')¶
-
-
class
main_policy.
MainPolicy
(_config)¶ Bases:
object
This class is instantiated by nmeta2.py and provides methods to ingest the policy file main_policy.yaml and validate that it is correctly structured . Directly accessible values to read:
main_policy # main policy YAML object tc_policies.mode # mode for DPAE connectivity (active or passive) identity.arp # True if identity arp harvest is enabled identity.lldp # True if identity lldp harvest is enabled identity.dns # True if identity dns harvest is enabled identity.dhcp # True if identity dhcp harvest is enabled- Methods:
- <TBD> tc_policies.* tc_rules.* identity.* qos_treatment.get_policy_qos_treatment_value(key) port_sets.get_tc_ports(dpid) # Get ports for a DPID to run TC on optimised_rules.get_rules() # Get optimised TC rules to install
- Public Functions:
- validate_keys(logger, keys, schema, branch) validate_value(logger, key, value, schema, branch) is_valid_macaddress(logger, value_to_check) is_valid_ethertype(logger, value_to_check) is_valid_ip_space(logger, value_to_check) is_valid_transport_port(logger, value_to_check)
-
TOP_KEYS
= ('tc_policies', 'tc_rules', 'identity', 'qos_treatment', 'port_sets')¶
-
ingest_policy
(config_directory, main_policy_filename)¶ Read in main policy from file
-
class
main_policy.
Optimise
(logger, policy)¶ Bases:
object
Represents an optimised set of TC rules to install on a switch
-
CONDITION_TYPES
= {'identity_service_dns_re': 'identity', 'ip_dst': 'static', 'identity_service_dns': 'identity', 'tcp_src': 'static', 'statistical': 'statistical', 'eth_src': 'static', 'payload': 'payload', 'ip_src': 'static', 'eth_dst': 'static', 'eth_type': 'static', 'identity_lldp_systemname_re': 'identity', 'tcp_dst': 'static', 'identity_lldp_systemname': 'identity'}¶
-
get_rules
()¶ Return an optimised flow entry match set to install to switches based on the tc_rules
-
-
class
main_policy.
PortSets
(logger, policy)¶ Bases:
object
Represents the portion of main policy off the root key ‘port_sets’
-
get_tc_ports
(dpid)¶ Passed a DPID and return a tuple of port numbers on which to run TC on that switch, or 0 if none
-
-
class
main_policy.
QoSTreatment
(logger, policy)¶ Bases:
object
Represents the portion of main policy off the root key ‘qos_treatment’
-
QOS_TREATMENT_KEYS
= ('default_priority', 'constrained_bw', 'high_priority', 'low_priority')¶
-
get_policy_qos_treatment_value
(qos_key)¶ Return a value for a given key under the ‘qos_treatment’ root of the policy
-
-
class
main_policy.
TCPolicies
(logger, policy)¶ Bases:
object
Represents the portion of main policy off the root key ‘tc_policies’
-
TC_POLICY_KEYS
= ('comment', 'rule_set', 'port_set', 'mode')¶
-
TC_POLICY_MODE_VALUES
= ('active', 'passive')¶
-
-
class
main_policy.
TCRule
(logger, rule)¶ Bases:
object
Represents a TC rule
-
TC_CONFIG_CONDITIONS
= {'match_type': 'MatchType', 'identity_service_dns_re': 'String', 'ip_dst': 'IPAddressSpace', 'identity_service_dns': 'String', 'tcp_src': 'PortNumber', 'statistical': 'String', 'eth_src': 'MACAddress', 'payload': 'String', 'ip_src': 'IPAddressSpace', 'eth_dst': 'MACAddress', 'conditions_list': 'PolicyConditions', 'eth_type': 'EtherType', 'identity_lldp_systemname_re': 'String', 'tcp_dst': 'PortNumber', 'identity_lldp_systemname': 'String'}¶
-
TC_CONFIG_MATCH_TYPES
= ('any', 'all')¶
-
TC_RULE_ATTRIBUTES
= ('comment', 'match_type', 'conditions_list', 'actions')¶
-
-
class
main_policy.
TCRules
(logger, policy)¶ Bases:
object
Represents the portion of main policy off the root key ‘tc_rules’
-
main_policy.
is_valid_ethertype
(logger, value_to_check)¶ Passed a prospective EtherType and check that it is valid. Can be hex (0x*) or decimal Return 1 for is valid IP address and 0 for not valid
-
main_policy.
is_valid_ip_space
(logger, value_to_check)¶ Passed a prospective IP address and check that it is valid. Can be IPv4 or IPv6 and can be range or have CIDR mask Return 1 for is valid IP address and 0 for not valid
-
main_policy.
is_valid_macaddress
(logger, value_to_check)¶ Passed a prospective MAC address and check that it is valid. Return 1 for is valid IP address and 0 for not valid
-
main_policy.
is_valid_transport_port
(logger, value_to_check)¶ Passed a logger ref and prospective TCP or UDP port number and check that it is an integer in the correct range. Return 1 for is valid port number and 0 for not valid port number
-
main_policy.
validate_keys
(logger, keys, schema, branch)¶ Validate a set of keys against a schema tuple to ensure that there are no missing or extraneous keys
-
main_policy.
validate_value
(logger, key, value, schema, branch)¶ validate that the value complies with the schema