main_policy module¶

This module is part of the nmeta suite running on top of Ryu SDN controller to provide network identity and flow metadata.

It provides an object for the main policy and includes ingesting the policy from file on class instatiation and validating its syntax.

class main_policy.Identity(logger, policy)¶

Bases: object

Represents the portion of main policy off the root key ‘identity’

IDENTITY_KEYS = ('arp', 'lldp', 'dns', 'dhcp')¶

class main_policy.MainPolicy(_config)¶

Bases: object

This class is instantiated by nmeta2.py and provides methods to ingest the policy file main_policy.yaml and validate that it is correctly structured . Directly accessible values to read:

main_policy # main policy YAML object tc_policies.mode # mode for DPAE connectivity (active or passive) identity.arp # True if identity arp harvest is enabled identity.lldp # True if identity lldp harvest is enabled identity.dns # True if identity dns harvest is enabled identity.dhcp # True if identity dhcp harvest is enabled

Methods:: <TBD> tc_policies.* tc_rules.* identity.* qos_treatment.get_policy_qos_treatment_value(key) port_sets.get_tc_ports(dpid) # Get ports for a DPID to run TC on optimised_rules.get_rules() # Get optimised TC rules to install
Public Functions:: validate_keys(logger, keys, schema, branch) validate_value(logger, key, value, schema, branch) is_valid_macaddress(logger, value_to_check) is_valid_ethertype(logger, value_to_check) is_valid_ip_space(logger, value_to_check) is_valid_transport_port(logger, value_to_check)

TOP_KEYS = ('tc_policies', 'tc_rules', 'identity', 'qos_treatment', 'port_sets')¶

ingest_policy(config_directory, main_policy_filename)¶: Read in main policy from file

class main_policy.Optimise(logger, policy)¶

Bases: object

Represents an optimised set of TC rules to install on a switch

CONDITION_TYPES = {'identity_service_dns_re': 'identity', 'ip_dst': 'static', 'identity_service_dns': 'identity', 'tcp_src': 'static', 'statistical': 'statistical', 'eth_src': 'static', 'payload': 'payload', 'ip_src': 'static', 'eth_dst': 'static', 'eth_type': 'static', 'identity_lldp_systemname_re': 'identity', 'tcp_dst': 'static', 'identity_lldp_systemname': 'identity'}¶

get_rules()¶: Return an optimised flow entry match set to install to switches based on the tc_rules

class main_policy.PortSets(logger, policy)¶

Bases: object

Represents the portion of main policy off the root key ‘port_sets’

get_tc_ports(dpid)¶: Passed a DPID and return a tuple of port numbers on which to run TC on that switch, or 0 if none

class main_policy.QoSTreatment(logger, policy)¶

Bases: object

Represents the portion of main policy off the root key ‘qos_treatment’

QOS_TREATMENT_KEYS = ('default_priority', 'constrained_bw', 'high_priority', 'low_priority')¶

get_policy_qos_treatment_value(qos_key)¶: Return a value for a given key under the ‘qos_treatment’ root of the policy

class main_policy.TCPolicies(logger, policy)¶

Bases: object

Represents the portion of main policy off the root key ‘tc_policies’

TC_POLICY_KEYS = ('comment', 'rule_set', 'port_set', 'mode')¶

TC_POLICY_MODE_VALUES = ('active', 'passive')¶

class main_policy.TCRule(logger, rule)¶

Bases: object

Represents a TC rule

TC_CONFIG_CONDITIONS = {'match_type': 'MatchType', 'identity_service_dns_re': 'String', 'ip_dst': 'IPAddressSpace', 'identity_service_dns': 'String', 'tcp_src': 'PortNumber', 'statistical': 'String', 'eth_src': 'MACAddress', 'payload': 'String', 'ip_src': 'IPAddressSpace', 'eth_dst': 'MACAddress', 'conditions_list': 'PolicyConditions', 'eth_type': 'EtherType', 'identity_lldp_systemname_re': 'String', 'tcp_dst': 'PortNumber', 'identity_lldp_systemname': 'String'}¶

TC_CONFIG_MATCH_TYPES = ('any', 'all')¶

TC_RULE_ATTRIBUTES = ('comment', 'match_type', 'conditions_list', 'actions')¶

class main_policy.TCRules(logger, policy)¶

Bases: object

Represents the portion of main policy off the root key ‘tc_rules’

main_policy.is_valid_ethertype(logger, value_to_check)¶: Passed a prospective EtherType and check that it is valid. Can be hex (0x*) or decimal Return 1 for is valid IP address and 0 for not valid

main_policy.is_valid_ip_space(logger, value_to_check)¶: Passed a prospective IP address and check that it is valid. Can be IPv4 or IPv6 and can be range or have CIDR mask Return 1 for is valid IP address and 0 for not valid

main_policy.is_valid_macaddress(logger, value_to_check)¶: Passed a prospective MAC address and check that it is valid. Return 1 for is valid IP address and 0 for not valid

main_policy.is_valid_transport_port(logger, value_to_check)¶: Passed a logger ref and prospective TCP or UDP port number and check that it is an integer in the correct range. Return 1 for is valid port number and 0 for not valid port number

main_policy.validate_keys(logger, keys, schema, branch)¶: Validate a set of keys against a schema tuple to ensure that there are no missing or extraneous keys

main_policy.validate_value(logger, key, value, schema, branch)¶: validate that the value complies with the schema