Used for policy creation and deletion, add and delete rules from policy, apply and un-apply policy from interfaces.
Defines the RPC for operations on policy, interface and get requests.
RPC Calls | |
| rpc | SLPolicy::SLPolicyOp (SLPolicyOpMsg) returns(SLPolicyOpRsp) |
| Policy-object operations. More... | |
| rpc | SLPolicy::SLPolicyGet (SLPolicyGetMsg) returns(stream SLPolicyGetMsgRsp) |
| Retrieve all Policies and its rules and the interfaces where the policy is applied from the server. | |
| rpc | SLPolicy::SLPolicyGlobalGet (SLPolicyGlobalGetMsg) returns(SLPolicyGlobalGetMsgRsp) |
| Retrieve Global Policy capabilities. | |
Messages | |
| message | SLPolicyOpMsg |
| message | SLPolicyEntry |
| Policy-map object. More... | |
| message | PolicyRuleList |
| List of rules. More... | |
| message | PolicyIntfList |
| List of interfaces. More... | |
| message | SLPolicyKey |
| message | SLPolicyRule |
| Each rule in a policy is associated with a Rule name - that identifies a rule Priority - priority of the rule within the policy Match - Contains at least one or more match criteria. More... | |
| message | SLRuleMatch |
| Attributes to match within a rule in a policy. More... | |
| message | SLDscpMatch |
| Dscp match type Oneof is used here for future extensibility. More... | |
| message | SLRuleAction |
| Action applied on the packet that matches a rule. More... | |
| message | SLPolicyIntf |
| Policy intf object. More... | |
| message | SLPolicyOpRsp |
| message | SLPolicyRes |
| message | SLPolicyRuleStatusList |
| message | SLPolicyIntfStatusList |
| message | SLPolicyRuleStatus |
| message | SLPolicyIntfStatus |
| message | SLPolicyGetMsg |
| Get all the policies and the interfaces where it is applied. More... | |
| message | SLPolicyInfo |
| List of policies, rules and the interfaces where it is applied. More... | |
| message | SLPolicyGetMsgRsp |
| message | SLPolicyGlobalGetMsg |
| Policy Global Get Capabilities Message. More... | |
| message | SLPolicyGlobalGetMsgRsp |
| Policy Global Get Capabilities Message Response. More... | |
Enumerations | |
| enum | SLPolicyObjectOp { SL_OBJOP_POLICY_RESERVED = 0x0, SL_OBJOP_POLICY_ADD = 0x1, SL_OBJOP_POLICY_DELETE = 0x2, SL_OBJOP_RULE_ADD = 0x3, SL_OBJOP_RULE_DELETE = 0x4, SL_OBJOP_POLICY_APPLY = 0x5, SL_OBJOP_POLICY_UNAPPLY = 0x6 } |
| Policy Object Operations. More... | |
| enum | SLPolicyType { SL_PM_PTYPE_RESERVED = 0x0, SL_PM_PTYPE_PBR = 0x1 } |
| Policy types supported. More... | |
| enum | SLApplyDirection { SL_APPLY_TYPE_RESERVED = 0x0, SL_APPLY_DIRECTION_INGRESS = 0x1 } |
| Direction of policy apply Only ingress supported for pbr policies. More... | |
| rpc SLPolicy::SLPolicyOp | ( | SLPolicyOpMsg | ) |
Policy-object operations.
Policy and its rules
Policy p1 Rule r1 Priority 1 Match dscp 1 Match PathGroup Silver Action PathGroup Bronze
Rule r2 Priority 2 Match dscp 2 Match PathGroup Bronze Action PathGroup Silver
Rule r3 Priority 3 Match PathGroup xxx Action PathGroup Gold End-policy SLPolicyOpMsg.Oper = SL_OBJOP_POLICY_ADD Add a new Policy object. Fails if a Policy object with the specified key already exists.
SLPolicyOpMsg.Oper = SL_OBJOP_POLICY_DELETE Delete the policy object. The object's key is enough to delete the object. Other attributes if present are ignored. Delete of a non- existant object is returned as success.
SLPolicyOpMsg.Oper = SL_OBJOP_RULE_ADD Add rules to an existing Policy object. If any of the rules exist, return "Object exists" error. Fails if the Policy object key does not exist in the system or if no rule is provided.
SLPolicyOpMsg.Oper = SL_OBJOP_RULE_DELETE If the policy object does not exist, "Policy not found" error is returned. If policy object exists, delete the list of rules provided. Delete of a non-existant rule within a policy object is returned as success. If the last rule within a policy object is deleted, an empty policy will continue to exist. Fails if no rule is provided.
SLPolicyOpMsg.Oper = SL_OBJOP_POLICY_APPLY Apply the policy on an interface. Only the policy object key and the interface where it needs to be applied will be verified and used. Other attributes are ignored. SLPolicyOpMsg.Oper = SL_OBJOP_POLICY_UNAPPLY Unapply the policy on an interface. Only the policy object key and the interface where it needs to be removed from will be verified and used, other attributes are ignored.
The device can be programmed by only one active instance of this RPC. On client restart or RPC disconnects, the client has the to reconcile its new state with the state on the device by replaying the difference.
| message SLPolicyOpMsg |
Attributes | |
| SLPolicyObjectOp | Oper = 1 |
| Policy object operation. | |
| uint64 | OperationID = 2 |
| Unique OperationID sent by the client to correlate the responses. More... | |
| repeated SLPolicyEntry | Policies = 3 |
| List of policy entries. | |
| uint64 SLPolicyOpMsg::OperationID = 2 |
Unique OperationID sent by the client to correlate the responses.
Operation Id should be monotonically increasing for the life of the client.
| message SLPolicyEntry |
Policy-map object.
Attributes | |
| SLPolicyKey | Key = 1 |
| Policy unique key identifier. | |
| oneof { | |
| PolicyRuleList Rules = 2 | |
| PolicyIntfList Intfs = 3 | |
| }; | |
| message PolicyRuleList |
List of rules.
Attributes | |
| repeated SLPolicyRule | PolicyRules = 1 |
| message PolicyIntfList |
List of interfaces.
Attributes | |
| repeated SLPolicyIntf | PolicyIntfs = 1 |
| message SLPolicyKey |
Attributes | |
| string | PolicyName = 1 |
| Name of the policy. | |
| SLPolicyType | Type = 2 |
| PolicyType. | |
| message SLPolicyRule |
Each rule in a policy is associated with a Rule name - that identifies a rule Priority - priority of the rule within the policy Match - Contains at least one or more match criteria.
Packet is a match if ALL the fields in the packet match the criteria. Atleast one rule MUST be present for the packet to match. Action - Contains at least one or more action. Action applied on the packet that matches the rule. Atleast one action MUST be present for the match criteria under a rule.
Attributes | |
| string | RuleName = 1 |
| Name of the rule referenced in the policy object. | |
| string | PriorityStr = 2 |
| Priority of the rule within the policy. | |
| SLRuleMatch | Match = 3 |
| Defines the match criteria under this rule. | |
| SLRuleAction | Action = 4 |
| Action associated with this rule. | |
| message SLRuleMatch |
Attributes to match within a rule in a policy.
All specified values in the message MUST be matched by the packet for application of the specified action.
Attributes | |
| SLDscpMatch | Dscp = 1 |
| Encapsulate all different values of dscp supported. | |
| SLPathGroupRefKey | PathGroup = 2 |
| Match on PathGroup Identifier The path group belongs to the same VRF as the policy entry. More... | |
| SLPathGroupRefKey SLRuleMatch::PathGroup = 2 |
Match on PathGroup Identifier The path group belongs to the same VRF as the policy entry.
| message SLDscpMatch |
Dscp match type Oneof is used here for future extensibility.
Attributes | |
| oneof { | |
| uint32 DscpValue = 1 | |
| Single dscp value. | |
| }; | |
| message SLRuleAction |
Action applied on the packet that matches a rule.
Attributes | |
| SLPathGroupRefKey | PathGroup = 1 |
| PathGroup where packet will be forwarded. More... | |
| bool | EnableStatsCounter = 2 |
| Enable Stats counter. | |
| SLPathGroupRefKey SLRuleAction::PathGroup = 1 |
PathGroup where packet will be forwarded.
The path group belongs to the same VRF as the policy entry.
| message SLPolicyIntf |
Policy intf object.
Attributes | |
| SLInterface | Key = 1 |
| Interface on which the policy is applied/unapplied. | |
| SLApplyDirection | IntfDir = 2 |
| Policy Apply Direction. | |
| message SLPolicyOpRsp |
Attributes | |
| uint64 | OperationID = 1 |
| Policy object operation for which the response is sent. | |
| repeated SLPolicyRes | Results = 2 |
| message SLPolicyRes |
Attributes | |
| SLPolicyKey | Key = 1 |
| Policy unique key identifier. | |
| oneof { | |
| SLErrorStatus PolicyStatus = 2 | |
| Status of policy level operations like policy add and policy delete. | |
| SLPolicyRuleStatusList RulesStatus = 3 | |
| Status of rule operations on a policy. | |
| SLPolicyIntfStatusList IntfStatus = 4 | |
| Status of interface operations on a policy. | |
| }; | |
| message SLPolicyRuleStatusList |
Attributes | |
| repeated SLPolicyRuleStatus | RulesStatus =1 |
| message SLPolicyIntfStatusList |
Attributes | |
| repeated SLPolicyIntfStatus | IntfsStatus = 1 |
| message SLPolicyRuleStatus |
Attributes | |
| string | RuleName = 1 |
| SLErrorStatus | Status = 2 |
| message SLPolicyIntfStatus |
Attributes | |
| SLInterface | Intf = 1 |
| SLErrorStatus | Status = 2 |
| message SLPolicyGetMsg |
Get all the policies and the interfaces where it is applied.
| message SLPolicyInfo |
List of policies, rules and the interfaces where it is applied.
Attributes | |
| SLPolicyKey | Key = 1 |
| Policy unique key identifier. | |
| repeated SLPolicyRule | PolicyRules = 2 |
| List of rules. | |
| repeated SLPolicyIntf | PolicyIntfs = 3 |
| List of interfaces. | |
| message SLPolicyGetMsgRsp |
Attributes | |
| SLErrorStatus | PolicyCfgOpStatus = 1 |
| Status of the policy get operation. | |
| repeated SLPolicyInfo | PolicyObjs = 2 |
| List of Policy info. It will be empty incase of failure. | |
| message SLPolicyGlobalGetMsg |
Policy Global Get Capabilities Message.
| message SLPolicyGlobalGetMsgRsp |
Policy Global Get Capabilities Message Response.
Attributes | |
| SLErrorStatus | ErrStatus = 1 |
| Corresponding error code. | |
| uint32 | MaxPolicies = 2 |
| Max number of policies supported. | |
| uint32 | MaxRules = 3 |
| Max Rules supported within a policy. | |
| enum SLApplyDirection |
| enum SLPolicyObjectOp |
Policy Object Operations.
| enum SLPolicyType |
