policy

Use the policy command to tie actions and conditions together into an Active Visibility policy. Active visibility is a framework designed to react to events and take actions in response. When conditions change, actions are triggered as specified by policies. Refer to the “Configuring Active Visibility” section in the GigaVUE Fabric Management Guide for details.

When a policy is triggered, an SNMP event can optionally be generated.

The policy command has the following syntax:

policy
   alias <alias>
      action
         add <action name> [param <param name> <param value>] .. [param <param name> <param value>]
         delete <action ID>
      comment <comment>
      condition
         add <condition name> [param <param name> <param value>] .. [param <param name>
            <param value>]
         delete <condition ID>
      enable
      reset
   all <enable |  reset>

The following table describes the arguments for the policy command:

Argument

Description

alias <alias>

Specifies the name of the policy. Up to 100 polices per cluster can be created.

For example:

(config) # policy alias p1

action
add <action name> [param <param name> <param value>] .. [param <param name> <param value>]

Adds an action to the policy. The actions are predefined. Up to five (5) actions can be specified in a policy. The parameter names and values that need to be specified, depend on the action.

 

The following are the keywords that are used as actions:

PortEnable
MapDisable
PortFilterAdd
InlineSslFlushAll- Clearing of session table entries.
InlineSslFlush:- Clearing of specific gsGroup session entries alone.

 

The following are the keywords that are used as parameters in some of the actions, as well as the definition of the value:

 

gsGroup - Alias of the GigaSMART group. Refer gsgroup to create GigaSMART group.
mapAlias - The map alias. Map aliases specified in actions are not validated. Ensure that they exist and are valid. For details, refer to Specifying Keyword, mapAlias.
policyAlias - The policy alias. Policy aliases specified in actions are not validated. Ensure that they exist and are valid. For details, refer to Specifying Keyword, policyAlias.
portId - The port identifier, in the one of the following formats:
o single port—a/b/c
o multiple ports, separated by commas—a1/b1/c1,a2/b2/c2
o range of ports—a/b/c..d
o Port identifiers specified in actions are not validated. Ensure that they exist and are valid.
o Port aliases and GigaStream aliases are not supported. Also, the argument "any" is not a supported argument for actions.

For details, refer to Specifying Keyword, portId.

ruleId - The rule identifier, from a map. For details, refer to Specifying Keyword, ruleId.
ruleStr - The map rule string. For details, refer to Specifying Keyword, ruleStr.
inlineNetAlias - The inline network port alias. For details, refer to Specifying Keyword, inlineNetAlias.
inlineToolAlias - The inline tool port alias. For details, refer to Specifying Keyword, inlineToolAlias.
inlineNetTrafficPath - The traffic path for the inline network. The values are:
o to-inline-tool - Traffic is forwarded to the inline tool.
o bypass - Traffic bypasses the inline tool.
o drop - Traffic is dropped at the inline tool.
o monitoring - Traffic is fed to the inline tool and absorbed, while a copy of the traffic is sent to the next inline tool in the sequence. Traffic returned from side B of the network is also absorbed at the inline tool in monitoring mode.

For details, refer to Specifying Keyword, inlineNetTrafficPath.

oobFromAlias - The out-of-band inline network alias specified when you add or remove out-of-band copy for flexinline map. For details, refer to Specifying Keyword, oobFromAlias.
oobDir - The direction of traffic specified when you add or remove out-of-band copy for flexinline map. The values are:
o a-to-b—Taps traffic from the a-to-b side of the source.
o b-to-a—Taps traffic from the b-to-a side of the source.

For details, refer to Specifying Keyword, oobDir.

oobTag - The tag specified for out-of-band tool port. The values are:
o none—Does not tag packets that are going to the OOB tool. The default is none.
o as-inline—Uses the same VLAN tag that was configured for the flexible inline map.
o original—Uses the original VLAN tag of the packet received from the inline network.

For details, refer to Specifying Keyword, oobTag.

A policy is triggered if all the conditions are met, then all the actions are executed.

Examples:

(config) # policy alias p1 action add PortEnable param portId 1/1/x1

(config) # policy alias p1 action add MapDisable param mapId m1

(config) # policy alias AnyPortUp action add PortFilterAdd param portId &PortUp.portId& param ruleStr "pass vlan 100"

delete <action ID>

Deletes an action from the policy. The policy must exist.

To find out the action ID, type ? as follows:

(config) # (config) # policy alias p1 action delete ?

The existing actions will be listed.

For example:

(config) # (config) # policy alias p1 action delete 2

comment <comment>

Specifies a unique text string that describes the policy. Comments can be up to 256 characters. Comments must be enclosed in double quotation marks.

Comments can be added only after a policy has been created.

For example:

(config) # policy alias p1 comment "Thursday policy"

condition add

Adds a condition to the policy. The conditions are predefined. Up to five (5) conditions can be specified in a policy. The parameter names and values that need to be specified, depend on the condition.

The following are the keywords that are used as conditions:

PortTxPktLow - Packets transmitted from the port is minimum.
PortTxPktHigh - Packets transmitted from the port is maximum
PortRxPktLow - Packets received at the port is minimum.
PortTxPktHigh- Packets received at the port is maximum.

 

The template specifies the parameters and values that must be included in the definition of a condition.

The following are the keywords that are used as parameters in some of the conditions, as well as the definition of the value:

gsGroup - Alias of the GigaSMART group. Refer gsgroup to create GigaSMART group.
inlineToolAlias - Alias of the inline tool. For CLI commands to create an inline tool, refer to inline-tool
inlineToolGrpAlias - Alias of the inline tool group. For CLI commands to create an inline tool group, refer to inline-tool-group
period - The number of seconds from 1 to 7200 (integers only). For details, refer to Specifying Keyword, period on page 153.
thresh - The threshold value from 0 to the maximum (a 64-bit number). For details, refer to Specifying Keyword, thresh on page 154.
threshPct - The percentage threshold value from 0 to 100. For details, refer to Specifying Keyword, threshPct on page 154.
timeStr - The time string, specified in the Cron format "( a b c d e f )”. For details, refer to Specifying Keyword, timeStr on page 154.
portId - The port identifier, in the one of the following formats:
■   single port—a/b/c
■   multiple ports, separated by commas—a1/b1/c1,a2/b2/c2
■   range of ports—a/b/c..d
■   any port—any(a/b/c..d), which includes the keyword, any
■   Port identifiers specified in conditions are not validated. Ensure that they exist and are valid.
■   Port aliases and GigaStream aliases are not supported.

For details, refer to Specifying Keyword, portId on page 155.

 

The policy is executed only when all conditions are met. There is only one unique condition per policy.

Examples:

(config) # policy alias OverloadedToolPort condition add PortTxUtilHigh param portId 1/1/x1 param threshPct 80

(config) # policy alias AnyPortUp condition add PortUp param portId any(3/1/q4..q6) param period 5

(config) # policy alias SaveMemory condition add TimeOfDay param timeStr "( 45 10 * * * * )"

delete <condition ID>

Deletes a condition from the policy. The policy must exist.

To find out the condition ID, type ? as follows:

(config) # (config) # policy alias p1 condition delete ?

The existing conditions will be listed.

For example:

(config) # (config) # policy alias p1 condition delete 10

enable

Enables the Active Visibility policy. To be executed, a policy must be enabled.

For example:

(config) # policy alias p1 enable

reset

Resets the status of the Active Visibility policy.

For example:

(config) # policy alias p1 reset

all <enable | reset>

Enables all policies or resets all policies.

Examples:

(config) # policy all enable

(config) # policy all reset

Related Commands

The following table summarizes other commands related to the policy command:

Task

Command

Displays all actions in brief format.

# show action

Displays a specified action in detail.

# show action alias MapRuleAdd

Displays all actions in detail.

# show action detail

Displays all conditions in brief format.

# show condition

Displays a specified condition in detail.

# show condition alias PortRxUtilHigh

Displays all conditions in detail.

In the output of the show condition command:

The conditions from PortDown through PortUp are port-based conditions. Use them to monitor link state, port utilization, or packet counts (discards, drops, or errors).
The conditions from TimeFriday through TimeWeekend are time-based conditions. Use them for scheduling.
The Template column displays the parameters that must be specified when defining the condition in a policy. The template contains keywords, some which are mandatory, and others which are optional.

For example, the keyword <$portId$> is mandatory, while [$period$] is optional. The strings enclosed in dollar signs ($) are parameters that will be specified as part of configuring a policy.

Some conditions do not have any parameters, such as TimeWeekday.

When the node is up, the PortUp and PortDown conditions are evaluated immediately upon a link status change while the port TX and RX conditions are evaluated every five seconds through polling. When the node reboots or switches over, refer to Polling Following a Node Reboot, Switchover, or Cluster Change.

 

# show condition detail

Displays all specified Active Visibility policies. The output of the show policy command displays the following:

if a policy has been triggered
how many times a policy has run
the last time a policy has run, which provides a history of the last 5 executions

 

# show policy

Displays a specified policy

# show policy alias policy1

Displays all policies in detailed format.

Note:  In the output of the show policy detail command, the following is displayed if the Active Visibility Daemon has initialized, but is not yet polling:

Active Visibility Daemon is not polling!! Please try again in 222 seconds.

The message indicates when the Active Visibility Daemon will start polling following a node or cluster reboot or a cluster leader change.

If polling is not ready, the output of the show policy detail command displays the following message:

Active Visibility Daemon is not polling!! Please try again in 133 seconds.

Following a node reboot, switchover, or a change in the cluster, such as a role change, there is a period of time before the polling mechanism starts. The period of time depends on certain variables such as the number of ports on the node and the size of the cluster in which the node is a part of. If there is a large number of ports or if the node is part of a large cluster, the polling mechanism may take a longer period of time to start. In general, the period of time is between 10 and 15 minutes.

# show policy detail

Deletes a specified policy.

(config) # no policy alias policy1

Deletes a comment for a specified policy.

(config) # no policy alias policy1 comment

Deletes a comment for a specified policy.

(config) # policy alias policy1 no comment

Disables the specified policy.

(config) # no policy alias policy1 enable

Disables the specified policy.

(config) # policy alias policy1 no enable

Deletes all policies.

(config) # no policy all

Disables all policies.

(config) # no policy all enable