Versions Compared

Old Version 5

changes.mady.by.user James Hahn

Saved on

compared with

New Version 6

changes.mady.by.user Ram Krishna Verma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Goals:

...

Currently, when policies are updated via one of the PAP APIs, the entire list of policies is transmitted to the PDPs.

...

  The communication between PAP and the PDPs should be enhanced so that only the changes need be transmitted.

After receiving the request from REST layer, PAP does the basic validation checks and then generate a PDP_UPDATE message

...

with full list of

...

policies

...

Currently PAP sends a full list of policies to the PDPs through DMaaP. for that particular PdpSubGroup and sends it to the PDPs through DMaaP. And PDPs on the other side scans through the list and identifies the policies that needs to be deployed or undeployed. Thereby making PDPs share the work which ideally PAP should be doing as an administrator component.

The aim is to send only the necessary requested & validated policies that needs to be deployed or undeployed in PDPs. So that PDPs can remove the scanning logic and focus more on the "execution" than "administration". And it also reduces the data transmitting over DMaaP (network) and making the layer more robust and resilient.


Important Note:

  • The

...

  • change needs to be designed in a way so that it doesn't break the currently working contract between PAP & PDPs. And allow sometime for PDPs to adapt and move to the newer (simpler) way of managing policies.
  • The change shouldn't affect the PDP registration flow. Because there we would like to continue sending the FULL list of policies that are currently supported in PdpSubGroup in which the PDP is getting registered.


Current thoughts/suggestions:

  1. Enhance PDP_UPDATE message to contain two new lists (deploy and undeploy), while maintaining it's its current full list of policies. When the PDPs support delta policies we can then remove the original full list.
  2. Enhance PDP_UPDATE message to contain one new list of policies to be updated, and a boolean value to determine whether to deploy/undeploy the policies while maintaining the full list of policies also. PDPs that support delta policies can then choose to use the deltas or the original list if they do not. When the PDPs support the delta policies we can remove the original list.