NCM policies - add support for if, and, and or within multi-line blocks

Idea created by mwegner on Jul 25, 2013
    New
    Score55

    In Spectrum's NCM, we can define multi-line configuration blocks for NCM policies.  Within the block, NCM allows us to define policy criteria that must be there or that must not be there.  This is very useful for applying policies to interfaces, but it could be made much better by adding conditional rules.

     

    We frequently have per-interface policies that we cannot implement in NCM, such as:

    - Find all blocks that start with 'interface *' and end with '!', and IF this interface is tagged as being in VLAN 66, make sure that the port speed and duplex is set to 10 half.

    - Find all blocks that start with 'interface *' and end with '!', and IF this interface has helper address X, make sure that it also has helper address Y.

    - Find all blocks that start with 'interface TenGigabitEthernet*' and end with '!', and IF this interface is defined as being part of a port channel, enable link state traps for the interface.

     

    NCM should allow us to define a multi-line configuration block, and then within the block allow us to define policy criteria that if X then Y, if not X then not Y, and if X then not Y.  These criteria would be evaluated within the block, so that if X is true within the block, Y is only evaluated within the block as well.

     

    A specific example.  Given this bit of configuration:

    interface GigabitEthernet1/0/11

    switchport access vlan 66

    switchport mode access

    speed 10

    duplex full

    !

    interface GigabitEthernet1/0/12

    switchport access vlan 66

    switchport mode access

    !

    interface GigabitEthernet1/0/13

    switchport access vlan 20

    switchport mode access

    !

     

    I would like to be able to define an NCM policy that forces all interface blocks that contain the line "switchport access vlan 66" to also contain the lines "speed 10" and "duplex full", but leave all other interface blocks set up to auto-negotiate (no specified speed or duplex).  With current NCM rules, this is not possible.  I would like to be able to build more complex comparison criteria within configuration blocks, such as the ones used in event condition rules, like this:

     

    NCM-enhancement.tiff