Now what about rules loading? Are the rules loaded onto
Admin box first and compile into internal representation
before shipping to OPES box (in binary format)?
Or should it be loaded onto OPES box directly via XML format?
Does it matter at all which model we choose? In first
model, Admin box from Company A then would not be able to
talk to OPES box from company B.
Why not? IRML defines an open standard format for exchanging
rule sets
- that's the purpose of IRML. Company A and company B both
suport IRML
- no problem for exchanging rule sets.
So to achieve interoperability, either we stick with the second
model, or we define a standardized binary format. I would vote for
the second model then.
Ship it to the OPES box using IRML. I can't see the need for an
additional, redundant binary format for the same purpose (i.e.
exchange of rule sets).
BTW - won't it be likely that the Admin "box" and the OPES "box" are
physically on the same appliance? Why should rules first be shiped to
some Admin box, getting validate and then being shipped to the OPES
box? Distribute the rules sets right away to the OPES boxes and let
them do the checking etc.
IRML allows the support of both model, either ship the modules to targeted
OPES boxes directly are ship the module to an admin box which in
turn will ship it to the edges it knows of. That under the control of the
box owner. And that's fine to start with.
But if I operate a CDN with a number of deployed OPES boxes and
send the rules to these boxes so they're compiled into a rule base do I
create myself a deployment headache ? Rules will need to be compiled,
checked, validated, etc. all of these far from where I control my network.
I think that down the road having a binary format could facilitate
operation & deployment.
Christian