Re: [Detnet] Yangdoctors last call review of draft-ietf-detnet-yang-14
Xufeng Liu <xufeng.liu.ietf@gmail.com> Thu, 18 November 2021 22:46 UTC
Return-Path: <xufeng.liu.ietf@gmail.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FFEF3A0B2F; Thu, 18 Nov 2021 14:46:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EVjnHzUgASRk; Thu, 18 Nov 2021 14:46:17 -0800 (PST)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63DA23A0B2E; Thu, 18 Nov 2021 14:46:17 -0800 (PST)
Received: by mail-ed1-x532.google.com with SMTP id t5so34279669edd.0; Thu, 18 Nov 2021 14:46:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qZUDXZ0/RNfB2A1ALR4ESoOlz/Vsrm7syQkCSM51Wvo=; b=WlSBuRfcL2kDOJvUwX6zcwi7toQgDdaztTced95OaS188tJumthl2tTE4MC2qVF8zD HHXXyJ4r+5dq+7LGyGfI4526fvi9ac8hPROZKosSaAhMcbceFMbWWGlRf6X/lIGSQTy0 gKpv1K0Ai/o+1HMff0I0sayuEOxx0ugvHP0nojfo+a4oiG05Fh2i3NXOUx/0gfo6174f W+GqG7gjR7dWldkrcsSH6E9plP2ycV0cAcAnIvhdEBBi+y/xas3Uo0RrVg5JjdraafEd Qr4QYXyeWMo9pM0XEghpapk7CubcP3EmxbqS1LRoVOy70xEHJ5iM7X1OeP9rQzQufv7Q 0Oqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qZUDXZ0/RNfB2A1ALR4ESoOlz/Vsrm7syQkCSM51Wvo=; b=30TYHgLM3wAhZ6kSWD6MlBvXCnJuvH9b6SiHhs/uEF+1iGDI92cyYdUC54R4XY8f13 1g+YLBkYtTJqLQIpEkgt1VE4dg+QzaC/OJpEXv/SB3hZfG9DZART3Y4pZtmeNgV+1uH8 QPpf/J6WOpkLIMqPQTgKuPwxi9UyMueosCEKdMZAw/vkyYDmTBrQ5CzMYM6KU1yXEq6j +uXuf7WP+JWs/M7B/tsij+8VDk/HMQAVK76aeHoGG1/z1mF+09+VkBPPMtMmVKQd5oxY IvEnrnBuBp9iZq/auGvuwPX7AHPbWAin5Vr5X537ciUiwhL3Et7335URiNv5v7NBfdv/ p+gw==
X-Gm-Message-State: AOAM530hxyA5RuU5ul610TkJrXmbo5mdW8GwJHy2lwsIx14IH3QZ9kUI U2X5fwtPn3pZZzy7rLX/7SgOshuGcsR3q9CE88aAxsT52Q0=
X-Google-Smtp-Source: ABdhPJwtPHFyD0simSUOz2aYm0nr7tsmE791ptWe/mXD9uvdCeEOtvKCUCBFMgUGCjt0pZVRhrYbJQOWByM+pB+4ZZY=
X-Received: by 2002:aa7:d4c3:: with SMTP id t3mr16934383edr.268.1637275573973; Thu, 18 Nov 2021 14:46:13 -0800 (PST)
MIME-Version: 1.0
References: <163648840575.19216.561627083204230489@ietfa.amsl.com> <MN2PR14MB4030B1AD9BCBBF90FB1ABF82BB9B9@MN2PR14MB4030.namprd14.prod.outlook.com>
In-Reply-To: <MN2PR14MB4030B1AD9BCBBF90FB1ABF82BB9B9@MN2PR14MB4030.namprd14.prod.outlook.com>
From: Xufeng Liu <xufeng.liu.ietf@gmail.com>
Date: Thu, 18 Nov 2021 17:46:02 -0500
Message-ID: <CAEz6PPTfAuwWrUr8TTUwyQQMMjFH3s1yUGTDnK_=F+wkz1DqPg@mail.gmail.com>
To: Don Fedyk <dfedyk@labn.net>
Cc: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>, "draft-ietf-detnet-yang.all@ietf.org" <draft-ietf-detnet-yang.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fc75e405d117ec8b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/QJM1YPSR_G2gh2qtbHCQ9GMJAP8>
Subject: Re: [Detnet] Yangdoctors last call review of draft-ietf-detnet-yang-14
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2021 22:46:23 -0000
Hi Don, The section looks pretty good already. I only have a couple minor comments below. Thanks, - Xufeng On Thu, Nov 18, 2021 at 4:34 PM Don Fedyk <dfedyk@labn.net> wrote: > Hi Xufeng > > Thanks, I have updated a preliminary version 15 @ > https://github.com/detnet-wg/draft-ietf-detnet-yang. > > Most updates were straightforward - the security section I think > everything is sensitive on write and anything that shows application is > sensitive on read. > > Here is how the section reads now: (Please comment if this is OK). > > There are a number of data nodes defined in the module that are > writable/creatable/deletable (i.e., config true, which is the > default). These data nodes may be considered sensitive or vulnerable > in some network environments. Write operations (e.g., edit-config) > to these data nodes without proper protection can break or > incorrectly connect DetNet flows. Since this is a configured Data > Plane any changes that are not coordinated with all devices along the > path the whole DetNet module is considered vulnerable and should have > authorized access only. > > Similarly, the data nodes in these YANG modules may be considered > sensitive or vulnerable in some network environments. It is thus > important to control read access (e.g., via get, get-config, or > notification) to these data nodes. These are the subtrees and data > node and their sensitivity/vulnerability: > > > detnet/app-flows: [Xufeng]: Would it be better to start with the root? If so, we'd have: /detnet/app-flows > This controls the application details so it could > be considered sensitive. > > detnet/traffic-profile/member-app: [Xufeng]: As above, is it better to have: /detnet/traffic-profile/member-app: Since we are here, just realize that "list traffic-profile" is not under a container like "apps". It is not necessarily wrong, but I'd like to mention it to ensure that it is intended. This links traffic profiles to > applications. > > detnet/service/incoming/app-flow: This links applications to > services. > [Xufeng]: Is this under sub-layer? Should "sub-layer" be part of the xpath? /detnet/service/sub-layer/incoming/app-flow: > > detnet/service/outgoing/app-flow: This links applications to > services. > [Xufeng]: Same comment as above. > > Cheers > Don > > > -----Original Message----- > From: Xufeng Liu via Datatracker <noreply@ietf.org> > Sent: Tuesday, November 9, 2021 3:07 PM > To: yang-doctors@ietf.org > Cc: detnet@ietf.org; draft-ietf-detnet-yang.all@ietf.org; > last-call@ietf.org > Subject: Yangdoctors last call review of draft-ietf-detnet-yang-14 > > Reviewer: Xufeng Liu > Review result: Ready with Nits > > Thanks to authors for addressing the previous review comments. > > The updates look good. The followings are a few additional nits: > > 1) In the model, “container flow-spec” has been changed to “container > traffic-spec”, but the description has not been updated, shown as below: > > container traffic-spec { > description > "Flow-specification specifies how the Source transmits > packets for the flow. This is the promise/request of the > Source to the network. The network uses this flow > specification to allocate resources and adjust queue > parameters in network nodes."; > > 2) Most names of list and leaf-list have been fixes. The following three > were > missed: “leaf-list member-apps” should be “leaf-list member-app” > “leaf-list member-services” should be “leaf-list member-service” “leaf-list > member-fwd-sublayers” should be “leaf-list member-fwd-sublayer” > > 3) Section 10. Security Considerations would need to include a list of > “sensitive or vulnerable” nodes. RFC 8349 shows an example. > > Thanks, > - Xufeng > > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
- [Detnet] Yangdoctors last call review of draft-ie… Xufeng Liu via Datatracker
- Re: [Detnet] Yangdoctors last call review of draf… Don Fedyk
- Re: [Detnet] Yangdoctors last call review of draf… Xufeng Liu
- [Detnet] Comments on detnet-yang-15 Re: [Last-Cal… tom petch
- [Detnet] Some more Comments on detnet-yang-15 Re:… tom petch
- Re: [Detnet] Some more Comments on detnet-yang-15… John Grant
- Re: [Detnet] Some more Comments on detnet-yang-15… Don Fedyk
- Re: [Detnet] Comments on detnet-yang-15 Re: [Last… Don Fedyk
- Re: [Detnet] Comments on detnet-yang-15 Re: [Last… tom petch
- Re: [Detnet] Comments on detnet-yang-15 Re: [Last… Don Fedyk
- Re: [Detnet] Comments on detnet-yang-15 Re: [Last… Don Fedyk
- Re: [Detnet] Comments on detnet-yang-15 Re: [Last… tom petch
- Re: [Detnet] Comments on detnet-yang-15 Re: [Last… tom petch
- Re: [Detnet] Comments on detnet-yang-15 Re: [Last… Don Fedyk
- Re: [Detnet] Comments on detnet-yang-15 Re: [Last… tom petch
- Re: [Detnet] Comments on detnet-yang-15 Re: [Last… Don Fedyk