Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
"Susan Hares" <shares@ndzh.com> Tue, 24 January 2017 14:30 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84EEF129602; Tue, 24 Jan 2017 06:30:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.945
X-Spam-Level:
X-Spam-Status: No, score=0.945 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zyl2Mc4Ws5eV; Tue, 24 Jan 2017 06:30:52 -0800 (PST)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D3301295FD; Tue, 24 Jan 2017 06:30:51 -0800 (PST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=50.36.161.15;
From: Susan Hares <shares@ndzh.com>
To: 'Juergen Schoenwaelder' <j.schoenwaelder@jacobs-university.de>
References: <000701d27594$28d12350$7a7369f0$@ndzh.com> <20170123.194721.1193117831378217486.mbj@tail-f.com> <010a01d275b0$183d7360$48b85a20$@ndzh.com> <20170123.212621.119545616051737472.mbj@tail-f.com> <afdfb4d3-0901-2ee0-8d87-f8f1aeeff37e@hq.sk> <019c01d275c4$edf51f30$c9df5d90$@ndzh.com> <20170123221458.GA34192@elstar.local> <029301d27636$f2514690$d6f3d3b0$@ndzh.com> <20170124115221.GD35835@elstar.local>
In-Reply-To: <20170124115221.GD35835@elstar.local>
Date: Tue, 24 Jan 2017 09:25:52 -0500
Message-ID: <02d401d2764d$c5056470$4f102d50$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGvtLYzrkxhP8mTK1eafm2axwyjOwK6rYpQAgVFSKQCceLYywFHvL5+Afu0CsQBDML0aQEdpFRFAhHGRcShF5xXEA==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/3YybfKG6ofk-ubG7qOHG-7Cp3kc>
Cc: i2rs@ietf.org, 'Martin Bjorklund' <mbj@tail-f.com>, draft-ietf-i2rs-yang-l3-topology@ietf.org, i2rs-chairs@ietf.org, 'Robert Varga' <nite@hq.sk>, Kathleen.Moriarty.ietf@gmail.com, iesg@ietf.org
Subject: Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2017 14:30:53 -0000
Juergen and Martin: Your question is appropriate at this point. These Yang Modules are I2RS Yang Modules. Knowing whether these are attached to the configuration data store or a control plane data store is important. For that answer, I must await Benoit and the NETMOD Chairs. However, the security involved in these data models still has the same security issues whether it is ephemeral state attached to the configuration data store or the control plane data store. The solution is just different. The 6 issues for I2RS security considerations are: 1) different mandatory-to-implement transport for NETCONF, 2) priority resolving multiple client writes, 3) non-secure transport, 4 ) different validations with rpc actions, 5) different NACM, RACM, and SACM policy, 6) different data store behavior (ephemeral/configuration or ephemeral/Control Plane data store). Only #6 would operate different between the two data store choices. To recap our discussion: Any I2RS YANG module MUST have security comments on #1 and #2 if it contains writes. The topology modules particular module does not use #3 and #4 beyond the regular YANG module section. #5 - The NACM policy may be the same, but the policy toward the routing system (RACM) or system information (SACM) is different as the L3 topology models may load information from routing protocols. The proposal for I2RS Yang module security considerations has 3 parts: A) Basic Yang Security considerations, B) I2RS Security considerations for secure transport, and C) non-secure security considerations . A+B are all that is needed for these drafts. Cheerily, Sue Hares -----Original Message----- From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de] Sent: Tuesday, January 24, 2017 6:52 AM To: Susan Hares Cc: i2rs@ietf.org; 'Martin Bjorklund'; draft-ietf-i2rs-yang-l3-topology@ietf.org; i2rs-chairs@ietf.org; 'Robert Varga'; Kathleen.Moriarty.ietf@gmail.com; iesg@ietf.org Subject: Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT) Susan, so are these YANG models regular YANG models or are these YANG models specific to the yet to be defined I2RS protocol and yet to be defined datastores? I think this is the core of Martin's and my question. A simple clear and concise answer would be nice. /js On Tue, Jan 24, 2017 at 06:42:30AM -0500, Susan Hares wrote: > Juergen: > > Yep. That's the charter. draft-ietf-i2rs-yang-network-topo-10.txt is > a generic topology model. draft-ietf-i2rs-yang-l3-topology-08.txt is a > generic topology for L3 unicast. These support topology extension for > non-I2RS user. We met the milestone and deliver the YANG Modules to the > IESG. We discussed the "write" feature during WG LC and in the WG. We > passed this by AD Benoit Claise who agreed to the reasons present by > the draft authors. > > Kinda' missed your comments in the normal comment period (WG LC, IETF LC). > > Sue > > -----Original Message----- > From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Juergen > Schoenwaelder > Sent: Monday, January 23, 2017 5:15 PM > To: Susan Hares > Cc: i2rs@ietf.org; 'Martin Bjorklund'; > draft-ietf-i2rs-yang-l3-topology@ietf.org; i2rs-chairs@ietf.org; > 'Robert Varga'; Kathleen.Moriarty.ietf@gmail.com; iesg@ietf.org > Subject: Re: [i2rs] Kathleen Moriarty's No Objection on > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT) > > Perhaps just adding to the confusion, here is what the WG charter > says: > > o The ability to extract information about topology from the network. > Injection and creation of topology will not be considered as a work > item. Such topology-related models will be based on a generic > topology model to support multiple uses; the generic topology model > should support topology extension for non-I2RS uses. > > And as a milestone: > > Dec 2016 - Request Publication of Protocol Independent Topology Data > Models > > /js > > On Mon, Jan 23, 2017 at 05:06:04PM -0500, Susan Hares wrote: > > Robert and Martin: > > > > I agree with Robert that the current implementations of the ODL > > topology models are handled as part of the configuration data store > > with > ephemeral > > state. I will point out that these implementation are pre-standards > > implementations of the I2RS YANG Data model. > > > > While standardizing the topology data models, the I2RS WG have been > > asked to align with the draft-ietf-netmod-revised-datastores-00.txt > > NETMOD WG document. This NETMOD WG document moves the I2RS > > ephemeral data > store from > > configuration data store to a Control Plane data store. If we follow > this > > draft, the I2RS Topology models are part of the I2RS ephemeral data store. > > If you disagree with the placement of the Topology data models, > > please indicate this to the NETMOD WG and to Benoit. Could you > > propose a way that you would see the ephemeral state working with > > the configuration data > store > > to the NETMOD WG? > > > > Quite frankly, I feel a bit of whip-lash on this topic. NETMOD WG asks > for > > Control Plane Data store. You ask for configuration data store (which was > > the I2RS initial proposal). It is possible for either one to work for > I2RS > > Topology models - if the right details are taken care of. How do we make > > progress on choosing one method so we can write the I2RS Topology > > Models security considerations.? > > > > Sue > > > > -----Original Message----- > > From: Robert Varga [mailto:nite@hq.sk] > > Sent: Monday, January 23, 2017 4:11 PM > > To: Martin Bjorklund; shares@ndzh.com > > Cc: i2rs@ietf.org; draft-ietf-i2rs-yang-l3-topology@ietf.org; > > j.schoenwaelder@jacobs-university.de; i2rs-chairs@ietf.org; > > Kathleen.Moriarty.ietf@gmail.com; iesg@ietf.org > > Subject: Re: [i2rs] Kathleen Moriarty's No Objection on > > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT) > > > > On 01/23/2017 09:26 PM, Martin Bjorklund wrote: > > >> I'm pulling your questions to the top of this email. > > >> > > >> > > >> > > >> Question 1: Ok. Just to make sure I understand this correctly - > > >> these topology models are intended to be I2RS-specific, and they > > >> cannot be used for any other purpose. If anyone needs a general > > >> topology model outside of the I2RS protocol, they will have to > > >> design their own model. Is this correct? > > >> > > >> > > >> > > >> Response 1: Not really. > > > Ok, so are you saying that the models are in fact generic, and can > > > be used outside of I2RS? I.e., they *can* be used with the normal > > > configuration datastores? > > > > > > > From implementation experience, yes, they can be used for storing > > configuration. OpenDaylight uses (an ancient predecessor of) > > yang-network-topo to store configure details about devices in its > > managed networks. > > > > Regards, > > Robert > > > > > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [i2rs] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Andy Bierman
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Andy Bierman
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Andy Bierman
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Giles Heron
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Giles Heron
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Giles Heron
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Thomas Nadeau
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Thomas Nadeau
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Robert Varga
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Andy Bierman
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Andy Bierman
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Anton Ivanov
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Scharf, Michael (Nokia - DE)
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Anton Ivanov
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Anton Ivanov
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Thomas Nadeau
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Benoit Claise
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Thomas Nadeau
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Alia Atlas
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Anton Ivanov
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Giles Heron
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Anton Ivanov
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Alia Atlas
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Giles Heron
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Lou Berger
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Alia Atlas
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Giles Heron
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Lou Berger
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Andy Bierman
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Lou Berger
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Lou Berger
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Alia Atlas
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Alexander Clemm
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Xufeng Liu
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- [i2rs] What is RFC 7223 style pre-provisioning (w… Lou Berger
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Xufeng Liu
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Susan Hares
- Re: [i2rs] What is RFC 7223 style pre-provisionin… Susan Hares
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Lou Berger
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Kent Watsen
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Xufeng Liu
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Xufeng Liu
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Juergen Schoenwaelder
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Xufeng Liu
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Martin Bjorklund
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Kent Watsen
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Alia Atlas
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Kent Watsen
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Lou Berger
- Re: [i2rs] Kathleen Moriarty's No Objection on dr… Alexander Clemm