IETF Logo Mail Archive

Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)

Lou Berger <lberger@labn.net> Wed, 25 January 2017 18:23 UTC

Return-Path: <lberger@labn.net>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31B54129AD5 for <i2rs@ietfa.amsl.com>; Wed, 25 Jan 2017 10:23:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.657
X-Spam-Level:
X-Spam-Status: No, score=-2.657 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.156, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9l-PxwRICC8i for <i2rs@ietfa.amsl.com>; Wed, 25 Jan 2017 10:23:22 -0800 (PST)
Received: from gproxy9.mail.unifiedlayer.com (gproxy9-pub.mail.unifiedlayer.com [69.89.20.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4246129AC8 for <i2rs@ietf.org>; Wed, 25 Jan 2017 10:23:21 -0800 (PST)
Received: from cmgw4 (unknown [10.0.90.85]) by gproxy9.mail.unifiedlayer.com (Postfix) with ESMTP id 441091E0DC8 for <i2rs@ietf.org>; Wed, 25 Jan 2017 11:23:21 -0700 (MST)
Received: from box313.bluehost.com ([69.89.31.113]) by cmgw4 with id ciPH1u00X2SSUrH01iPLUF; Wed, 25 Jan 2017 11:23:21 -0700
X-Authority-Analysis: v=2.1 cv=JsBi8qIC c=1 sm=1 tr=0 a=h1BC+oY+fLhyFmnTBx92Jg==:117 a=h1BC+oY+fLhyFmnTBx92Jg==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=N659UExz7-8A:10 a=xqWC_Br6kY4A:10 a=IgFoBzBjUZAA:10 a=wU2YTnxGAAAA:8 a=48vgC7mUAAAA:8 a=pGLkceISAAAA:8 a=OUXY8nFuAAAA:8 a=1sjgXBK7AAAA:8 a=u07AKapRAAAA:8 a=6CUQYUxTYoShYv8To3UA:9 a=AOTBNU1Be9v6Qw-5:21 a=xEVkIHHTQApZt2Wj:21 a=pILNOxqGKmIA:10 a=hvAExEulOBQA:10 a=GMDvBvxVTm0A:10 a=REbz-vg_6-IA:10 a=6jSAqOTSWgsA:10 a=Yz9wTY_ffGCQnEDHKrcv:22 a=w1C3t2QeGrPiZgrLijVG:22 a=6kGIvZw6iX1k4Y-7sg4_:22 a=cAcMbU7R10T-QSRYIcO_:22 a=qowbMnUzjQcM5iyYROrS:22 a=SkebfZ6J2Mmvk2rLHZle:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:From:Cc:References:To:Subject:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Z+bEyG5cP1MrlFRnPSMws7TQsXr+8eZHPIquZ+ath7M=; b=gOQxbAxf1Bf0o3txZbLtgMbhVa Aci5MKESWPSgNP2SCNBQr+0wMVrXxvb/+XhF9qYstMn5JHtWzVKhwNORggjSMGA1Duzw3QlTxlXKK 5w//NZR+YOrJ57uu1eyih3Fr5;
Received: from pool-100-15-85-191.washdc.fios.verizon.net ([100.15.85.191]:52624 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from <lberger@labn.net>) id 1cWSE0-0006PY-Uo; Wed, 25 Jan 2017 11:23:17 -0700
To: Susan Hares <shares@ndzh.com>
References: <029501d27637$456c9af0$d045d0d0$@ndzh.com> <20170124.133529.2274781221200613254.mbj@tail-f.com> <02e301d2764f$eb622f20$c2268d60$@ndzh.com> <20170124.163910.1660442168342299903.mbj@tail-f.com> <000d01d27662$0216d8d0$06448a70$@ndzh.com> <8fca02ad-b589-a77e-0ed9-c12796dc47c3@labn.net> <018d01d27730$8b4b7740$a1e265c0$@ndzh.com>
From: Lou Berger <lberger@labn.net>
Message-ID: <4940e866-13dc-5955-5ae9-27bd1b49a1e5@labn.net>
Date: Wed, 25 Jan 2017 13:23:14 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <018d01d27730$8b4b7740$a1e265c0$@ndzh.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 100.15.85.191
X-Exim-ID: 1cWSE0-0006PY-Uo
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-100-15-85-191.washdc.fios.verizon.net ([IPv6:::1]) [100.15.85.191]:52624
X-Source-Auth: lberger@labn.net
X-Email-Count: 4
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/KUzoetL0IytnVbf4JlbcJmv8o9w>
Cc: i2rs@ietf.org, 'Martin Bjorklund' <mbj@tail-f.com>, kwatsen@juniper.net, draft-ietf-i2rs-yang-l3-topology@ietf.org, i2rs-chairs@ietf.org, nite@hq.sk, Kathleen.Moriarty.ietf@gmail.com, iesg@ietf.org
Subject: Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2017 18:23:25 -0000

Hi Sue,

On 1/25/2017 12:29 PM, Susan Hares wrote:
>
> Lou:
>
>  
>
> I am happy to receive your email as it demonstrates misconceptions
> about what I stated.   The original topic of this thread was the
> security considerations section regarding an I2RS Topology model. 
>
Understood.
>
> Due to my respect for you, I am going to provide you a technical
> response on list.
>
Thank you (I think).

>  I have labeled my responses to respond to your points.  I have
> responded on l but I will not follow-up on this thread.   I encourage
> you to contact me directly via phone or email.   
>
>  
>
okay - but I'm not sure if you want me to address the comments below
here or wait for an off-line call. I guess I'll wait for a one-on-one
discussion.

one point I think I need to clarify for everyone is in response to:
> seem to be making conclusions without discussion. 

To be clear my statements on what's next had caveats that were based on
what you/I2RS/the IESG decide - it was not stating a definitive
conclusion or direction, but rather possibilities based on a decision
that I expect to happen in the context of I2RS.  

Lou

> Cheerily,
>
>  
>
> Sue
>
>  
>
> ----Original Message-----
> From: Lou Berger [mailto:lberger@labn.net]
> Sent: Wednesday, January 25, 2017 7:27 AM
> To: Susan Hares
> Cc: 'Martin Bjorklund'; i2rs@ietf.org;
> draft-ietf-i2rs-yang-l3-topology@ietf.org;
> j.schoenwaelder@jacobs-university.de; i2rs-chairs@ietf.org;
> nite@hq.sk; Kathleen.Moriarty.ietf@gmail.com; iesg@ietf.org;
> kwatsen@juniper.net
> Subject: RE: [i2rs] Kathleen Moriarty's No Objection on
> draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>
>  
>
> Sue,
>
>  
>
> In short, I'm going to agree with Benoit - but for slightly different
> reasons as I also co-chair TEAS, a group that is basing some of its
> work on I2RS developed models.
>
>  
>
> *>Lou 1:*  As a WG chair, I have always viewed the models being
> developed by I2RS as typical models that are generally useful, and
> being defined by I2RS simply because they were ahead of other groups
> that might otherwise define the >models -- and I view this as a fine
> thing that has benefit for YANG users and other WGs. As TEAS chair,
> this is what lead me to ensure that the models being defined in TEAS
> built on the I2RS YANG modules vs their original path of redefining
> >parallel function.
>
>  
>
> *Sue 1:*I am pleased that TEAS WG and other WG find the Topology
> models useful.   The topology model design encompasses ephemeral state
> and security for ephemeral state.  It was built to be a platform for
> topology models, and to had early experimentation in the ODL models.
>   Perhaps you missed the email on this thread where an insightful
> Martin asked "Does this mean I2RS models cannot be used by Topology
> models in other WGs?”
>
> I responded "not really" and more specifically " Most of the topology
> models I have seen abide by the concepts found in the I2RS topology
> model." 
>
> Please see the mail at:
>  https://www.ietf.org/mail-archive/web/i2rs/current/msg04231.html. 
>
>  
>
> The Topology models really operate best in an ephemeral state
> environment.  Ephemeral state is not a I2RS-only functionality. 
> Starting 4 years ago with discussions with NETCONF/NETMOD at the NYC
> interim,
>
> It was indicated that ephemeral state would be used by other WGs.  One
> of these key uses is the use for Topology models.  Topology model’s
> ephemeral state allow operational state learned from the routing
> system to be altered with writes from the I2RS Client.    (Please note
> the security considerations occur once read sensitive information or
> write sensitive information).   This mixture of state does not really
> match the definition of the
>
>    o  configuration datastore: The datastore holding the complete set of
>
>       configuration data that is required to get a device from its
>
>       initial default state into a desired operational state.
>
>  
>
> Let’s look at how this applies to the
> draft-ietf-teas-yang-te-topo-06.txt in section 3.1:
>
>    
>
> " TE topology is a traffic engineering representation of one or more
>
>    layers of network topologies. TE topology is comprised of TE nodes
>
>    (TE graph vertices) interconnected via TE links (TE graph edges). A
>
>    TE topology is mapped to a TE graph."
>
>  
>
> TE topology model defines: underlay TE topology, overlay TE topology,
> and Abstract TE topology.    The model in
> draft-ietf-teas-yang-te-topo-06.txt (ietf-te-topology) is technology
> agnostic blending learned topology (underlay TE topology) and
> configured topology to create an abstract TE topology.   This is a
> wonderful use of the I2RS Topology model.  
>
>  
>
> *Let’s look what additional security is needed for Topology Models in
> Ephemeral state: *
>
>  
>
> *Transport: *
>
> Ephemeral state with topology models has security risks which include
> topology information may be sensitive or allow DoS attacks.  Based on
> this point, the I2RS WG spent time looking at what protocol security
> and environment security is needed.  To protect this information, I2RS
> WG decide the NETCONF/RESTCONF must run over a transport that provide
> mutual authentication, data confidentiality, data integrity and
> practical replay protections which had structure to limit DoS attacks.
>  Mutual authentication requires a key management system and the
> definition of what an I2RS identifier is.   The security environment
> would need policy that determine the interaction with other data
> stores, control plane protocols, and dynamic configuration protocols.
>  These are additions to the basic yang security considerations
> (sensitive/privacy read nodes,  sensitive/privacy in write nodes, or
> sensitive/privacy in rpc commands).  
>
>  
>
> I2RS allowed the security association to exist without transport
> connections, or to have multiple transport connections.  This
> mechanism provide better bandwidth for accessing topology models.
>
>  
>
> AFAIK – the NETCONF over SSH does not provide this level of security
> but NETCONF over TLS with X.509v3 does and RESTCONF do.  If I NETCONF
> over SSH (RFC4722) does provide this level of security, then please
> let me know.   
>
>  
>
> Any data store must solve the problem of multiple clients writing a
> data node. I2RS decided multiple I2RS clients might want to write the
> topology in the I2RS Agent, but defined the simultaneous write as an
> error (with priority system as resolution).   This write contention is
> an alternative to the configuration data store lock or the RESTCONF
> lock for a single actions.  I2RS felt the speed choices on priority
> (similar to BGP choices) were better for ephemeral state.   If the
> priority system is used, then one priority must be assigned per user
> identifier.  If TEAS or NETMOD wants to define another mechanism, then
> this is a change from the I2RS protocol/ephemeral store definitions. 
>  It would be wonderful to have a discussion of this in NETMOD since
> the ephemeral state requirement require it.  It would be nice to have
> one multiple-write mechanism for a generalize ephemeral state.
>
>  
>
> I2RS felt tracing, better notification and pub/sub was necessary for
> I2RS.   TEAS can refuse to import the trace, better notification or
> pub/sub work.  
>
>   
>
>  
>
> *>Lou 2:*  As part of my view of the I2RS models being generally
> applicable to uses beyond I2RS together with I2RS choosing YANG for
> modeling ephemeral data, I have always expected that the I2RS WG would
> at some (perhaps as part of
>
> >the I2RS protocol definition) define how any YANG model can be used
> to support I2RS. This view certainly lead me to conclude that having
> the I2RS models move forward, just like any other YANG model, makes
> sense and would benefit the
>
> > other models and WGs that reference this core work. This view also
> allows for the relationship to the revised-data store work, as well as
> the specification of which data
>
> > store(s) I2RS uses, to be separately defined -- and to not gate
> publication of these models. This separate specification would be the
> location for any I2RS-specific transport and security considers, so
> such would not belong in the
>
> > generally reusable models developed by I2RS.
>
>  
>
> >Essentially, As NETMOD co-chair, I concluded that the revised data
> store work provided the direction on how ephemeral would be supported
> in a general YANG context and, therefore, the major open issue /
> gating impediment to >progressing I2RS models had been removed and
> publication of these models were unblocked. This also motivated my
> comments in the related discussions at the last meeting.
>
>  
>
> *Sue 2:*  Is the direction for the ephemeral state concepts agreed
> upon?  The real test is if we are able to define ephemeral state
> within the control plane data store.  
>
>  
>
> You and I both thought that the adoption of
> draft-ietf-netmod-ietf-revised-datastores-00.txt completed this work
> on getting ephemeral data store concepts completed.   You, I, Alia,
> Benoit thought progressing these key models based on these concepts of
> ephemeral state in this document seemed reasonable.   However, this
> discussion seems to be stuck on what is ephemeral state and why is it
> different.  If so, NETMOD does not have a clear ephemeral data store
> definition.  
>
>  
>
> Let’s try 2 tests:  a) did we get stuck on the security considerations
> section?  (yes),   b) Is there general agreement and a proposal for
> Yang modifications for ephemeral state? (no)
>
>  
>
> Draft-ietf-netmod-ietf-revised-datastores-00.txt suggest the Control
> Plane Data stores but there has been confusion on this being an
> ephemeral data store with config=true nodes and operational state. 
> There document suggests a “<get-data datastore>, but does not suggest
> a “write-data datastore> command for ephemeral data store.  Perhaps
> based on the feedback from Juergen and Martin, means we need to
> create: a) an I2RS ephemeral Control Plane data store description, and
> b) create a document or a section in these documents on the
> assumptions of data stores.
>
> At the very least we should add to this document what Martin’s
> suggests in the email at:  
>
> https://www.ietf.org/mail-archive/web/i2rs/current/msg04234.html
>
>  
>
> Which states:
>
> /“Yes, but (1) draft-ietf-netmod-ietf-revised-datastores-00 is clearly/
> /work-in-progress, and (2) none of the topology drafts reference/
> /draft-ietf-netmod-ietf-revised-datastores-00, so if they depend on a/
> /solution in that draft, it is not very clear to the reader”./
>
>  
>
> The draft-hares-i2rs-yang-sec-consider-00 suggests security
> considerations need to indicate: mandatory transport, 4 features of
> the ephemeral data store defined by I2RS, and whether any portion of
> the YANG model can move over insecure transport.   Since these 4
> features of I2RS ephemeral data store set by the I2RS ephemeral state
> requirements (draft-ietf-i2rs-ephemeral-state-23.txt) are not agreed
> to in draft-ietf-netmod-ietf-revised-datastores-00.txt, we have not
> completed  
>
>  
>
> *Lou 3:* If my understanding/view is correct, i.e., that the topology
> models are just like any other YANG model, then I think publication
> can and should proceed (with the appropriate text for a typical YANG
> model).
>
>  
>
> *Sue 3:* I hope that my explanation above indicates that the I2RS
> Topology models are ephemeral models built for Topologies like TEAS. 
> It is the very qualities you see in topology models that cause them to
> be ephemeral in order to mix the operational state with configuration
> state in a way that the configuration data store cannot.   If we have
> a solid definition of Ephemeral data stores and Ephemeral Data models,
> then these data models are like any other ephemeral YANG model.  Any
> ephemeral model must choose a multiple client-write design.   It would
> be lovely to have a single ephemeral data store design.    
>
>  
>
> *Lou 4*:  If I misunderstood something, and the models produced by
> I2RS are limited to ephemeral representations/data stores as well as
> specific YANG transport protocols -- then as TEAS chair, I have to hit
> reset on the TEAS topology work, and as NETMOD chair I think the
> NETMOD WG needs to discuss what it means for a YANG model to be
> protocol/datastore specific and if any guidelines or other new NTEMOD
> documents are need to support such.
>
>  
>
> *Sue 4:*Perhaps the TEAS WG Chair needs to discuss with the NETMOD WG
> Chair about completing the Ephemeral data store work before coming to
> a conclusion. 
>
>  
>
> *Lou 5:*Less importantly, as I2RS participant, I'd also ask for the
> documents to be sent back to the WG for a new last call once the
> documents are updated to reflect their narrow scope -- as I bet I'm
> not the only person who viewed this work applicable to non-ephemeral uses.
>
>  
>
> *Sue 5:  *As an I2RS Chair, I am not sure you have correctly defined
> the narrow scope of the I2RS work or these documents.  Of course,
> after we complete the revisions of these documents if the ADs (Alia
> and Benoit) deem these need to go back to the WG for another WG LC,
> then we will send the drafts for another WG LC.   Right now, the only
> thing that the drafts have firmly to revise is the Yang Security
> considerations define by
>
>  
>
> https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines
>
>  
>
> The rest of this list discussion is simply a discussion of IESG
> members and people who did not participate in the WG LC or the IETF LC
> regarding a proposal for addition security considerations.   As
> Shepherd, Kathleen’s questions about security consideration found
> missing piece and I wrote a discussion document.  Unfortunately, the
> discussion has not examined the document
> (draft-hares-i2rs-yang-sec-consider) or the open issues in ephemeral
> stsate.
>
>  
>
> *Lou 6:*I hope this helps.
>
>  
>
> *Sue 6:*Was it meant to be helpful?  I really, really hope you are
> engaging in a technical discussion about ephemeral state and how we
> can move forward. 
>
>  
>
> Two comments:
>
> ·         “then as a TEAS chair, I have to hit rest on the TEAS
> topology work” or as a
>
> ·         “I2RS participant, I’d also ask for the document to be sent
> to the WG for a new last call once the documents are updated”
>
>  
>
> seem to be making conclusions without discussion. 
>
>  
>
> Cheerily,
>
>  
>
> Sue
>
>  
>
>  
>
> On January 24, 2017 11:56:32 AM "Susan Hares" <shares@ndzh.com
> <mailto:shares@ndzh.com>> wrote:
>
>  
>
> > To: Martin:
>
> > 
>
> > You have a reasonable request. If the NETMOD WG Chairs confirm their
>
> > decision to make I2RS Yang Modules part of the Control Plane Datastore
>
> > then as shepherd/WG-chair I will recommend these get added to the draft.
>
> > 
>
> > Note to authors :
>
> > 
>
> > As we wait for the NETMOD WG Chairs and Benoit to deliver the decision
>
> > on Config/Control Plane datastore, the authors should work on:  Basic
>
> > Yang security considerations and the other I2RS Yang Module information.
>
> > 
>
> > Sue Hares (Shepherd)
>
> > -----Original Message-----
>
> > From: Martin Bjorklund [mailto:mbj@tail-f.com]
>
> > Sent: Tuesday, January 24, 2017 10:39 AM
>
> > To: shares@ndzh.com <mailto:shares@ndzh.com>
>
> > Cc: i2rs@ietf.org <mailto:i2rs@ietf.org>;
> draft-ietf-i2rs-yang-l3-topology@ietf.org
> <mailto:draft-ietf-i2rs-yang-l3-topology@ietf.org>;
>
> > j.schoenwaelder@jacobs-university.de
> <mailto:j.schoenwaelder@jacobs-university.de>; i2rs-chairs@ietf.org
> <mailto:i2rs-chairs@ietf.org>;
>
> > nite@hq.sk <mailto:nite@hq.sk>; Kathleen.Moriarty.ietf@gmail.com
> <mailto:Kathleen.Moriarty.ietf@gmail.com>; iesg@ietf.org
> <mailto:iesg@ietf.org>;
>
> > lberger@labn.net <mailto:lberger@labn.net>; kwatsen@juniper.net
> <mailto:kwatsen@juniper.net>
>
> > Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
>
> > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>
> > 
>
> > "Susan Hares" <shares@ndzh.com <mailto:shares@ndzh.com>> wrote:
>
> >> Martin:
>
> >> 
>
> >> 
>
> >> 
>
> >> I'm sorry if misunderstood your comments regarding the
>
> >> draft-ietf-netmod-revised-datastores-00.txt.  The reason the answer
>
> >> is unclear is that it depends on the context of the question.
>
> >> 
>
> >> 
>
> >> 
>
> >> .         If you ask if the pre-standardization I2RS Yang Topology
> models
>
> >> (basic and L3)  implemented are part of the configuration data store,
>
> >> the answer is yes - AFAIK.
>
> > 
>
> > This is not my question.
>
> > 
>
> >> .         If you ask if the WG LC Topology models are approved to
> be part
>
> > of
>
> >> the configuration data store, my understanding was no.   I2RS WG was to
>
> >> abide by the decision of NETMOD WG on which data store I2RS modules
>
> >> were placed in.
>
> > 
>
> > Yes, this is my question.  And my concern is that even if your
>
> > understanding is that they are not designed to be part of the
>
> > configuration datastores, this fact is not mentioned in the drafts.
>
> > 
>
> >> If you are concerned the implementation varies from the standardized,
>
> > please
>
> >> express this to Benoit Claise.   Based on your comments on my email
>
> > thread,
>
> >> I will be brief in my answers today.
>
> > 
>
> > This is not my concern.
>
> > 
>
> > 
>
> > /martin
>
> > 
>
> > 
>
> > 
>
> >> 
>
> >> 
>
> >> 
>
> >> Sue
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> -----Original Message-----
>
> >> From: Martin Bjorklund [mailto:mbj@tail-f.com]
>
> >> Sent: Tuesday, January 24, 2017 7:35 AM
>
> >> To: shares@ndzh.com <mailto:shares@ndzh.com>
>
> >> Cc: i2rs@ietf.org <mailto:i2rs@ietf.org>;
> draft-ietf-i2rs-yang-l3-topology@ietf.org
> <mailto:draft-ietf-i2rs-yang-l3-topology@ietf.org>;
>
> >> j.schoenwaelder@jacobs-university.de
> <mailto:j.schoenwaelder@jacobs-university.de>; i2rs-chairs@ietf.org
> <mailto:i2rs-chairs@ietf.org>;
>
> >> nite@hq.sk <mailto:nite@hq.sk>; Kathleen.Moriarty.ietf@gmail.com
> <mailto:Kathleen.Moriarty.ietf@gmail.com>; iesg@ietf.org
> <mailto:iesg@ietf.org>;
>
> >> lberger@labn.net <mailto:lberger@labn.net>; kwatsen@juniper.net
> <mailto:kwatsen@juniper.net>
>
> >> Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
>
> >> draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>
> >> 
>
> >> 
>
> >> 
>
> >> "Susan Hares" < <mailto:shares@ndzh.com> shares@ndzh.com
> <mailto:shares@ndzh.com>> wrote:
>
> >> 
>
> >> > Martin:
>
> >> 
>
> >> >
>
> >> 
>
> >> > Your statement "One problem is that relying on the solution in
>
> >> 
>
> >> > draft-ietf-netmod-revised-datastores-00 is a bit premature - in
>
> >> > fact,
>
> >> 
>
> >> > that document does not yet provide any details at all on the I2RS
>
> >> 
>
> >> > ephemeral data store." This statement is not what I understood from
>
> >> > IETF
>
> >> 98 or the netmod
>
> >> 
>
> >> > ADs.   I guess your objection to this data model falls into Benoit
>
> > Claise
>
> >> 
>
> >> > (AD) and the NETMOD folks to answer.
>
> >> 
>
> >> 
>
> >> 
>
> >> Why do you think that I have any objection to
>
> >> draft-ietf-netmod-revised-datastores-00.  Please re-read what I wrote.
>
> >> 
>
> >> 
>
> >> 
>
> >> My objection regards your statement:
>
> >> 
>
> >> 
>
> >> 
>
> >>    1) I2RS Data models do not utilize the configuration data store,
>
> >> 
>
> >> 
>
> >> 
>
> >> If this is true it needs to be clarified in the document.
>
> >> 
>
> >> 
>
> >> 
>
> >> After all these emails back and forth, it is still not clear whether
>
> >> this statement is true or not.
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> /martin
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> 
>
> >> >
>
> >> 
>
> >> > Sue Hares
>
> >> 
>
> >> >
>
> >> 
>
> >> > -----Original Message-----
>
> >> 
>
> >> > From: i2rs [ <mailto:i2rs-bounces@ietf.org>
>
> >> > mailto:i2rs-bounces@ietf.org]
>
> >> On Behalf Of Martin
>
> >> 
>
> >> > Bjorklund
>
> >> 
>
> >> > Sent: Monday, January 23, 2017 5:26 PM
>
> >> 
>
> >> > To:  <mailto:shares@ndzh.com> shares@ndzh.com
> <mailto:shares@ndzh.com>
>
> >> 
>
> >> > Cc:  <mailto:i2rs@ietf.org> i2rs@ietf.org <mailto:i2rs@ietf.org>;
>
> >> <mailto:draft-ietf-i2rs-yang-l3-topology@ietf.org>
>
> >> draft-ietf-i2rs-yang-l3-topology@ietf.org
> <mailto:draft-ietf-i2rs-yang-l3-topology@ietf.org>;
>
> >> 
>
> >> >  <mailto:j.schoenwaelder@jacobs-university.de>
>
> >> j.schoenwaelder@jacobs-university.de
> <mailto:j.schoenwaelder@jacobs-university.de>; 
> <mailto:i2rs-chairs@ietf.org>
>
> >> i2rs-chairs@ietf.org <mailto:i2rs-chairs@ietf.org>;
>
> >> 
>
> >> >  <mailto:nite@hq.sk> nite@hq.sk <mailto:nite@hq.sk>;
>
> >> <mailto:Kathleen.Moriarty.ietf@gmail.com>
>
> >> Kathleen.Moriarty.ietf@gmail.com
> <mailto:Kathleen.Moriarty.ietf@gmail.com>; <mailto:iesg@ietf.org>
>
> >> iesg@ietf.org <mailto:iesg@ietf.org>
>
> >> 
>
> >> > Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
>
> >> 
>
> >> > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>
> >> 
>
> >> >
>
> >> 
>
> >> > "Susan Hares" < <mailto:shares@ndzh.com> shares@ndzh.com
> <mailto:shares@ndzh.com>> wrote:
>
> >> 
>
> >> > > Robert and Martin:
>
> >> 
>
> >> > >
>
> >> 
>
> >> > > I agree with Robert that the current implementations of the ODL
>
> >> 
>
> >> > > topology models are handled as part of the configuration data
>
> >> > > store
>
> >> 
>
> >> > > with
>
> >> 
>
> >> > ephemeral
>
> >> 
>
> >> > > state.   I will point out that these implementation are
> pre-standards
>
> >> 
>
> >> > > implementations of the I2RS YANG Data model.
>
> >> 
>
> >> > >
>
> >> 
>
> >> > > While standardizing the topology data models, the I2RS WG have
>
> >> > > been
>
> >> 
>
> >> > > asked to align with the
>
> >> > > draft-ietf-netmod-revised-datastores-00.txt
>
> >> 
>
> >> > > NETMOD WG document.  This NETMOD WG document moves the I2RS
>
> >> 
>
> >> > > ephemeral data
>
> >> 
>
> >> > store from
>
> >> 
>
> >> > > configuration data store to a Control Plane data store.   If we
> follow
>
> >> 
>
> >> > this
>
> >> 
>
> >> > > draft, the I2RS Topology models are part of the I2RS ephemeral
>
> >> > > data
>
> >> store.
>
> >> 
>
> >> > > If you disagree with the placement of the Topology data models,
>
> >> 
>
> >> > > please indicate this to the NETMOD WG and to Benoit.  Could you
>
> >> 
>
> >> > > propose a way that you would see the ephemeral state working with
>
> >> 
>
> >> > > the configuration data
>
> >> 
>
> >> > store
>
> >> 
>
> >> > > to the NETMOD WG?
>
> >> 
>
> >> > >
>
> >> 
>
> >> > > Quite frankly, I feel a bit of whip-lash on this topic.   NETMOD WG
>
> > asks
>
> >> 
>
> >> > for
>
> >> 
>
> >> > > Control Plane Data store.  You ask for configuration data store
>
> >> 
>
> >> > > (which was the I2RS initial proposal).
>
> >> 
>
> >> >
>
> >> 
>
> >> > Not really; I ask for clarification.
>
> >> 
>
> >> >
>
> >> 
>
> >> > > It is possible for either one to work for I2RS
>
> >> 
>
> >> > > Topology models - if the right details are taken care of.   How
> do we
>
> >> make
>
> >> 
>
> >> > > progress on choosing one method so we can write the I2RS Topology
>
> >> 
>
> >> > > Models security considerations.?
>
> >> 
>
> >> >
>
> >> 
>
> >> > One problem is that relying on the solution in
>
> >> 
>
> >> > draft-ietf-netmod-revised-datastores-00 is a bit premature - in
>
> >> > fact,
>
> >> 
>
> >> > that document does not yet provide any details at all on the I2RS
>
> >> 
>
> >> > ephemeral datastore.
>
> >> 
>
> >> >
>
> >> 
>
> >> > So I see two alternatives.  Either wait with these documents, or
>
> >> 
>
> >> > publish them with their datamodels as is (i.e., no new additional
>
> >> 
>
> >> > notes), for the existing protocols and architecure.  This would
>
> >> > allow
>
> >> 
>
> >> > them to be implemented just like any other YANG data model.  This
>
> >> 
>
> >> > would mean that the normal YANG security considerations guidelines
>
> >> > should
>
> >> be followed.
>
> >> 
>
> >> >
>
> >> 
>
> >> >
>
> >> 
>
> >> >
>
> >> 
>
> >> > /martin
>
> >> 
>
> >> >
>
> >> 
>
> >> > >
>
> >> 
>
> >> > > Sue
>
> >> 
>
> >> > >
>
> >> 
>
> >> > > -----Original Message-----
>
> >> 
>
> >> > > From: Robert Varga [ <mailto:nite@hq.sk> mailto:nite@hq.sk]
>
> >> 
>
> >> > > Sent: Monday, January 23, 2017 4:11 PM
>
> >> 
>
> >> > > To: Martin Bjorklund;  <mailto:shares@ndzh.com> shares@ndzh.com
> <mailto:shares@ndzh.com>
>
> >> 
>
> >> > > Cc:  <mailto:i2rs@ietf.org> i2rs@ietf.org <mailto:i2rs@ietf.org>;
>
> >> <mailto:draft-ietf-i2rs-yang-l3-topology@ietf.org>
>
> >> draft-ietf-i2rs-yang-l3-topology@ietf.org
> <mailto:draft-ietf-i2rs-yang-l3-topology@ietf.org>;
>
> >> 
>
> >> > >  <mailto:j.schoenwaelder@jacobs-university.de>
>
> >> j.schoenwaelder@jacobs-university.de
> <mailto:j.schoenwaelder@jacobs-university.de>; 
> <mailto:i2rs-chairs@ietf.org>
>
> >> i2rs-chairs@ietf.org <mailto:i2rs-chairs@ietf.org>;
>
> >> 
>
> >> > >  <mailto:Kathleen.Moriarty.ietf@gmail.com>
>
> >> Kathleen.Moriarty.ietf@gmail.com
> <mailto:Kathleen.Moriarty.ietf@gmail.com>;  <mailto:iesg@ietf.org>
>
> >> iesg@ietf.org <mailto:iesg@ietf.org>
>
> >> 
>
> >> > > Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
>
> >> 
>
> >> > > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>
> >> 
>
> >> > >
>
> >> 
>
> >> > > On 01/23/2017 09:26 PM, Martin Bjorklund wrote:
>
> >> 
>
> >> > > >> I'm pulling your questions to the top of this email.
>
> >> 
>
> >> > > >>
>
> >> 
>
> >> > > >>
>
> >> 
>
> >> > > >>
>
> >> 
>
> >> > > >> Question 1: Ok.  Just to make sure I understand this correctly
>
> >> > > >> -
>
> >> 
>
> >> > > >> these topology models are intended to be I2RS-specific, and
>
> >> > > >> they
>
> >> 
>
> >> > > >> cannot be used for any other purpose.  If anyone needs a
>
> >> > > >> general
>
> >> 
>
> >> > > >> topology model outside of the I2RS protocol, they will have to
>
> >> 
>
> >> > > >> design their own model.  Is this correct?
>
> >> 
>
> >> > > >>
>
> >> 
>
> >> > > >>
>
> >> 
>
> >> > > >>
>
> >> 
>
> >> > > >> Response 1:  Not really.
>
> >> 
>
> >> > > > Ok, so are you saying that the models are in fact generic, and
>
> >> > > > can
>
> >> 
>
> >> > > > be used outside of I2RS?  I.e., they *can* be used with the
>
> >> > > > normal
>
> >> 
>
> >> > > > configuration datastores?
>
> >> 
>
> >> > > >
>
> >> 
>
> >> > >
>
> >> 
>
> >> > > From implementation experience, yes, they can be used for storing
>
> >> 
>
> >> > > configuration. OpenDaylight uses (an ancient predecessor of)
>
> >> 
>
> >> > > yang-network-topo to store configure details about devices in its
>
> >> 
>
> >> > > managed networks.
>
> >> 
>
> >> > >
>
> >> 
>
> >> > > Regards,
>
> >> 
>
> >> > > Robert
>
> >> 
>
> >> > >
>
> >> 
>
> >> > >
>
> >> 
>
> >> >
>
> >> 
>
> >> > _______________________________________________
>
> >> 
>
> >> > i2rs mailing list
>
> >> 
>
> >> >  <mailto:i2rs@ietf.org> i2rs@ietf.org <mailto:i2rs@ietf.org>
>
> >> 
>
> >> >  <https://www.ietf.org/mailman/listinfo/i2rs>
>
> >> https://www.ietf.org/mailman/listinfo/i2rs
>
> >> 
>
> >> >
>
> >> 
>
> > 
>
> > 
>
>  
>

v2.23.0 | Report a Bug | By Email