IETF Logo Mail Archive

Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Wed, 25 January 2017 09:02 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 934C5129889; Wed, 25 Jan 2017 01:02:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.399
X-Spam-Level:
X-Spam-Status: No, score=-7.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rl3ruXITCIdB; Wed, 25 Jan 2017 01:02:07 -0800 (PST)
Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A13512984C; Wed, 25 Jan 2017 01:02:07 -0800 (PST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id 3A2A57BC; Wed, 25 Jan 2017 10:02:05 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas3.jacobs-university.de ([10.70.0.205]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id Z34GviuanRQ5; Wed, 25 Jan 2017 10:02:02 +0100 (CET)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Wed, 25 Jan 2017 10:02:04 +0100 (CET)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id 7CB14200AD; Wed, 25 Jan 2017 10:02:04 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id wkLnaZGYbMeB; Wed, 25 Jan 2017 10:02:03 +0100 (CET)
Received: from elstar.jacobs.jacobs-university.de (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id B7450200AC; Wed, 25 Jan 2017 10:02:03 +0100 (CET)
Received: by elstar.jacobs.jacobs-university.de (Postfix, from userid 501) id 9F42A3E4AE6F; Wed, 25 Jan 2017 10:02:07 +0100 (CET)
Date: Wed, 25 Jan 2017 10:02:07 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Benoit Claise <bclaise@cisco.com>
Message-ID: <20170125090207.GC40289@elstar.jacobs.jacobs-university.de>
Mail-Followup-To: Benoit Claise <bclaise@cisco.com>, i2rs@ietf.org, IESG IESG <iesg@ietf.org>
References: <20170123.212621.119545616051737472.mbj@tail-f.com> <afdfb4d3-0901-2ee0-8d87-f8f1aeeff37e@hq.sk> <019c01d275c4$edf51f30$c9df5d90$@ndzh.com> <20170123221458.GA34192@elstar.local> <029301d27636$f2514690$d6f3d3b0$@ndzh.com> <20170124115221.GD35835@elstar.local> <87f80f69-5a3c-18a0-8f4f-e560572417e8@kot-begemot.co.uk> <008d01d2766a$5387def0$fa979cd0$@ndzh.com> <7A14208D-2046-4421-AD8A-B8D3CED74D36@lucidvision.com> <6a06779b-fa72-c6c9-f9ea-99dc5e32e3a7@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: 8bit
In-Reply-To: <6a06779b-fa72-c6c9-f9ea-99dc5e32e3a7@cisco.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/a1yQvEaKp4Nj5iX3xA88IRNHZR4>
Cc: i2rs@ietf.org, IESG IESG <iesg@ietf.org>
Subject: Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2017 09:02:09 -0000

+1

/js

On Tue, Jan 24, 2017 at 11:04:56PM +0100, Benoit Claise wrote:
> Dear all,
> 
> The thread that grows faster than you can read...
> 
> Let me repeat what I mentioned already on the I2RS mailing list:
> 
>    This document contains a YANG model, a generic YANG model that could be accessed by NETCONF, RESTCONF, or the future I2RS protocol.
>    This document doesn't say (and that would be a mistake IMO if it would) that this YANG model can only be accessed by the I2RS protocol.
>    Hence I'm advocating that the security considerations diligently followhttps://trac.ietf.org/trac/ops/wiki/yang-security-guidelines, and that they don't go in the I2RS protocol specific details.
> 
> This comment was made for draft-ietf-i2rs-yang-network-topo, but is equally
> applicable to this draft-ietf-i2rs-yang-l3-topology draft.
> I still maintain this point of view: it would be a mistake to limit a data
> model usage to a particular protocol. These topology documents are not I2RS
> YANG models, these are YANG models, which can be used in different contexts.
> I'm very concerned if we start having per-WG or per context data models in
> the IETF.
> Btw, I haven't seen a RFC specifying what the I2RS protocol is, only the
> requirements.
> We can't modify the current generic YANG security considerations for an I2RS
> control plane and a new datastore that are not yet specified. If you want to
> describe how I2RS will be using those topology YANG models (and any YANG
> models btw), then it's suitable to include this part of the I2RS protocol
> spec or part of an I2RS applicability statement. This is typically where you
> would describe some protocol specific information such as "write contention
> for two clients writing a node using I2RS priority (linked to I2RS
> User-ID)".
> 
> Let me make my point differently. Let's assume for a moment that I2RS needs
> to use the IETF interface YANG model, does it mean that you will require RFC
> 7223bis with an updated security considerations? This can't be.
> 
> I still think the generic YANG security guidelines is suitable, as it
> relates to IETF specified protocols NETCONF and RESTCONF. Addition of some
> generic information about the data model (not I2RS protocol) might be useful
> though. For example, text around "there is a risk that a write to a topology
> may create a looping topology or overload a particular node". Note that I
> don't think the the security considerations is the best section for this
> though.
> 
> Regards, Benoit
> > 	Sue:
> > 
> > 	The implication of that statement is that actual implementations (like ODL etc) now
> > need to copy/paste this model without the I2RS text to use them in other ways. This seems
> > strange and just about the most inefficient way to use these that I can think of.
> > 
> > 	—Tom
> > 
> > 
> > 
> > > On Jan 24, 2017:12:50 PM, at 12:50 PM, Susan Hares <shares@ndzh.com> wrote:
> > > 
> > > Anton:
> > > 
> > > See earlier message to Martin.  Topology models are I2RS YANG Models
> > > designed for ephemeral state with specific security concerns.  This is not
> > > your basic YANG model no matter which data store ephemeral gets linked to.
> > > Where is ephemeral state?  By IESG Design of charter, I2RS is not in charge
> > > of defining ephemeral state solution.  NETMOD/NETCONF are.  Go ask them.
> > > 
> > > Do not blame the messenger echoing NETMOD results,
> > > 
> > > Sue
> > > 
> > > -----Original Message-----
> > > From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Anton Ivanov
> > > Sent: Tuesday, January 24, 2017 8:30 AM
> > > To: i2rs@ietf.org
> > > Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
> > > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
> > > 
> > > On 24/01/17 11:52, Juergen Schoenwaelder wrote:
> > > > Susan,
> > > > 
> > > > so are these YANG models regular YANG models or are these YANG models
> > > > specific to the yet to be defined I2RS protocol and yet to be defined
> > > > datastores?
> > > > 
> > > > I think this is the core of Martin's and my question. A simple clear
> > > > and concise answer would be nice.
> > > +1.
> > > 
> > > A.
> > > 
> > > 
> > > _______________________________________________
> > > i2rs mailing list
> > > i2rs@ietf.org
> > > https://www.ietf.org/mailman/listinfo/i2rs
> > > 
> > > _______________________________________________
> > > i2rs mailing list
> > > i2rs@ietf.org
> > > https://www.ietf.org/mailman/listinfo/i2rs
> > _______________________________________________
> > i2rs mailing list
> > i2rs@ietf.org
> > https://www.ietf.org/mailman/listinfo/i2rs
> 

> _______________________________________________
> i2rs mailing list
> i2rs@ietf.org
> https://www.ietf.org/mailman/listinfo/i2rs


-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email