Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)

[Anton Ivanov <anton.ivanov@kot-begemot.co.uk>]

On 24/01/17 14:25, Susan Hares wrote:
> Juergen and Martin:
>
> Your question is appropriate at this point.   These Yang Modules are I2RS
> Yang Modules.   Knowing whether these are attached to the configuration data
> store or a control plane data store is important.   For that answer, I must
> await Benoit and the NETMOD Chairs.
>
> However, the security involved in these data models still has the same
> security issues whether it is ephemeral state attached to the configuration
> data store or the control plane data store.


No it is not.

If it is the control plane you need a security model for the northbound 
write access.

If that model is not necessary because there is no write access, then 
the question is why do you need it to be in the config in the first place.

A.

>   The solution is just different.
> The 6 issues for I2RS security considerations are:  1) different
> mandatory-to-implement transport for NETCONF, 2) priority resolving multiple
> client writes,  3) non-secure transport, 4 ) different validations with rpc
> actions, 5) different NACM, RACM, and SACM policy, 6) different data store
> behavior (ephemeral/configuration or ephemeral/Control Plane data store).
> Only #6 would operate different between the two data store choices.
>
> To recap our discussion:  Any I2RS YANG module MUST have security comments
> on #1 and #2 if it contains writes.   The topology modules particular module
> does not use #3  and #4 beyond the regular YANG module section.  #5 - The
> NACM policy may be the same, but the policy toward the routing system (RACM)
> or system information (SACM) is different as the L3 topology models may load
> information from routing protocols.   The proposal for I2RS Yang module
> security considerations has 3 parts:  A) Basic Yang  Security
> considerations,  B) I2RS Security considerations for secure transport, and
> C) non-secure security considerations .  A+B are all that is needed for
> these drafts.
>
> Cheerily,
>
> Sue Hares
>
> -----Original Message-----
> From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de]
> Sent: Tuesday, January 24, 2017 6:52 AM
> To: Susan Hares
> Cc: i2rs@ietf.org; 'Martin Bjorklund';
> draft-ietf-i2rs-yang-l3-topology@ietf.org; i2rs-chairs@ietf.org; 'Robert
> Varga'; Kathleen.Moriarty.ietf@gmail.com; iesg@ietf.org
> Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
> draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>
> Susan,
>
> so are these YANG models regular YANG models or are these YANG models
> specific to the yet to be defined I2RS protocol and yet to be defined
> datastores?
>
> I think this is the core of Martin's and my question. A simple clear and
> concise answer would be nice.
>
> /js
>
> On Tue, Jan 24, 2017 at 06:42:30AM -0500, Susan Hares wrote:
>> Juergen:
>>
>> Yep.  That's the charter.  draft-ietf-i2rs-yang-network-topo-10.txt is
>> a generic topology model.  draft-ietf-i2rs-yang-l3-topology-08.txt is a
>> generic topology for L3 unicast.   These support topology extension for
>> non-I2RS user.  We met the milestone and deliver the YANG Modules to the
>> IESG.    We discussed the "write" feature during WG LC and in the WG.   We
>> passed this by AD Benoit Claise who agreed to the reasons present by
>> the draft authors.
>>
>> Kinda' missed your comments in the normal comment period (WG LC, IETF LC).
>> Sue
>>
>> -----Original Message-----
>> From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Juergen
>> Schoenwaelder
>> Sent: Monday, January 23, 2017 5:15 PM
>> To: Susan Hares
>> Cc: i2rs@ietf.org; 'Martin Bjorklund';
>> draft-ietf-i2rs-yang-l3-topology@ietf.org; i2rs-chairs@ietf.org;
>> 'Robert Varga'; Kathleen.Moriarty.ietf@gmail.com; iesg@ietf.org
>> Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
>> draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>>
>> Perhaps just adding to the confusion, here is what the WG charter
>> says:
>>
>>      o The ability to extract information about topology from the network.
>>        Injection and creation of topology will not be considered as a work
>>        item. Such topology-related models will be based on a generic
>>        topology model to support multiple uses; the generic topology model
>>        should support topology extension for non-I2RS uses.
>>
>> And as a milestone:
>>
>>    Dec 2016 - Request Publication of Protocol Independent Topology Data
>> Models
>>
>> /js
>>
>> On Mon, Jan 23, 2017 at 05:06:04PM -0500, Susan Hares wrote:
>>> Robert and Martin:
>>>
>>> I agree with Robert that the current implementations of the ODL
>>> topology models are handled as part of the configuration data store
>>> with
>> ephemeral
>>> state.   I will point out that these implementation are pre-standards
>>> implementations of the I2RS YANG Data model.
>>>
>>> While standardizing the topology data models, the I2RS WG have been
>>> asked to align with the draft-ietf-netmod-revised-datastores-00.txt
>>> NETMOD WG document.  This NETMOD WG document moves the I2RS
>>> ephemeral data
>> store from
>>> configuration data store to a Control Plane data store.   If we follow
>> this
>>> draft, the I2RS Topology models are part of the I2RS ephemeral data
> store.
>>> If you disagree with the placement of the Topology data models,
>>> please indicate this to the NETMOD WG and to Benoit.  Could you
>>> propose a way that you would see the ephemeral state working with
>>> the configuration data
>> store
>>> to the NETMOD WG?
>>>
>>> Quite frankly, I feel a bit of whip-lash on this topic.   NETMOD WG asks
>> for
>>> Control Plane Data store.  You ask for configuration data store (which
> was
>>> the I2RS initial proposal).   It is possible for either one to work for
>> I2RS
>>> Topology models - if the right details are taken care of.   How do we
> make
>>> progress on choosing one method so we can write the I2RS Topology
>>> Models security considerations.?
>>>
>>> Sue
>>>    
>>> -----Original Message-----
>>> From: Robert Varga [mailto:nite@hq.sk]
>>> Sent: Monday, January 23, 2017 4:11 PM
>>> To: Martin Bjorklund; shares@ndzh.com
>>> Cc: i2rs@ietf.org; draft-ietf-i2rs-yang-l3-topology@ietf.org;
>>> j.schoenwaelder@jacobs-university.de; i2rs-chairs@ietf.org;
>>> Kathleen.Moriarty.ietf@gmail.com; iesg@ietf.org
>>> Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
>>> draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>>>
>>> On 01/23/2017 09:26 PM, Martin Bjorklund wrote:
>>>>> I'm pulling your questions to the top of this email.
>>>>>
>>>>>   
>>>>>
>>>>> Question 1: Ok.  Just to make sure I understand this correctly -
>>>>> these topology models are intended to be I2RS-specific, and they
>>>>> cannot be used for any other purpose.  If anyone needs a general
>>>>> topology model outside of the I2RS protocol, they will have to
>>>>> design their own model.  Is this correct?
>>>>>
>>>>>   
>>>>>
>>>>> Response 1:  Not really.
>>>> Ok, so are you saying that the models are in fact generic, and can
>>>> be used outside of I2RS?  I.e., they *can* be used with the normal
>>>> configuration datastores?
>>>>
>>>  From implementation experience, yes, they can be used for storing
>>> configuration. OpenDaylight uses (an ancient predecessor of)
>>> yang-network-topo to store configure details about devices in its
>>> managed networks.
>>>
>>> Regards,
>>> Robert
>>>
>>>
>> -- 
>> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
>> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
>> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
>>
>> _______________________________________________
>> i2rs mailing list
>> i2rs@ietf.org
>> https://www.ietf.org/mailman/listinfo/i2rs
>>