Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt --
"Susan Hares" <shares@ndzh.com> Thu, 26 May 2016 01:40 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16B2412D1B5 for <i2rs@ietfa.amsl.com>; Wed, 25 May 2016 18:40:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.749
X-Spam-Level: *
X-Spam-Status: No, score=1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, RDNS_NONE=0.793, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u23OZjNVHpEf for <i2rs@ietfa.amsl.com>; Wed, 25 May 2016 18:40:30 -0700 (PDT)
Received: from hickoryhill-consulting.com (unknown [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 496EF12B025 for <i2rs@ietf.org>; Wed, 25 May 2016 18:40:30 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.182.128;
From: Susan Hares <shares@ndzh.com>
To: 'Juergen Schoenwaelder' <j.schoenwaelder@jacobs-university.de>
References: <010101d1b6d0$c51fbf60$4f5f3e20$@ndzh.com> <20160525223345.GA12545@elstar.local>
In-Reply-To: <20160525223345.GA12545@elstar.local>
Date: Wed, 25 May 2016 21:40:03 -0400
Message-ID: <01c901d1b6ef$86be9150$943bb3f0$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01CA_01D1B6CD.FFB30BD0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI/JAKNkO8ofPtuVY7KY8y82XrZmwGE7LbjnuNE4pA=
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/dl4ivx2uuybOO5DdxxJxoJSiwdY>
Cc: i2rs@ietf.org, 'Mehmet Ersue' <mehmet.ersue@nokia.com>, 'Alia Atlas' <akatlas@gmail.com>, 'Mahesh Jethanandani' <mjethanandani@gmail.com>, 'Benoit Claise' <bclaise@cisco.com>, 'Jeffrey Haas' <jhaas@pfrc.org>
Subject: Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt --
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2016 01:40:34 -0000
Juergen: Thank you for your comments and questions. I have answered the point-by-point comments below. The goal of the exercise was to make one more attempt to resolve your comments at the request of Alia Atlas and Benoit Claise. You are a brilliant person who has worked in NETCONF and NETMOD for several years. I hope to continue to resolve your concerns, but perhaps you are missing some context from I2RS work. At this point, I find the following things in your response: 1) Request for clarity on requirements (Ephemeral-REQ-05, Ephemeral-REQ-06) that were reviewed in 3 IETF meetings (IETF-93, IETF-94, and IETF-95) in which you or other NETCONF/RESTCONF/YANG individuals did not comment. Also there were no additional questions. I welcome further discussion with you, but I am copying the NETCONF chairs to determine if they can help you understand these requirements or provide me suggestion on a resolution for your comments. 2) A disconnect from the charter that of I2RS. The charter specifies protocol-independent ephemeral state only document will be done in I2RS, and protocol-dependent ephemeral state models (or augmentations) will be done in other WGs. This charter defines the ephemeral-only data models, and two types of mixed data models (draft-ietf-bgp-model example given below). 3) A disconnect from the process of I2RS requirements as a re-use protocol The re-use methodology requires I2RS protocol to: a) require support for I2RS protocol version number identifier that identifies the support of a set of YANG, NETCONF, and RESTCONF features; b) specifying the existing Yang, NETCONF, and RESTCONF features needed for I2RS protocol version 1 (ephemeral state, protocol security, pub/sub, and traceability) and its security environment; and c) specifying the additions to YANG, NETCONF, and RESTCONF needed for I2RS support of ephemeral state, protocol security, pub/sub and traceability). To try to clarify these points, I have uploaded a -07.txt with clarifying comments. https://datatracker.ietf.org/doc/draft-ietf-i2rs-ephemeral-state/ Sue Hares -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Juergen Schoenwaelder Sent: Wednesday, May 25, 2016 6:34 PM To: Susan Hares Cc: 'Jeffrey Haas'; i2rs@ietf.org Subject: Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt -- On Wed, May 25, 2016 at 05:59:54PM -0400, Susan Hares wrote: >> Juergen: >> Thank you for your comments on the ephemeral state. >> On Ephemeral-REQ-05, does this clarify the requirement: >> >> Ephemeral-REQ-05: The ability to add on an object (or a hierarchy of >> objects) that have the property of being ephemeral. An object defined >> as Yang module, >> schema tree, a schema node, submodule or components of a submodule >> (derived types, groupings, data node, RPCs, actions, and notifications). >I have no clue what the above sentence is trying to say. Please try to use YANG >terminology. Let me try again: Ephemeral-REQ-05: The ability to augment an object with appropriate Yang structures that have the property of being ephemeral. An object is defined as being one of the following: yang module, schema tree, schema node, Submodule, components of a submodule (derived types, groupings, data nod, RPCs, actions, and notifications). The following are definitions in draft-ietf-netmod-rfc6020bis-09.txt 1) Yang module (p. 12) - A Yang module defines a hierarchy of schema nodes. With its definitions and the definitions it imports or includes from elsewhere, A module is self-contained and "compilable". 2) schema tree (p. 13) - The definition hierarchy specified within a module. 3) schema node (p. 12) - a node in the schema tree. 4) submodule (p. 13) - partial module definition that contributes derived types, groupings, data modules, RPCs, actions, and notifications to a module. The term "object" is defined to allow the data to augment each of these structures. Is this clearer? >> Any ephemeral object must be able to be identified by a yang key word. > Why does there have to be a YANG keyword? Answer: There MUST be a way to writers of a data model to define sections of a data model that are ephemeral configuration and derived state. No one has suggested any other reasonable way to accomplish this in the last 2 years. > On Ephemeral-REQ-06, does this text restrict the definition to just > requirements: > > > >> "Ephemeral-REQ-06: Yang MUST have a way to >> indicate in a data model that nodes have the following >> properties: ephemeral, writable/not-writable, status/configuration, >> and secure/non-secure transport. >> (If you desire examples, please see draft-hares-i2rs-protocol-strawman >> for potential yang syntax). " >We do have config true/false this implies writable/not-writable. Sue: I am glad we agree: >I find the idea strange that a data model defines secure/non-secure transport as >a property of an data model definition since it usually depends on the >deployment context whether it is acceptable to carry data over a non-secure >transport. Sue: The ability to utilize a non-secure transport requires: a) support for non-secure transport in protocol, b) data-model definition that indicates a portion of the data model may be passed over non-secure, and c) deployment context (via local node's policy on supporting this portion of a data model). If you do not have a and b and c - then you should not send the data over insecure channels. >> On Ephemeral-REQ-07, NETCONF chairs asked for conceptual changes to >> NETCONF and RESTCONF. Does change to Ephemeral-REQ-07 requirement >> set work for you? >> If it does, I will create a similar reduction for Ephemeral-REQ-08: >> --------- >> Ephemeral-REQ-07: The bundle of conceptual changes to NETCONF to >> required to support the I2RS protocol are the following: >> 1) protocol version support for I2RS protocol modifications - (e.g. >> I2RS version 1); >I do not understand what this is supposed to mean since NETCONF extensions > usually are identified by a capability URN. So why is there a need for something > else? Sue: Do these capabilities allow for grouping of the NETCONF extensions supported by a node to a specific set of extensions related to the I2RS protocol set? If not, this is the request. >> 2) support ephemeral model scope indication - which indicates whether >> a module is ephemeral only, mixed config module (config with >> ephemeral), mixed derived state (ephemeral and config), >Not sure what this means. Let me give you an example: a) ephemeral only data model: draft-i2rs-rib-data-model-05 b) mixed configuration model: draft-bgp-model-01 (sections 6.1 - 6.4) could be augmented to add ephemeral state to the configuration, c) mixed derived state: draft-bgp-model-01 section 6.5 defines operational state, and this could be augmented to add ephemeral operational within this data model. I suspect this reflects back to your misunderstanding Ephemeral-REQ-05. >> 3) multiple message support - uses the I2RS "all or none" >> (ietf-i2rs-architecture, section 7.9) which is the same as the NETCONF >> "roll-back-on-error". >So what is the requirement here? Sue: The requirement is to support NETCONF "roll-back-on-error" for ephemeral state. >> 4) Support for the following NETCONF [RFC6241] protocol specifications: >> yang pub-sub push [draft-ietf-netconf-yang-push], >> Yang module library [draft-ietf-netconf-yang-library], >> call-home support [draft-ietf-netconf-call-home], >> zero-touch support [draft-ietf-netconf-zero-touch], and >> server model [draft-ietf-netconf-server-module] with >Why do you list this under changes to NETCONF? Sue: The Ephemeral Requirements are defining a minimal set of NETCONF features to be absolutely required within the I2RS protocol definition. To recreate I2RS as a re-use protocol, we are defining the features that must be there to support the I2RS work. >> 7) The ability to restrict insecure transports to specific portions of >> a data model marked as valid to transfer via an insecure protocol, >See above. Sue: See above answer. >> 8) ephemeral overwriting of ephemeral MUST be controlled by the >> following two policy knobs (draft-ietf-i2rs-architecture, section 6.3, 6.3.1): >> * Policy Knob 1: ephemeral configuration overwrites local >> configuration (normal value: true) >> >> *Policy Knob 2: update of local configuration value supersedes and >> overwrites the ephemeral configuration value (normal value: false) >And if I set both to true we run into a race? Sue: No, please see draft-ietf-i2rs-architecture, section 6.3.1 with the full description. >I am stopping here. I do not even understand why we need yet another list of >requirements that just rephrase requirements already written down in other >documents. What is the goal of this exercise? Sue: The goal of the exercise was to try to resolve your comments on the ietf-i2rs-ephemeral-state-06.txt. I promised Alia Atlas and Benoit Claise that I would give this discussion one more try. See above for additional comments on the "goal of the exercise". /js ==================== > 9) The ephemeral state overwriting a local configuration described in 8) > above is considered to be the composite of all ephemeral state values > by all clients. Some may consider this a single "pane of glass" for > the ephemeral values. You seem to assume a certain architectural model and it is unclear whether there is agreement on this model. There is ongoing discussion about this, see for example draft-schoenw-netmod-revised-datastores-00. > 10) The ephemeral state must support notification of write conflicts > using the priority requirements (see section 3.7 below, specifically > requirements > Ephemeral-REQ-09 through Ephemeral-REQ-14). > > > > 11) Ephemeral data stores SHOULD not require support for interactions > with writeable-running, candidate data stores, confirmed commit, and a > distinct start-up capability. > > > > ========== > > > > On Ephemeral-09, this is covered in SEC-REQ-01. Section 3.7.1 was > added as explanation. It will be moved to the protocol-security-strawman. > > > > On Ephemeral-09 (second instance): is an extension of SEC-REQ-07 and > SEC-REQ-08. Will this change to Ephemeral-09 work for you? > > > > "Ephemeral-REQ-09: The data nodes MAY store I2RS client identity and > not the effective priority at the time the data node is stored. Per > SEC-REQ-07 in section 3.1 of > [draft-ietf-i2rs-protocol-security-requirements], an identifier must > have just one priority. Therefore, the data nodes MAY store I2RS > client identity and not the effective priority at the time the data > node is stored. Priority MAY be dynamically changed by AAA protocols > and how the protocol handles the revision of a client's priority > SHOULD be defined by the protocol specification as long as the collisions are handled as described by Ephemeral-REQ-10, Ephemeral-REQ-11, and Ephemeral-REQ-12." > > > > To your questions of repetition in Ephemeral-REQ-10, Ephemeral-REQ-11, > Ephemeral-REQ-12: Ephemeral write collisions utilize SEC-REQ-07 which > defines that an identifier MUST have only one priority. Ephemeral > write collisions are related to role-based data model security > (draft-ietf-i2rs-protocol-security-requirements, section 3.5), but > only > SEC-REQ-19 underscores the use of "one identifier with one priority" in the > use of a I2RS client by multiple applications. You may be recalling input > from the I2RS-architecture document. > > > > On Ephemeral-REQ-13: This requirement has an explanation that I would > like to keep because the requirement has been misunderstood repeatedly > in both groups. Since this requirement represents to summation of the > NETCONF/I2RS sessions, I prefer to keep this requirement and ask the WG for input. > > > > > On the Pub-sub requirements: > > I will remove all pub-sub-requirements and add the following: > > > > 1) Pub-Sub-REQ-01: The Subscription Service MUST support subscriptions > against ephemeral data in operational data stores, configuration data > stores or both. > > 2) Pub-Sub-REQ-02: The Subscription Service MUST support filtering so > that subscribed updates under a target node might publish only > ephemeral data in operational data or configuration data, or publish > both ephemeral and operational data. > > > > > Sue > > > > -----Original Message----- > From: i2rs [ <mailto:i2rs-bounces@ietf.org> mailto:i2rs-bounces@ietf.org] On Behalf Of Juergen > Schoenwaelder > Sent: Tuesday, May 17, 2016 2:24 PM > To: Jeffrey Haas > Cc: <mailto:i2rs@ietf.org> i2rs@ietf.org > Subject: Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt > > > > On Tue, May 17, 2016 at 12:26:35PM -0400, Jeffrey Haas wrote: > > > Jürgen, > > > > > > On Fri, May 06, 2016 at 09:34:45AM +0200, Juergen Schoenwaelder wrote: > > > > I have a hard time with this document. Section 3 is labelled > > > > requirements but it actually details solution and I disagree with > > > a > > > > significant number of the solution elements. > > > > > > If you were to restrict your comments to the requirements labeled > variously: > > > Ephemeral-REQ-XX > > > PubSub-REQ-X > > > > > > do you consider the items sufficiently well described to be a > > > requirements document? > > > > Mostly: > > > > - I do not understand what Ephemeral-REQ-05 is trying to say. > > > > - I disagree with Ephemeral-REQ-06 and section 3.4.1 all sounds like > > solution attempts (to which I do not agree). > > > > > > - I disagree with Ephemeral-REQ-07 and all of section 3.5 and > > subsections; this is not a requirement but an attempt to describe a > > solution. > > - I disagree with Ephemeral-REQ-08 and all of section 3.5 and > > subsections; this is not a requirement but an attempt to describe a > > solution. > > > > - Has Ephemeral-REQ-09 (the first one) not been stated elsewhere > > already? > > > > - Ephemeral-REQ-xx with xx >= 09 and xx <= 13 seem repetitions from > > requirements already stated elsewhere? > > > > - I did not understand section 3.7.3 and I am unsure what > > Ephemeral-REQ-13 or more specifically whether it is different from > > what is already stated in the requirements. I have trouble parsing > > some of the sentences, e.g. > > > > [...] I2RS notes multiple operations in one or > > more messages handling can handle errors within the set of > operations > > in many ways. > > > > - I do not understand PubSub-REQ-1; what is the difference between > > synchronous and asynchronous push? > > > > - I may disagree with PubSub-REQ-2 but then I do not know what 'real > > time for notifications' means. > > > > - I may disagree with PubSub-REQ-3. > > > > - I do not understand what PubSub-REQ-4 means; what is a 'critical > > node event'? How do I decide this requirement has been met? > > > > - PubSub-REQ-5 seems to mix up different issues. I do not know what a > > hierarchy of filters of XPATHs is. > > > > - PubSub-REQ-6 is likely underspecified. > > > > Overall, I do not understand why we need these additional requirements > given that we have draft-ietf-i2rs-pub-sub-requirements-08.txt. > > > As Sue mentioned, we can migrate solution-space discussion wholly > > into > > > the strawman document. > > > > In general, it would help me if you make an effort to reduce the > number of documents and if you make an effort to avoid document > overlaps. Sometimes less is more. > > > > /js > > > > -- > > Juergen Schoenwaelder Jacobs University Bremen gGmbH > > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > > Fax: +49 421 200 3103 < < <http://www.jacobs-university.de/> http://www.jacobs-university.de/> > <http://www.jacobs-university.de/> http://www.jacobs-university.de/> > > > > _______________________________________________ > > i2rs mailing list > > < <mailto:i2rs@ietf.org> mailto:i2rs@ietf.org> <mailto:i2rs@ietf.org> i2rs@ietf.org > > < <https://www.ietf.org/mailman/listinfo/i2rs> https://www.ietf.org/mailman/listinfo/i2rs> > <https://www.ietf.org/mailman/listinfo/i2rs> https://www.ietf.org/mailman/listinfo/i2rs > -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 < <http://www.jacobs-university.de/> http://www.jacobs-university.de/> _______________________________________________ i2rs mailing list <mailto:i2rs@ietf.org> i2rs@ietf.org <https://www.ietf.org/mailman/listinfo/i2rs> https://www.ietf.org/mailman/listinfo/i2rs
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Susan Hares
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Juergen Schoenwaelder
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Susan Hares
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Andy Bierman
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Susan Hares