IETF Logo Mail Archive

Re: [i2rs] YANG validation and opstate

Andy Bierman <andy@yumaworks.com> Tue, 07 June 2016 00:26 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9139512D688 for <i2rs@ietfa.amsl.com>; Mon, 6 Jun 2016 17:26:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IN5NzRAeg0FY for <i2rs@ietfa.amsl.com>; Mon, 6 Jun 2016 17:26:05 -0700 (PDT)
Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72B7612D630 for <i2rs@ietf.org>; Mon, 6 Jun 2016 17:26:05 -0700 (PDT)
Received: by mail-yw0-x229.google.com with SMTP id c127so155725519ywb.1 for <i2rs@ietf.org>; Mon, 06 Jun 2016 17:26:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=AD+JBQ5/mV1m1Zqn5FyxwPNPT4dQ1HYSJTT1kb8hwCw=; b=nz95x2LiL7YnNplwq7JWGGDrW8xI6PKOnXJOCUlmbhuz6BO/85jOuEkU2GQm4sY2zt WjaQNlxxfsJEweVEPHKFkm6CbrO66Us3h0nDU4iaHYXq8t8EjNPQjFq9T1DfKyht0Zkc GIHlCBIYu37tp+gd/bJ4FX7UnxoP4HfMk/Jwb/tqj4UMEfG/t68INVP2w1szuFg0150q 3BtVq4KOdiRJ+4cS4SBbr9BFCx1i655F76GCFAxxaGkErj6SoJPJAT2m8RPJI81ilHJS fT0PqX6aW+rtQAkXlGwXA1DRdp2wf3g5OtSjo9uXZRrsmZHbwX+X9wW4qT8d5o2B7J7E L0vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=AD+JBQ5/mV1m1Zqn5FyxwPNPT4dQ1HYSJTT1kb8hwCw=; b=j/XFwfg/U2h24XFthrgPCRl2y7LCGaVymEgijOES0goDSjrdeXbksY+x3UvTxQR8hg iMl2F58l1zOuTjwj5tX7Yp/CD0L+EB56yUztG+He0Wpy4NihBGgw3EAt/G8Kq3taWzd4 1dqPKpUXcUxxtI5hQuUERFUkyrnzPwlPeTTrtejuObax9k0SGVrtcdogPdmY3Awr1FrZ CrNGFcbqJivATQpaY+wB0hHFXKsVZqLFBFGECs804ZOH0jMCiid+d/5cxKbr9ouo6nRP R5ywRqTL9v04E2WUsKKNxB+Aq1xEV8GguW4qBo8rQDshdOCYjExnbyOrbm/5eV4qcCZl rC0A==
X-Gm-Message-State: ALyK8tLk+fJxkaKjvgvKWrAFXtEhUVS0rqwVUKb1UjCU9LXaDo4R6JLXZbzFTuKG5KQqfLz/9vn1r8sh98MjBw==
MIME-Version: 1.0
X-Received: by 10.13.202.15 with SMTP id m15mr12647854ywd.259.1465259164713; Mon, 06 Jun 2016 17:26:04 -0700 (PDT)
Received: by 10.37.115.68 with HTTP; Mon, 6 Jun 2016 17:26:04 -0700 (PDT)
In-Reply-To: <029d01d1c04a$a7d1c330$f7754990$@ndzh.com>
References: <CABCOCHQAuhsngAKXE=-o=wWsv1u6BXDWCJ--0JJ4p5D0f2WY3Q@mail.gmail.com> <029d01d1c04a$a7d1c330$f7754990$@ndzh.com>
Date: Mon, 06 Jun 2016 17:26:04 -0700
Message-ID: <CABCOCHSihuGOpMy3fqvTcnmRbYYszOpxYcwNsRc9RRkX6gk+fQ@mail.gmail.com>
From: Andy Bierman <andy@yumaworks.com>
To: Susan Hares <shares@ndzh.com>
Content-Type: multipart/alternative; boundary="001a11481ab60478120534a53c90"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/gcsfVhBZWODQwAB9pVUeHvn-KLg>
Cc: "i2rs@ietf.org" <i2rs@ietf.org>
Subject: Re: [i2rs] YANG validation and opstate
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2016 00:26:07 -0000

Hi,

I am still a little confused on the intent of the partial YANG validation.
It seems trivial to adapt the NETCONF or RESTCONF validation points to I2RS.
The only difference is that I2RS data can have constraints pointing at
config=false
nodes, so this is more complicated and expensive to implement than NETCONF
or RESTCONF.

The argument for partial validation I have heard is "We only support 1
client and
we know the client already checks the data, so we know the data is valid."
This is not arguing that there will be invalid data in the datastore.  It
is arguing
that the client can be trusted to be correct and bug-free so why bother
spending
server resources duplicating the validation.

Typically in NM standards we assume more than 1 client is allowed in the
design
and a client cannot be trusted.  A client could be malicious or buggy.
Either way, if the server crashes or allows a security breach
it's still the server vendor's fault.

I2RS seems like an implementation detail (not a standard) if vendors plan on
writing both client and server code and not intending to support
any 3rd party implementations.


Andy



On Mon, Jun 6, 2016 at 4:25 PM, Susan Hares <shares@ndzh.com> wrote:

> Andy:
>
>
>
> I’m not sure the context you are referring to as “I2RS agent pick which
> Yang statements they will implement”.
>
>
>
> From the context, I guess you are investigating Ephemeral Configuration
> State.  If “the server MAY do YANG validation
>
> on the ephemeral datastore”, and then check it in operational state – this
> clearly works.  However, I’m struggling to fit the normal Ephemeral
> Configuration State validation into section 8.3 of RFC6020bis.   There are
> three steps in constraint enforcement (section 8.3 of RFC6020bis).
>
>    o  during parsing of RPC payloads -
>
>    o  during processing of the <edit-config> operation
>
>    o  during validation
>
>
>
> Currently section 8.3.3 says:
>
>
>
> “8.3.3.  Validation
>
>
>
>    When datastore processing is complete, the final contents MUST obey
>  all validation constraints.  This validation processing is performed  at
> differing times according to the datastore.
>
>
>
> If the datastore is "running" or "startup",   these constraints MUST be
> enforced at the end of the <edit-config> or <copy-config> operation.  If
> the datastore is "candidate", the constraint enforcement is delayed until a
> <commit>
>
> or <validate> operation.”
>
>
>
> My understanding is we are discussing how constraint enforcement works in
> Ephemeral Configuration State.
>
> You need to define where the ephemeral constraints MUST Be enforced.  It
> would seem reasonable to enforces at the end of <edit-config> or
> <copy-config>, or by the end of an rpc operation defined in a data model.
>
>
>
> Since RESTCONF uses PUTS/PATCH within a HTTP exchange, then the constraint
> enforcement must be at the end of that http operation.
>
>
>
> Sue
>
>
>
>
>
>
>
> *From:* i2rs [mailto:i2rs-bounces@ietf.org] *On Behalf Of *Andy Bierman
> *Sent:* Sunday, June 05, 2016 5:43 PM
> *To:* i2rs@ietf.org
> *Subject:* [i2rs] YANG validation and opstate
>
>
>
> Hi,
>
>
>
> I don't really agree with idea that I2RS agents pick which
>
> YANG statements they will implement, but I think there is
>
> a way to handle this correctly in the datastore framework.
>
>
>
> The proposed enumeration for server validation
>
> capabilities (e.g., full, XPath, leafref) is not really needed.
>
> This enum is too course-grained to be useful.
>
>
>
> IMO it is better to say the server MAY do YANG validation
>
> on the ephemeral datastore.  Whether or not the server uses
>
> data from the ephemeral datastore is left as an implementation detail.
>
> The server could use invalid input parameters or ignore them
>
> or reject them in the first place.
>
>
>
> The client needs to check operational state to know if/when the
>
> ephemeral data was applied to the system.
>
>
>
>
>
>
>
> Andy
>
>
>

v2.35.0 | Report a Bug | By Email | System Status