Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt --
"Susan Hares" <shares@ndzh.com> Wed, 25 May 2016 22:00 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A9D612D552 for <i2rs@ietfa.amsl.com>; Wed, 25 May 2016 15:00:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.749
X-Spam-Level: *
X-Spam-Status: No, score=1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, RDNS_NONE=0.793, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uMz555GjZ0xi for <i2rs@ietfa.amsl.com>; Wed, 25 May 2016 15:00:12 -0700 (PDT)
Received: from hickoryhill-consulting.com (unknown [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6B9712D555 for <i2rs@ietf.org>; Wed, 25 May 2016 15:00:11 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.182.128;
From: Susan Hares <shares@ndzh.com>
To: 'Juergen Schoenwaelder' <j.schoenwaelder@jacobs-university.de>, 'Jeffrey Haas' <jhaas@pfrc.org>
Date: Wed, 25 May 2016 17:59:54 -0400
Message-ID: <010101d1b6d0$c51fbf60$4f5f3e20$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0102_01D1B6AF.3E1439E0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdG2u40tT65IQmFGQ9esZvboRFRzVw==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/wX8RiHPF6nJLDqNmSWQgzBGhKOE>
Cc: i2rs@ietf.org
Subject: Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt --
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2016 22:00:15 -0000
Juergen: Thank you for your comments on the ephemeral state. On Ephemeral-REQ-05, does this clarify the requirement: Ephemeral-REQ-05: The ability to add on an object (or a hierarchy of objects) that have the property of being ephemeral. An object defined as Yang module, schema tree, a schema node, submodule or components of a submodule (derived types, groupings, data node, RPCs, actions, and notifications). Any ephemeral object must be able to be identified by a yang key word. On Ephemeral-REQ-06, does this text restrict the definition to just requirements: "Ephemeral-REQ-06: Yang MUST have a way to indicate in a data model that nodes have the following properties: ephemeral, writable/not-writable, status/configuration, and secure/non-secure transport. (If you desire examples, please see draft-hares-i2rs-protocol-strawman for potential yang syntax). " On Ephemeral-REQ-07, NETCONF chairs asked for conceptual changes to NETCONF and RESTCONF. Does change to Ephemeral-REQ-07 requirement set work for you? If it does, I will create a similar reduction for Ephemeral-REQ-08: --------- Ephemeral-REQ-07: The bundle of conceptual changes to NETCONF to required to support the I2RS protocol are the following: 1) protocol version support for I2RS protocol modifications - (e.g. I2RS version 1); 2) support ephemeral model scope indication - which indicates whether a module is ephemeral only, mixed config module (config with ephemeral), mixed derived state (ephemeral and config), 3) multiple message support - uses the I2RS "all or none" (ietf-i2rs-architecture, section 7.9) which is the same as the NETCONF "roll-back-on-error". 4) Support for the following NETCONF protocol specifications: NETCONF [RFC6241], yang pub-sub push [draft-ietf-netconf-yang-push], Yang module library [draft-ietf-netconf-yang-library], call-home support [draft-ietf-netconf-call-home], zero-touch support [draft-ietf-netconf-zero-touch], and server model [draft-ietf-netconf-server-module] with server module must be augmented to support mutual authentication (see details in [draft-ietf-i2rs-protocol-security-requirements] section 3.1 in requirements: SEC-REQ-01 to SEC-REQ-08)), 5) Support the following encodings XML and JSON; 6) support the following transports : "TCP", "SSH", TLS", and non-secure. (See ietf-i2rs-protocol-security-requirements in section 3.2 in requirements SEC-REQ-09 and SEC-REQ-11 for details). NETCONF should be able to Expand for I2RS transport support is requirement as future I2RS protocol versions will support other transports. 7) The ability to restrict insecure transports to specific portions of a data model marked as valid to transfer via an insecure protocol, 8) ephemeral overwriting of ephemeral MUST be controlled by the following two policy knobs (draft-ietf-i2rs-architecture, section 6.3, 6.3.1): * Policy Knob 1: ephemeral configuration overwrites local configuration (normal value: true) *Policy Knob 2: update of local configuration value supersedes and overwrites the ephemeral configuration value (normal value: false) 9) The ephemeral state overwriting a local configuration described in 8) above is considered to be the composite of all ephemeral state values by all clients. Some may consider this a single "pane of glass" for the ephemeral values. 10) The ephemeral state must support notification of write conflicts using the priority requirements (see section 3.7 below, specifically requirements Ephemeral-REQ-09 through Ephemeral-REQ-14). 11) Ephemeral data stores SHOULD not require support for interactions with writeable-running, candidate data stores, confirmed commit, and a distinct start-up capability. ========== On Ephemeral-09, this is covered in SEC-REQ-01. Section 3.7.1 was added as explanation. It will be moved to the protocol-security-strawman. On Ephemeral-09 (second instance): is an extension of SEC-REQ-07 and SEC-REQ-08. Will this change to Ephemeral-09 work for you? "Ephemeral-REQ-09: The data nodes MAY store I2RS client identity and not the effective priority at the time the data node is stored. Per SEC-REQ-07 in section 3.1 of [draft-ietf-i2rs-protocol-security-requirements], an identifier must have just one priority. Therefore, the data nodes MAY store I2RS client identity and not the effective priority at the time the data node is stored. Priority MAY be dynamically changed by AAA protocols and how the protocol handles the revision of a client's priority SHOULD be defined by the protocol specification as long as the collisions are handled as described by Ephemeral-REQ-10, Ephemeral-REQ-11, and Ephemeral-REQ-12." To your questions of repetition in Ephemeral-REQ-10, Ephemeral-REQ-11, Ephemeral-REQ-12: Ephemeral write collisions utilize SEC-REQ-07 which defines that an identifier MUST have only one priority. Ephemeral write collisions are related to role-based data model security (draft-ietf-i2rs-protocol-security-requirements, section 3.5), but only SEC-REQ-19 underscores the use of "one identifier with one priority" in the use of a I2RS client by multiple applications. You may be recalling input from the I2RS-architecture document. On Ephemeral-REQ-13: This requirement has an explanation that I would like to keep because the requirement has been misunderstood repeatedly in both groups. Since this requirement represents to summation of the NETCONF/I2RS sessions, I prefer to keep this requirement and ask the WG for input. On the Pub-sub requirements: I will remove all pub-sub-requirements and add the following: 1) Pub-Sub-REQ-01: The Subscription Service MUST support subscriptions against ephemeral data in operational data stores, configuration data stores or both. 2) Pub-Sub-REQ-02: The Subscription Service MUST support filtering so that subscribed updates under a target node might publish only ephemeral data in operational data or configuration data, or publish both ephemeral and operational data. Sue -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Juergen Schoenwaelder Sent: Tuesday, May 17, 2016 2:24 PM To: Jeffrey Haas Cc: i2rs@ietf.org Subject: Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt On Tue, May 17, 2016 at 12:26:35PM -0400, Jeffrey Haas wrote: > Jürgen, > > On Fri, May 06, 2016 at 09:34:45AM +0200, Juergen Schoenwaelder wrote: > > I have a hard time with this document. Section 3 is labelled > > requirements but it actually details solution and I disagree with a > > significant number of the solution elements. > > If you were to restrict your comments to the requirements labeled variously: > Ephemeral-REQ-XX > PubSub-REQ-X > > do you consider the items sufficiently well described to be a > requirements document? Mostly: - I do not understand what Ephemeral-REQ-05 is trying to say. - I disagree with Ephemeral-REQ-06 and section 3.4.1 all sounds like solution attempts (to which I do not agree). - I disagree with Ephemeral-REQ-07 and all of section 3.5 and subsections; this is not a requirement but an attempt to describe a solution. - I disagree with Ephemeral-REQ-08 and all of section 3.5 and subsections; this is not a requirement but an attempt to describe a solution. - Has Ephemeral-REQ-09 (the first one) not been stated elsewhere already? - Ephemeral-REQ-xx with xx >= 09 and xx <= 13 seem repetitions from requirements already stated elsewhere? - I did not understand section 3.7.3 and I am unsure what Ephemeral-REQ-13 or more specifically whether it is different from what is already stated in the requirements. I have trouble parsing some of the sentences, e.g. [...] I2RS notes multiple operations in one or more messages handling can handle errors within the set of operations in many ways. - I do not understand PubSub-REQ-1; what is the difference between synchronous and asynchronous push? - I may disagree with PubSub-REQ-2 but then I do not know what 'real time for notifications' means. - I may disagree with PubSub-REQ-3. - I do not understand what PubSub-REQ-4 means; what is a 'critical node event'? How do I decide this requirement has been met? - PubSub-REQ-5 seems to mix up different issues. I do not know what a hierarchy of filters of XPATHs is. - PubSub-REQ-6 is likely underspecified. Overall, I do not understand why we need these additional requirements given that we have draft-ietf-i2rs-pub-sub-requirements-08.txt. > As Sue mentioned, we can migrate solution-space discussion wholly into > the strawman document. In general, it would help me if you make an effort to reduce the number of documents and if you make an effort to avoid document overlaps. Sometimes less is more. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 < <http://www.jacobs-university.de/> http://www.jacobs-university.de/> _______________________________________________ i2rs mailing list <mailto:i2rs@ietf.org> i2rs@ietf.org <https://www.ietf.org/mailman/listinfo/i2rs> https://www.ietf.org/mailman/listinfo/i2rs
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Susan Hares
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Juergen Schoenwaelder
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Susan Hares
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Andy Bierman
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Susan Hares