Re: [i2rs] draft-chen-i2rs-identifier-management-00
Alia Atlas <akatlas@gmail.com> Wed, 03 June 2015 17:19 UTC
Return-Path: <akatlas@gmail.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 614DA1A9308 for <i2rs@ietfa.amsl.com>; Wed, 3 Jun 2015 10:19:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.199
X-Spam-Level:
X-Spam-Status: No, score=-100.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6, J_CHICKENPOX_64=0.6, J_CHICKENPOX_65=0.6, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hGv14P4paiHs for <i2rs@ietfa.amsl.com>; Wed, 3 Jun 2015 10:18:56 -0700 (PDT)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4694C1ACD15 for <i2rs@ietf.org>; Wed, 3 Jun 2015 10:18:56 -0700 (PDT)
Received: by oihd6 with SMTP id d6so12538304oih.2 for <i2rs@ietf.org>; Wed, 03 Jun 2015 10:18:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=myVybJv2QiCkOVZKGT9vsOZwYbOgp+1f1aiixuyZo8w=; b=DOzL6EAsvEAl/vdoGVf39HaK5hxlZSDqW7R5JUYQsPY6WN0YnYl0w0sodZIW3qeQHR VYX7MD6sK+JS8R60pOppm2IvYhLubAdJCfhsAB80EXdtNBC5SydhqdU4r+4woCJB9SEj j3XiwHBR3Tk/lW7dseHXj3CBziqfa9PwaLh/MGwcndwpRkWeHMRSsmwRAcTeHMXF86Mg HR7ZilVCJPwaT45izx7d3xj01flsf0ieUulAtt5Eo6HJFkIQmf/2+qnMoI/o2AYyWHFd fhnpa1h/qK5Gj+JHLqrDqRMmvg3aBcqvYK83kOr46KBvXcC8QaCIzvp0gLNaDcHDrZig It5A==
MIME-Version: 1.0
X-Received: by 10.182.68.13 with SMTP id r13mr28603456obt.20.1433351935722; Wed, 03 Jun 2015 10:18:55 -0700 (PDT)
Received: by 10.60.33.167 with HTTP; Wed, 3 Jun 2015 10:18:55 -0700 (PDT)
In-Reply-To: <CABCOCHRFZ=rk02YnNrEKj9viF0ZHBaW8uO8=ndb+QS+6oUn1=w@mail.gmail.com>
References: <011e01d098ae$4e254060$ea6fc120$@ndzh.com> <20150527220901.GA67473@elstar.local> <556654AB.9030206@joelhalpern.com> <CABCOCHTDRCA_T+m-waEq7MHQ4v=6E=4z33HPWQR1s4349ifkRA@mail.gmail.com> <20150528060502.GA68091@elstar.local> <CABCOCHQdfqaEJ36DktwcN_NYi_SfPT6kRMdEzB9htvkf4qzJUw@mail.gmail.com> <020101d0999d$26fe2750$74fa75f0$@ndzh.com> <CABCOCHStya+LQEPfEfEvWRqeYhccekG8_vC6EYzC5AKy2yXJCA@mail.gmail.com> <022701d099a3$b822c5f0$286851d0$@ndzh.com> <CABCOCHRSFut_ryO41WewUw97wF1KYBztReg7LSonbAwk1A6f5A@mail.gmail.com> <000901d09a5a$36044cd0$a20ce670$@ndzh.com> <CABCOCHQLKJHx-aJO8SKHE7Jd2VQ8-kM_vUAZrF+4h11GXFgAnw@mail.gmail.com> <CAG4d1rf8xXO2MDV1FMLAwnDaoXv17h3cPtpxH1Pg-+oEi4vCsQ@mail.gmail.com> <CABCOCHRFZ=rk02YnNrEKj9viF0ZHBaW8uO8=ndb+QS+6oUn1=w@mail.gmail.com>
Date: Wed, 03 Jun 2015 13:18:55 -0400
Message-ID: <CAG4d1rdm-r0G8taNOzpicxfozLrRTLrCKwk6OT7MftMK9n8MWg@mail.gmail.com>
From: Alia Atlas <akatlas@gmail.com>
To: Andy Bierman <andy@yumaworks.com>
Content-Type: multipart/alternative; boundary="e89a8fb1f60ef78aeb0517a040e5"
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/xUg3h-D1uVMbfzls8EipK9wngNk>
Cc: "i2rs@ietf.org" <i2rs@ietf.org>, Jeff Haas <jhaas@juniper.net>, chen.ran@zte.com.cn, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Alia Atlas <akatlas@juniper.net>, Jeffrey Haas <jhaas@pfrc.org>, "Joel M. Halpern" <jmh@joelhalpern.com>, Susan Hares <shares@ndzh.com>
Subject: Re: [i2rs] draft-chen-i2rs-identifier-management-00
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 17:19:03 -0000
On Wed, Jun 3, 2015 at 1:15 PM, Andy Bierman <andy@yumaworks.com> wrote: > On Wed, Jun 3, 2015 at 10:02 AM, Alia Atlas <akatlas@gmail.com> wrote: > > Andy, > > > > On Fri, May 29, 2015 at 8:41 PM, Andy Bierman <andy@yumaworks.com> > wrote: > >> > >> On Fri, May 29, 2015 at 2:55 PM, Susan Hares <shares@ndzh.com> wrote: > >> > Andy: > >> > > >> > > >> > > >> > On all actions working or not – you should look at section 7.9 of the > >> > architecture. It allows “perform all or none”, “perform until error”, > >> > and > >> > “perform all storing errors.” I will propose an addition to section > >> > 2.4 > >> > to Jeff’s document: > >> > > >> > > >> > >> OK -- I remember these options now. > >> > >> It should be clear in the document that stopping on error or recording > >> errors does not mean the agent will leave the datastore in an invalid > >> state. Most YANG validation errors can be pruned from the datastore. > >> This may or may not leave the datastore in an operationally useful > state. > >> The must/min-elements/unique statements can cause validation errors > >> on nodes outside the edit list. > >> > >> NETCONF does not allow validation errors in the running datastore. > >> I2RS should not allow validation errors in the ephemeral data. > > > > > > I agree. For the stop-on-error, when one operation in the message > causes an > > error, > > that operation is not done (can't b/c of error) AND no operations after > that > > in the > > message are done. For recording errors, all operations in the message > are > > attempted in order and any errors are recorded to send back to the > client. > > If an operation caused an error, then the operation isn't completed. > > > > Does that make sense? > > > > > I think so. This is a sharp knife. Developers using anything > except 'all-or-none' will need to be very knowledgeable about the > data models in use in order for partial edits to be practical. > But I think the draft makes this clear. > I should have read further in the thread before responding. I saw that you gave exactly this with good clear examples. Alia > > > Regards, > > Alia > > > > > > Andy > > >> > >> > >> Andy > >> > >> > > >> > 2.4 ) Transaction to ephemeral state: > >> > > >> > > >> > > >> > The ephemeral state should support a multiple parts of a operation > >> > occurring > >> > in a single message, but it does not require multi-message atomicity > and > >> > rollback. Three types of error handling should be supported: > >> > > >> > > >> > > >> > Perform all or none: This traditional SNMP semantic indicates > that > >> > > >> > other I2RS agent will keep enough state when handling a single > >> > > >> > message to roll back the operations within that message. Either > >> > > >> > all the operations will succeed, or none of them will be applied > >> > > >> > and an error message will report the single failure which caused > >> > > >> > them not to be applied. This is useful when there are, for > >> > > >> > example, mutual dependencies across operations in the message. > >> > > >> > > >> > > >> > Perform until error: In this case, the operations in the message > >> > > >> > are applied in the specified order. When an error occurs, no > >> > > >> > further operations are applied, and an error is returned > >> > > >> > indicating the failure. This is useful if there are > dependencies > >> > > >> > among the operations and they can be topologically sorted. > >> > > >> > > >> > > >> > Perform all storing errors: In this case, the I2RS Agent will > >> > > >> > attempt to perform all the operations in the message, and will > >> > > >> > return error indications for each one that fails. This is > useful > >> > > >> > when there is no dependency across the operation, or where the > >> > > >> > client would prefer to sort out the effect of errors on its own. > >> > > >> > > >> > > >> > In the interest of robustness and clarity of protocol state, the > >> > > >> > protocol will include an explicit reply to modification or write > >> > > >> > operations even when they fully succeed. > >> > > >> > > >> > > >> > > >> > > >> > Will this cover the architecture document 7.9 transactions impact on > >> > ephemeral state? > >> > > >> > > >> > > >> > Sue Hares > >> > > >> > > >> > > >> > From: Susan Hares [mailto:shares@ndzh.com] > >> > Sent: Friday, May 29, 2015 1:44 PM > >> > To: 'Andy Bierman' > >> > Cc: 'Juergen Schoenwaelder'; 'Joel M. Halpern'; 'Jeffrey Haas'; > >> > 'i2rs@ietf.org'; 'chen.ran@zte.com.cn'; 'Alia Atlas' > >> > Subject: RE: [i2rs] draft-chen-i2rs-identifier-management-00 > >> > > >> > > >> > > >> > Andy: > >> > > >> > > >> > > >> > I missed the second part of the email > >> > (http://www.ietf.org/mail-archive/web/i2rs/current/msg02532.html) in > my > >> > earlier message: > >> > > >> > > >> > > >> >>. " The last paragraph sounds like some nodes will be accepted and > >> >> others > >> >> rejected. > >> > > >> >>If any nodes are rejected, the entire edit should be rejected. > >> > > >> > > >> > > >> > RESTCONF does an atomic action within a http session. NETCONF > within a > >> > commit. Section 6.2 of the I2RS architecture document describes state > >> > storage for I2RS, and it does not have the atomic requirement for the > >> > protocol. Instead section 3.3 of the I2RS architecture document calls > >> > for > >> > this to be model driver. Let me provide examples from the 2 major > I2RS > >> > protocol independent models: > >> > > >> > > >> > > >> > The I2RS RIB yang model (draft-ietf-i2rs-rib-data-model-00) proposes > >> > that > >> > each route will be associated with the following: route preference, > >> > active, > >> > installed. Notifications for route change will be given if route is > >> > installed, active, and a reason given, or if the route commit fails. > >> > Some > >> > routes may be accepted, and some routes rejected for installation to > the > >> > RIB. The concept is the client will be able to detect when a route > is > >> > rejected. > >> > > >> > > >> > > >> > The draft-ietf-i2rs-yang-network-topo-00 states in section 3.5 > discusses > >> > the > >> > challenge that topology models are not: configuration data only or > >> > operational data only – but a combination of both in ephemeral state. > >> > Draft-ietf-i2rs-yang-network-topo-00 suggests an ephemeral topology > >> > model > >> > which is operational (read-only) that contains data from: a) only read > >> > from > >> > operational units, b) a configured topology, and c) combination > topology > >> > (operational state and configured). (A second alternative is to just > >> > have > >> > “a” and “b”, but for now let’s focus on a, b, and c). The “C” > >> > combination > >> > topology may be generated based on priority of configured topology > >> > versus > >> > operational data. The inclusion in “c” may also be validated (E.g. > >> > interface up, or L3 link runs on tunnel over interface which is up)). > >> > > >> > > >> > > >> > These two model documents show why atomic state may be on a very small > >> > section of the whole change. > >> > > >> > > >> > > >> >> I don’t think the rule-list should store the client priority. > >> > > >> >> It should be in the 'group' list, or outside NACM completely." > >> > > >> > > >> > > >> > Your alternate proposal are: > >> > > >> > > >> > > >> > 1) Moving i2rs-priority to group list > >> > > >> > 2) Adding a i2rs-client [unspecified location] > >> > > >> > > >> > > >> > This mail deals with #1. If you have more details on proposal #2, > >> > please > >> > suggest them on the list. > >> > > >> > > >> > > >> > list i2rs-client { > >> > > >> > key name; > >> > > >> > leaf name { > >> > > >> > description "The client name"; > >> > > >> > type i2rs:client-name; > >> > > >> > } > >> > > >> > leaf priority { > >> > > >> > description "The priority value assigned to this client."; > >> > > >> > type i2rs:client-priority; > >> > > >> > } > >> > > >> > } > >> > > >> > > >> > > >> > Question: Is this i2rs-list to be included in the group list for NACM > >> > (as > >> > listed below from RFC6536) as a leaf list below? > >> > > >> > > >> > > >> > container groups { > >> > > >> > description > >> > > >> > "NETCONF Access Control Groups."; > >> > > >> > > >> > > >> > list group { > >> > > >> > key name; > >> > > >> > description > >> > > >> > "One NACM Group Entry. This list will only contain > >> > > >> > configured entries, not any entries learned from > >> > > >> > any transport protocols."; > >> > > >> > > >> > > >> > leaf name { > >> > > >> > type group-name-type; > >> > > >> > description > >> > > >> > "Group name associated with this entry."; > >> > > >> > } > >> > > >> > > >> > > >> > leaf-list user-name { > >> > > >> > type user-name-type; > >> > > >> > description > >> > > >> > "Each entry identifies the username of > >> > > >> > a member of the group associated with > >> > > >> > this entry."; > >> > > >> > } > >> > > >> > # add leaf-list I2rs-client here > >> > > >> > } > >> > > >> > } > >> > > >> > Your message: > >> > http://www.ietf.org/mail-archive/web/i2rs/current/msg02523.html > >> > > >> > States: "I think I2RS interaction with NACM needs to be clearly > >> > defined. > >> > NACM implementations do not currently check write requests > >> > > >> > on config=false data. It is possible some edits to NACM are needed > even > >> > if > >> > no objects are added to the data structure." > >> > > >> > > >> > > >> > Do you have a proposal for changing the text in section 5.2 of > >> > draft-haas-i2rs-ephemeral-state-reqs-00? > >> > > >> > Is it sufficient to state: “NACM implementations for I2RS will need > to > >> > check write request on config=false, ephemeral = true. “ > >> > > >> > before the paragraph: > >> > > >> > > >> > > >> > “Ephemeral configuration state nodes that are created or altered by > >> > users > >> > that match a rule carrying i2rs-priority will have those nodes > annotated > >> > with metadata. Additionally, during commit processing, if nodes are > >> > found > >> > where i2rs-priority is already present, and the priority is better > than > >> > the > >> > transaction's user's priority for that node, the commit SHALL fail. An > >> > appropriate error should be returned > >> > > >> > to the user stating the nodes where the user had insufficient > >> > > >> > priority to override the state. > >> > > >> > > >> > > >> > I’m unclear what this means: “It is possible some edits to NACM are > >> > needed > >> > even if no objects are added to the data structure." > >> > > >> > > >> > > >> > Sue > >> > > >> > > >> > > >> > -----Original Message----- > >> > From: Andy Bierman [mailto:andy@yumaworks.com] > >> > Sent: Thursday, May 28, 2015 8:23 PM > >> > To: Susan Hares > >> > Cc: Juergen Schoenwaelder; Joel M. Halpern; Jeffrey Haas; > i2rs@ietf.org; > >> > chen.ran@zte.com.cn; Alia Atlas > >> > Subject: Re: [i2rs] draft-chen-i2rs-identifier-management-00 > >> > > >> > > >> > > >> > On Thu, May 28, 2015 at 5:09 PM, Susan Hares <shares@ndzh.com> wrote: > >> > > >> >> Andy: > >> > > >> >> > >> > > >> >> Thank you for your question. Let me precise. > >> > > >> >> > >> > > >> >> Jeff proposes that clients specify the priority mechanism is an > >> >> attribute > >> >> that is stored in the NACM list on the agent (see Section 5.2 as > >> >> described > >> >> in the draft-haas-i2rs-ephemeral-state-reqs-00 (quoted below). The > >> >> client-Agent identities are load in a mechanism which is out-of-band > >> >> from > >> >> the I2RS protocol these values. Into the Client, the Agent's ID is > >> >> loaded. > >> >> Into the Agent, the valid client's identity is loaded along with the > >> >> client's priority. AAA (Radius/Diameter) is an example of an > >> >> out-of-band > >> >> mechanism to pass the information with. IMU (in my understanding), > the > >> >> NACM > >> >> on the agent is created based on this AAA loading. The i2rs > secondary > >> >> identity is loaded via an edit-config mechanism in a config operation > >> >> (see > >> >> section 5.1 of Jeff's document.). Please let me know if my > >> >> understanding of > >> >> NACM creation based on AAA input is correct. > >> > > >> >> > >> > > >> > > >> > > >> > That is an optional mode. > >> > > >> > There is also a local users table that can be used. > >> > > >> > > >> > > >> > > >> > > >> >> I2RS Module Nodes (E.g. I2RS RIB routes) are written within an Agent > >> >> will > >> >> be annotated with meta-data with the client-id, priority, and > secondary > >> >> ID. > >> > > >> >> > >> > > >> >> The only proposed change to section 5.2 requirements is to the > >> > > >> >> sentence "Additionally, during commit processing, if > >> > > >> >> nodes are found where i2rs-priority is already present, and the > >> > > >> >> priority is better than the transaction's user's priority for that > >> > > >> >> node, the commit SHALL fail. > >> > > >> >> > >> > > >> >> " Additionally, during commit processing" is incorrect because there > is > >> >> not commit processing. Jeff stated we are still working with both > >> >> NETCONF > >> >> and RESTCONF - so we must allow for a commit process. In the > meeting I > >> >> noted that the architecture indicates a change is possible only if > the > >> >> priority is greater than (>) existing priority. (First rather than > >> >> last). > >> >> Therefore this text should read: "Additionally, during the operation > >> >> (RESTCONF)/Commit (NETCONF) processing, if the nodes are found where > >> >> i2rs-priority is already present, and the priority is equal to or > >> >> better > >> >> than the transaction's user's priority for the node, the > >> >> operation/commit > >> >> SHALL fail." > >> > > >> >> > >> > > >> >> Do you have any suggestions for modifications to section 5 of Jeff's > >> >> document? > >> > > >> >> > >> > > >> >> Sue > >> > > >> >> > >> > > >> >> ============================ > >> > > >> >> Jeff's document 5.2 states: > >> > > >> >> > >> > > >> >> To support Multi-Headed Control, I2RS requires that there be a > >> > > >> >> decidable means of arbitrating the correct state of data when > >> > > >> >> multiple clients attempt to manipulate the same piece of data. > This > >> > > >> >> is done via a priority mechanism with the highest priority > winning. > >> > > >> >> This priority may vary on a per-node or sub-tree basis based for a > >> > > >> >> given identity. > >> > > >> >> > >> > > >> >> This further implies that priority is an attribute that is stored > in > >> > > >> >> the NETCONF Access Control Model [RFC6536] as part of a rule-list. > >> > > >> >> E.g.: > >> > > >> >> > >> > > >> >> Ephemeral configuration state nodes that are created or altered by > >> > > >> >> users that match a rule carrying i2rs-priority will have those > nodes > >> > > >> >> annotated with metadata. Additionally, during commit processing, > if > >> > > >> >> nodes are found where i2rs-priority is already present, and the > >> > > >> >> priority is better than the transaction's user's priority for that > >> > > >> >> node, the commit SHALL fail. An appropriate error should be > >> >> returned > >> > > >> >> to the user stating the nodes where the user had insufficient > >> > > >> >> priority to override the state. > >> > > >> >> > >> > > >> > > >> > > >> > > >> > > >> > The last paragraph sounds like some nodes will be accepted and others > >> > rejected. > >> > > >> > If any nodes are rejected, the entire edit should be rejected. > >> > > >> > > >> > > >> > I don;t think the rule-list should store the client priority. > >> > > >> > It should be in the 'group' list, or outside NACM completely. > >> > > >> > > >> > > >> > > >> > > >> > Andy > >> > > >> > > >> > > >> >> > >> > > >> >> > >> > > >> >> -----Original Message----- > >> > > >> >> From: Andy Bierman [mailto:andy@yumaworks.com] > >> > > >> >> Sent: Thursday, May 28, 2015 7:40 PM > >> > > >> >> To: Susan Hares > >> > > >> >> Cc: Juergen Schoenwaelder; Joel M. Halpern; Jeffrey Haas; > >> > > >> >> i2rs@ietf.org; chen.ran@zte.com.cn; Alia Atlas > >> > > >> >> Subject: Re: [i2rs] draft-chen-i2rs-identifier-management-00 > >> > > >> >> > >> > > >> >> On Thu, May 28, 2015 at 4:22 PM, Susan Hares <shares@ndzh.com> > wrote: > >> > > >> >>> Andy: > >> > > >> >>> > >> > > >> >>> Yes - the client with priority and secondary identity are inherently > >> >>> simple additions. Can you confirm my understanding below based on > >> >>> Jeff's > >> >>> document? > >> > > >> >>> > >> > > >> >> > >> > > >> >> Not sure what you mean. > >> > > >> >> i don't think the client should provide the priority in request > >> >> messages. > >> > > >> >> This is configured on the agent, not requested by the client. > >> > > >> >> > >> > > >> >> > >> > > >> >>> Can you explain your statement "I do not want to change NETCONF or > >> >>> RESTCONF to use client priority?" What are you proposing that you > do > >> >>> not > >> >>> want to add the NACM list the priority? > >> > > >> >> > >> > > >> >> I don't want to change NETCONF and RESTCONF so that config=true > objects > >> >> use priority. Only I2RS should use it. > >> > > >> >> > >> > > >> >>> > >> > > >> >>> Sue > >> > > >> >> > >> > > >> >> Andy > >> > > >> >> > >> > > >> >>> =============== > >> > > >> >>> > >> > > >> >>> Example > >> > > >> >>> ------------------------ > >> > > >> >>> 1) any multiple TCP sessions from a client application will use a > >> >>> different ID if they want a different priority for write of an > object > >> > > >> >>> Application 1: TCP session 1 - priority 1, > >> >>> secondary-identity "pub-sub monitor" > >> > > >> >>> Application 1: TCP session 2 - priority 10, > >> >>> secondary-identity "tracing monitor" > >> > > >> >>> Application 1: TCP session 3 - priority 20, opaque "Weekly > >> >>> config" > >> > > >> >>> Application 1: TCP session 4 - priority 55, opaque > >> >>> "Emergency > >> >>> config" > >> > > >> >>> > >> > > >> >>> Jeff's META-data example: > >> > > >> >>> > >> > > >> >>> <foo xmlns:i2rs="https://ietf.example.com/i2rs" > >> > > >> >>> i2rs:i2rs-secondary-identity="user1" > i2rs:i2rs-priority="47"> > >> > > >> >>> ... > >> > > >> >>> </foo> > >> > > >> >>> > >> > > >> >>> For my example TCP session 1 > >> > > >> >>> <foo xmlns:i2rs="http:s//ietf.example.com/i2rs" > >> > > >> >>> I2rs:i2rs-secondary-identity="pub-sub montior" > >> > > >> >>> i2rs:i2rs-priority="1"> > >> > > >> >>> > >> > > >> >>> Juergen's client example: > >> > > >> >>> > >> > > >> >>> list i2rs-client { > >> > > >> >>> key name; > >> > > >> >>> leaf name { > >> > > >> >>> description "The client name"; > >> > > >> >>> type i2rs:client-name; > >> > > >> >>> } > >> > > >> >>> leaf priority { > >> > > >> >>> description "The priority value assigned to this client."; > >> > > >> >>> type i2rs:client-priority; > >> > > >> >>> } > >> > > >> >>> } > >> > > >> >>> > >> > > >> >>> +--rw rule-list [name] > >> > > >> >>> +--rw name string > >> > > >> >>> +--rw group* union > >> > > >> >>> +--rw rule [name] > >> > > >> >>> +--rw name string > >> > > >> >>> +--rw module-name? union > >> > > >> >>> +--rw (rule-type)? > >> > > >> >>> | +--:(protocol-operation) > >> > > >> >>> | | +--rw rpc-name? union > >> > > >> >>> | +--:(notification) > >> > > >> >>> | | +--rw notification-name? union > >> > > >> >>> | +--:(data-node) > >> > > >> >>> | +--rw path node-instance-identifier > >> > > >> >>> +--rw access-operations? union > >> > > >> >>> +--rw action action-type > >> > > >> >>> +--rw comment? string > >> > > >> >>> +--rw i2rs:i2rs-priority i2rs-priority-type > >> > > >> >>> > >> > > >> >>> Are you proposing something different than Jeff's proposal? > >> > > >> >>> > >> > > >> >>> Sue > >> > > >> >>> > >> > > >> >>> -----Original Message----- > >> > > >> >>> From: Andy Bierman [mailto:andy@yumaworks.com] > >> > > >> >>> Sent: Thursday, May 28, 2015 11:17 AM > >> > > >> >>> To: Juergen Schoenwaelder; Andy Bierman; Joel M. Halpern; Jeffrey > >> > > >> >>> Haas; i2rs@ietf.org; chen.ran@zte.com.cn; Alia Atlas; Susan Hares > >> > > >> >>> Subject: Re: [i2rs] draft-chen-i2rs-identifier-management-00 > >> > > >> >>> > >> > > >> >>> On Wed, May 27, 2015 at 11:05 PM, Juergen Schoenwaelder > >> >>> <j.schoenwaelder@jacobs-university.de> wrote: > >> > > >> >>>> On Wed, May 27, 2015 at 06:04:58PM -0700, Andy Bierman wrote: > >> > > >> >>>>> > >> > > >> >>>>> Although I should be promoting use of NACM, I am not so sure it > >> > > >> >>>>> should be mandatory for I2RS or required to configure I2RS client > >> >>>>> priority. > >> > > >> >>>>> > >> > > >> >>>>> list i2rs-client { > >> > > >> >>>>> key name; > >> > > >> >>>>> leaf name { > >> > > >> >>>>> description "The client name"; > >> > > >> >>>>> type i2rs:client-name; > >> > > >> >>>>> } > >> > > >> >>>>> leaf priority { > >> > > >> >>>>> description "The priority value assigned to this client."; > >> > > >> >>>>> type i2rs:client-priority; > >> > > >> >>>>> } > >> > > >> >>>>> } > >> > > >> >>>> > >> > > >> >>>> So what is i2rs:client-name - is it any different from a > >> > > >> >>>> NETCONF/RESTCONF username? > >> > > >> >>>> > >> > > >> >>> > >> > > >> >>> Is is probably not different. > >> > > >> >>> > >> > > >> >>> > >> > > >> >>>> NACM maps user names into groups and NACM allows to have the > mapping > >> > > >> >>>> supplied by an external source (e.g. RADIUS). If this priority > >> > > >> >>>> mapping is kept separate from NACM, would we need to provision > means > >> > > >> >>>> to get the priority from AAA as well? > >> > > >> >>>> > >> > > >> >>> > >> > > >> >>> My point showing the 2 item list is that the information needed to > >> >>> implement I2RS client priority is rather trivial. > >> > > >> >>> It can certainly be made really complicated by the IETF, but it is > an > >> >>> inherently trivial configuration. > >> > > >> >>> > >> > > >> >>>> And the bigger question: Do we create something specific for I2RS > or > >> > > >> >>>> are we going to extend the generic YANG/NC/RC framework to provide > >> > > >> >>>> the tools I2RS needs? This is probably a question the NETCONF WG > has > >> > > >> >>>> to answer. > >> > > >> >>> > >> > > >> >>> It is good to make reusable features. > >> > > >> >>> I don't want to change NETCONF or RESTCONF to use client priority. > >> > > >> >>> Let I2RS prove it is useful first. I am not convinced it will > really > >> >>> help. > >> > > >> >>> It seems like an implementation detail that is being turned into ad > >> >>> administrative task. If multiple clients from multiple vendors are > >> >>> stepping > >> >>> on each other, then the likely outcome of a priority change by the > >> >>> administrator will be to select which clients should continue > working > >> >>> and > >> >>> which should be broken. > >> > > >> >>> > >> > > >> >>> > >> > > >> >>>> > >> > > >> >>>> /js > >> > > >> >>>> > >> > > >> >>> > >> > > >> >>> Andy > >> > > >> >>> > >> > > >> >>>> -- > >> > > >> >>>> Juergen Schoenwaelder Jacobs University Bremen gGmbH > >> > > >> >>>> Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | > >> >>>> Germany > >> > > >> >>>> Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > >> > > >> >>> > >> > > >> >>> _______________________________________________ > >> > > >> >>> i2rs mailing list > >> > > >> >>> i2rs@ietf.org > >> > > >> >>> https://www.ietf.org/mailman/listinfo/i2rs > >> > > >> >> > >> > >> _______________________________________________ > >> i2rs mailing list > >> i2rs@ietf.org > >> https://www.ietf.org/mailman/listinfo/i2rs > > > > >
- [i2rs] draft-chen-i2rs-identifier-management-00 Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Juergen Schoenwaelder
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Joel M. Halpern
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Juergen Schoenwaelder
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Joel M. Halpern
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Juergen Schoenwaelder
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Juergen Schoenwaelder
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Juergen Schoenwaelder
- Re: [i2rs] I2RS priority location Joel M. Halpern
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Joel M. Halpern
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Joel M. Halpern
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Martin Bjorklund
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Alia Atlas
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Alia Atlas
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Andy Bierman
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Susan Hares
- Re: [i2rs] draft-chen-i2rs-identifier-management-… Jeffrey Haas