Re: [L3sm] New Version Notification for draft-wu-l3sm-rfc8049bis-02.txt

David Ball <daviball@cisco.com> Thu, 24 August 2017 10:30 UTC

To: Qin Wu <bill.wu@huawei.com>, "l3sm@ietf.org" <l3sm@ietf.org>
Cc: Stephane Litkowski <stephane.litkowski@orange.com>, Kenichi Ogaki <ke-oogaki@kddi.com>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>
References: <B8F9A780D330094D99AF023C5877DABA9AA5D7A2@nkgeml513-mbx.china.huawei.com> <c76328ad-b71e-b2a3-92a4-b02beac2be7d@cisco.com> <B8F9A780D330094D99AF023C5877DABA9AABA8A4@nkgeml513-mbx.china.huawei.com> <1823e4d3-c6ff-f3ca-d140-74fc5edba188@cisco.com> <B8F9A780D330094D99AF023C5877DABA9AACC2FE@nkgeml513-mbx.china.huawei.com> <57523131-0016-069a-8663-63c3be1fac81@cisco.com> <B8F9A780D330094D99AF023C5877DABA9AACC7B0@nkgeml513-mbx.china.huawei.com>
From: David Ball <daviball@cisco.com>
Message-ID: <aca381d3-9dfa-bdf0-fac0-1be4e0ad6ce6@cisco.com>
Date: Thu, 24 Aug 2017 11:30:40 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <B8F9A780D330094D99AF023C5877DABA9AACC7B0@nkgeml513-mbx.china.huawei.com>
Content-Type: multipart/alternative; boundary="------------DDB9CCB3351755A24746E2F9"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/l3sm/3CIa1O0VYWMcaAdbVSZs3E6AeZY>
Subject: Re: [L3sm] New Version Notification for draft-wu-l3sm-rfc8049bis-02.txt
Precedence: list


On 24/08/2017 11:11, Qin Wu wrote:
>
> *发件人:*David Ball [mailto:daviball@cisco.com]
> *发送时间:*2017年8月24日17:32
> *收件人:*Qin Wu; l3sm@ietf.org
> *抄送:*Stephane Litkowski; Kenichi Ogaki; adrian@olddog.co.uk
> *主题:*Re: [L3sm] New Version Notification for 
> draft-wu-l3sm-rfc8049bis-02.txt
>
> On 24/08/2017 01:50, Qin Wu wrote:
>
> [Qin]: Okay, the propose change will look like this:
>
> “
>
> import ietf-netconf-acm {
>
>   prefix nacm;
>
> }
>
> ……
>
> grouping vpn-profile-cfg {
>
>   container valid-provider-identifiers {
>
>    list cloud-identifier {
>
>     if-feature cloud-access;
>
>     key id;
>
>     leaf id {
>
>      type string;
>
>      description
>
>       "Identification of cloud service.
>
>        Local administration meaning.";
>
>     }
>
> nacm:default-deny-write;
>
>     description
>
>     "List for Cloud Identifiers.";
>
>   }
>
>    list encryption-profile-identifier {
>
>     key id;
>
>     leaf id {
>
>      type string;
>
>      description
>
>       "Identification of the SP encryption profile
>
>        to be used. Local administration meaning.";
>
>     }
>
>  nacm:default-deny-write;
>
>     description
>
>     "List for encryption profile identifiers.";
>
>    }
>
>    list qos-profile-identifier {
>
>     key id;
>
>     leaf id {
>
>      type string;
>
>      description
>
>       "Identification of the QoS Profile to be used.
>
>        Local administration meaning.";
>
>    }
>
> nacm:default-deny-write;
>
>     description
>
>     "List for QoS Profile Identifiers.";
>
>    }
>
>    list bfd-profile-identifier {
>
>     key id;
>
>     leaf id {
>
>      type string;
>
>      description
>
>       "Identification of the SP BFD Profile to be used.
>
>        Local administration meaning.";
>
>     }
>
> nacm:default-deny-write;
>
>     description
>
>     "List for BFD profile Identifiers.";
>
>    }
>
>      description
>
>     "Container for Valid Provider Identifies.";
>
>   }
>
>    description
>
>    "Grouping for VPN Profile configuration.";
>
> }
>
> ”
>
> This will get in line with Jan’s proposal as well.
>
>
> If my understanding of RFC 6536 is correct, you need to put it on the 
> leaves as well as the lists (it doesn't cascade down the tree like 
> most other yang constructs).
>
> [Qin]: ahha, I find a example on how to use 
> “nacm:default-deny-write;”, see example in RFC7317,
>
> So we only need to put it on container level, the change will be like 
> this:
>

[DB] Like I said, my reading of RFC6536 is that it doesn't cascade down 
the tree, so it needs to be put on every node.  Just putting it on the 
container would mean that the client couldn't create the container, but 
if the container already existed, they would still be able to write to 
everything inside it.  See RFC6536 section 3.2.3 for example.  I think 
the example in RFC7317 is wrong, although it is the same authors as 
RFC6536, which is curious.  I'll check with Martin.

     David

> “
>
> import ietf-netconf-acm {
>
>   prefix nacm;
>
> }
>
> ……
>
> grouping vpn-profile-cfg {
>
>   container valid-provider-identifiers {
>
>    list cloud-identifier {
>
>     if-feature cloud-access;
>
>     key id;
>
>     leaf id {
>
>      type string;
>
>      description
>
>       "Identification of cloud service.
>
>        Local administration meaning.";
>
>     }
>
>     description
>
>     "List for Cloud Identifiers.";
>
>    }
>
>    list encryption-profile-identifier {
>
>     key id;
>
>     leaf id {
>
>      type string;
>
>      description
>
>       "Identification of the SP encryption profile
>
>        to be used. Local administration meaning.";
>
>     }
>
>     description
>
>     "List for encryption profile identifiers.";
>
>    }
>
>    list qos-profile-identifier {
>
>     key id;
>
>     leaf id {
>
>      type string;
>
>      description
>
>       "Identification of the QoS Profile to be used.
>
>        Local administration meaning.";
>
>     }
>
>          nacm:default-deny-write;
>
>     description
>
>     "List for QoS Profile Identifiers.";
>
>    }
>
>    list bfd-profile-identifier {
>
>     key id;
>
>     leaf id {
>
>      type string;
>
>      description
>
>       "Identification of the SP BFD Profile to be used.
>
>        Local administration meaning.";
>
>     }
>
>     description
>
>     "List for BFD profile Identifiers.";
>
>    }
>
>      description
>
>     "Container for Valid Provider Identifies.";
>
>   }
>
>   nacm:default-deny-write;
>
>    description
>
>    "Grouping for VPN Profile configuration.";
>
> }
>
> ”
>
> Does this work for you?
>
>     David
>
>
> -- 
> David Ball
> <daviball@cisco.com> <mailto:daviball@cisco.com>

-- 
David Ball
<daviball@cisco.com>

Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… Ogaki, Kenichi
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… David Ball
[L3sm] 答复: New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… Jan Lindblad (jlindbla)
Re: [L3sm] New Version Notification for draft-wu-… ke-oogaki@kddi.com
Re: [L3sm] New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] New Version Notification for draft-wu-… David Ball
Re: [L3sm] New Version Notification for draft-wu-… David Ball
[L3sm] 答复: New Version Notification for draft-wu-… Qin Wu
Re: [L3sm] 答复: New Version Notification for draft… David Ball
[L3sm] 答复: 答复: New Version Notification for draft… Qin Wu
Re: [L3sm] 答复: 答复: New Version Notification for d… David Ball
[L3sm] R: RE: RE: New Version Notification for dr… Qin Wu