IETF Logo Mail Archive

Re: [L3sm] New Version Notification for draft-wu-l3sm-rfc8049bis-02.txt

Qin Wu <bill.wu@huawei.com> Thu, 24 August 2017 10:51 UTC

Return-Path: <bill.wu@huawei.com>
X-Original-To: l3sm@ietfa.amsl.com
Delivered-To: l3sm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9873132914 for <l3sm@ietfa.amsl.com>; Thu, 24 Aug 2017 03:51:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tuCZpXXhS6yU for <l3sm@ietfa.amsl.com>; Thu, 24 Aug 2017 03:50:58 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40B601321C9 for <l3sm@ietf.org>; Thu, 24 Aug 2017 03:50:56 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml703-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DUB55664; Thu, 24 Aug 2017 10:50:53 +0000 (GMT)
Received: from NKGEML411-HUB.china.huawei.com (10.98.56.70) by lhreml703-cah.china.huawei.com (10.201.108.44) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 24 Aug 2017 11:50:52 +0100
Received: from NKGEML513-MBX.china.huawei.com ([169.254.1.219]) by nkgeml411-hub.china.huawei.com ([10.98.56.70]) with mapi id 14.03.0235.001; Thu, 24 Aug 2017 18:50:48 +0800
From: Qin Wu <bill.wu@huawei.com>
To: David Ball <daviball@cisco.com>, "l3sm@ietf.org" <l3sm@ietf.org>
CC: Stephane Litkowski <stephane.litkowski@orange.com>, Kenichi Ogaki <ke-oogaki@kddi.com>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>
Thread-Topic: [L3sm] New Version Notification for draft-wu-l3sm-rfc8049bis-02.txt
Thread-Index: AQHTEPkPvtKnYeVf5kqBvex8Emv4lqJ70DmggAkEwYCACZi1sIAAIaGQgALTHQCAAWC5gIAADJYAgACQE5D//4AyAIAAh9yQ
Date: Thu, 24 Aug 2017 10:50:48 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABA9AACC813@nkgeml513-mbx.china.huawei.com>
References: <B8F9A780D330094D99AF023C5877DABA9AA5D7A2@nkgeml513-mbx.china.huawei.com> <c76328ad-b71e-b2a3-92a4-b02beac2be7d@cisco.com> <B8F9A780D330094D99AF023C5877DABA9AABA8A4@nkgeml513-mbx.china.huawei.com> <1823e4d3-c6ff-f3ca-d140-74fc5edba188@cisco.com> <B8F9A780D330094D99AF023C5877DABA9AACC2FE@nkgeml513-mbx.china.huawei.com> <57523131-0016-069a-8663-63c3be1fac81@cisco.com> <B8F9A780D330094D99AF023C5877DABA9AACC7B0@nkgeml513-mbx.china.huawei.com> <aca381d3-9dfa-bdf0-fac0-1be4e0ad6ce6@cisco.com>
In-Reply-To: <aca381d3-9dfa-bdf0-fac0-1be4e0ad6ce6@cisco.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.79.163]
Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABA9AACC813nkgeml513mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020201.599EAF8E.010D, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.1.219, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: d1f91806db59184c9d27871b742d3605
Archived-At: <https://mailarchive.ietf.org/arch/msg/l3sm/NM8BXTNRBzBpjDbvaGfRJvH-LAY>
Subject: Re: [L3sm] New Version Notification for draft-wu-l3sm-rfc8049bis-02.txt
X-BeenThere: l3sm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: L3VPN Service YANG Model discussion group <l3sm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l3sm>, <mailto:l3sm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/l3sm/>
List-Post: <mailto:l3sm@ietf.org>
List-Help: <mailto:l3sm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l3sm>, <mailto:l3sm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2017 10:51:02 -0000

发件人: L3sm [mailto:l3sm-bounces@ietf.org] 代表 David Ball
发送时间: 2017年8月24日 18:31
收件人: Qin Wu; l3sm@ietf.org
抄送: Stephane Litkowski; Kenichi Ogaki; adrian@olddog.co.uk
主题: Re: [L3sm] New Version Notification for draft-wu-l3sm-rfc8049bis-02.txt




On 24/08/2017 11:11, Qin Wu wrote:


发件人: David Ball [mailto:daviball@cisco.com]
发送时间: 2017年8月24日 17:32
收件人: Qin Wu; l3sm@ietf.org<mailto:l3sm@ietf.org>
抄送: Stephane Litkowski; Kenichi Ogaki; adrian@olddog.co.uk<mailto:adrian@olddog.co.uk>
主题: Re: [L3sm] New Version Notification for draft-wu-l3sm-rfc8049bis-02.txt

On 24/08/2017 01:50, Qin Wu wrote:


[Qin]: Okay, the propose change will look like this:
“
import ietf-netconf-acm {
  prefix nacm;
}
……
grouping vpn-profile-cfg {
  container valid-provider-identifiers {
   list cloud-identifier {
    if-feature cloud-access;
    key id;
    leaf id {
     type string;
     description
      "Identification of cloud service.
       Local administration meaning.";
    }
    nacm:default-deny-write;
    description
    "List for Cloud Identifiers.";
  }
   list encryption-profile-identifier {
    key id;
    leaf id {
     type string;
     description
      "Identification of the SP encryption profile
       to be used. Local administration meaning.";
    }
    nacm:default-deny-write;
    description
    "List for encryption profile identifiers.";
   }
   list qos-profile-identifier {
    key id;
    leaf id {
     type string;
     description
      "Identification of the QoS Profile to be used.
       Local administration meaning.";
   }
         nacm:default-deny-write;
    description
    "List for QoS Profile Identifiers.";
   }

   list bfd-profile-identifier {
    key id;
    leaf id {
     type string;
     description
      "Identification of the SP BFD Profile to be used.
       Local administration meaning.";
    }
         nacm:default-deny-write;
    description
    "List for BFD profile Identifiers.";
   }
     description
    "Container for Valid Provider Identifies.";
  }
   description
   "Grouping for VPN Profile configuration.";
}
”
This will get in line with Jan’s proposal as well.

If my understanding of RFC 6536 is correct, you need to put it on the leaves as well as the lists (it doesn't cascade down the tree like most other yang constructs).


[Qin]: ahha, I find a example on how to use “nacm:default-deny-write;”, see example in RFC7317,
So we only need to put it on container level, the change will be like this:

[DB] Like I said, my reading of RFC6536 is that it doesn't cascade down the tree, so it needs to be put on every node.  Just putting it on the container would mean that the client couldn't create the container, but if the container already existed, they would still be able to write to everything inside it.  See RFC6536 section 3.2.3 for example.  I think the example in RFC7317 is wrong, although it is the same authors as RFC6536, which is curious.  I'll check with Martin.

[Qin]:  Yes, we need to get confirm about this, it looks to me if we apply “nacm:default-deny-write” to top level node, “nacm:default-deny-write” applicability will spread to the lower level nodes as well.
By reading RFC6536 section 3.2.3 example, I didn’t get the same understanding. Please correct me if I am wrong.


    David


“
import ietf-netconf-acm {
  prefix nacm;
}
……
grouping vpn-profile-cfg {
  container valid-provider-identifiers {
   list cloud-identifier {
    if-feature cloud-access;
    key id;
    leaf id {
     type string;
     description
      "Identification of cloud service.
       Local administration meaning.";
    }
    description
    "List for Cloud Identifiers.";
   }
   list encryption-profile-identifier {
    key id;
    leaf id {
     type string;
     description
      "Identification of the SP encryption profile
       to be used. Local administration meaning.";
    }
    description
    "List for encryption profile identifiers.";
   }
   list qos-profile-identifier {
    key id;
    leaf id {
     type string;
     description
      "Identification of the QoS Profile to be used.
       Local administration meaning.";
    }
         nacm:default-deny-write;
    description
    "List for QoS Profile Identifiers.";
   }

   list bfd-profile-identifier {
    key id;
    leaf id {
     type string;
     description
      "Identification of the SP BFD Profile to be used.
       Local administration meaning.";
    }
    description
    "List for BFD profile Identifiers.";
   }
     description
    "Container for Valid Provider Identifies.";
  }
  nacm:default-deny-write;
   description
   "Grouping for VPN Profile configuration.";
}
”
Does this work for you?

    David




--

David Ball

<daviball@cisco.com><mailto:daviball@cisco.com>



--

David Ball

<daviball@cisco.com><mailto:daviball@cisco.com>

v2.23.0 | Report a Bug | By Email