IETF Logo Mail Archive

Re: [lmap] AD evaluation: draft-ietf-lmap-yang-10

Alissa Cooper <alissa@cooperw.in> Wed, 25 January 2017 18:25 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: lmap@ietfa.amsl.com
Delivered-To: lmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B503A129AC0 for <lmap@ietfa.amsl.com>; Wed, 25 Jan 2017 10:25:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=h4C+aFLA; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=huyYCDoA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Is5gQzwP9mgU for <lmap@ietfa.amsl.com>; Wed, 25 Jan 2017 10:25:28 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF3F5129AC9 for <lmap@ietf.org>; Wed, 25 Jan 2017 10:25:28 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 1B6FE209C4; Wed, 25 Jan 2017 13:25:28 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 25 Jan 2017 13:25:28 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=WnlLnpaa7QRiX45 /MutKTvsq5vw=; b=h4C+aFLAsUZ/Naa3V0NBqcyf4A7GRjanwUaH7sJ9zDxKYL9 qL4yrJvs4n6DAAjnl2XzI/teA3DR8h1XS2HPhnuUxsqHOP36dm0jm/Qpl0sFN+2Q vPl37PcyaWSGl8hfLETaNBWve7yuPCDK1aOsnOg1WMDK92JLFbAdb4VVQOIg=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= smtpout; bh=WnlLnpaa7QRiX45/MutKTvsq5vw=; b=huyYCDoAxR3afd+l9hi2 Lt8ZkS5ykVeD0Y7zE2Cy1yr4otgC4v79d2EErZQ1F82YwUMsVIlETkI2Tz42ukAJ 1NW0tD0xvl/aiUj3Nhf4/syXskST4fRn/2VRUW9M5GfUqvDyp/U8k1FpGPAw45Sx yxevednN0QUwWaqGRntrsqU=
X-ME-Sender: <xms:mO2IWOyO0fG6M8RAHte6LvZ91Q0_zkN01FaZavXb2dmsQw7P2vCMbg>
X-Sasl-enc: 2vqrIg4fiG61Xj/TVZE7STuP1UezFKYmx5RFqBoklLZw 1485368727
Received: from dhcp-10-150-9-181.cisco.com (unknown [173.38.117.80]) by mail.messagingengine.com (Postfix) with ESMTPA id 5443F7E2DA; Wed, 25 Jan 2017 13:25:27 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <20170124202305.GA38068@elstar.local>
Date: Wed, 25 Jan 2017 13:25:26 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <E2346FCD-B119-4385-BBF8-B97207DFB693@cooperw.in>
References: <49AB42C1-3DE5-4289-9B32-173B69C191DC@cooperw.in> <20170124202305.GA38068@elstar.local>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lmap/--TgIY1jruVTcEheLI0nLIc-xLQ>
Cc: lmap@ietf.org
Subject: Re: [lmap] AD evaluation: draft-ietf-lmap-yang-10
X-BeenThere: lmap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Large Scale Measurement of Access network Performance <lmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lmap>, <mailto:lmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lmap/>
List-Post: <mailto:lmap@ietf.org>
List-Help: <mailto:lmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lmap>, <mailto:lmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2017 18:25:31 -0000

Hi Juergen,

Responses below. I trimmed out areas that don’t need a response.

> On Jan 24, 2017, at 3:23 PM, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> 
>> = Section 4.2 =
>> 
>> (1) "It is generally a good idea to always configure
>>            an end time and to refresh the configuration
>>            of event object as needed to ensure that agents
>>            that loose connectivity to their controller
>>            do not continue their tasks forever."
>> 
>> This is more of a comment for the information model, but if this is worth saying here, shouldn't it (also) be mentioned in the corresponding information model definition in draft-ietf-lmap-information-model? This doesn't seem specific to this particular data model.
> 
> I see your point. I think it makes sense to note this in the second
> item 4. of section 3 of the information model. (I will change the
> numbering of the second list to use letters to make it easier to refer
> to things.)
> 
>       [...] For Event objects specifying a
>       series of events, it is generally a good idea to configure an end
>       time and to refresh the end time as needed to ensure that MAs
>       that loose connectivity to their controller do not continue
>       executing Schedules forever.

Sounds good.

> 
>> (2) For all the counters defined here, I think you need to specify the time period over which the counts are to be calculated.
> 
> We use counters as defined in RFC 6991 and I think the definition in
> RFC 6991 takes care of things.

Ok.

> 
>> (3) 'list action {
>>             key name;
>>             description
>>               "An action describes a task that is invoked by the
>>                schedule. Multiple actions are invoked sequentially.";'
>> 
>> I don't get this -- doesn't the execution mode define whether the actions are executed sequentially, in parallel, or pipelined?
> 
> Good catch. Changed this to:
> 
>           list action {
>             key name;
>             description
>               "An action describes a task that is invoked by the
> 		schedule. Multiple actions are invoked according to
>                the execution-mode of the schedule.”;

Sounds good.

> 
>> (4) "A queue is internally used to pass
>>                  results to another schedule."
>> 
>> I thought it was up to the implementation to decide how to implement this?
> 
> OK. I meanwhile understand that the word 'queue' has too many
> connotations. Is 'buffer' a less problematic term? The key here is
> that the data producer and the data consumer are in general not
> running at the time and hence data needs to be stored temporarily
> somewhere.

Isn’t this implied though? Even with “buffer” it still seems like specifying an implementation detail. I’d prefer to see something like your last sentence above instead.

> I will replace queue with buffer for now.
> 
>> (5) I don't understand why the 'program' elements are included in the task configurations and capabilities. It doesn't seem wise to allow the controller to tell the MA which program it needs to use to complete a task, and I don't understand why the MA would need to communicate that information to the controller either. I thought the recent list discussion indicated that if an MA was not capable of performing an action, that action would simply fail, which seems like all that is needed.
> 
> There are multiple things:
> 
> (a) How do I tell which task I want to have executed? The information
>    model assumes that this can be done with the help of a registry.
>    The YANG data model, in addition, allows to use a simple 'program
>    name'. Note that this is a choice, i.e., you either use a registry
>    or a program name, but not both.
> 
>    The registry at the end is just some level of indirection - but
>    this indirection also requires to have tasks registered in a
>    registry. Right now, the implementation I know of only supports
>    program names.
> 
> (b) The task list in the capabilities branch serves as an inventory,
>    i.e., it tells the controller which tasks are supported by a given
>    implementation. The other task list defined options that are used
>    when a certain task is invoked (the Task Configuration in the
>    information model). If a controller configures a task that the
>    agent does support (i.e., it is not listed in the capability
>    tasks), it will not be executed.
> 
> Note that a capability task name 'traceroute' exposed by the LMAP
> agent does not necessarily mean that there is a program called
> traceroute at the operating system level. In fact, an implementation
> could choose to run traceroute internally without an explicit system
> level process (like RIPE Atlas did everything in a big event loop, not
> sure whether this is still the case).

Ok, I can understand that under circumstances where there is no registry, there needs to be some identifier to indicate which task to run, and which tasks the MA is capable of running. But the examples seem to imply that ‘program’ is the path and file name of the actual executable on the MA, which is what seems dangerous and unnecessary to me. Why would the controller necessarily even know where such executables reside on the file system? And I know there are a lot of things that could go wrong if a Controller gets compromised, but it just seems like making it so trivial for an MA implementation to literally just run the executable name specified by the Controller creates unnecessary risk.

If the task name on its own is not sufficient for the MA to be able to figure out which program is suitable to run, why not have the additional field defined as ‘program-name’ with some guidance about how to populate it, so that, e.g., what you end up with in that field is “mtr” or “fping” instead of "/usr/bin/mtr” or "/usr/bin/fping”?

> 
>> Nits and minor comments:
> 
>> (2) "Implementers MUST taken care that
>>   option names and values are passed literally to programs.  In
>>   particular, it MUST be avoided that any shell expansions are
>>   performed that may alter the option names and values."
>> 
>> This text strikes me as a bit odd. Surely there are a whole selection of good programming practices that are necessary to ensure that things don't go haywire when implementing LMAP -- why call out these two with normative recommendations? Why does this guidance only apply to options? I would recommend having this text be non-normative, but if you do keep it I would suggest the following:
>> 
>> Implementers MUST take care that
>>   option names and values are passed literally to programs.  In
>>   particular, shell expansions that may alter the option names and values MUST NOT be performed.
> 
> I have no strong opinion on MUST vs must here and I usually happily
> follow the advice of IESG members on RFC 2119 keywords. ;-)

Ok, my suggestion is to use non-normative “ought to” rather than 2119 MUST.

Thanks,
Alissa


> 
> Yes, there are many ways to write broken code but this is such a
> common problem that I think can't hurt to remind implementors.
> 
> A diff of -10 to my working copy (of -11) can be found here:
> 
>  http://beadg.de/lmap/
> 
> /js
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email