Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-isis-yang-isis-cfg-40: (with DISCUSS and COMMENT)

<> Tue, 08 October 2019 08:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 94CC3120047; Tue, 8 Oct 2019 01:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VeWSEtyp1cjX; Tue, 8 Oct 2019 01:33:54 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B82BC1200F8; Tue, 8 Oct 2019 01:33:53 -0700 (PDT)
Received: by with SMTP id v38so14857798edm.7; Tue, 08 Oct 2019 01:33:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=aPensdvcCEEhWKCvn/jgUGqx20MiqWEczvCzlApI2X8=; b=HMM68Caw4XovBgPHdKB0UIr6zTEsFE71Sft6yhV+HlQqa+5lzGOHSzV2T2zEkZJ2Pq pEgxx5OqcWrO7hRwRbhfk1NDsyhPFmcNNCwJo54Aq9cxjF9kCxLH3GTSOp4PnSXaxADK X6FHxBChbbiMwu93xNGc0QwYbDDhUB2ua0QxDcxjAwC9oC7uMrEKAFo3ieXTk1sSgIHJ QW+5n7u6moG/a5eIdryOuIuiJaZCuX7NGvI188N6dXJYJz07mwHS0aIueMW15OgPdVMR 3+o5b5JpCP0DA5K0Ldqfn/T5YJJYe7tHUwsg93CU6yn+0JfEMu6Yz3VVVxo7i3Eor1Ps rBfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=aPensdvcCEEhWKCvn/jgUGqx20MiqWEczvCzlApI2X8=; b=N/n6/KoJ0eNmL4NlRPuM8HrgA6WoFioBr1HNE8jzysTB3e8emuQYDBAA9L4L4dMCG+ vXz3uKSZWkKOlAAi3AC+6mSo4RXT5Voo1NP8KAABg7hLg6jiSuzbgoV2SF4ZsA6OLPJE bQuSBIsZm1Lk+rfcElqY7ZZA8ZiLuZFcVv//+0nJ7gs4tA/QcL6DEZJ0FsBX6Fj9d3WK fVTINg09srdYogdNBQp9wmRqLmMF6uApl8Wmo0ViupWsmgtPovJ4hOd2iRytE1OksQCP PtmCi84sH8iw4qVsPoo8tdj5lLhOOBnRpH0syUrsJwPOKh0uM+xNTBn7BrldOS2VFkQW 7Qxw==
X-Gm-Message-State: APjAAAVh6Lxc4A0IvJXNrLAosdr4GkaCuv3T2Bjayajl+I43spPjMtdi DdRBO9wGJJXh1zRfFAsIQ/WMHLQy9Q==
X-Google-Smtp-Source: APXvYqwBGKMwhJhbwm7Tl1koSIJ/+HP9JDRHz11sFdZTmPO2nimP2Mlw9QroaT94AL7zoNJcCGin0Q==
X-Received: by 2002:a17:906:5109:: with SMTP id w9mr27439385ejk.282.1570523632124; Tue, 08 Oct 2019 01:33:52 -0700 (PDT)
Received: from SLITKOWS3YYU6 ([2001:420:c0c0:1004::2dc]) by with ESMTPSA id h1sm2277872ejb.86.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Oct 2019 01:33:51 -0700 (PDT)
From: <>
To: "'Benjamin Kaduk'" <>, "'The IESG'" <>
Cc: <>, "'Yingzhen Qu'" <>, <>, <>, <>
References: <>
In-Reply-To: <>
Date: Tue, 8 Oct 2019 10:33:49 +0200
Message-ID: <00d501d57db3$1ca808d0$55f81a70$>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQH03i76TCcAt9pT4Bg3pcK2ua7bEacRnCFg
Content-Language: fr
Archived-At: <>
Subject: Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-isis-yang-isis-cfg-40: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 08 Oct 2019 08:33:57 -0000

Hi Benjamin,

Thanks for your comment.
Please find some inline answers.
I'm doing the changes as part of the -41.


-----Original Message-----
From: Benjamin Kaduk via Datatracker <>; 
Sent: mercredi 2 octobre 2019 03:17
To: The IESG <>;
Cc:; Yingzhen Qu <>;;;;;
Subject: Benjamin Kaduk's Discuss on draft-ietf-isis-yang-isis-cfg-40: (with DISCUSS and COMMENT)

Benjamin Kaduk has entered the following ballot position for
draft-ietf-isis-yang-isis-cfg-40: Discuss

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)

Please refer to
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Perhaps the most minor thing that could be Discuss-level, and should be trivial to resolve, but:

The "i-e" leaf in groupings prefix-ipv4-std and neighbor does not say whether boolean value true corresponds to internal or external.
[SLI] Right, I have added the following statement in the description:
"Set to false to indicate an internal metric"


Section 1

   This document defines a YANG [RFC7950] data model for IS-IS routing

nit: "the IS-IS routing protocol"
[SLI] Fixed

Section 2.8

   This YANG module supports LFA (Loop Free Alternates) [RFC5286] and
   remote LFA [RFC7490] as IP Fast Re-Route (FRR) techniques.  The
   "fast-reroute" container may be augmented by other models to support
   other IP FRR flavors (MRT, TI-LFA, etc.).

If we're going to give examples of other flavors, do we want to have informative references for them?  (This is particularly relevant since we define enumeration values for them in the "alternate-type"
[SLI] Sounds good, I have added some references.

Section 6

     identity lsp-attached-default-metric-flag {
         base lsp-flag;
         description "Set when originator is attached to
              another area using the referred metric.";

nit(?): I'm not sure whether the "referred" in the description is appropriate given the "default" in the identity name.

[SLI] Fixed

     feature ldp-igp-sync {
         "LDP IGP synchronization.";

nit: the surrounding context suggests that "Support for" would give a more consistent style.  Maybe for auto-cost, te-rid, max-ecmp, lsp-refresh, and admin-control as well.
[SLI] Fixed

     feature nlpid-control {
         "This feature controls the advertisement
          of support NLPID within IS-IS configuration.";

nit: "support for"
[SLI] Fixed

     feature maximum-area-addresses {
         "Support of maximum-area-addresses config.";

nit: s/of/for/

[SLI] Fixed

           leaf alternate-type {
             type enumeration {
               enum other {
                   "Unknown alternate type.";

Do I remember correctly that enumerations are not extensible in the future?  I don't know how relevant that would be here, though.

[SLI] Right, I have changed to identity 

In the "protection-available" container, is there some sort of constraint that two of the alternate-metrics add up to the third?
[SLI] It is not really a constraint from a YANG point of view, these are operational counters.

       container unprotected-routes {
         config false;
         list address-family-stats {

nit: the name/description of address-family-stats doesn't match up with the parent container that just claims to be a list of unprotected prefixes (no stats).

[SLI] I agree, I have changed the address-family-stats to "prefixes"

       list protection-statistics {

side note: I wonder whether the various uint32 leaves are better as
gauge32 than plain uint32.
Also, perhaps the description could mention a relationship bteween total-routes/protected-routes+unprotected-routes, and/or protected-routes/link-protected-routes+node-protected-routes.

     grouping route-content {
       leaf-list tag {
         type uint64;
           "List of tags associated with the route. The leaf
            describes both 32-bit and 64-bit tags.";

Are these the admin tags from RFC 5130?  Where is it specified that the
32- and 64-bit variants are just different views into a single consolidated tag namespace?

[SLI] Right, I have added a better description.

     grouping authentication-global-cfg {

I see how "global" is in contrast to a smaller scope (hello, interface, adjacency, etc.) both here and elsewhere, but when we have a global defeault as well as per-level configuration that use the same grouping, it ceases to be universally "global".  But, it's probably too late to be worth changing so many names just for aesthetics...

[SLI] I agree but yes it may be late to start changing this.

       leaf poi-tlv {
         if-feature poi-tlv;
         type boolean;
         default false;
           "Enable advertisement of IS-IS purge TLV.";

nit(?): I thought the purge origin identification TLV was an extension to the generic purge capability but this description ("purge TLV") is very generic.

[SLI] I have enhanced the description to tell that we are talking about the Purge Originator Identification TLV

Should any of the uint32 leaves in "packet-counters" instead be of type counter32?
[SLI] Agree

     grouping spf-log {
           leaf id {
             type uint32;
               "Event identifier -  purely internal value.";

Is there anything useful to say about the IDs being chronologically ordered?  (Also applies to the other logs.)
[SLI] I have added a comment to tell that most recent events have the biggest id value.

       container delay-metric {
         leaf metric {
           type std-metric;
           description "IS-IS delay metric for IPv4 prefix";
         leaf supported {
           type boolean;

Should the "metric" leaf be conditional on "supported" being true?
(Same for the other flavors of metric, as well as when they appear later on in the "neighbor" grouping.)

[SLI] This is not a configuration leaf, so I don't think that there is a need for enforcement at YANG level.

       container expense-metric {
         leaf metric {
           type std-metric;
           description "IS-IS expense metric for IPv4 prefix";
         leaf supported {
           type boolean;
           default "false";
             "Indicates whether IS-IS delay metric is supported.";

nit: copy/paste-o delay vs. expense?
[SLI] Fixed

       container error-metric {
         leaf supported {
           type boolean;
           default "false";
           description "IS-IS error metric for IPv4 prefix";

I think "Indicates whether [...] is supported" would be more consistent with the sibling nodes.
[SLI] Fixed

     grouping prefix-ipv4-extended {
       leaf up-down {
         type boolean;
         description  "Value of up/down bit.";

I assume true means "up", but we really ought to say...
(Also in prefix-ipv6-extended if not more)

[SLI] Fixed

       leaf ip-prefix {
         type inet:ipv4-address;
         description "IPv4 prefix address";
       leaf prefix-len {
         type uint8;
         description "IPv4 prefix length (in bits)";

Doesn't RFC 6991 give us a combined ipv4-prefix type?  (I could imagine that doing string parsing on it is less automation-friendly than the representation here, of course...)
[SLI] Yes, but from a protocol point of view, IPv4 and IPv6 are not combined in the same datastructure. We wanted to keep them separated from a model point of view too.

       leaf-list tag64 {
         type uint64;
           "List of 32-bit tags associated with the IPv4 prefix.";

nit: s/32/64/
[SLI] Fixed

     grouping prefix-ipv6-extended {
       leaf prefix-len {
         type uint8;
         description  "IPv4 prefix length (in bits)";

nit: s/4/6/
[SLI] Fixed

       leaf-list tag {
         type uint32;
           "List of 32-bit tags associated with the IPv4 prefix.";
       leaf-list tag64 {
         type uint64;
           "List of 32-bit tags associated with the IPv4 prefix.";

s/IPv4/IPv6/; $s/32/64/
[SLI] Fixed

       container unidirectional-link-delay-variation {
           "Container for the average delay variation
           from the local neighbor to the remote one.";
         leaf value {
           type uint32;
           units usec;
             "Delay variation value expressed in microseconds.";

Is this a standard deviation (variance), mean absolute error, ...?
[SLI] We just mimic what is defined in RFC8570. As the reference is defined in the model. People should refer to it for more details.
Moreover this is a pure operational state.

       container unidirectional-link-loss {
         leaf value {
           type uint32;
           units percent;
             "Link packet loss expressed as a percentage
             of the total traffic sent over a configurable interval.";

This document is all about specifying configuration.  How do I configure the interval in question?
[SLI] This is an operational state.

       container unidirectional-link-loss {

Is there a relationship worth mentioning amongst the residual, available, and utilized bandwidth?
[SLI] Again, RFC8570 is the reference for additional details.

           container expense-metric {
             leaf metric {
               type std-metric;
               description "IS-IS delay expense metric value";
             leaf supported {
               type boolean;
               default "false";
               description "IS-IS delay expense metric supported";
             description "IS-IS delay expense metric container";

Previously we just used "expense metric" instead of "delay expense metric".

[SLI] Fixed to "expense metric"

     notification lsp-too-large {
       uses notification-instance-hdr;
       uses notification-interface-hdr;

This is probably just for my education and not the document's sake, but both these groupings include a leaf of type 'level' (though for different names).  Are they just always going to have the same value?

[SLI] The instance may be level-1-2, while the interface may be level-2 only.

       leaf reason {
         type string {
           length "1..255";
           "The system may provide a reason to reject the
            adjacency. If the reason is not available,
            an empty string will be returned.
            The expected format is a single line text.";

Wouldn't an empty string be zero-length (which is forbidden by the length restriction)?

[SLI] Fixed by allowing 0 length string

Section 7

I'm happy to see that several of the notifications mandate rate-limiting their generation, in the description text, alleviating any concerns about "spamminess" or DoS due to notification load!  It might be worth a brief mention in the security considerations that that's why the rate-limiting is in place.

[SLI] Sounds good.

   For IS-IS authentication, configuration is supported via the
   specification of key-chain [RFC8177] or the direction specification
   of key and authentication algorithm.  Hence, authentication

nit: s/direction/direct/

[SLI] Fixed

   configuration using the "auth-table-trailer" case in the
   "authentication" container inherits the security considerations of
   [RFC8177].  This includes the considerations with respect to the
   local storage and handling of authentication keys.

I'd consider also noting that the key-chain method is preferred (a listing of why may not be needed and can probably be found in other references).

Appendix A

Please use an address from the blocks reserved by RFC 5737 instead of, which is in actual use on the public Internet.

[SLI] Fixed