Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-ospf-yang-26: (with DISCUSS and COMMENT)
"Acee Lindem (acee)" <acee@cisco.com> Mon, 26 August 2019 15:02 UTC
Return-Path: <acee@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5690B12018B; Mon, 26 Aug 2019 08:02:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.501
X-Spam-Level:
X-Spam-Status: No, score=-9.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_SUMOF=5, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=h1iHdWLx; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ds84mi6A
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w9xFyDPMtbwP; Mon, 26 Aug 2019 08:02:23 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AFF912021C; Mon, 26 Aug 2019 08:02:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=26418; q=dns/txt; s=iport; t=1566831743; x=1568041343; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=fRyKOBwrlS7lDoF/sh1BxmgehSApHkfPwOM3bWPT50U=; b=h1iHdWLxNLrLVHS8wTY/WRB+FuakipBvQ91swipF7NribhooC5A9nf/E 2yB5Q1VgYRfi40bkeJd0BFOKxJ7lZiYnbvizNjYzH3I+AX95ZkdBP29H+ qBl7hc7kwRpClfRlBeKkU2e6cBNMmMdBz878SjGx4/Uzv7338uaXtTVfP I=;
IronPort-PHdr: 9a23:5QYTihKq+uAm++zjTtmcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeCuKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFKa5lQT1kAgMQSkRYnBZuMAkD2BPXrdCc9Ws9FUQwt8g==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CMAADz82Nd/4cNJK1bCQ4LAQEBAQEBAQEBAQEBBwEBAQEBAYFngUVQA21OCCAECyqEIYNHA4puglx+lmqBQoEQA1QJAQEBDAEBIwoCAQGBS4J0AheCUCM4EwIKAQEEAQEBAgEGBG2FLQyFSgEBAQECARIREQwBASUEDgEPAgEIGAICJgICAjAVEAIEDgUigwABgWoDDg8BAgydKAKBOIhhc4EygnsBAQWBRkGCeBiCFgMGgQwoih8QgUMYgX+BEScfghc1PoJhAgECAYEqAQgDBwEHAReDCzKCJoxEMoF1MoU3li1tCQKCHoZqhQGEYoN2G4IyhzCObY8ehjWQOwIEAgQFAg4BAQWBZyFEI1gRCHAVOyoBgkGCQgwXFYM6hRSFBDtyAYEoi1UPF4IsAQE
X-IronPort-AV: E=Sophos;i="5.64,433,1559520000"; d="scan'208";a="319111413"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 26 Aug 2019 15:02:22 +0000
Received: from XCH-ALN-019.cisco.com (xch-aln-019.cisco.com [173.36.7.29]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x7QF2LEU016412 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 26 Aug 2019 15:02:21 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-019.cisco.com (173.36.7.29) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 26 Aug 2019 10:02:21 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 26 Aug 2019 11:02:20 -0400
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 26 Aug 2019 11:02:20 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fFOikIjgC1/MFVd45vr4gyucrZRADM5n/2HDFnedulbG2DQ9XokIVMLO7p8fOTytf/ju/TojdLDpda0GelPuOjSFrDYjDaTzgj+3vPLyRZTBR8hrAzsn2gf72VaDherMfjAPSsdGwbG2mlw6JK+OQU370cmLWWpu+XZzyH7GQAlVPg3DQoYfflP1HK1CruFFBJhiiEzUOC8qF6wGBQEWI6JtAF8ULMukLXW/3NmOQZu24C6Efe7yeVdTqSlUInCb5NLGHuKIgCOS75QKBSOjeeG7opsS/O1BG5nL1O8s3XH1A6oGhP+fuRb1HHZ99Qd6xD5jmBHa6PReEYHjcQK3Qg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fRyKOBwrlS7lDoF/sh1BxmgehSApHkfPwOM3bWPT50U=; b=QMCrBhHdXql1HzXGUj9CRvCpXGuv9WAols8n59eCJI53WUNjOB/kjImLE3tV+ZvLHuDHtJE+g2DGC++nAolGkrqaEgL+CNBvoqYt7KVTO/3MWTiMZ7rbv1taGFW2i+qP7g0rlEdMl3hZKfPn0IviDplqd/HuFflqydv73BmCr0VEkDX2OIhqzY1k2cYzY5yxMmAl2Dqng4a/JnaG6cYRg+HyBkxQZ9V4btwzOMy142ZnuXHryAbxQwDOnktHHgf2EDmfNU0eexb9tkD8lwI2M/eavbBIpkM/KqoHXqRMhl3ro44whWp5TP6fV2jGYZDhErTh/LdmJ7vKi/BjTxas7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fRyKOBwrlS7lDoF/sh1BxmgehSApHkfPwOM3bWPT50U=; b=ds84mi6ALeV/rkncngxJ5YJuRKpHV682xM6AL74HdymuY10iFXit+NesJ4rPh3DuGAizT0GG3gYMzynGqyuFjujgeiz3n06ZT+46qsGWHpylZ6b6IF33hMWC4joCHZfqFIid06ogrMROTPakLXOLv4J6+4gg6HFckI/DtQO5SOo=
Received: from MN2PR11MB4221.namprd11.prod.outlook.com (52.135.38.14) by MN2PR11MB4157.namprd11.prod.outlook.com (20.179.150.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2199.21; Mon, 26 Aug 2019 15:02:18 +0000
Received: from MN2PR11MB4221.namprd11.prod.outlook.com ([fe80::cdc1:a2cf:eb3:a420]) by MN2PR11MB4221.namprd11.prod.outlook.com ([fe80::cdc1:a2cf:eb3:a420%6]) with mapi id 15.20.2199.021; Mon, 26 Aug 2019 15:02:18 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: The IESG <iesg@ietf.org>, "draft-ietf-ospf-yang@ietf.org" <draft-ietf-ospf-yang@ietf.org>, Stephane Litkowski <stephane.litkowski@orange.com>, "aretana.ietf@gmail.com" <aretana.ietf@gmail.com>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, "lsr@ietf.org" <lsr@ietf.org>
Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-ospf-yang-26: (with DISCUSS and COMMENT)
Thread-Index: AQHVWKzlv2qdUEtg30mdXATo61DUU6cHn4UAgABXnACABVL3gA==
Date: Mon, 26 Aug 2019 15:02:18 +0000
Message-ID: <549A7648-4E8E-421F-91E7-B704D1F31B4A@cisco.com>
References: <156645274645.25722.10228898924938704759.idtracker@ietfa.amsl.com> <DCC2B37B-7E04-4D6B-8C77-C48650CDA4B9@cisco.com> <20190823014342.GY60855@kduck.mit.edu>
In-Reply-To: <20190823014342.GY60855@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=acee@cisco.com;
x-originating-ip: [2001:420:c0c4:1003::119]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d9068f26-8653-4265-3a4e-08d72a3663c2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4157;
x-ms-traffictypediagnostic: MN2PR11MB4157:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB415768198926940371D51A2BC2A10@MN2PR11MB4157.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 01415BB535
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(396003)(346002)(376002)(136003)(189003)(199004)(51914003)(71200400001)(76116006)(66476007)(66556008)(64756008)(66446008)(229853002)(66946007)(54906003)(81156014)(81166006)(966005)(8676002)(46003)(53546011)(8936002)(478600001)(102836004)(186003)(7736002)(14454004)(305945005)(6116002)(25786009)(6436002)(36756003)(446003)(4326008)(5660300002)(30864003)(6246003)(11346002)(2171002)(316002)(6916009)(2616005)(6506007)(76176011)(53946003)(6512007)(53936002)(476003)(2906002)(66574012)(14444005)(256004)(33656002)(6486002)(99286004)(486006)(6306002)(86362001)(71190400001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4157; H:MN2PR11MB4221.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: w7Tq+JkjN4P1kSWLXzP6Z4pcWVS+KncVP6FD+hXPesyLZ1ZSLeyN87Kv2cVY/NoAFVHs870nkVfyWjLpocg3JWV7aCj0bKD4v4EawxJXWVyDzqcz6pB+YpNC8JezKzSpEtiySofuBSHkV3C0pm/wpsfZoQxlTtuMIlG5s9ZUX0xYMPijP5Ocu84kVKf4ULxEd2mMNNiFYIqWD7EVz7LTo8ZlVf+IHOUwL8OifiizGWrnHZbzyxjPqLByiV6ZdtxIZ1vQmE5n16oe1QC6jXqqp1ALgdcqpxKSRVMtyH2735xPvirhtIZRzGBTDB7iObCLoJoLBpIobf9mXc55mDF378fR9TURLXuw0dX/+O/Iyj0sFNWO4a+HmUJkUu9YRc/F3zVhocT2dWdcpHnOYRl1FEpf7tI5dOaKfWQhAoNicZg=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <C7F1F46B8065D649933C57156611763E@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d9068f26-8653-4265-3a4e-08d72a3663c2
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Aug 2019 15:02:18.4799 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xesANre8wAEOgKSfGVhQPzGDmaXoyBIfR2sn6d9vtDWi9BcMkRZANDJIc7Ha4PIe
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4157
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.29, xch-aln-019.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/fZGHWrNxQjXSDEJk3YpH8QvWt7Q>
Subject: Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-ospf-yang-26: (with DISCUSS and COMMENT)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2019 15:02:27 -0000
Hi Ben, On 8/22/19, 9:44 PM, "Benjamin Kaduk" <kaduk@mit.edu> wrote: On Fri, Aug 23, 2019 at 12:30:27AM +0000, Acee Lindem (acee) wrote: > Hi Ben, > > On 8/22/19, 1:46 AM, "Benjamin Kaduk via Datatracker" <noreply@ietf.org> wrote: > > Benjamin Kaduk has entered the following ballot position for > draft-ietf-ospf-yang-26: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ospf-yang/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > (1) Can we check whether it's okay to use the yang "string" type for raw > cryptographic keys (e.g., ospfv2-key, ospfv3-key)? My understanding was > that yang strings were limited to human-readable, but that the crypto > keys could be raw binary values. > > It does only include human-readable keys. Here is the RFC 7950 YANG ABNF definition. > > > ;; any Unicode or ISO/IEC 10646 character, including tab, carriage > ;; return, and line feed but excluding the other C0 control > ;; characters, the surrogate blocks, and the noncharacters > yang-char = %x09 / %x0A / %x0D / %x20-D7FF / > ; exclude surrogate blocks %xD800-DFFF > %xE000-FDCF / ; exclude noncharacters %xFDD0-FDEF > %xFDF0-FFFD / ; exclude noncharacters %xFFFE-FFFF > %x10000-1FFFD / ; exclude noncharacters %x1FFFE-1FFFF > %x20000-2FFFD / ; exclude noncharacters %x2FFFE-2FFFF > %x30000-3FFFD / ; exclude noncharacters %x3FFFE-3FFFF > %x40000-4FFFD / ; exclude noncharacters %x4FFFE-4FFFF > %x50000-5FFFD / ; exclude noncharacters %x5FFFE-5FFFF > %x60000-6FFFD / ; exclude noncharacters %x6FFFE-6FFFF > %x70000-7FFFD / ; exclude noncharacters %x7FFFE-7FFFF > %x80000-8FFFD / ; exclude noncharacters %x8FFFE-8FFFF > %x90000-9FFFD / ; exclude noncharacters %x9FFFE-9FFFF > %xA0000-AFFFD / ; exclude noncharacters %xAFFFE-AFFFF > %xB0000-BFFFD / ; exclude noncharacters %xBFFFE-BFFFF > %xC0000-CFFFD / ; exclude noncharacters %xCFFFE-CFFFF > %xD0000-DFFFD / ; exclude noncharacters %xDFFFE-DFFFF > %xE0000-EFFFD / ; exclude noncharacters %xEFFFE-EFFFF > %xF0000-FFFFD / ; exclude noncharacters %xFFFFE-FFFFF > %x100000-10FFFD ; exclude noncharacters %x10FFFE-10FFFF > > However, this is the intent as this is support for implementations that don't support key-chains (RFC 8177). The "Security Considerations" recommend key chains. We'll add the hexadecimal specification as another reason for preferring key-chains. Okay, that's enough to resolve the discuss. > > > (2) Do we need to say anything about how to indicate when there are > discontinuities for the various "counter" types? > > I've never heard any mention of counter discontinuities in the context of OSPF control plane counters. Oh, I think this is more of a YANG thing than an OSPF thing (and I'm hardly a YANG expert). That is, the yang:counter32 and similar types are constrained to only ever increment ("count events that happened", roughly), as opposed to a gauge32 that measures the current level of something and can go up or down, or a generic uint32. Of course, in the real world software crashes or restarts, so a YANG consumer might in practice see the value of a "counter" type go backwards, even though that's forbidden by the spec. In some cases (and I don't know exactly when it becomes most relevant), the YANG model includes a "discontinuity time" (e.g., router restart time) to indicate when the counters were last reset to zero, in order to give consumers a sense for how long it took the counter to get that big. It's entirely possible that this doesn't make sense for the OSPF counters, and if you tell me that I'm happy to clear. Searching for "RFC YANG discontinuity" brings up several representative results, such as RFC 8343, which says: leaf discontinuity-time { type yang:date-and-time; mandatory true; description "The time on the most recent occasion at which any one or more of this interface's counters suffered a discontinuity. If no such discontinuities have occurred since the last re-initialization of the local management subsystem, then this node contains the time the local management subsystem re-initialized itself."; I did some research and the OSPF MIB (RFC 4750) did have a discontinuity time (ospfDiscontinuityTime). I added discontinuity-time for each applicable object in the -28 version. > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I'm happy to see the discussion around Roman's Discuss. > > Section 1 > > YANG [RFC6020][RFC7950] is a data definition language used to define > the contents of a conceptual data store that allows networked devices > to be managed using NETCONF [RFC6241]. YANG is proving relevant > beyond its initial confines, as bindings to other interfaces (e.g., > ReST) and encodings other than XML (e.g., JSON) are being defined. > > This text feels a bit stale at this point. > > Updated in -27. > > Section 2 > > model varies among router vendors. Differences are observed in terms > of how the protocol instance is tied to the routing domain, how > multiple protocol instances are be instantiated among others. > > nit: the grammar here is a bit odd, with the comma suggesting the start > of a list but no "and" present. > > Fixed in -27. > > Section 2.2 > > The ospf module is intended to match to the vendor specific OSPF > configuration construct that is identified by the local identifier > 'name'. > > I don't really understand what this is intended to mean. > > I removed this paragraph and augmented the next one. Thanks; it makes a lot more sense to me now. > Section 2.7 > > hello-timer in the module claims to be a rt-types:timer-value-seconds16 > but shows up in the tree(s) as a uint32. > Similarly, the wait-itmer is a rt-types:timer-value-seconds32, which > also shows up in the tree(s) as a uint32, which is perhaps more > reasonable but perhaps not entirely accurate. > Other 'timer' leafs seem to have similar issues. > > Fixed. > > Section 3 > > feature ospfv2-authentication-trailer { > description > "Use OSPFv2 authentication trailer for OSPFv2 > authentication."; > > Is the feature for "use" or "support for"? > (Similarly for the ospfv3 authentication features.) > > The latter - fixed. > > identity ospfv2-lsa-option { > description > "Baes idenity for OSPFv2 LSA option flags."; > > nit: "Base" > > Fixed. > > identity v2-p-bit { > base ospfv2-lsa-option; > description > "Only used in type-7 LSA. When set, an NSSA > border router should translate the type-7 LSA > to a type-5 LSA."; > > There seem to be a few "identity <foo>-bit" stanzas whose description do > not mention the named bit specifically (but many that do). Do we want > to be consistent about doing so? (Likewise for <foo>-flag.) > > Made these consistent. This was added very late when we realized that YANG type bit is not extendable. The YANG type bit is not extendable?! I'll have to remebmer that for the future... > grouping tlv { > description > "Type-Length-Value (TLV)"; > leaf type { > type uint16; > description "TLV type."; > } > leaf length { > type uint16; > description "TLV length (octets)."; > } > leaf value { > type yang:hex-string; > description "TLV value."; > > Is there a way to apply a constraint so the 'length' matches the > hext-string's length? > > Since this is returned operational data, it doesn't make a lot of sense to put constraints on it. It is basically what the router returns. If it is wrong, it wouldn't have been parsed correctly in the first place. Ah, good point. > grouping router-capabilities-tlv { > > The various descriptions hereunder could perhaps benefit from section > references, as, e.g., two nodes named "informational-capabilities" may > otherwise require some effort to distinguish. Well, aside from the fact > that one is currently listed as "capabilitiess" with two esses, which > seems unlikely to be intended. > > I fixed the description on these to differential between the list uint32 flags and the identities. Thanks (BTW please double-check the description for "leaf functional-flag", that currenty looks like "Individual informational capability flag.") Yes - I've fixed in -28. > grouping ospf-router-lsa-bits { > container rputer-bits { > > s/rputer/router/? > > Fixed. > > container te-opaque { > [...] > container link-tlv { > description "Describes a singel link, and it is constructed > of a set of Sub-TLVs."; > > s/singel/single/ > > Fixed. > > grouping ospfv3-lsa-external { > [...] > leaf referenced-link-state-id { > type yang:dotted-quad; > > RFC 5340 section 2.2 implies that the Link State ID is going to be a > 32-bit identifier that need not be represented as dotted-quad, as it > does not have addressing semantics. (dotted-quad seems to be used for > Link-State-ID-shaped things elsewhere, too, though the preferred form > may be the union of dotted-quad and uint32.) > > Good catch. This should be unit32 for OSPFv3. There were two instances of this. > > grouping lsa-common { > description > "Common fields for OSPF LSA representation."; > leaf decode-completed { > type boolean; > description > "The OSPF LSA body was successfully decoded other than > unknown TLVs. Unknown LSAs types and OSPFv2 unknown > opaque LSA types are not decoded. Additionally, > malformed LSAs are generally not accepted and are > not be in the Link State Database."; > > nit: "are not be" is not grammatical. > > Fixed - "will not be". > > grouping lsa-key { > description > "OSPF LSA key."; > > This could maybe benefit from a more descriptive description; is this a > sort or lookup key, for example? > > Yes - I've improved. > > container database { > description "Container for per AS-scope LSA statistics."; > list as-scope-lsa-type { > [...] > leaf lsa-cksum-sum { > type uint32; > description > "The sum of the LSA checksums of the LSA type."; > > [It's not entirely clear to me why this sum-of-checksums is a useful > thing to track, but it may not be this document's role to do so. > Though, perhaps we do need to say if the sum is computed as integers > modulo 2**32.] > > This is from the OSPF MIB (RFC 4750). It is not used functionally as one cannot guarantee differing LSDBs will not yield the same checksum. However, if the checksums are different, you can assure the databases are different. Thanks for the extra text -- it helps confirm my guess as to what's going on. > leaf transmit-delay { > type uint16; > units seconds; > description > "Estimated time needed to transmit Link State Update > (LSU) packets on the interface (seconds). LSAs have > their age incremented by this amount on advertised > on the interface. A sample value would be 1 second."; > > nit: "on advertised on" does not seem grammatical. > > Fixed - "when advertised on". > > leaf lls { > [...] > container ttl-security { > > Should these have a default value? > > I think 1 would be appropriate since only virtual-links and sham-links require more. > > case ospfv3-auth-ipsec { > when "derived-from-or-self(../../../../../../rt:type, " > + "'ospfv3')" { > description "Applied to OSPFv3 only."; > } > if-feature ospfv3-authentication-ipsec; > leaf sa { > type string; > > I don't see RFC 4552 talking about names for SAs; where would this be > discussed (and, are they guaranteed to be human-readable)? > > If it is not human readable, how would it be configured? I wasn't sure if this was config or operational state, but you make a good point. > leaf poll-interval { > type uint16; > units seconds; > description > "Neighbor poll interval (seconds) for sending OSPF > hello packets to discover the neighbor on NBMA > networks. This interval dictates the granularity for > discovery of new neighbors. A sample would be 2 minutes > for a legacy Packet Data Network (PDN) X.25 network."; > > Maybe "2 minutes (120 seconds)" since the units are seconds? > > Fixed. > > container preference { > description > "Route preference configuration In many > implementations, preference is referred to as > administrative distance."; > > nit: missing sentence break? > > Fixed. > > For the spf- and lsa-logs, do we require that the 'id' is assigned in > any particular order, or do we just rely on the included timestamp(s) > for any time-ordering required by the consumer? > > I added ordering to the description of the spf-log and lsa-log. However, the id is a purely internal value to provide a uniqueness key for the YANG list. Understood, and thanks. > grouping notification-neighbor { > [...] > leaf neighbor-ip-addr { > type yang:dotted-quad; > description "Neighbor address."; > > neighbors can only be identified by IPv4 addresses? > > Changed to IP address type. > > leaf packet-source { > type yang:dotted-quad; > > packet sources, too? (multiple times) > > Changed to IP address type. > > description > "This notification is sent when aa neighbor > state change is detected."; > > nit: s/aa/a/ > > Fixed. > > Section 4 > > Additionally, local specificationn of OSPF authentication keys and > the associated authentication algorithm is supported for legacy > implementations that do not support key-chains [RFC8177] for legacy > implementations that do not support key-chains. It is RECOMMENDED > that implementations migrate to key-chains due the seamless support > of key and algorithm rollover, as well as, the encryption of key > using the Advanced Encryption Standard (AES) Key Wrap Padding > Algorithm [RFC5649]. > > (Roman caught the nits, so I won't duplicate that.) > I expected to see something about keeping the actual key material > secret, as well. > > Can you suggest some text? How's this? The actual authentication key data (whether locally specified or part of a key-chain) is sensitive and needs to be kept secret from unauthorized parties; compromise of the key data would allow an attacker to forge OSPF traffic that would be accepted as authentic, potentially compromising the entirety OSPF domain. Thanks - this is more prescriptive than what I had added which mirrored the text in RFC 8177. Thanks, Acee Thanks, Ben
- [Lsr] Benjamin Kaduk's Discuss on draft-ietf-ospf… Benjamin Kaduk via Datatracker
- Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-… Acee Lindem (acee)
- Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-… Acee Lindem (acee)
- Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-… Acee Lindem (acee)
- Re: [Lsr] Benjamin Kaduk's Discuss on draft-ietf-… Ladislav Lhotka