Re: [mpls] Updated rev -08 posted [Re: Benjamin Kaduk's Discuss on draft-ietf-mpls-ldp-yang-07: (with DISCUSS and COMMENT)]
"Rob Wilton (rwilton)" <rwilton@cisco.com> Thu, 19 March 2020 16:04 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D2303A0837; Thu, 19 Mar 2020 09:04:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=f5CE2gYT; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=CgIlrCWN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMDjjdbKzmc2; Thu, 19 Mar 2020 09:04:28 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA1573A085C; Thu, 19 Mar 2020 09:04:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=40258; q=dns/txt; s=iport; t=1584633868; x=1585843468; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=4HuZbMONDgmIC++QRhkrkcX8Yqz2dz7JdxEbCXh2T1Y=; b=f5CE2gYTOjgCkCItwxGCuj+8Kzb1ojIAEs5ix9xmuxovXmnzxsxoZNGW Ca0e1rigywKgCbjSlzx3fI7mZvfubswMwr8DKM08ZBe1OaDvdESgQCeCj xKV4PP5Y7VIdJtXJXf8i6lgt0w04ET7mMjBgWLUNu48ebtv52rEtErJ4q E=;
IronPort-PHdr: 9a23:ZVNPXBwigKSLPcDXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YhSN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1kAgMQSkRYnBZufFkz/MPnsRyc7B89FElRi+iLzPA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CyAABll3Ne/5hdJa1dCQ4MAQEBAQEBAQEBAwEBAQERAQEBAgIBAQEBgXuBVCknBWxQCCAECyqEFoNFA4pvgl+JZo4ygUKBEANUCQEBAQwBASMKAgQBAYRDAheCBCQ4EwIDAQELAQEFAQEBAgEFBG2FVgyFYwEBAQECARIICQQNDAEBKQkFAQsEAgEIEQQBAQECAhQLBwICAh8RFQgIAgQBDQUIDA6COUyCSgMOIAEOohQCgTmIYnV/M4J/AQEFhRENC4IMAwaBDiqFIIVLJYEfGoFBP4ERR4FPfj6CG0kBAQOBJRESBBhNgkIygiyNWCQtBYIKO4YbmHVECoI8h1eFBkqFGIRYgkqIKZBYjiheiQKCNowsg30CBAIEBQIOAQEFgWkigVhwFTuCbFAYDY4dDAEEEhWDO4RZO4UEPXQCAYEmizslgh0BAQ
X-IronPort-AV: E=Sophos;i="5.70,572,1574121600"; d="scan'208";a="449877524"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Mar 2020 16:04:26 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 02JG4Qu9025715 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 19 Mar 2020 16:04:26 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 19 Mar 2020 11:04:25 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 19 Mar 2020 11:04:25 -0500
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 19 Mar 2020 11:04:25 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K42S6YjSCRiuVKqJtB6JM6amAj/pZskM3tx8moruE6PMTSJxP0+bxA8W/JQyEXQUagInjk1R4wjgNFpkyBBX4XiTjnil9lMf8285H68tHa4GREPrOv8PE4ec6RjTEhwCYdjwZ2vc8EemyCEfY45RXgfmAn36hodlR6GslmXK2x2Whf1qohjjPxq0gZrO6DHkSFmiUIjJWGfAGDXFELIE1rdlOvYC8F5u4PM5glpPPjfGpJ6K5VD8HlXX9WOI9pos0Jk6LmPBtu7bFvZtiHXI+OWzhnyNVXJ9Fnr20vKdOYPFBUgxctBm9j9KPHeGDcike6HybCDSphtNmf01tiE26w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=4HuZbMONDgmIC++QRhkrkcX8Yqz2dz7JdxEbCXh2T1Y=; b=EEtEa7K4utj6aif7BxalrWO0APme+fPJgtxPibk7qJYJx+uXNlWWzU3j/0b2sXU9j0g9gIWcQBqwrhPNtsht2IXQZX8qXWs6iTZnY1+d8DFZxueakZDcOQhkfKnc7cHGU27v9CwtSELuCWTMS47VdFW6KFTpHr7qwpbGPhdsW0HvZFCH2F6tsj/mmFUhMZwr1f6ltB8g0JeEtb6E/lK31Sv7hknEHEmUq5uV0hJ+KQJ6OJIqLEjpeOu8CEqvuGBXXnPpfNwMd3J3x9goYSMRRFJtTMg971TAmiS7Xhl3hPwJRAWH9sDV69Sp4D218sRGvlDSg2qVHWYG5jPCo1kdCg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4HuZbMONDgmIC++QRhkrkcX8Yqz2dz7JdxEbCXh2T1Y=; b=CgIlrCWN4KqWyDntetsaeqIZfrEHxaEReQUHVSZlhIObLcr1hydxuauWKZ9NOw1MrALfXCaW7QOkRfP5MxwL1b6xGevtA2LEzxket1kLoOE9ITEutdlXbpdmrEcLRL/T5cOddHkVD1p/yv1Bg4//pNkgohcl2OMFiAqs5u9pKJY=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB4567.namprd11.prod.outlook.com (2603:10b6:208:26d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.22; Thu, 19 Mar 2020 16:04:24 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3:2164:a8e2:33b3]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3:2164:a8e2:33b3%5]) with mapi id 15.20.2835.017; Thu, 19 Mar 2020 16:04:24 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>, "Kamran Raza (skraza)" <skraza@cisco.com>
CC: "mpls@ietf.org" <mpls@ietf.org>, "mpls-chairs@ietf.org" <mpls-chairs@ietf.org>, Nicolai Leymann <n.leymann@telekom.de>, The IESG <iesg@ietf.org>, "draft-ietf-mpls-ldp-yang@ietf.org" <draft-ietf-mpls-ldp-yang@ietf.org>, Tarek Saad <tsaad.net@gmail.com>
Thread-Topic: Updated rev -08 posted [Re: Benjamin Kaduk's Discuss on draft-ietf-mpls-ldp-yang-07: (with DISCUSS and COMMENT)]
Thread-Index: AQHV7fEHh8C8R6fr+Eu6LYwdKXXZQqhNYQKAgALDA0A=
Date: Thu, 19 Mar 2020 16:04:24 +0000
Message-ID: <MN2PR11MB43666D942EB3FEF317EFE8C6B5F40@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <A3E24404-81B0-4B35-A04F-478FFF17F083@cisco.com> <20200317205553.GO50174@kduck.mit.edu>
In-Reply-To: <20200317205553.GO50174@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [2001:420:c0c0:1006::3c0]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7f9bee18-5e72-4088-efc9-08d7cc1f31b0
x-ms-traffictypediagnostic: MN2PR11MB4567:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR11MB4567BD4B2D647287CB8994E8B5F40@MN2PR11MB4567.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5797;
x-forefront-prvs: 0347410860
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(346002)(39860400002)(396003)(136003)(199004)(66946007)(66574012)(86362001)(316002)(8936002)(8676002)(33656002)(6506007)(7696005)(53546011)(81156014)(110136005)(81166006)(6636002)(186003)(966005)(478600001)(71200400001)(76116006)(30864003)(54906003)(52536014)(5660300002)(15650500001)(55016002)(66556008)(2906002)(4326008)(9686003)(66446008)(64756008)(66476007)(559001)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4567; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ddte1gZT6aawclILuRGPgjP11kHcE5BmlihYWtSAaNzT/LzquLOHjDFXu3dBers2ZCmOGAzhZ7nVmdZPi0W3Ypi8jfsFzKqSJ++HxkMYSItF2HDz2gQ9waZf//Xy6BYmvPotDVBY62wTAU+UcnZbyLRO8wItHhhgagpCq7da47av15QULRZfXHSosPvBMgbw8XgTxE8yL3JSgYcPgRwHmqVGz+qYNMG/chDJFh+JFSmU2gJR1ZGOFUlJD8IlM2Z5p8JNPI9RJ+sSgY9bCZG6SATq+lCJDTclzasnvRQ1FR3FkruQj44o53VPteyOjxnTj6Iiljo1yw/9QH0ZVOC84HhIWzvHnYgG88lCH1U5VxaVYCzriFxmhj0KvOfak8E2yNyWwvhrYaesYZDl7VOjRRnGsnE7vwJtZgTKx1KkTndjnt3ClvkjjgoVHR9GVPLrM1B5/6GlKN0XasRkuyFedg0/DArofX6wQ3gAsiPhJ3Yq5npi910YmjQbYZ4z78HI+0xfhnNTQdx2cJjK6Wbo1A==
x-ms-exchange-antispam-messagedata: u8mdFCTPPKqJvvF2keh93D2rXkEgkWjGwB817pWxPRl1bn6zaand2WFvaIIbXLXQCkWTNUPTgMy1E3p0AtrSU90oYMi+lFHkLypBKTTd3d2bIT4sIUZuXaps+EMg3KgOCW0rOK0wvd94op0mJoyuGlHSj3Xce0uYigyeliVkPlw=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7f9bee18-5e72-4088-efc9-08d7cc1f31b0
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2020 16:04:24.4417 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eAPaG5zvij9BDHYfFCSOWpGBWZ7d33XV0yxYQpYhbwKODH287GBbNQZO7bAh3+VdPV6gk58PK6NHwDgked61Xw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4567
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/rc8wcaMvhBNQdRQmR7bI5vvVfN0>
Subject: Re: [mpls] Updated rev -08 posted [Re: Benjamin Kaduk's Discuss on draft-ietf-mpls-ldp-yang-07: (with DISCUSS and COMMENT)]
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 16:04:34 -0000
Hi Ben, Kamran, > -----Original Message----- > From: iesg <iesg-bounces@ietf.org> On Behalf Of Benjamin Kaduk > Sent: 17 March 2020 20:56 > To: Kamran Raza (skraza) <skraza@cisco.com> > Cc: mpls@ietf.org; mpls-chairs@ietf.org; Nicolai Leymann > <n.leymann@telekom.de>; The IESG <iesg@ietf.org>; draft-ietf-mpls-ldp- > yang@ietf.org; Tarek Saad <tsaad.net@gmail.com> > Subject: Re: Updated rev -08 posted [Re: Benjamin Kaduk's Discuss on > draft-ietf-mpls-ldp-yang-07: (with DISCUSS and COMMENT)] > > On Fri, Feb 28, 2020 at 04:39:14AM +0000, Kamran Raza (skraza) wrote: > > Thanks for your detailed review, Ben. > > We have posted a new rev -08 that takes care almost all of your comments > and comments from other IESG reviewers. > > On behalf of authors, Please see inline [skraza] for each of your > comment/Q: > > > > > > -------------------------------------------------------------------- > -- > > DISCUSS: > > > > ---------------------------------------------------------------------- > > > > The YANG doctor last call review of the -06 notes that these modules > are > > in violation of the expectations of RFC 8349 (at least w.r.t. > defining a > > new identity for the control-plane protocol and possibly more). > This > > document should either be brought into compliance or explain why it > > diverges. > > > > [skraza]: Fixed. > > > > The YANG doctor's comments about default values for "local" > > configuration (e.g., graceful-restart configuration) causing the > global > > configuration to never take effect should also be addressed. > > > > [skraza]: Fixed. > > These both look addressed, to my eye, but I am very much not a YANG > expert. > I'd recommend trying to get a dedicated YANG review, perhaps from the > incoming Management AD Rob Wilton. [RW] I've checked the graceful-restart configuration and it looks fine. Is there further hierarchical configuration that needs to be checked? > > > Please include some justification for why LDP IPv6 is considered an > > "extended feature" (which is particularly surprising given that > Section > > 2 classifies "IP" to refer to both IPv4 and IPv6 together). > > > > [skraza]: This was an early decision taken and presented to WG and WG > had agreed. > > Moreover, Sec 1.1 does points out why LDP IPv6 is considered as an > extended feature. The "base" features are the one most commonly > implemented and deployed features. > > The idea was that base must not contain any if-feature - given that > LDPv6 is not widely implemented and was branded as if-feature, it is > classified in the extended category then. > > BTW, note that LDP has separate RFC for LDP IPv6. > > It's not really clear to me that just because the protocol is described in > separate RFCs for IPv4 and IPv6 we cannot present a unified management > interface on top of it. I note that several other ADs expressed concern > about this topic, so I've moved this document onto the agenda for this > week's IESG telechat to get a better sense on what the right thing to do > is here. [RW] I note that IPv6 isn't under if-feature in the extension module. This would imply that implementations that wish to implement optional features in the extension module must also support LDP IPv6 (or deviate). Is that intentional? > > > > > We need to define the format/semantics of the md5-key string (e.g., > is > > it hex? base64{url,}?) either directly or by reference (as the YANG > > doctor notes). Using a crypto-type would probably be appropriate, > as > > would adding a note that tcp-md5 is obsoleted by TCP-AO. > > > > [skraza]: It is beyond our control as we are using it as-is from the > RFC. Made the change anyways to add crypto-algo to widen the scope/type of > key beyond MD5. > > I'm still concerned that there isn't enough text here for me to be able to > implement something and have confidence it will interoperate. For > example, the recommendations in RFC 3562 include the ability to use a > direct binary key for TCP-md5. Does this YANG stanza allow for doing so? > If yes, what mechanism is used for converting input into "raw" binary, if > needed? > > That is, even if the actual protocol semantics for how TCP-MD5 uses a > given key/password are out of your control, there is still ambiguity as to > what mapping (if any) occurs between the YANG-configured value and what is > passed to the TCP-MD5 implementation. > > Furthermore, the authentication-type still only has a "string" leaf for > the key, with (if I am reading the YANG correctly) the recommended key- > chain functionality for protected key storage being left as an extension. > It's not clear to me why we should be leaving the best-practice > formulation as an extension. > > > In the peer-af-policy-container grouping's > > label-policy/advertise/prefix-list, we need to say if the filter is > for > > inclusion or exclusion of outgoing label advertisements. > > Similarly for the incoming label advertisements in the 'accept' > > container (and most of the <foo>-list-ref usages?). > > > > In the policy-container grouping's > > label-policy/assign/independent-mode/prefix-list, the description > > suggests that the contents will provide not just a list of prefixes > that > > act as a filter, but also a map from prefix to label. This is a > > qualitatively different usage than the previous occurrences of > > prefix-list-ref, and it seems like a different type may be needed > for > > it. Similarly for ordered-mode. > > > > [skraza]: Fixed as per latest changes that use rtgwg policy model > constructs. > > Ah, this took me a little more work to find, since the changes were in the > prefix-list-ref typedef. Thanks. > > > (pro-forma) This document has 6 authors, and per RFC 7322, as this > is > > more than five, we are supposed to consider whether that's > appropriate. > > Seeing nothing in the shepherd writeup or similar, I mention it > here. > > > > [skraza]: We had taken an advise from Loa (MPLS WG chair) and would like > to keep it to 6. > > Sure; this was presumed to just be "pro forma" but I put it in since the > shepherd writeup didn't mention it specifically. > > > -------------------------------------------------------------------- > -- > > COMMENT: > > > > ---------------------------------------------------------------------- > > > > Please also respond to the other YANG doctor, rtg-dir, and other > > directorate reviewers' comments. > > > > I support Roman's Discuss. > > > > I suggest making a reference to RFC 5920 at some point, perhaps from > the > > security considerations. > > [skraza]: Done. > > > > We have several instances of a "container ipv4" that's a "container > with > > presence" in the jargon of RFC 7950. As SEC AD one thing I look for > is > > edge cases, such as when a subset of these containers are present > but > > not all (and not none). While for this specific case, it seems > fairly > > natural to assume that IPv4 is enabled if any are present, it does > make > > me wonder if the modeling is at an optimal state if there's even the > > possibility for such skewed signals. (I didn't specifically audit > for > > any other cases of "redundant" containers-with-presence.) > > > > [skraza]: This is the same structure as RFC 8344. The edge cases are OK. > The ipv4/ipv6 container may contain none, one, or more nodes in the > container. ipv4/ipv6 address family is enabled as long as the container is > “present”. Your assumption is correct, and the modeling (and the protocol > as well) is in a good state, even with such possibilities. The signals > should be clear enough. [RW] Intuitively, I don't like the combination of a presence container + enable leaf below it. I've asked Martin (author of RFC 8344) why the construct is used in this way, since he must have had a good reason. It isn't immediately obvious to me why what is written isn't a convoluted way of making it a non-presence container. Regards, Rob > > > > It's not entirely clear to me why we need (all of) the > specialization of > > structures into using inet:ipv4-address and inet:ipv6-address as > opposed > > to just inet:ip-address. I do see that the latter is used in > several > > places already, and so assume that this was already considered; > perhaps > > some of the discussion/motivation could be included in the document, > > though. > > > > [skraza]: When the type of an attribute is for a specific address family > (ipv4 or ipv6), we use the address family specific type (inet:ipv4-address > or inet:ipv6-address), so that user cannot provide a value of the wrong > format. inet:ip-address is simply a union of net:ipv4-address and > inet:ipv6-address, and is used when the address family is not restricted. > This is particular convenient when the user makes a query on a particular > peer when the user does not have a particular address family in mind. The > system will provide the address in a proper format. > > > > Section 1 > > > > The data model is defined for following constructs that are used > for > > managing the protocol: > > > > nit: "the following". > > [skraza]: Fixed. > > > > I share the YANG doctor's concern that separating the configuration > and > > operational state constructs is not consistent with the NMDA model. > > [skraza]: Fixed. > > > > Section 1.1 > > > > The "base" category contains the basic and fundamental features > that > > are covered in LDP base specification [RFC5036] and constitute > the > > minumum requirements for a typical base LDP deployment. Whereas, > the > > "extended" category contains all other non-base features. All > > the > > > > This statement ("all other") is not future-proof. > > [skraza]: Removed the "all". > > > > Section 3 > > > > o This module aims to address only the core LDP parameters as > per > > RFC specification, as well as some widely deployed non-RFC > > features (such as label policies, session authentication etc). > > Any vendor specific feature should be defined in a vendor- > specific > > augmentation of this model. > > > > [Even for widely-deployed non-RFC features we still need to provide > a > > clear description of what semantics are being covered, whether > > in-document or via an external reference.] > > > > [skraza]: The only non-RFC config was related to label policies - > Reworked/enhanced the text. > > > > o This model is a VPN Forwarding and Routing (VRF)-centric > model. > > It is important to note that [RFC4364] defines VRF tables > > and > > > > side note: I would like the IETF to someday get to a point where > "VPN" > > (the 'P' is for "private") is used only for protocols/deployments > that > > provide confidentiality protection ("privacy") for the data being > > conveyed. We are, of course, not there now, and I cannot insist on > any > > change here. But please consider whether an alternate phrasing > would > > suffice, that includes just the "virtual" part but not "VPN". Since > we > > are mostly using "VRF" in the rest of the document, this is not as > > daunting as it sometimes is... > > > > Section 4 > > > > It might be nice to have the tree show the ipv4 and ipv6 children in > > as similar an order as is possible (with the understanding that the > > semantics are not affected by the order of appearance, of course). > > > > | +--rw address-families > > | | +--rw ipv4! > > | | | +--rw enable? boolean > > | | | +--ro label-distribution-controlmode? enumeration > > | | | +--ro bindings > > | | | | +--ro address* [address] > > | | | | | +--ro address inet:ipv4-address > > | | | | | +--ro advertisement-type? advertised- > received > > | | | | | +--ro peer > > | | | | | +--ro lsr-id? leafref > > | | | | | +--ro label-space-id? leafref > > > > Does this imply that there is only one peer per address? Is that > going > > to be a limitation for any deployment cases? > > > > [skraza]: Not an issue. Note that a peer may have one or more bound > addresses. > > > > +--rw ldp-ext:session-downstream-on-demand > > | {session-downstream-on-demand-config}? > > | +--rw ldp-ext:enable? boolean > > > > nit(?): missing '|' to connect down to ldp-ext:enable? > > Similarly for ldp-ext:max-wait a few lines later, and some other > > occurrences later in the document. > > > > > > [skraza]: Some of these instances/typos were due to hand picked sub- > tree. > > Not an issue anymore as we are printing the entire tree as generated by > the tool. > > > > > > Section 5.1.2 > > > > Am I reading this right that (e.g.) per-interface hello-holdtime is > > configurable as an extension and only the global hello-holdtime is > > present in the "base" module? > > > > [skraza]: Yes. > > > > Section 7 > > > > "NHLFE" is used only once in this document (and is not listed as > > "well-known" at > > https://www.rfc-editor.org/materials/abbrev.expansion.txt) please > > expand it out. > > > > [skraza]: It is well known and listed in the above url. Please x-chk. > > To be clear, the linked content uses the convention of an "*" marking to > indicate that the expansion is "well-known" and does not need to be > provided in a given document. The entry for "Next Hop Label Forwarding > Entry" does not include such a marking; perhaps the responsible AD should > request it to be added, if it is indeed well-known? > > > Section 9 > > > > Is 2018 still the right copyright year for the modules themselves? > > > > > > [skraza]: 2020-02-25 rev now. > > > > > > Section 9.1 > > > > typedef ldp-address-family { > > type identityref { > > base rt:address-family; > > } > > > > Why can't we use rt:address-family directly in the one container > that > > uses this? > > > > [skraza]: Fixed now. > > > > description > > "Duration represented as 32 bit seconds with infinite."; > > > > nits: "32-bit" (hyphenated), "with infinity". > > [skraza]: Fixed. > > > > typedef downstream-upstream { > > type enumeration { > > enum downstream { > > description "Downstream information."; > > } > > enum upstream { > > description "Upstream information."; > > } > > } > > description > > "Received or advertised."; > > } > > > > nit: copy/paste on the description? > > [skraza]: Fixed. > > > > leaf used-in-forwarding { > > type boolean; > > description > > "'true' if the lable is used in forwarding."; > > > > nit: s/lable/label/ > > [skraza]: Fixed. > > > > grouping graceful-restart-attributes-per-peer { > > description > > "Per peer graceful restart attributes. > > On the local side, these attributes are configuration and > > operational state data. One the peer side, these > attributes > > are operational state data reveiced from the peer."; > > > > nit: s/reveiced/received/ > > [skraza]: Fixed. > > > > grouping peer-state-derived { > > description > > "The peer state information derived from the LDP protocol > > operatoins."; > > > > nit: s/operatoins/operations/ > > [skraza]: Fixed. > > > > grouping peer-state-derived { > > [...] > > leaf next-keep-alive { > > type uint16; > > units seconds; > > config false; > > description "Time to send the next KeepAlive message."; > > } > > > > nit: this description text sounds like it's giving an absolute time, > but > > given that it's a uint16 I presume it's "time [from now] until > sending". > > [skraza]: Clarified. > > > > container received-peer-state { > > config false; > > description > > "Operational state information learned from the peer."; > > > > uses graceful-restart-attributes-per-peer; > > > > container capability { > > description "Configure capability."; > > > > This is config-false; "Configure" in the description cannot be > correct, > > though I suppose "Configured" could be. > > (Also applies to several of the child containers' descriptions.) > > > > [skraza]: Fixed all these. > > > > leaf up-time { > > type string; > > config false; > > description "Up time. The interval format in ISO 8601."; > > > > We probably should have some sort of reference for ISO 8601 (though > of > > course it cannot actually *be* a <xref> in the YANG module itself) > > > > [skraza]: Changed to use timeticks64 now. > > > > leaf notification { > > type yang:counter64; > > description > > "The number of messages sent or received."; > > > > Is this the same as or different than "leaf total-messages"? > > [skraza]: Fixed. > > > > leaf label-distribution-controlmode { > > > > nit: any reason to not hyphenate control-mode as well? > > [skraza]: Fixed. > > > > container interfaces { > > description > > "A list of interfaces for LDP Basic Descovery."; > > > > nit: s/Descovery/Discovery/ > > [skraza]: Fixed. > > > > container discovery { > > description > > "Neibgbor discovery configuration and operational > > state."; > > > > nit: s/Neibgbor/Neighbor/ > > [skraza]: Fixed. > > > > // ipv4 > > container hello-adjacencies { > > config false; > > description > > "Containing a list of hello adjacencies."; > > > > list hello-adjacency { > > key "adjacent-address"; > > config false; > > description "List of hello adjacencies."; > > > > leaf adjacent-address { > > type inet:ipv4-address; > > description > > "Neighbor address of the hello > adjacency."; > > } > > > > I'm not an expert here, but I'm not really seeing why we need to > > specialize this container for v4 vs v6 as opposed to just using > > inet:ip-address and having something that's applicable to both. > > > > [skraza]: We could. There are pros and cons either way. The reasons to > use separate containers in this model are: > > 1) Operators usually plan and configure IPv4 and IPv6 separately, rather > than mixing the address family together. The separate containers provide > more focus and clear separations. > > 2) Often times, there are attributes with different types for different > address families. Mixing two together brings up some modeling difficulties > to specifies differently for different address families. > > 3) Sometimes, there are attributes that are applicable to one address > family but not the other. Mixing the two containers together would require > some difficult conditions, which would complicate the model and make the > model less usable. > > 4) Mixing the two containers can make the YANG file more compact, but > not the configuration data and operational state data. > > 5) The existing RFCs use the style of separate containers, such as RFC > 8344 and RFC 8349. > > Thanks for writing this out; it helps me understand the situation better. > > > leaf adjacent-address { > > type inet:ipv4-address; > > description > > "Configures a remote LDP neighbor and enables > > extended LDP discovery of the specified > > neighbor."; > > > > Given that there's a sibling leaf "enable", do we still want "and > > enables" here? > > [skraza]: We don’t need “enables” here. Removed it. > > > > > > Should peer/capability have a comment in its description that the > > container exists to be augmented by other (extension) modules? > > > > [skraza]: Yes. It is better. Added as suggested. > > > > notification mpls-ldp-fec-event { > > > > Am I reading this right that we only generate notifications on 0->1 > and > > 1->0 transitions of "number of prefixes active for a given FEC"? > Would > > we ever want to know about addition/removal of prefixes that do > leave > > the FEC up? > > > > [skraza]: Here, the prefix is the FEC. Addition/removal of a prefix is > equivalent to the addition/removal of the FEC. Changed the leaf name from > prefix to fec to avoid the confusion. > > > > Section 9.2 > > > > I can't find a pattern into which if-feature statements go into > > containers used to augment things vs. the augment directives > themselves. > > Can we be more consistent (or am I missing the pattern)? > > > > [skraza]: It is not intended to set up a strict pattern between feature > name and containers, while the purpose is to provide more descriptive > feature names. That said, the parent container names are often used to > provide the contexts for the feature name. e.g. In the case of “dual- > stack-transport-pereference”, it seems that the parent container name > “peers” is also beneficial, so we have the feature name “dual-stack- > transport-preference” to “peers-dual-stack-transport-preference” to make > the feature name fit better with the pattern and more descriptive. > > Thanks for the explanation > > > feature dual-stack-transport-pereference { > > description > > "This feature indicates that the system allows to configure > > the transport connection pereference in a dual-stack > > setup."; > > > > nit: s/pereference/preference/ (twice) > > [skraza]: Fixed. > > > > feature policy-targeted-discovery-config { > > description > > "This feature indicates that the system allows to configure > > policies to control the acceptance of targeted neighbor > > discovery hello messages."; > > > > nit: s/hello/Hello/ > > [skraza]: Fixed. > > > > typedef neighbor-list-ref { > > type string; > > description > > "A type for a reference to a neighbor address list. > > The string value is the name identifier for uniquely > > identifying the referenced address list, which contains a > list > > of addresses that a routing policy can applied. The > definition > > of such an address list is outside the scope of this > > document."; > > > > If I'm reading correctly between here and where this is used, the > > semantics of this are better described as "implementation-specific" > -- > > that is, this is a label that refers to some local configured state, > > specifically, a list of neighbor addresses used as an ACL. > (Emphasis on > > *local* -- it seems like it does not need to interact with anything > > else.) > > I do sympathize with the YANG doctor, though -- as-is, this feels > > underspecified. > > (BTW, IP ACLs are not considered to be a security measure by the > broader > > security community.) > > Similarly for the subsequent <foo>-list-refs. > > > > [skraza]: We do understand the concerns, and have fixed these two types > by using the https://tools.ietf.org/html/draft-ietf-rtgwg-policy-model, > which was not available when we initially started to work on this model. > > Great! > > > container interfaces { > > description > > "A list of interfaces on which forwarding is > > disabled."; > > > > nit: given the separate 'ldp-disable' leaf, perhaps s/is/can be/ is > in > > order. > > [skraza]: Understand the confusion. Changed as suggested. > > > > Also, the description of the list itself implies additional > > functionality, of listing the interfaces used for basic discovery. > > > > [skraza]: The description was wrong. We don’t intend to use this list > for discovery. Fixed. > > > > grouping graceful-restart-augment { > > description "Augmentation to graceful restart."; > > > > leaf helper-enable { > > if-feature graceful-restart-helper-mode; > > type boolean; > > default false; > > description > > "Enable or disable graceful restart helper mode."; > > > > Where is this "helper mode" documented? > > [skraza]: This is not an RFC defined term but commonly known and used > when GR timer is set to 0. > > Fixed the description in yang to highlight this. > > Is this just staged for the -09? I am not seeing it in the -08. > > > augment "/rt:routing/rt:control-plane-protocols/ldp:mpls-ldp/" > > + "ldp:global" { > > description "Graceful forwarding nexthop augmentation."; > > uses global-forwarding-nexthop-augment; > > } > > > > nit: I don't think "Graceful" is correct, in the description. > > [skraza]: Removed it. > > > > Why is (the augmented) > > /rt:routing/rt:control-plane-protocols/ldp:mpls- > ldp/ldp:global/ldp:address-families/ipv6/label-distribution-controlmode > > 'config false'? Doesn't RFC 5036 say that an LSR might support > either > > as a configuration option? > > > > [skraza]: Yes, but no implementation supports such a cfg as change of > such a mode is a massive disruptive operation - all implementation pick > one mode as the default and only supported mode and stick to it. > > The LDP YANG design team had discussed this early enough and agreed to > not provide this a cfg option. > > Ah, understood. > > > leaf adjacent-address { > > type inet:ipv6-address; > > description > > "Configures a remote LDP neighbor and enables > > extended LDP discovery of the specified > > neighbor."; > > > > As for the ipv4 case, do we still want "and enables" here? > > [skraza]: Fixed by removing it. > > > > augment "/rt:routing/rt:control-plane-protocols/ldp:mpls-ldp/" > > + "ldp:discovery/ldp:interfaces/ldp:interface/" > > + "ldp:address-families/ldp-ext:ipv6" { > > description "Interface address family IPv6 augmentation."; > > uses interface-address-family-ipv6-augment; > > > > Didn't we just create .../ldp:address-families/ldp-ext:ipv6 with an > > earlier augmentation in this module? (Similarly for > > /rt:routing/rt:control-plane-protocols/ldp:mpls- > ldp/ldp:peers/ldp:peer/ldp:address-families/ldp-ext:ipv6 > > which we augment with "uses peer-af-policy-container".) > > > > [skraza]: Yes. It is ok to augment a node which is part of another > augmentation. The result is to add them all together. Doing so is to avoid > too much irregular patterns, so that we have more similar construction > between IPv4 and IPv6. > > > > Appendix A > > > > "is-router": [null], > > > > This looks weird to me ("array containing one element with value > literal > > null") -- why does the array come into play? > > > > [Xufeng]: Here is a little explanation to the seemingly confusing > notation: the pair of square brackets does not indicate a normal array. > Instead, it is a special notation to indicate that the value of a “empty” > type leaf is “present” (Section 6.9. of RFC 7951). Semantically the line > above says that “(the neighbor) is a router.” > > Ah, thanks for the explanations. > > -Ben
- [mpls] Updated rev -08 posted [Re: Benjamin Kaduk… Kamran Raza (skraza)
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… Benjamin Kaduk
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… Rob Wilton (rwilton)
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… tom petch
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… Rob Wilton (rwilton)
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… tom petch
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… tom petch
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… Kamran Raza (skraza)
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… Kamran Raza (skraza)
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… tom petch
- Re: [mpls] Updated rev -08 posted [Re: Benjamin K… Kamran Raza (skraza)
- [mpls] mldp-yang was Re: Updated rev -08 posted [… tom petch
- Re: [mpls] mldp-yang was Re: Updated rev -08 post… Rajiv Asati (rajiva)
- Re: [mpls] mldp-yang was Re: Updated rev -08 post… tom petch
- Re: [mpls] mldp-yang was Re: Updated rev -08 post… Kamran Raza (skraza)