Re: [netconf] pls clarify get operation

["Rob Wilton (rwilton)" <rwilton@cisco.com>]

Hi Frank,

The IETF YANG models are designed to work with implementations that support NMDA.

They can be used with pre NMDA implementations, but as you say some data cannot be returned.  As per my previous reply, the mitigation here, if required, is to use the NMDA YANG module as input to a conversion process that generates the additional duplicate state tree.  This is fairly easy to generate (either by hand or via tooling).  IIRC, some RFCs have published the additional state trees in the appendix, where they thought that this might be useful.

But fundamentally, the idea of mixing <running configuration> + operational state into a single combined dataset is flawed:

  1.  <running> represents the desired configuration state that the operator would like the device to be in.
  2.  Operational state represents the currently applied configuration and additional state for what the device is currently doing.



These two datasets are temporally distinct.  E.g. how do you return data for an interface that currently exists in the system but has been deleted in the configuration.  Any way that you try and combine these two datasets you will end up with inconsistencies and corner case bugs and warts.



Once they are treated as separate data sets, the architecture becomes much simpler, cleaner, and more consistent:

  *   <running> can ALWAYS represent the configuration input into the device.
  *   <operational> can ALWAYS represent the current operational state of the device.

Clients can use whatever mechanism they which is compare or combine these two datasets depending on their requirements and the sophistication of the management system.

Thanks,
Rob


From: Fengchong (frank) <frank.fengchong@huawei.com>
Sent: 28 June 2019 10:18
To: Rob Wilton (rwilton) <rwilton@cisco.com>; netconf@ietf.org; netmod@ietf.org
Cc: Zhangwei (SS) <zhangwei70@huawei.com>
Subject: 答复: pls clarify get operation

Hi Rob,
If we write a new NMDA-style YANG module,  this YANG module seems can’t be supported well in non-NMDA device(because no system-controlled data can be retrieved).
I think this thing will cause a lot of trouble to the implementation of the IETF models.
________________________________
华为技术有限公司 Huawei Technologies Co., Ltd.
[Company_logo]
个人签名：冯冲
手　　机：13776612983
电子邮件：frank.fengchong@huawei.com<mailto:frank.fengchong@huawei.com>
公司网址：www.huawei.com<http://www.huawei.com>
________________________________
 本邮件及其附件含有华为公司的保密信息，仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、或散发）本邮件中
的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本邮件！
This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

发件人: Rob Wilton (rwilton) [mailto:rwilton@cisco.com]
发送时间: 2019年6月28日 17:10
收件人: Fengchong (frank) <frank.fengchong@huawei.com<mailto:frank.fengchong@huawei.com>>; netconf@ietf.org<mailto:netconf@ietf.org>; netmod@ietf.org<mailto:netmod@ietf.org>
抄送: Zhangwei (SS) <zhangwei70@huawei.com<mailto:zhangwei70@huawei.com>>
主题: RE: pls clarify get operation

Hi Frank,

NMDA does not change the semantics of the <get> operation at all: I.e. the operation returns the contents of the <running> datastore combined with all the operational state as well.

Going outside the standards there are probably 2 pragmatic choices:
(1)   Implement <get> as above (but may be expensive to implement for a new device).
(2)   Don’t support the <get> operation at all, requiring users to use the <get-data> equivalent instead.  This was the informal long term plan, i.e. <get> will probably eventually be deprecated.

Regarding your last question, yes, you are right that it cannot return system-controlled data.  One option here is to use the NMDA YANG module as input to a conversion process that generates old IETF style YANG models with split config/state trees (i.e. like RFC 7223).

Thanks,
Rob


From: Fengchong (frank) <frank.fengchong@huawei.com<mailto:frank.fengchong@huawei.com>>
Sent: 28 June 2019 09:55
To: Rob Wilton (rwilton) <rwilton@cisco.com<mailto:rwilton@cisco.com>>; netconf@ietf.org<mailto:netconf@ietf.org>; netmod@ietf.org<mailto:netmod@ietf.org>
Cc: Zhangwei (SS) <zhangwei70@huawei.com<mailto:zhangwei70@huawei.com>>
Subject: 答复: pls clarify get operation

Hi Rob,
Thanks for your explanation.
You mean get operation only  report running configuration and state nodes in non-NMDA scenario.
But if in NMDA scenario, what would be reported when we use the same get operation  to retrieve information? The same with non-NMDA or report all configuration including user-controlled and  system-controlled?


Another question:
If we write a NMDA-style YANG module without config false copy, when we implement this YANG in non-NMDA device, perhaps we have no way to get the information of system-controlled data.

________________________________
华为技术有限公司 Huawei Technologies Co., Ltd.
[Company_logo]
个人签名：冯冲
手　　机：13776612983
电子邮件：frank.fengchong@huawei.com<mailto:frank.fengchong@huawei.com>
公司网址：www.huawei.com<http://www.huawei.com>
________________________________
 本邮件及其附件含有华为公司的保密信息，仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、或散发）本邮件中
的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本邮件！
This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

发件人: Rob Wilton (rwilton) [mailto:rwilton@cisco.com]
发送时间: 2019年6月28日 16:39
收件人: Fengchong (frank) <frank.fengchong@huawei.com<mailto:frank.fengchong@huawei.com>>; netconf@ietf.org<mailto:netconf@ietf.org>; netmod@ietf.org<mailto:netmod@ietf.org>
抄送: Zhangwei (SS) <zhangwei70@huawei.com<mailto:zhangwei70@huawei.com>>
主题: RE: pls clarify get operation

Hi Frank,

Pre NMDA:
-        You have a the <running> datastore, along with some others like <candidate> and <startup> that you can ignore for the purposes of this discussion.
-        The <running> datastore can only contains data for schema nodes that are marked as “config true” in YANG (i.e. “rw” in your tree output below).
-        The system may also have some operational state data that is marked as “config false” in YANG (i.e. “ro” in your tree output below).

The NETCONF <get-config> operation returns the contents of the <running> datastore.
The NETCONF <get> operation returns the contents of the <running> datastore combined with all the operational state as well.  Filters can be applied to return a subset of the data.

Regarding your question about user created configuration vs system created configuration, it depends on whether the devices instantiates the configuration in <running> or not.  If it does, then it would be returned in <get> and <get-config> operations.  If it doesn’t then it would not.  Different vendors/devices will likely implement this in different ways.

Generally, I think that <running> should only contain the configuration explicitly configured by the operator’s systems.  But this means that there isn’t a clean way to represent system created configuration or applied configuration, unless you make a config false copy of every config true node in YANG.  This is approach that was taken by the original IETF YANG models (e.g. RFC 7223) before they were superseded by NMDA, and also the OpenConfig YANG models (but using a different structure – which also struggles to cleanly represent system created configuration data).

The NMDA architecture was written to solve this problem in a clean way without requiring duplication in the YANG data models.

Hopefully this helps clarify.

Thanks,
Rob


From: netmod <netmod-bounces@ietf.org<mailto:netmod-bounces@ietf.org>> On Behalf Of Fengchong (frank)
Sent: 28 June 2019 04:29
To: netconf@ietf.org<mailto:netconf@ietf.org>; netmod@ietf.org<mailto:netmod@ietf.org>
Cc: Zhangwei (SS) <zhangwei70@huawei.com<mailto:zhangwei70@huawei.com>>
Subject: [netmod] 答复: pls clarify get operation

Hi all,

     Pls clarify this question. I have been confused for a long time.

________________________________
华为技术有限公司 Huawei Technologies Co., Ltd.
[Company_logo]
个人签名：冯冲
手　　机：13776612983
电子邮件：frank.fengchong@huawei.com<mailto:frank.fengchong@huawei.com>
公司网址：www.huawei.com<http://www.huawei.com>
________________________________
 本邮件及其附件含有华为公司的保密信息，仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、或散发）本邮件中
的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本邮件！
This e-mail and its attachments contain confidential information from HUAWEI, which
is intended only for the person or entity whose address is listed above. Any use of the
information contained herein in any way (including, but not limited to, total or partial
disclosure, reproduction, or dissemination) by persons other than the intended
recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

发件人: Fengchong (frank)
发送时间: 2019年6月27日 9:59
收件人: 'netconf@ietf.org' <netconf@ietf.org<mailto:netconf@ietf.org>>; netmod@ietf.org<mailto:netmod@ietf.org>
抄送: Yangshouchuan <yangshouchuan@huawei.com<mailto:yangshouchuan@huawei.com>>; Zhangwei (SS) <zhangwei70@huawei.com<mailto:zhangwei70@huawei.com>>
主题: pls clarify get operation

Hi all,
In RFC6241, get operation is defined as:
7.7<https://tools.ietf.org/html/rfc6241#section-7.7>.  <get>

   Description:  Retrieve running configuration and device state

      information.
This description is too simply, so I think it should be clarified.

The case is: a data node modelled by one yang can be configured by user, but also can be created/modified by system or other protocols. If client issues get operation to retrieve this node,
          The data is created/modified by system or other protocols SHOULD be returned?
          For example:
          Rib can be configured by user and also can be created by routing protocols. In RFC 8349, the rib list is defined as:



      +--rw ribs

         +--rw rib* [name]

            +--rw name              string

            +--rw address-family?   identityref

            +--ro default-rib?      boolean {multiple-ribs}?

            +--ro routes

            |  +--ro route*

            |        ...

            +---x active-route

            |  +---w input

            |  |  +---w v4ur:destination-address?   inet:ipv4-address

            |  |  +---w v6ur:destination-address?   inet:ipv6-address

            |  +--ro output

            |        ...

            +--rw description?      string



       If client issued get operation to retrieve ribs from non-NMDA device, rib instance created by routing protocols should be returned?

       Another associated question: If client issued get-config operation from non-NMDA device, only user-controlled rib instance should be returned?