Re: [Netconf] 4741bis -- :url capability issues
Martin Bjorklund <mbj@tail-f.com> Fri, 30 April 2010 10:36 UTC
Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5ED4D3A6B31 for <netconf@core3.amsl.com>; Fri, 30 Apr 2010 03:36:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.058
X-Spam-Level:
X-Spam-Status: No, score=0.058 tagged_above=-999 required=5 tests=[AWL=-0.496, BAYES_50=0.001, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7CaExwk869c for <netconf@core3.amsl.com>; Fri, 30 Apr 2010 03:36:15 -0700 (PDT)
Received: from mail.tail-f.com (de-0316.d.ipeer.se [213.180.79.212]) by core3.amsl.com (Postfix) with ESMTP id 278733A68E8 for <netconf@ietf.org>; Fri, 30 Apr 2010 03:36:14 -0700 (PDT)
Received: from localhost (c213-100-166-156.swipnet.se [213.100.166.156]) by mail.tail-f.com (Postfix) with ESMTPSA id 6B17C616001; Fri, 30 Apr 2010 12:36:00 +0200 (CEST)
Date: Fri, 30 Apr 2010 12:35:59 +0200
Message-Id: <20100430.123559.164315822.mbj@tail-f.com>
To: andyb@iwl.com
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <4BDA3FA5.4020306@iwl.com>
References: <4BDA3FA5.4020306@iwl.com>
X-Mailer: Mew version 6.2.51 on Emacs 22.2 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: netconf@ietf.org
Subject: Re: [Netconf] 4741bis -- :url capability issues
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 10:36:16 -0000
Hi, Andy Bierman <andyb@iwl.com> wrote: > Hi, > > Here are more issues for 4741bis: > > 1) :url as a source for <edit-config> > (Martin already raised this issue) > > choice edit-content { > mandatory true; > anyxml config { > description > "Inline Config content: 'config' element. > This is not full 'anyxml' because the <config> > element cannot directly contain a text node."; > } > leaf url { > if-feature url; > type inet:uri; > } > } > > The edit-config operation allows <url> as a source, > but there is no explanation what the file has to contain. > Does it even have to be XML? > > There is no <get-config> support for a URL database, > so why should there be any partial database editing? But this is url as *source*, not target. url as target is not supported by 4741 (actually, it is allowed by the XSD, but not according to the text). > Since the URL file always represents a complete database, > there are no operations other than copy-config and delete-config > that apply to it. > > Proposed solution: > - Delete 'url' as a source for <edit-config> > - Delete section 8.8.5.1. I agree. Also, Appendix D must be rewritten. > 2) There is no lock support at all for URL databases, so it is > not even clear that copy and delete are properly supported. > > Issue: Should <url> be allowed in <lock> and <unlock> > operations? No. > 3) :url interoperability > > It is not clear what a client application should expect > for any given scheme, or what schemes a server SHOULD > or even MAY support. > > Issue: is the :url capability interoperable? > If not, what should be done about it? I don't know if it is interoperable, but it does make sense to list the schemes we expect implementations to support, and for each scheme, specify how it should be supported. > 4) :url security considerations > > The security considerations for external database representations > of NETCONF configurations are ignored, which should probably be > fixed, if anybody knows what to write. > > Current text: > > Similarly, just because someone says "go write a configuration > through the URL capability at a particular place", this does not mean > that an element should do it without proper authorization. > > Issue: Are the security considerations clear enough or are > more details needed? (e.g., file system permissions for 'file' scheme, > clear-text on-the-wire for 'ftp' and 'http' schemes. It is probably a good idea to point out the clear-text on-the-wire issue. > 5) 'file' scheme > > It is not clear whether: > - absolute path specs must be supported by the server This could be clarified. > - the path-spec represents a conceptual file-system in > the server, or the real file-system. An implementation detail IMO. > - sub-directories must be supported No MUST. > - how many sub-directory levels deep are allowed No requirements. > - other restrictions apply, such as naming, number of files, etc. Implementation issue. e.g. filesystem dependent. > - if the internal mirrored NV-store is really a file, > whether this file is accessible via the <url> parameter. Implementation issue. > - if the external :startup config is accessible via the <url> > parameter. Implementation issue. We keep track of 'rollback files', which can be accessed using this parameter. We also have a proprietary data model to list the files available. > Issue: are any guidelines needed for the 'file' scheme? > This is the most likely scheme to be supported by a server. Yes, I think this is a good idea. /martin
- [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Martin Bjorklund
- Re: [Netconf] 4741bis -- :url capability issues Phil Shafer
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Martin Bjorklund
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Phil Shafer
- Re: [Netconf] 4741bis -- :url capability issues Phil Shafer
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman