Re: [Netconf] 4741bis -- :url capability issues
Andy Bierman <andyb@iwl.com> Sat, 01 May 2010 19:32 UTC
Return-Path: <andyb@iwl.com>
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 456B53A6840 for <netconf@core3.amsl.com>; Sat, 1 May 2010 12:32:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.476
X-Spam-Level:
X-Spam-Status: No, score=-0.476 tagged_above=-999 required=5 tests=[AWL=-1.411, BAYES_50=0.001, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_29=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oD94nGyoUfJo for <netconf@core3.amsl.com>; Sat, 1 May 2010 12:32:00 -0700 (PDT)
Received: from smtp184.dfw.emailsrvr.com (smtp184.dfw.emailsrvr.com [67.192.241.184]) by core3.amsl.com (Postfix) with ESMTP id 474623A6807 for <netconf@ietf.org>; Sat, 1 May 2010 12:32:00 -0700 (PDT)
Received: from relay18.relay.dfw.mlsrvr.com (localhost [127.0.0.1]) by relay18.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id ACD1F16F0BFA; Sat, 1 May 2010 15:31:45 -0400 (EDT)
Received: by relay18.relay.dfw.mlsrvr.com (Authenticated sender: andyb-AT-iwlcorp.com) with ESMTPSA id 6911D16F0230; Sat, 1 May 2010 15:31:45 -0400 (EDT)
Message-ID: <4BDC81A3.1080409@iwl.com>
Date: Sat, 01 May 2010 12:31:47 -0700
From: Andy Bierman <andyb@iwl.com>
Organization: Interworking Labs, Inc.
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Phil Shafer <phil@juniper.net>
References: <201004301434.o3UEY42M068686@idle.juniper.net>
In-Reply-To: <201004301434.o3UEY42M068686@idle.juniper.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: NETCONF <netconf@ietf.org>
Subject: Re: [Netconf] 4741bis -- :url capability issues
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: andyb@iwl.com
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 May 2010 19:32:01 -0000
Phil Shafer wrote: > Andy Bierman writes: > > ... >> There is no <get-config> support for a URL database, >> so why should there be any partial database editing? >> > > What's an "URL database"? > Good question. The standard does a really awful job of explaining that. It is awkwardly defined as: 1) an edit-content choice for edit-config 2) a source or target config-choice option for copy-config 3) a target of delete-config (Note that the current draft is wrong wrt/ delete-config -- Sec. 7.4 does not exclude 'candidate' as a target, but ietf-netconf.yang does exclue it. 4) config-source choice option for validate If I were learning NETCONF, I would think <url> was supposed to be supported as a database because most the operations that affect it have 'config' in the name. But unlike <startup>, you cannot retrieve data with <get-config>, or lock it before using it as the target of a <copy-config>, or find out what <url> values the server will allow, or what values are currently in use (as a hint). The examples in E.1.2 do not really help much. I think the example is wrong: <url>file://incoming.conf</url> Correct: <url>file://localhost/incoming.conf</url> or <url>file:///incoming.conf</url> > >> Since the URL file always represents a complete database, >> there are no operations other than copy-config and delete-config >> that apply to it. >> > > You aren't editing an URL file, you are using a file as an alternative > to <config>. That's why it's inside a "choice". > > OK -- except the external file will not validate correctly if it contains nc:operation attributes, so this sort of edit-config is likely to be restricted to a top-level merge or replace. >> 2) There is no lock support at all for URL databases, so it is >> not even clear that copy and delete are properly supported. >> >> Issue: Should <url> be allowed in <lock> and <unlock> >> operations? >> > > Again, what's an URL database? This is a new concept not > currently in 4741. > change database to 'file representation of a complete database'. > >> 3) :url interoperability >> >> It is not clear what a client application should expect >> for any given scheme, or what schemes a server SHOULD >> or even MAY support. >> >> Issue: is the :url capability interoperable? >> If not, what should be done about it? >> > > Not sure I follow you here, but the scheme allows the server > to tell the client what it supports. There is no SHOULD or > MUST, and MAY is pointless. > Not pointless to an NMS developer who has to write code to utilize :url on different servers. It's the same reason we picked a mandatory transport (SSH) -- for the benefit of the client, not the server. IMO, HTTP and FTP are awful choices, and SHOULD NOT be supported. I am surprised the IESG review of 4741 let that go in the security section review. In one section we explain how NETCONF requires a secure transport (2.2 & 2.3, although it says must instead of MUST), and in another we give examples of passing the entire config contents over-the-wire in clear-text. (!) > >> Current text: >> Similarly, just because someone says "go write a configuration >> through the URL capability at a particular place", this does not mean >> that an element should do it without proper authorization. >> > > s/element/device/ > > s/someone/a client/ > IMO, the entire SC text for :url needs to be rewritten. I guess that means I volunteer to add some text in 4741bis-03. > >> 5) 'file' scheme >> >> It is not clear whether: >> - absolute path specs must be supported by the server >> - the path-spec represents a conceptual file-system in >> the server, or the real file-system. >> - sub-directories must be supported >> - how many sub-directory levels deep are allowed >> - other restrictions apply, such as naming, number of files, etc. >> - if the internal mirrored NV-store is really a file, >> whether this file is accessible via the <url> parameter. >> - if the external :startup config is accessible via the <url> >> parameter. >> >> Issue: are any guidelines needed for the 'file' scheme? >> This is the most likely scheme to be supported by a server. >> > > There are massive interoperability issues with "file:", but > clearly absolute paths are required (file:///), but that the > device need not allow direct access to its native file systems, > if any, so the device can use any file naming mechanism. There > are no requirements in place re: directories, etc. Given the > extreme range of networking gear, I'm not sure this is worth > diving into. > > Yep -- it's a tar-baby. A server is free to do whatever it wants. Client developers: RTFM and figure it out. IMO, simple <backup> and <restore> operations would be better, but too late now. > Thanks, > Phil > > Andy
- [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Martin Bjorklund
- Re: [Netconf] 4741bis -- :url capability issues Phil Shafer
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Martin Bjorklund
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Phil Shafer
- Re: [Netconf] 4741bis -- :url capability issues Phil Shafer
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman