Re: [Netconf] 4741bis -- :url capability issues
Andy Bierman <andyb@iwl.com> Sat, 01 May 2010 19:32 UTC
Return-Path: <andyb@iwl.com>
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 456B53A6840 for <netconf@core3.amsl.com>; Sat, 1 May 2010 12:32:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.476
X-Spam-Level:
X-Spam-Status: No, score=-0.476 tagged_above=-999 required=5 tests=[AWL=-1.411, BAYES_50=0.001, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_29=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oD94nGyoUfJo for <netconf@core3.amsl.com>; Sat, 1 May 2010 12:32:00 -0700 (PDT)
Received: from smtp184.dfw.emailsrvr.com (smtp184.dfw.emailsrvr.com [67.192.241.184]) by core3.amsl.com (Postfix) with ESMTP id 474623A6807 for <netconf@ietf.org>; Sat, 1 May 2010 12:32:00 -0700 (PDT)
Received: from relay18.relay.dfw.mlsrvr.com (localhost [127.0.0.1]) by relay18.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id ACD1F16F0BFA; Sat, 1 May 2010 15:31:45 -0400 (EDT)
Received: by relay18.relay.dfw.mlsrvr.com (Authenticated sender: andyb-AT-iwlcorp.com) with ESMTPSA id 6911D16F0230; Sat, 1 May 2010 15:31:45 -0400 (EDT)
Message-ID: <4BDC81A3.1080409@iwl.com>
Date: Sat, 01 May 2010 12:31:47 -0700
From: Andy Bierman <andyb@iwl.com>
Organization: Interworking Labs, Inc.
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Phil Shafer <phil@juniper.net>
References: <201004301434.o3UEY42M068686@idle.juniper.net>
In-Reply-To: <201004301434.o3UEY42M068686@idle.juniper.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: NETCONF <netconf@ietf.org>
Subject: Re: [Netconf] 4741bis -- :url capability issues
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: andyb@iwl.com
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 May 2010 19:32:01 -0000
Phil Shafer wrote:
> Andy Bierman writes:
>
> ...
>> There is no <get-config> support for a URL database,
>> so why should there be any partial database editing?
>>
>
> What's an "URL database"?
>
Good question.
The standard does a really awful job of explaining that.
It is awkwardly defined as:
1) an edit-content choice for edit-config
2) a source or target config-choice option for copy-config
3) a target of delete-config (Note that the current draft is
wrong wrt/ delete-config -- Sec. 7.4 does not exclude 'candidate'
as a target, but ietf-netconf.yang does exclue it.
4) config-source choice option for validate
If I were learning NETCONF, I would think <url> was supposed
to be supported as a database because most the operations that
affect it have 'config' in the name.
But unlike <startup>, you cannot retrieve data with <get-config>,
or lock it before using it as the target of a <copy-config>,
or find out what <url> values the server will allow,
or what values are currently in use (as a hint).
The examples in E.1.2 do not really help much.
I think the example is wrong:
<url>file://incoming.conf</url>
Correct:
<url>file://localhost/incoming.conf</url>
or
<url>file:///incoming.conf</url>
>
>> Since the URL file always represents a complete database,
>> there are no operations other than copy-config and delete-config
>> that apply to it.
>>
>
> You aren't editing an URL file, you are using a file as an alternative
> to <config>. That's why it's inside a "choice".
>
>
OK -- except the external file will not validate correctly if
it contains nc:operation attributes, so this sort of edit-config
is likely to be restricted to a top-level merge or replace.
>> 2) There is no lock support at all for URL databases, so it is
>> not even clear that copy and delete are properly supported.
>>
>> Issue: Should <url> be allowed in <lock> and <unlock>
>> operations?
>>
>
> Again, what's an URL database? This is a new concept not
> currently in 4741.
>
change database to 'file representation of a complete database'.
>
>> 3) :url interoperability
>>
>> It is not clear what a client application should expect
>> for any given scheme, or what schemes a server SHOULD
>> or even MAY support.
>>
>> Issue: is the :url capability interoperable?
>> If not, what should be done about it?
>>
>
> Not sure I follow you here, but the scheme allows the server
> to tell the client what it supports. There is no SHOULD or
> MUST, and MAY is pointless.
>
Not pointless to an NMS developer who has to write
code to utilize :url on different servers. It's the same
reason we picked a mandatory transport (SSH) -- for
the benefit of the client, not the server.
IMO, HTTP and FTP are awful choices, and SHOULD NOT
be supported. I am surprised the IESG review of 4741
let that go in the security section review.
In one section we explain how NETCONF requires a secure
transport (2.2 & 2.3, although it says must instead of MUST),
and in another we give examples of passing the entire config
contents over-the-wire in clear-text. (!)
>
>> Current text:
>> Similarly, just because someone says "go write a configuration
>> through the URL capability at a particular place", this does not mean
>> that an element should do it without proper authorization.
>>
>
> s/element/device/
>
> s/someone/a client/
>
IMO, the entire SC text for :url needs to be rewritten.
I guess that means I volunteer to add some text in 4741bis-03.
>
>> 5) 'file' scheme
>>
>> It is not clear whether:
>> - absolute path specs must be supported by the server
>> - the path-spec represents a conceptual file-system in
>> the server, or the real file-system.
>> - sub-directories must be supported
>> - how many sub-directory levels deep are allowed
>> - other restrictions apply, such as naming, number of files, etc.
>> - if the internal mirrored NV-store is really a file,
>> whether this file is accessible via the <url> parameter.
>> - if the external :startup config is accessible via the <url>
>> parameter.
>>
>> Issue: are any guidelines needed for the 'file' scheme?
>> This is the most likely scheme to be supported by a server.
>>
>
> There are massive interoperability issues with "file:", but
> clearly absolute paths are required (file:///), but that the
> device need not allow direct access to its native file systems,
> if any, so the device can use any file naming mechanism. There
> are no requirements in place re: directories, etc. Given the
> extreme range of networking gear, I'm not sure this is worth
> diving into.
>
>
Yep -- it's a tar-baby.
A server is free to do whatever it wants.
Client developers: RTFM and figure it out.
IMO, simple <backup> and <restore> operations
would be better, but too late now.
> Thanks,
> Phil
>
>
Andy
- [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Martin Bjorklund
- Re: [Netconf] 4741bis -- :url capability issues Phil Shafer
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Martin Bjorklund
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman
- Re: [Netconf] 4741bis -- :url capability issues Phil Shafer
- Re: [Netconf] 4741bis -- :url capability issues Phil Shafer
- Re: [Netconf] 4741bis -- :url capability issues Andy Bierman