Re: [netconf] Comments on draft-jgc-netconf-privcand
"James Cumming (Nokia)" <james.cumming@nokia.com> Tue, 15 August 2023 21:51 UTC
Return-Path: <james.cumming@nokia.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7A7BC1522BD for <netconf@ietfa.amsl.com>; Tue, 15 Aug 2023 14:51:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IpQjwaKMgvlt for <netconf@ietfa.amsl.com>; Tue, 15 Aug 2023 14:51:31 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2100.outbound.protection.outlook.com [40.107.236.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC7D2C1516E2 for <netconf@ietf.org>; Tue, 15 Aug 2023 14:51:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z89uVIOfzClafVyq1U+LUYSJjf0nzdLlixxKEz0Wbn5O9qmupaF90eLC7g27ZqpHQLPts9xIwMREsbUFybWU3QYOK8+A+naAb2oHLyW7tCAqLJLegXVbUJlC22NRNI7J8B3Rn6NAM/tDYkEDotTi+hd9FOlatz7RcPkUk7idZZikVuCsJeg5w6+W9jQfnReBO0Gq0srxnFBCgF7/B6mf2N6S01b8+s/GltIwGiDa1ibOHyfTL1Lyfv6ushigzwnmmNSNDPPA/fDZenXWm3JFnWPl5NvxVMdhNBSHuSVfPztx0CHo06bf9chbkZ0P+JUG5kTasvWyRJSAmaZtQWb3yg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zCMhnHBqcy8/Nx3upUYluyBmR0DiH3EI0w3nvpmJq4c=; b=jUxeTrn0C9mlmGDas/SmKXxdIGcm+BRFM83YdBosbD3d69wG6YoRQfeyM6zhqV6Bhv0P9rKlHGGXrxnqIXjRmLbWGDpxxOfrxkdEVHsY0FVZf1tSgVMzaXfTSso+jcPiKOdPf0gYvFrINFBKkKtsBoT+musqPBXDOTqdZFm1ZVCHAAROMfdDBT071wkMFYPliiA78T170ckSIeJo0xnsGGtyM44KaD8J1i/K6wh8s+FrGdeoF/vkKZXjPqMsyBJI0vKoeoMepjVLPoI7BVWFPeWGXltSZK0q7YYMM21y3zF3IOMt8+6+2HBljjoZLCK1m9acmd/sVPaSVTeuTJ5J1w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zCMhnHBqcy8/Nx3upUYluyBmR0DiH3EI0w3nvpmJq4c=; b=Rq9Q2STimL95TlYvAr78N+Ndh5RCC3rVovlOAtNQYwV/do6OZWDxMXPguYunuWbHcYMc4+5Kdwgv/BNbgTNVKbjJXvPEVHarfr9Q23RM1qdU94w6LdJEbkr41hoG9uTLGwD3U7KbRqw2rX/Hzs2h5BvpA/MjZV/dnEoVyZsHVpY8EGqZunMDtTJ4VDzwCnp9cpaEl7GVUAgS2HAXvf0VHovWXCDnR5LGZspGF92IJknK6BXMJzRFPpe88PKyqwr7Bw96pFo99OxFv5keiCAk73GS0JPen2zYCx7ATsFYpEY/z2VhbFozhJJNI5J4PvT92mA3XMAQrzio7/QvrkgN+g==
Received: from SA1PR08MB7215.namprd08.prod.outlook.com (2603:10b6:806:1a9::17) by BN0PR08MB6888.namprd08.prod.outlook.com (2603:10b6:408:115::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.33; Tue, 15 Aug 2023 21:51:18 +0000
Received: from SA1PR08MB7215.namprd08.prod.outlook.com ([fe80::3c36:e31a:ce82:b42]) by SA1PR08MB7215.namprd08.prod.outlook.com ([fe80::3c36:e31a:ce82:b42%5]) with mapi id 15.20.6652.029; Tue, 15 Aug 2023 21:51:17 +0000
From: "James Cumming (Nokia)" <james.cumming@nokia.com>
To: "Joe Clarke (jclarke)" <jclarke=40cisco.com@dmarc.ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: Comments on draft-jgc-netconf-privcand
Thread-Index: AQHZz8CFFy5Xc9o620aMDspKbn2oBg==
Date: Tue, 15 Aug 2023 21:50:52 +0000
Message-ID: <SA1PR08MB7215DFD010656EA92D10210AFF14A@SA1PR08MB7215.namprd08.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR08MB7215:EE_|BN0PR08MB6888:EE_
x-ms-office365-filtering-correlation-id: d6dfaa8c-aecc-4634-cbeb-08db9dd9c10d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 822Gd/6rx3svAxzx5ypzWYT501YhMLLF7E0CWgrJkdNdBydDsZXEaHpmZQ+GscDL+pw9gnYE99N6NOA5vgnSxM38wivw7wUJfOPAGogFiLqKY9E8c+4tsFRlgfXvKAfL1F4mMkSq8tBMSKzMqNddjVwzZF/DB7ZEMkBPkatvhlOQ0+LrOtrzPvF23Eyn1RsD1wLpUaK6MYJq0hupA8pb1CKom74c8mRYNPdDvlsiB8V8oCrW5DskWf6hzIO5RVjd9mf6SJHtJQ8ko6sb2/VmiSD5tl3LZW8VoEc0z+I2lzo8NZNbutIsymA49mdmqJX7mNCs4xLCQdFhPzfHekm3Ydn+d2q4i3BiTuXY2rD3mQrRGK2QHv1ZcQcQGqgCZIL4Wg75Om8G6iu8WLMHvj9jzYQ5vN7wJc1LNZWYogLbEEJ3Ql/9ASkDwhM6oCbc/Orakm4nG6aQ1+g/kTalG8hPpVJu+F3/qsfcRoEbpCye3hVJerrlsYpABA2jINipy7miFts4khh808APwtwWwuMLfbqxVZ2gwhIxhqyvVGpwWTDopAavmUTjzQ8vGooZFHnOABgqUrtoPJb5Ofq+HM1wx9UBHM/5B0rdZiTAu0KfTCQPQknpj86bK+j/XV84cok2
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR08MB7215.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(136003)(39860400002)(346002)(366004)(376002)(1800799009)(186009)(451199024)(66476007)(66446008)(52536014)(41300700001)(26005)(66946007)(53546011)(86362001)(38070700005)(38100700002)(66899024)(83380400001)(478600001)(7696005)(6666004)(110136005)(71200400001)(9686003)(2906002)(55016003)(76116006)(316002)(6506007)(66556008)(5660300002)(8936002)(8676002)(64756008)(33656002)(122000001)(82960400001)(66574015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zK8N5HPUxwW/Pt3WFhjL9UUw5ilfXgiaA1XnGvoqaH0mWYL2jvzL/pbmfogzbYwS+/39niNQ4L7igRM/TF2MUatpKOhvwrDzUQK5jq22bGHBvx7qmKfeaOCzuE9mLcXAfuaM8JaRhUzIcAVoto+Bxh6QZizQPyLta9tFP7iZJJLO9dsNBWp6mBlor0TjP76LPghsXzsSg9+p1pmqYYJ9mLrIPqnlHVj56pJ633dG+Yf3g6fgsw8ssaKDEVGNoocDht8wWTKd2BP0hnhhKaJsm4xMNouc6P3JA7JG7PLavpyc1Gfd9pCYkz31XKpjyrc4WcZv0R4z+etgUpTYQy0/sDPmGbK41c8oi2z389zRbJm/tIvT7Sw5VKL6Ei9rI65pnucbkXRbMcNBl/VjO8bokdxDyUmD5/oP511n2l7UX/9AQq+pR/fDViG3VYVE9hmZEVxnNgDRSZzdXE3pwwlrmEAUfo8jgF1ReimiwuME9K2/EVqj3F65teBL6I+xBGHyPFVNGdrd1zDlWzdrOUsrr6Fu+Y3Q1DTafCOKv+f9G6bVfSScgvLS3xA3aDyMlrKp8KZ/GXBYseXkIpb4ZJ0FHnkXW6/yvLd2nMSP3bRrzC5MFQXJeM7DnxtjBQ2iJpYiIkoLOuSPVHeiHkaWTUPVSG8qBBEcRLcqCgAsT0gBPWJUVGd+UhLdK/pwBFDGi1f6swO4ysOBLosBs69k6/J7dwqSPJl/a70Uz/audRSsVQ/rM31cv7l04uh6jhvGZIbvDltu2zi1/TaRr+dPZkcK1O7nx18xNvqpG5dYruq9w9lTotVKn5bOuA+WXchXOWw8T47+/S5Dp2NC2SMO/dtrnShbU4HzI0d4vOvSk9rzxwcRmozA/2Gzg8kVuoUMLnKWPMKcjMCT1IwXDUJNyJJz24o/2JhauBArJwAn+pNxG4Re8olw7jU1Cqga5RS6aSaFO+c8VYi+P3Fk9wH5D2ZiIL/MExgdpoMSdUdPEScNYC0wC9iQ33SnQM5gpZpV55efb8LPXf395MHNbUE1LeB19KZrDYjrqr/n+TJu3Qc9ZoDvfIewXQiqG7As/udHOiaokoRUapmsGmnMp+W3FdGQL4rXgAjnDayaWo7HzdTvLDS0exKTIgKwUZYuuouJZIFQWtJ8zrsjHvSArdn1nsM5vKatcCB62Tte5dxFNZiPU2IIKXXex/za+Z9kdnTRYJk5voosI5FKaLFLkyPG20ZTlOJ8TgYmCyVU/iM5Ej3tbWoKPBnMP90D5RHCU4wkwJ7Z05PIMmI5y/UXuYCaeun+ZcilUFey23jVWqcGbm0ssm8FUWixqYTFcq10Ky2ciKbx0YRI/gb+RHtxTiVrWlvUeKm8W/Hj7Plu2rGWObUUYnFnGwgi0Y9i1wriYGimnQ2Z4HcWX5IeHgnF9YrcKkSZAy/o0hZdgBj9Bidgbm6iJNuSDkAqyglX5XVoCAPylLbRqPrRhV8lYcGmUlZ+ozOYaMY4G7eL70cnL/sq6pn0p8sBMfwcXH/vsQyBEMnezNFhjng8AqM+KjuuSkX2afyxZnnJXAAOlC/VCFTui2Z417wQLX+EIn4VuDnpXasri201
Content-Type: multipart/alternative; boundary="_000_SA1PR08MB7215DFD010656EA92D10210AFF14ASA1PR08MB7215namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR08MB7215.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6dfaa8c-aecc-4634-cbeb-08db9dd9c10d
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Aug 2023 21:51:17.5288 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YtqKq8D6iuMHdW79qaQJfmQYRV0n251A1bcB+CTDkoLK1jIUjhOqVRZqURhaEMBuL+RxgAK0ZJP5oz2HB4Zj+g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0PR08MB6888
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/DMRFL2kqzjUq2y_HdSjhZ6pfZRg>
Subject: Re: [netconf] Comments on draft-jgc-netconf-privcand
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2023 21:51:35 -0000
Hi Joe, and Jan as this is txid related),
And the wider working group…..
Rob and I (the authors of this draft) were talking today about the suggestion of the using the TXID to identify conflicts.
This is how we understand the proposal might be described.
Consider the following pseudo configuration (in tree format to make it easier to read) in the running
configuration at the start of this workflow.
+-- configure (txid: 0)
+-- myvpn [vpn-name=”foo”] (txid: 0)
+-- interface [interface-name="intf1"] (txid: 0)
| +-- description "intf1_desc" (txid: 0)
+-- interface [interface-name="intf2"] (txid: 0)
+-- description "intf2_desc" (txid: 0)
And consider the following workflow (using the private-candidates style branch diagram format):
+-------------------* Shared candidate
/ \
/ ⌄
+----+-+---+-----------------+-----------------------------> Running
\ \
\ \
\ +-----------------------(y)--------------> Private candidate 2
\
+-------------------------(x)--------------> Private candidate 1
For the purposes of this email, we're going to focus just on the conflict detection when using
txid (and I'm going to simplify the txid part a little to make it easy to read).
The private candidate at creation time (the start of its branch) has the identical configuration as the
initial running, including the same txid (0) on all elements.
Step 1. The user configuring the shared candidate changes the description of interface 1 and commits it.
The txid is changed on the /configure/myvpn[vpn-name="foo"]/interface[interface-name="intf1"]/description
path and back up the tree to the root:
+-- configure (txid: 1)
+-- myvpn [vpn-name=”foo”] (txid: 1)
+-- interface [interface-name="intf1"] (txid: 1)
| +-- description "intf1_desc" (txid: 1)
+-- interface [interface-name="intf2"] (txid: 0)
+-- description "intf2_desc" (txid: 0)
Step 2. The user configuring private candidate 1 adds a description to the vpn itself and issues and
update (at point (x)) which (assuming the default revert-on-conflict) succeeds with no conflict
detected because the system checks the /configure/myvpn[vpn-name="foo"]/description path and finds it
doesn't exist (so no txid) meaning there is not a conflict. If it were to commit (which lets say right
now that it does not) the resulting configuration would be this:
+-- configure (txid: 2)
+-- myvpn [vpn-name=”foo”] (txid: 2)
+-- description "new description" (txid: 2)
+-- interface [interface-name="intf1"] (txid: 1)
| +-- description "intf1_desc" (txid: 1)
+-- interface [interface-name="intf2"] (txid: 0)
+-- description "intf2_desc" (txid: 0)
Step 3. Another user configuring private candidate 2 changes the description in interface 1 and issues an
update (at point (y)) which (assuming the default revert-on-conflict) fails saying there is a conflict
because it has checked the txid on that leaf when it started (txid: 0) against the txid on that same
leaf in the running configuration and found that it now has a different txid (txid: 1) and as 0 != 1
this means conflict.
Is this what you had in mind?
Are there any situations where this wouldn't be the case, or you see issues with this working?
I'm thinking of some more complicated items such as changing leaf-lists and changing metadata (annotations).
Additionally, how would system configuration where systems currently self-provision data, and how in
future, would items provisioned (either by copy or inheritance) from a system datastore be expected to work
from a txid standpoint?
We would need to differentiate in the txid draft (and I don’t recall whether you already do Jan – sorry)
between no txid on new items as opposed to inheriting the parents txid on creation. If the inheritance
approach was taken then this method of conflict detection would yield ‘false conflicts’.
If we went forward with this approach, we would be grouping these drafts together though which would mean
an implementation would HAVE to implement txid in order to be able to use private candidates which I am
not sure (at this time) that I would favour.
Just to address one specific in your email Joe…… I am not sure that using txid helps at all in conflict RESOLUTION
only in DETECTION but I suspect this is what you meant anyway but clarification would help.
Thanks
James
From: netconf netconf-bounces@ietf.org<mailto:netconf-bounces@ietf.org> on behalf of James Cumming (Nokia) james.cumming@nokia.com<mailto:james.cumming@nokia.com>
Date: Monday, 31 July 2023 at 09:45
To: Joe Clarke (jclarke) jclarke=40cisco.com@dmarc.ietf.org<mailto:jclarke=40cisco.com@dmarc.ietf.org>, netconf@ietf.org<mailto:netconf@ietf.org> netconf@ietf.org<mailto:netconf@ietf.org>
Subject: Re: [netconf] Comments on draft-jgc-netconf-privcand
Thanks for the comments Joe. The authors will take a good look through them and address them either in the next version of the draft or on the list shortly.
It’s really useful to have the specific feedback and I’d encourage others to share as well.
From: netconf netconf-bounces@ietf.org<mailto:netconf-bounces@ietf.org> on behalf of Joe Clarke (jclarke) jclarke=40cisco.com@dmarc.ietf.org<mailto:jclarke=40cisco.com@dmarc.ietf.org>
Date: Thursday, 27 July 2023 at 14:44
To: netconf@ietf.org<mailto:netconf@ietf.org> netconf@ietf.org<mailto:netconf@ietf.org>
Subject: [netconf] Comments on draft-jgc-netconf-privcand
I mentioned some of this in chat (as my browser permissions were giving me a fit). I support this work. I think taken with the tracing and txid work it brings the possibility of more context and metadata to configuration changes. I like the “git” aspects being pushed to the NETCONF/RESTCONF server.
I agree with Balazs that conflict resolution is important here, and I like the idea of using txid as a means to do this. I don’t particularly like the auto-update approach, though. I’d rather attempt a <commit> and find than an update and potential resolution is needed.
I was also going to make a similar comment to Quifang. I would like to see the ability to delete a private candidate on commit. If we care about the private candidate name (perhaps for tracing), I might want to do one type of change in private-add-exampleco1-vpn, commit it, and then have the candidate deleted so I can continue my session with a new private candidate for another change.
I suppose I can <delete-config> this to remove the old private candidate, but I’d like an extension to commit to do this at once (though not so much of a big deal). I’d rather not have to disconnect and reconnect the session to perform this type of flow, though.
Joe
- [netconf] Comments on draft-jgc-netconf-privcand Joe Clarke (jclarke)
- Re: [netconf] Comments on draft-jgc-netconf-privc… James Cumming (Nokia)
- Re: [netconf] Comments on draft-jgc-netconf-privc… James Cumming (Nokia)
- Re: [netconf] Comments on draft-jgc-netconf-privc… Jan Lindblad
- Re: [netconf] Comments on draft-jgc-netconf-privc… Joe Clarke (jclarke)
- Re: [netconf] Comments on draft-jgc-netconf-privc… Joe Clarke (jclarke)