IETF Logo Mail Archive

Re: [netconf] RFC 6241 Ambiguity

Andy Bierman <andy@yumaworks.com> Tue, 11 June 2019 21:19 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAA34120098 for <netconf@ietfa.amsl.com>; Tue, 11 Jun 2019 14:19:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K8blBYrWbydC for <netconf@ietfa.amsl.com>; Tue, 11 Jun 2019 14:19:19 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9A22120018 for <netconf@ietf.org>; Tue, 11 Jun 2019 14:19:18 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id m23so13063723lje.12 for <netconf@ietf.org>; Tue, 11 Jun 2019 14:19:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2sVou4NwCa5XNhT9rXoYWhz/Neh/QA87A/UZuL2VKkk=; b=wWs/vCnZs2q0Cbr42j4QBRvg9ZjjFI59daYh4PWJikLcH8AoXeOcBYIXtxFSwsyrVb 7ZcfolFsM+XLOOShvl+gU+3ABgUSL3flkwzofBvWj5HJTiItY1jjfNXuq9RZuMqA9aWB oFjbZBCTXuMxc0SltujXgFjvHr3fsNuZTyaMdwiJBIQxlM9OIg/nRqMzVeto0RmCnFSb 9QKKuRgJvZwbUHkhWeLGBSCJaFqe7/Bj8+fBJJ9+1nKG6NML5/ryoTpBQ5S4eEL1MR+f 3u7f1NDStd5LXxem4xWdL1+2Qec8oA1Voutjp+VRjGvN31D4WZGMNiOkWct9yRUH8ee0 Ro/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2sVou4NwCa5XNhT9rXoYWhz/Neh/QA87A/UZuL2VKkk=; b=p1b8cBLpQZpsx1HZylnXsurOcNaaekQQVc+O6YwLqLyyjC5pAwHpTJAs/KPpgQnTbS gdzSb34VDWdVJIJnxsxM9zdTFIIImK8Jqsn/7CrOhhf3yF1rO9CQa2p+fdxeNi9uwvXK JrTZofyFnT6e8OrsD4J0E+gDV5Tl7HN9DVkenkVRBdEok21nhY25foYEGszKbmOQo8ea kMlSCMAdNaEU+GUY4cdbMXUyQe7HXJ0D5TYAHWt25K9q8h98orNpZi0uw1HWIgs10CXJ xXmyl3P9VbQLiY1XEsBTjyUtgq/zXH5VuE6ve9gKvEMaykNzxOjDG0AEKO8QEECBF4xW znGg==
X-Gm-Message-State: APjAAAWPmx46pm4N96WnUmYQfo5b5u/o/JkMsaht9RZlJNHOOHkfGBiL MB+v8cmB7Pp0NcMpXb96wUp3BJKONkEHww5D0XxluQ==
X-Google-Smtp-Source: APXvYqyoTEuSl7sTyZeiMUEwjNYBS3EDDS7vdYBZdF25CS/axouz4Ht7zj/xVyxXqxZ5svjai2JhmrOAcfOM0zjBuo0=
X-Received: by 2002:a2e:9a87:: with SMTP id p7mr16912552lji.133.1560287956732; Tue, 11 Jun 2019 14:19:16 -0700 (PDT)
MIME-Version: 1.0
References: <em35e87021-fa76-4888-a383-8b34e960175f@morpheus> <0100016aa75956af-70018fb1-15f8-4394-8ffd-4f4d5b2d7b3f-000000@email.amazonses.com> <CABCOCHScSp8AEjcgSd7tX-Va45y51CxK-b_hO4nd3SzW9rTUKA@mail.gmail.com> <eme2e51d99-6140-4142-b89f-db5e4c6e2a88@morpheus> <0100016ab7a9af7e-cd7f776e-79e1-42a4-9c5d-d04aed0d8fa1-000000@email.amazonses.com> <emdf557a96-2926-4d87-83f9-2f8216ed652e@morpheus> <76ED75C8-AA1A-4A03-A382-0DE834C914A1@gmail.com> <0100016abd77bfe3-88ae515a-d7f9-41c7-b627-9c51bdf16213-000000@email.amazonses.com> <CABCOCHQ-SWFCzs-FzhLe=-n+j+-AEknTuv-nKJ4etFm0srig5w@mail.gmail.com> <884391D0-3F53-4F3D-BFB0-DD333D09507C@gmail.com> <CABCOCHTLzW+2mkau0KHSbprw0e7PjNFO6SZoPyXUzkKm7gsyow@mail.gmail.com> <00d101d51216$f807d120$e8177360$@hansfords.net> <E954A8E5-B241-4655-BF04-F987EC2870C2@gmail.com> <CABCOCHRKSjEFfRvdQWZEnqMQVQd_hNdrK2r4KByiaTbb8FL3aA@mail.gmail.com> <3B2E5975-26B3-4310-B718-9D8D3F0B0DDA@gmail.com> <CABCOCHTH8Ge6Yk3KdaX-sTmcs_Cx-1U4CEvL8Mt-oLFXUQUCug@mail.gmail.com> <0100016b482fc5f4-caf4b52b-416a-438f-9c47-68df526fb9b7-000000@email.amazonses.com>
In-Reply-To: <0100016b482fc5f4-caf4b52b-416a-438f-9c47-68df526fb9b7-000000@email.amazonses.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Tue, 11 Jun 2019 14:19:05 -0700
Message-ID: <CABCOCHQbUCPBu-wY_5sA2TUgsOFNGBtAtrYZ9crFJZV+=xo3Cw@mail.gmail.com>
To: Kent Watsen <kent@watsen.net>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, "netconf@ietf.org" <netconf@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000068b767058b12d985"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/DUo6uGI8b-2On0LaoRtfvzH0JOg>
Subject: Re: [netconf] RFC 6241 Ambiguity
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2019 21:19:23 -0000

On Tue, Jun 11, 2019 at 1:16 PM Kent Watsen <kent@watsen.net> wrote:

>
> Hi Andy,
>
> So, by exclusion, is it fair to say that you support the NEW 7.8 and 7.9
> text?
>
>
They defer to section 8.4 which fine


> As for the 8.4.1 text, do you agree that there is a disconnect between
> what's in 8.4.1 and the description for the 'persist' leaf (e.g., current
> text says "the only way to abort a persistent confirmed commit is to let
> the timer expire, or to use the <cancel-commit> operation.").  If so, then
> a clarifying statement is needed, the only question is what it is. The
> choices are:
>
>   a)  'persist' MUST span reboots.
>   b)  'persist' MUST NOT span reboots.
>   c) ' it is an implementation decision as to if 'persist' spans reboots.
>
> Personally, I'm okay with any of these as it seems the primary benefit for
> 'persist' is still reaped (i.e., to survive a client-disconnect that may
> occur due to the config being committed) and given that most devices do not
> need to reboot in order to commit a configuration.
>
>
IMO the text most strongly supports (b) [para 6].
It could be argued that [para 5] supports (a) because a server reboot does
cause a session
termination, but IMO this was not the intent of para 5. It suggests the
server is still running
but the client session is terminated

[para 5]

   If the session issuing the confirmed commit is terminated for any
   reason before the confirm timeout expires, the server MUST restore
   the configuration to its state before the confirmed commit was
   issued, unless the confirmed commit also included a <persist>
   element.


[para 6]

       If the device reboots for any reason before the confirm timeout

   expires, the server MUST restore the configuration to its state
   before the confirmed commit was issued.


I think (c) is OK since it not 100% clear what the scope of "unless"
is in para 5.



That said, some (IoT?) devices may need to reboot in order to apply any
> configuration.  If this ability does not support such devices, then they
> would never be able to support 'commit confirmed' (with or without
> 'persist') and hence may become bricks in some scenarios.  Do we care?
>
> Kent  // contributor
>
>
>
Andy


>
> On Jun 4, 2019, at 4:16 PM, Andy Bierman <andy@yumaworks.com> wrote:
>
> Hi,
>
> I prefer to leave the old text in 8.4.1 alone and not change it
> I don't agree there is any text to support this significant change in
> server behavior.
> An Errata should not make existing implementations non-compliant.
> I don't see any text that indicates the original intent was to make a
> confirmed commit
> survive a reboot.
>
> If a <persist> parameter is provided by the client session, and then that
> client session
> terminates, there is no way for a superuser (or any user) to invoke the
> <cancel-commit>
> operation.  The only remedy is to wait for the timeout or reboot the
> device.
> If the timeout is long or unknown) then waiting it out may not be a good
> option.
>
> With the new text, rebooting the device does not clear this situation
>
>
> Andy
>
>
> On Tue, Jun 4, 2019 at 12:48 PM Mahesh Jethanandani <
> mjethanandani@gmail.com> wrote:
>
>> Hi Andy,
>>
>> Please provide alternative text in the form of OLD/NEW, if you do not
>> agree with what is being proposed.
>>
>> Thanks
>>
>> On Jun 3, 2019, at 8:24 AM, Andy Bierman <andy@yumaworks.com> wrote:
>>
>>
>>
>> On Fri, May 31, 2019 at 3:19 PM Mahesh Jethanandani <
>> mjethanandani@gmail.com> wrote:
>>
>>>
>>> Several attempts have been made to clarify the role of confirmed commit
>>> in RFC 6241 vis-a-vis Section 7.8 <close-session> and Section 7.9
>>> <kill-session>, and the text in Section 8.4 Confirmed Commit Capability.
>>>
>>> We, (the chairs) believe that the best way to resolve issues with the
>>> current set of erratum that already exist or are being proposed is to
>>> minimize re-explaining the role of confirmed commit in both Section 7.8 and
>>> 7.9 and defer the explanation to Section 8.4 of the RFC. With that in mind,
>>> we are proposing that Section 7.8 and 7.9 should ultimately look as
>>> follows. Note, the highlights in all the sections are to enable identifying
>>> the changes.
>>>
>>>
>>> OLD (as in original RFC 6241)
>>>
>>> *7.8* <https://tools.ietf.org/html/rfc6241#section-7.8>*.
>>> <close-session>*
>>>
>>>    Description:  Request graceful termination of a NETCONF session.
>>>
>>>       When a NETCONF server receives a <close-session> request, it will
>>>       gracefully close the session.  The server will release any locks
>>>       and resources associated with the session and gracefully close any
>>>       associated connections.  Any NETCONF requests received after a
>>>       <close-session> request will be ignored.
>>>
>>>    Positive Response:  If the device was able to satisfy the request, an
>>>       <rpc-reply> is sent that includes an <ok> element.
>>>
>>>    Negative Response:  An <rpc-error> element is included in the
>>>       <rpc-reply> if the request cannot be completed for any reason.
>>>
>>>    Example:
>>>
>>>      <rpc message-id="101"
>>>           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
>>>        <close-session/>
>>>      </rpc>
>>>
>>>      <rpc-reply message-id="101"
>>>           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
>>>        <ok/>
>>>      </rpc-reply>
>>>
>>> NEW
>>>
>>> *7.8* <https://tools.ietf.org/html/rfc6241#section-7.8>*.
>>> <close-session>*
>>>
>>>    Description:  Request graceful termination of a NETCONF session.
>>>
>>>       When a NETCONF server receives a <close-session> request, it will
>>>       gracefully close the session.  The server will release any locks
>>>       and resources associated with the session and gracefully close any
>>>       associated connections.  Any NETCONF requests received after a
>>>       <close-session> request will be ignored.
>>>
>>>       For details on what happens if a NETCONF server receives a
>>>       <close-session> request while processing a confirmed commit,
>>>       please refer to Section 8.4
>>> <https://tools.ietf.org/html/rfc6241#section-8.4>.
>>>
>>>    Positive Response:  If the device was able to satisfy the request, an
>>>       <rpc-reply> is sent that includes an <ok> element.
>>>
>>>    Negative Response:  An <rpc-error> element is included in the
>>>       <rpc-reply> if the request cannot be completed for any reason.
>>>
>>>    Example:
>>>
>>>      <rpc message-id="101"
>>>           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
>>>        <close-session/>
>>>      </rpc>
>>>
>>>      <rpc-reply message-id="101"
>>>           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
>>>        <ok/>
>>>      </rpc-reply>
>>>
>>> OLD (as in original RFC 6241).
>>>
>>> *7.9* <https://tools.ietf.org/html/rfc6241#section-7.9>*.
>>> <kill-session>*
>>>
>>>    Description:  Force the termination of a NETCONF session.
>>>
>>>       When a NETCONF entity receives a <kill-session> request for an
>>>       open session, it will abort any operations currently in process,
>>>       release any locks and resources associated with the session, and
>>>       close any associated connections.
>>>
>>>       If a NETCONF server receives a <kill-session> request while
>>>       processing a confirmed commit (Section 8.4
>>> <https://tools.ietf.org/html/rfc6241#section-8.4>), it MUST restore the
>>>       configuration to its state before the confirmed commit was issued.
>>>
>>>       Otherwise, the <kill-session> operation does not roll back
>>>       configuration or other device state modifications made by the
>>>       entity holding the lock.
>>>
>>>    Parameters:
>>>
>>>       session-id:  Session identifier of the NETCONF session to be
>>>          terminated.  If this value is equal to the current session ID,
>>>          an "invalid-value" error is returned.
>>>
>>>    Positive Response:  If the device was able to satisfy the request, an
>>>       <rpc-reply> is sent that includes an <ok> element.
>>>
>>>    Negative Response:  An <rpc-error> element is included in the
>>>       <rpc-reply> if the request cannot be completed for any reason.
>>>
>>>
>>>    Example:
>>>
>>>      <rpc message-id="101"
>>>           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
>>>        <kill-session>
>>>          <session-id>4</session-id>
>>>        </kill-session>
>>>      </rpc>
>>>
>>>      <rpc-reply message-id="101"
>>>           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
>>>        <ok/>
>>>      </rpc-reply>
>>>
>>> NEW
>>>
>>> *7.9* <https://tools.ietf.org/html/rfc6241#section-7.9>*.
>>> <kill-session>*
>>>
>>>    Description:  Force the termination of a NETCONF session.
>>>
>>>       When a NETCONF entity receives a <kill-session> request for an
>>>       open session, it will abort any operations currently in process,
>>>       release any locks and resources associated with the session, and
>>>       close any associated connections.
>>>
>>>       For details on what happens if a NETCONF server receives a
>>>       <kill-session> request while processing a confirmed commit,
>>>       please refer to Section 8.4
>>> <https://tools.ietf.org/html/rfc6241#section-8.4>.
>>>
>>>       Otherwise, the <kill-session> operation does not roll back
>>>       configuration or other device state modifications made by the
>>>       entity holding the lock.
>>>
>>>    Parameters:
>>>
>>>       session-id:  Session identifier of the NETCONF session to be
>>>          terminated.  If this value is equal to the current session ID,
>>>          an "invalid-value" error is returned.
>>>
>>>    Positive Response:  If the device was able to satisfy the request, an
>>>       <rpc-reply> is sent that includes an <ok> element.
>>>
>>>    Negative Response:  An <rpc-error> element is included in the
>>>       <rpc-reply> if the request cannot be completed for any reason.
>>>
>>>
>>>    Example:
>>>
>>>      <rpc message-id="101"
>>>           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
>>>        <kill-session>
>>>          <session-id>4</session-id>
>>>        </kill-session>
>>>      </rpc>
>>>
>>>      <rpc-reply message-id="101"
>>>           xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
>>>        <ok/>
>>>      </rpc-reply>
>>>
>>>
>>> In addition, the following paragraph in Section 8.4.1 would be modified.
>>>
>>> OLD:
>>>
>>>    If the device reboots for any reason before the confirm timeout
>>>    expires, the server MUST restore the configuration to its state
>>>    before the confirmed commit was issued.
>>>
>>>
>>> NEW:
>>>
>>>    If the device reboots for any reason before the confirm timeout
>>>    expires, the server MUST restore the configuration to its state
>>>    before the confirmed commit was issued, unless the confirmed commit
>>>    also included a <persist> element.
>>>
>>>
>>
>> I do not agree at all that the original text says or implies that a
>> server MUST support
>> continuation of a confirmed commit across a reboot.
>> Is that what this new text is meant to convey?
>>
>> The new text could mean that if <persist> was provided that the server
>> MAY or SHOULD restore the configuration
>> and terminate the confirmed commit procedure.
>>
>> (There is text in multiple places that assumes the reader knows that
>> restoring the configuration
>> also terminates the CC)
>>
>>
>> Current Erratums for RFC 6241 will be adjusted to accommodate these
>>> changes.
>>>
>>> Mahesh & Kent (co-chairs)
>>>
>>>
>>>
>>
>> Andy
>>
>>
>>> _______________________________________________
>>> netconf mailing list
>>> netconf@ietf.org
>>> https://www.ietf.org/mailman/listinfo/netconf
>>
>>
>> Mahesh Jethanandani
>> mjethanandani@gmail.com
>>
>>
>>
>> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf
>
>
>

v2.23.0 | Report a Bug | By Email