Re: [Netconf] Comments on draft-lhotka-netconf-restconf-transactions-00
Robert Wilton <rwilton@cisco.com> Fri, 13 July 2018 15:02 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8BE6130E3A for <netconf@ietfa.amsl.com>; Fri, 13 Jul 2018 08:02:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4dsXMsNinRI5 for <netconf@ietfa.amsl.com>; Fri, 13 Jul 2018 08:02:55 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9E7F130E2C for <netconf@ietf.org>; Fri, 13 Jul 2018 08:02:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12699; q=dns/txt; s=iport; t=1531494175; x=1532703775; h=subject:to:references:from:message-id:date:mime-version: in-reply-to:content-transfer-encoding; bh=iUT4yrPJndJSC3bGuqAXmy1PjQQiyFzpSskvBQJEMSk=; b=XQLT0M8PzSu+CK65X0X6U2NiEGoiUOBr1TfBAkXYjOhYAxjKiLYdQg/z 0//wqHJ5c9LwywUedbrlpG2YixrS6PRSgSNc/2peTXQPJG+9DQLs6v8yE MI6M0bUbvMkToKW7XRiXsYQoA0V5QB7SBmqSvpV9ceLgrVvK52/ymAzUz A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CkAQDSvkhb/xbLJq1TAQgZAQEBAQEBAQEBAQEBBwEBAQEBhRkSKIN7iGONOSx1lFeBZguEbAKCcDgUAQIBAQIBAQJtKIU2AQEBAQIBIw8BBTUHCgsLEgYCAiYCAkkOBgEMBgIBAReDBYF4CKlPgS6EW4VjgQuJTj+BESeCNTWEUQUOAYMXglUCh0RAhX6Db4drCY8hBoFDhBGCSCWFJId9hEKFVYFYIYFSMxoIGxWDJJBSAj4wiW8rghsBAQ
X-IronPort-AV: E=Sophos;i="5.51,347,1526342400"; d="scan'208";a="5151108"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Jul 2018 15:02:52 +0000
Received: from [10.63.23.105] (dhcp-ensft1-uk-vla370-10-63-23-105.cisco.com [10.63.23.105]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id w6DF2q8I025367; Fri, 13 Jul 2018 15:02:52 GMT
To: Ladislav Lhotka <lhotka@nic.cz>, "netconf@ietf.org" <netconf@ietf.org>
References: <b26d88fe-2797-a8f8-a2e3-a5aed2fae6d7@cisco.com> <87sh4ofjyd.fsf@nic.cz> <7794cb8f-caba-c652-abfa-db754b509dd2@cisco.com> <87wotzmd5t.fsf@nic.cz>
From: Robert Wilton <rwilton@cisco.com>
Message-ID: <7481bc73-b70e-d26a-0abf-3659a732c06f@cisco.com>
Date: Fri, 13 Jul 2018 16:02:52 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <87wotzmd5t.fsf@nic.cz>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/EMCy7bhaqcgTlV0DM3YNVRbi7OI>
Subject: Re: [Netconf] Comments on draft-lhotka-netconf-restconf-transactions-00
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2018 15:02:58 -0000
On 13/07/2018 15:19, Ladislav Lhotka wrote: > Robert Wilton <rwilton@cisco.com> writes: > >> Hi Lada, >> >> >> On 12/07/2018 18:22, Ladislav Lhotka wrote: >>> Hi Rob, >>> >>> thanks for your comments, please see inline. >>> >>> Robert Wilton <rwilton@cisco.com> writes: >>> >>>> Hi Lada, >>>> >>>> I've had a read of this draft, and have provided some comments below. >>>> >>>> So, my top level comment is that I don't know whether or not RESTCONF >>>> needs this functionality or not. I've heard some operators state that >>>> they think that clients can just construct an "atomic" change, and hence >>>> don't have the need for a server side staging area. Perhaps a good >>>> question to ask in Montreal? >>> I think what you mean is an analogy to git, where all changes are >>> applied on the client's side and then new commits are pushed to the >>> server. However, git was designed for this mode of operation - I think >>> with RESTCONF it wouldn't be so efficient. And also, the client >>> functionality would be probably difficult to implement in a plain >>> browser whereas browser-based clients can be easily used with RESTCONF >>> extended according to my draft. >> No, I wasn't thinking that they would be separate commits, but a single >> client commit. >> >> I guess it may depend on whether it is a machine constructing the >> configuration change (in which case merging it into a single request >> should be plausibly straight forward), or human's doing the interaction, >> although even then I still wonder whether creating an edit buffer on the >> client side, and then pushing that to the server as a single update >> isn't a slightly cleaner paradigm. > I agree that a lot can be done on the client side, but eventually the > data has to be sent to the server, and it is possible that the target > config datastore has changed in the mean time by another client - this > is a conflict that has to be resolved somehow. This is resolved at the time that any config change is merged into <running>. Either the config change can be merged without errors and validates successfully (via <intended>), or the merge fails, or validation fails. If either the merge or validate fails then <running> is not changed, the config change is rejected, and the client notified. > >> Perhaps the draft could have a background that explains some of the >> expected usages of private candidate datastores. > The aim is to enable transactions and concurrent R/W access of multiple > clients. This drafts attempts to solve it on the server side, somebody > else may want to propose a client-side solution. Clients can already do it today, as per my previous answer. I don't think that there is anything to standardize here. > > I think both may be potentially useful - one can have capable > servers and restricted clients, or vice versa. > >>>> The rest of my comments below, apply to the proposed technical solution, >>>> and obviously only apply if this is a needed enhancement. :-) >>>> >>>> 1) Generally, I definitely prefer the idea of per session staging areas >>>> (aka private candidates) described in this draft over a shared lockable >>>> candidate datastore. This follows my belief that loosely coupled >>>> concurrent systems are more robust than tightly coupled ones (e.g. with >>>> shared locking). >>>> >>>> 2) I don't think that this draft needs to mention <intended> at all. >>>> Instead, everywhere you mention <intended> then you should be saying >>>> <running>. I.e. your staging datastores should update <running> on a >>>> commit operation, just like a commit of <candidate> updates <running>. >>>> <intended> is always just updated as a side effect of a write to >>>> <running>, and as such is a tangential consideration. >>> The main reason for using <intended> is that the target datastore into >>> which staging datastores are merged has to be valid at all >>> times. <running> has somewhat fuzzy semantics both in NETCONF and under >>> NMDA. But yes, the text also says that essentially we have <running> and >>> <intended> being the same. NMDA explicitly permits this simplification. >> <running> has the configuration supplied by the user before any template >> expansion, or inactive config removal. >> <intended> is the same configuration data, but after template expansion, >> inactive config removal, and any other random config manipulations that >> the server might do. >> >> If the device doesn't do "template expansion, inactive config removal, >> and any other random config manipulations", then <intended> is trivially >> the same as <running>. >> >> Whenever <running> is due to be changed, <intended> is also updated at >> the same time, and validated. >> >> Hence <intended> is always valid, and by implication, so is <running>, >> since you cannot make a change to <running> without also updating, and >> validating <intended> at the exact same time. I.e. they succeed or fail >> together. >> >> I think that your <staging> datastore design works much better with NMDA >> if you update <running> instead of <intended>. >> > Yes, but <running> can be writable or not, may be locked and may be > invalid. Yes, and that is all fine. > > If RESTCONF is the only protocol, then it is perhaps just a matter of > naming, but if NETCONF is used along with RESTCONF on the same device, I > want to avoid their interference as much as possible. You can't. Ultimately there are two mechanisms writing the same data, they need to be sympathetic to each other. > My idea is that > contributions from NETCONF and RESTCONF only meet at <intended>. Alas. I don't think that fits well with the NMDA architecture at all. The NMDA architecture assumes that all conventional client configuration operations combine at <running> rather than <intended>. This is also the merge point today when both NETCONF and RESTCONF are being used. The purpose of <intended> is as a mechanism to handle template expansion, inactive config, and possibly other default server config. It isn't meant to be another configuration merge point. > >>>> 3) Rather than having clients interact via {+restconf}/data, I think >>>> that it would be much better to require NMDA and then have clients >>>> interact via {+restconf}/ds/ietf-restconf-transactions:staging, as per >>>> draft-ietf-netconf-nmda-restconf-04 section 3.1. The new staging >>>> datastore identity should also be defined in your module to inherit from >>>> ietf-datastores:datastore identity. I think that this probably also >>>> more closely aligns to restful principals. >>> Again, in RESTCONF it is unclear what the "unified" datastore really >>> is. We wanted to make the semantics clear and explicit and, in >>> particular, permit configuration edits only via the staging >>> datastore. With your suggestion, it is not clear to me whether the >>> client could also interact with {+restconf}/data. >> The problem with {+restconf}/data is that is combines the *desired* >> configuration with the *actual* operational state. This combination >> cannot always be done in a sane way if the system isn't in a steady state. >> >> I think that we should be trying to deprecate {+restconf}/data, I think >> that cleaner/simpler semantics can be achieved by interacting via >> explicit datastores. > If this is done, then it would make sense to do what you suggest. For > the time being, the advantage is that clients only suporting RFC 8040 > can be used with my enhancements - the commit and reset operations can > be added separately, e.g as simple curl scripts. >> E.g. >> (1) If a RESTCONF client wants to make an atomic update to the >> configuration, then it just writes to <running>. >> (2) If a RESTCONF client wants private staged configuration then it does >> it via <staging> and a commit to <running>. From a system perspective >> this is pretty much the same as (1) any way. >> (3 ) If a shared candidate datastore is required, then a client writes >> to <candidate> and then commits configuration to <running>. >> (4) If <running> can be locked, then attempts by other clients to commit >> to <running> when it is locked must fail. > This is all very complicated, I don't want to force RESTCONF users into > learning NETCONF first. Keep it simple, stupid. It is not complicated, particularly if the server doesn't implement locking of shared candidate. I prefer explicit behavior. E.g. I don't think that RESTCONF auto-magically committing the contents of a shared <candidate> datastore makes the two protocols work together simpler. More likely it was occasionally cause very surprising, and potentially very bad, things happening to a devices configuration (e.g. if the NETCONF client isn't employing locking). >>>> 4) So, I think that the <staging> datastore itself only contains the >>>> proposed changes (additions, modifications, and deletes) to <running> >>>> when they are committed. I think that clients may also want to see the >>>> combined configuration of the current contents of <running> with the >>>> delta held in <staging> applied. This could be exposed either as (i) a >>>> new RPC, (ii) as an extra query parameter or (iii) As another read-only >>>> datastore. A new RPC has the disadvantage that it probably wouldn't >>>> support all the query parameters, so my instinctive preference would be >>>> to one of the other two latter options. >>> Do you mean to be able to see the result of a "dry run" of a commit? >>> This would be certainly possible and, in fact, in our implementation it >>> is pretty trivial. >> let me ask two different question first: >> >> (1) If I call GET on <staging> then do I see just what I have changed >> (and explicitly don't see anything that I haven't changed), or do I see >> all of the base configuration with my private changes merged in? > After you do commit or reset, your staging repository becomes > (conceptually) an exact, private and writable copy of <intended>. If you > do some changes, you see them along with the other config data (modulo > NACM). However, you don't see any changes that have been done to > <intended> in the mean time. OK, so I think that it is useful to be able to get/see the delta against the base copy, and perhaps an operation for it to sync and merge with the latest baseline version. Obviously, there would need to be a mechanism to report merge conflicts. > >> (2) If the answer to Q1 is you see the base configuration + private >> changes merged in, then is it the base configuration fixed from the >> point in time that <staging> was initialized? Or does it float, i.e. it >> always updates to the latest committed base configuration in running? > In our implementation, it is the data from the point of time when > <staging> was last initialized (after commit or reset). I think it would > be possible to let <staging> track the changes in intended as long as > the user doesn't start editing it. > >>>> 5) If private candidate datastores are being added to RESTCONF, then >>>> should they also be added to NETCONF? If they are added to both then I >>>> think that they should be added in the same way, as much as possible, >>>> perhaps both could be updated in a single draft to save repetitive >>>> text? In general, I like (Kent's?) idea of NETCONF WG writing a RFC >>>> that describes all the common parts of NETCONF and RESTCONF that the >>>> individual protocol docs can then reference rather than writing similar >>>> or equivalent text in two places. >>> But private candidates are already an option in NETCONF, right? One >>> possibility would be to make it the ONLY option, because shared candidates >>> have known problems. >> How do you do private candidate in NETCONF? I thought that it was only >> shared candidate that had been standardized. > RFC 6241 says this in sec. 8.3.1: > > The candidate configuration can be shared among multiple sessions. > Unless a client has specific information that the candidate > configuration is not shared, it MUST assume that other sessions are > able to modify the candidate configuration at the same time. This implies to me that NETCONF's candidate datastore is generally regarded as being shared, not private. Thanks, Rob > > Lada > >> Thanks, >> Rob >> >> >>> Thanks, Lada >>> >>>> But otherwise, I think that it is an interesting idea, and certainly >>>> warrants some WG discussion. >>>> >>>> Thanks, >>>> Rob >>>>
- [Netconf] Comments on draft-lhotka-netconf-restco… Robert Wilton
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Mahesh Jethanandani
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Ladislav Lhotka
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Ladislav Lhotka
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Juergen Schoenwaelder
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Robert Wilton
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Ladislav Lhotka
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Juergen Schoenwaelder
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Ladislav Lhotka
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Robert Wilton
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Andy Bierman
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Ladislav Lhotka
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Ladislav Lhotka
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Andy Bierman
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Robert Wilton
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Ladislav Lhotka
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Andy Bierman
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Robert Wilton
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Andy Bierman
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Robert Wilton
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Ladislav Lhotka
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Juergen Schoenwaelder
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Andy Bierman
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Juergen Schoenwaelder
- Re: [Netconf] Comments on draft-lhotka-netconf-re… Andy Bierman