Re: [Netconf] Is there a problem with confirmed commits?
"Jonathan Hansford" <jonathan@hansfords.net> Mon, 14 January 2019 14:47 UTC
Return-Path: <jonathan@hansfords.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDA1A12D4EC for <netconf@ietfa.amsl.com>; Mon, 14 Jan 2019 06:47:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hansfords.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JqZ-xQl0ATZs for <netconf@ietfa.amsl.com>; Mon, 14 Jan 2019 06:47:09 -0800 (PST)
Received: from mail.myfast.site (mail.myfast.site [109.203.117.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3652C128CF2 for <netconf@ietf.org>; Mon, 14 Jan 2019 06:47:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=hansfords.net; s=default; h=Content-Type:Mime-Version:Reply-To:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=SIfjJCVnZmYsnoXknW31E4gQ0swyi5/57expjIswMIg=; b=abxqCCrSDOzFdUj6sp31afGqn bE1zqYr+CQ6n+YGye7iiX1kMq/zmUl2swj4wRFEGIYxTbFyLNFeZvUTLSxyVk0+7alAz79YjieaQG iD6aUir1fMs5ZJlwLMiqhePz3z/kgPd2KYa8pYXQkFmE1HFr5Gq294U5nGcNEpCzQibe/nwujC53U nVOHdWWijQuztO5Ie0An5PXdc2wZbfrKKmx08z/VXdF59Ba6NG1W5hQYiLLVbGD+5Dg6QPdpcENeu UK6mFtYjJos5XeNHOYU0UuZiKIdF+R7c4143MqoOmRAIDVARKeq57+5mCNvQ0bMdMYo76D6Dm1s/E 3QcbZ1lvA==;
Received: from [51.52.247.166] (port=50648 helo=[172.16.1.65]) by mail.myfast.site with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <jonathan@hansfords.net>) id 1gj3W7-00GRHK-MJ for netconf@ietf.org; Mon, 14 Jan 2019 14:47:07 +0000
From: Jonathan Hansford <jonathan@hansfords.net>
To: "netconf@ietf.org" <netconf@ietf.org>
Date: Mon, 14 Jan 2019 14:47:14 +0000
Message-Id: <em074e85b0-0b46-4b04-b6c4-5ea64a0f328b@morpheus>
In-Reply-To: <em106ef27b-c989-4e0b-b819-413fef852d53@morpheus>
References: <em106ef27b-c989-4e0b-b819-413fef852d53@morpheus>
Reply-To: Jonathan Hansford <jonathan@hansfords.net>
User-Agent: eM_Client/7.2.34062.0
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MB75A471B5-D2C9-4154-AB08-3AF25EFEFCEC"
X-Antivirus: Avast (VPS 190114-0, 14/01/2019), Outbound message
X-Antivirus-Status: Clean
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - mail.myfast.site
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - hansfords.net
X-Get-Message-Sender-Via: mail.myfast.site: authenticated_id: jonathan@hansfords.net
X-Authenticated-Sender: mail.myfast.site: jonathan@hansfords.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/EZN3Sik7Np2fMJUOzcdjThgcRkk>
Subject: Re: [Netconf] Is there a problem with confirmed commits?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jan 2019 14:47:12 -0000
RFC 6241, Section 8.2.4.1 states, 'If the running or candidate configuration is currently locked by a different session, the <commit> operation MUST fail with an <error-tag> value of "in-use".' So if the new client acquires a lock on <candidate>, the original client cannot <commit> to <running>. So that fixes one of the issues below. Section 8.3.5.2 states, 'When a client fails with outstanding changes to the candidate configuration, recovery can be difficult. To facilitate easy recovery, any outstanding changes are discarded when the lock is released, whether explicitly with the <unlock> operation or implicitly from session failure.' So this means <candidate> would revert. Section 8.4.1 also states, 'If the device reboots for any reason before the confirm timeout expires, the server MUST restore the configuration to its state before the confirmed commit was issued.' However, earlier in Section 8.4.1 it states, 'If the session issuing the confirmed commit is terminated for any reason before the confirm timeout expires, the server MUST restore the configuration to its state before the confirmed commit was issued, unless the confirmed commit also included a <persist> element.', Section 8.4.5.1 states the persist parameter makes 'the confirmed commit survive a session termination, and set a token on the ongoing confirmed commit' and its description in Appendix C states, 'This parameter is used to make a confirmed commit persistent. A persistent confirmed commit is not aborted if the NETCONF session terminates. The only way to abort a persistent confirmed commit is to let the timer expire, or to use the <cancel-commit> operation.' So it is the persist-id that is the cause of all the problems, not just the use of confirmed commit as I previously stated. But is there a way to resolve the outstanding issues around the use of the persist-id? Thanks ------ Original Message ------ From: "Jonathan Hansford" <jonathan@hansfords.net> To: "netconf@ietf.org" <netconf@ietf.org> Sent: 14/01/2019 12:50:38 Subject: [Netconf] Is there a problem with confirmed commits? >Hi, > >No one seems to be responding to my email and proposed erratum around >the subject of confirmed commits (apart from Martin), but I would >really like to know it I am missing something here. As far as I can >tell, session termination during a confirmed commit leads to >unpredictable behaviour and I would like to know whether anyone is >using confirmed commits and how (if at all) they address the issues >outlined below. My assumptions are that locks are used and >:writable-running is not supported. > >If the <candidate> and <running> configuration datastores are locked to >prevent concurrent access, and a confirmed commit sequence is >interrupted by the session terminating, the locks will automatically be >released but the server MUST NOT accept a lock on <running> from any >session if another session has an ongoing confirmed <commit>. >Consequently, after session termination no client can acquire a <lock> >on <running>, not even the one that initiated the confirmed <commit>, >until after the confirmed <commit> has timed out. However, if the >confirmed <commit> included the <persist> parameter, the original >client could still issue a <commit> using the persist-id to complete >the sequence prior to the timeout, even without a lock. > >Of course, the problem now is the race for the new lock on <candidate>. >If the original client is successful then all is good. But if a new >client locks <candidate> before the timeout on the confirmed commit, >whether or not they precede <lock> with <discard-changes>, <candidate> >will be the same as <running> and the new client will pick up >everything from the previous session. However, the client won’t be able >to lock <running> until after the timeout, at which point <running> >reverts but <candidate> still represents the previous session. If the >client tries to lock <candidate> after the timeout, <running> will have >reverted and the lock will only be granted after a <discard-changes> >which will cause the <candidate> to revert. So, depending on when the >lock on <candidate> occurs relative to the confirmed commit timeout, >the client could be editing <candidate> in one of two states. Further, >before the timeout on the confirmed commit, even if the new client has >locked candidate, the original client could still issue a confirming >commit (they don’t need a lock on <candidate> to do so) which would >persistently commit any edits made by the new client. NOTE: it is not >the use of the persist-id that introduces this behaviour; a new client >would have the same problem even if a confirmed commit was not intended >to persist beyond a session termination. > >If the server also supports the :startup capability then, if the >session termination was due to the server rebooting, the behaviour >above would be further complicated by <running> now containing the >configuration from the <startup> configuration datastore. > >Am I right? > >Jonathan > > >-------------------------------------------------------------------------------- >Avast logo ><https://www.avast.com/antivirus> > This email has been checked for viruses by Avast antivirus >software. >www.avast.com <https://www.avast.com/antivirus> > > ><#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
- [Netconf] Is there a problem with confirmed commi… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Martin Bjorklund
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Robert Wilton
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Andy Bierman
- Re: [Netconf] Is there a problem with confirmed c… jonathan
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford