Re: [netconf] RFC 6241 Ambiguity

Andy Bierman <andy@yumaworks.com> Fri, 24 May 2019 16:14 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B651B120301 for <netconf@ietfa.amsl.com>; Fri, 24 May 2019 09:14:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EjRCsvLXxvTj for <netconf@ietfa.amsl.com>; Fri, 24 May 2019 09:14:13 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E9F5120190 for <netconf@ietf.org>; Fri, 24 May 2019 09:14:12 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id n134so7551233lfn.11 for <netconf@ietf.org>; Fri, 24 May 2019 09:14:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lLEylnWcW4iTB5z652RtaaiTatzDU05UdL1QqiZxbo8=; b=Fs2EcnjHxpHO6+AVbTBg+39iUDtV7MPG+95PAcJY6d5IfvjvTjjQ4/17KNfG2nPMj8 oVd8mC6vMinEf4MyvT/iC3ctShMPhjUGPJFrnoOQRO9X6jMaZqsDN6OBEbVoR84Ght19 fMdz60QGZ1xazpkNLgyTl2/3B40iWHKi2Z3j20pA9cP3VJUYx7RDyP0IIEG/tCSHT9O5 nspxeLpGckOykblIlq2YLhtU6Yp5snGufvUJN2Ff7r9vtx5FfzDHxRxrrlrarlodiMHz YMn0fiY2rhnk+HLAKc4tFcpB9HcoRrFUtTIabARncOvNu1DNXihL/Rgvtp7MwWPw4qVu eLwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lLEylnWcW4iTB5z652RtaaiTatzDU05UdL1QqiZxbo8=; b=Xd71RNuIPsDza+SuHlNj7utx4E8lItZJ+uH9ZXZBCVMJHRa65Gq8P5Af8xQeW6RABo E9ujdTpBPNZjV+EvdvEUNg4lbdNcxu9dt1PHC9ySQvstrwnz3+vquq3czP01Eky4eVWB ZMbBWcSMKh//gpqeR3Bz3HuBVq75Z9ej7uXTIgyU/F550pIFh+ycp3JSNIcWHMe227D7 kSxBaz+JfNr/bLucaFbnqLetq4oBpTVhw3XxM3ffdnhMNQv0kTNpAWg3pm4XdcFxCGk3 jj22uZ4wUrDtsQpWvzeewZZrhpVzBBGm1E2x0sIloxO1Ts8Ax7pHSlvBEaka9/fVhP7i PtOw==
X-Gm-Message-State: APjAAAUNeNLNPz6iNoOOCcX+CGb55AI6NdoV/02yAH1W8IBFRpL3vCbs VAcb1HDhrfYPc0gyhFZdIfZo5Fy85lfrOtufqUEiwA==
X-Google-Smtp-Source: APXvYqyqdp4vxmrHhw/cFZANKCB/gPFdWGw/L9X1jWv5/YZHKBO89pPftDm6dqYIB3PTm7ZGoq56UYb4HGi8PZSLuTg=
X-Received: by 2002:ac2:46c3:: with SMTP id p3mr408257lfo.178.1558714449643; Fri, 24 May 2019 09:14:09 -0700 (PDT)
MIME-Version: 1.0
References: <em35e87021-fa76-4888-a383-8b34e960175f@morpheus> <0100016aa75956af-70018fb1-15f8-4394-8ffd-4f4d5b2d7b3f-000000@email.amazonses.com> <CABCOCHScSp8AEjcgSd7tX-Va45y51CxK-b_hO4nd3SzW9rTUKA@mail.gmail.com> <eme2e51d99-6140-4142-b89f-db5e4c6e2a88@morpheus> <0100016ab7a9af7e-cd7f776e-79e1-42a4-9c5d-d04aed0d8fa1-000000@email.amazonses.com> <emdf557a96-2926-4d87-83f9-2f8216ed652e@morpheus> <76ED75C8-AA1A-4A03-A382-0DE834C914A1@gmail.com> <0100016abd77bfe3-88ae515a-d7f9-41c7-b627-9c51bdf16213-000000@email.amazonses.com> <CABCOCHQ-SWFCzs-FzhLe=-n+j+-AEknTuv-nKJ4etFm0srig5w@mail.gmail.com> <884391D0-3F53-4F3D-BFB0-DD333D09507C@gmail.com> <CABCOCHTLzW+2mkau0KHSbprw0e7PjNFO6SZoPyXUzkKm7gsyow@mail.gmail.com> <00d101d51216$f807d120$e8177360$@hansfords.net>
In-Reply-To: <00d101d51216$f807d120$e8177360$@hansfords.net>
From: Andy Bierman <andy@yumaworks.com>
Date: Fri, 24 May 2019 09:13:58 -0700
Message-ID: <CABCOCHRSaPw3ygQ7jMPnH9byBgHCPTK5+t=yLyFXEnFVpXop+Q@mail.gmail.com>
To: Jonathan Hansford <jonathan@hansfords.net>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, Kent Watsen <kent@watsen.net>, Netconf <netconf@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000013e4980589a47d7c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/Gy1wAeqynBDmgX9h9vogWDQnaoU>
Subject: Re: [netconf] RFC 6241 Ambiguity
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 16:14:17 -0000

On Fri, May 24, 2019 at 2:56 AM <jonathan@hansfords.net>; wrote:

> Hi,
>
>
>
> Apologies for the delay in responding.
>
>
>
> The reason for the errata I have raised on persistent confirmed commits is
> because RFC 6241 seems to me to be ambiguous. For example, section 8.4.1
> states, “If the session issuing the confirmed commit is terminated for any
> reason before the confirm timeout expires, the server MUST restore the
> configuration to its state before the confirmed commit was issued, unless
> the confirmed commit also included a <persist> element.” To my mind, the
> reasons for terminating the session include the client issuing a
> <close-session>, another client issuing a <kill-session> on the session in
> question, a network failure, the client rebooting, and the server
> rebooting. Yet in the next paragraph it states, “If the device reboots for
> any reason before the confirm timeout expires, the server MUST restore the
> configuration to its state before the confirmed commit was issued.” So does
> the second paragraph overrule the first when the session terminates due to
> the device rebooting? If so, what is the reason why a persistent confirmed
> commit cannot persist beyond a device reboot but it can for all other cases
> of session termination? And why does the RFC state about the persist
> parameter on page 101, “This parameter is used to make a confirmed commit
> persistent.  A persistent confirmed commit is not aborted if the NETCONF
> session terminates.  The only way to abort a persistent confirmed commit is
> to let the timer expire, or to use the <cancel-commit> operation”? The RFC
> could really do with making it clearer under what circumstances a
> persistent confirmed commit is aborted, hence my errata. If I have got them
> wrong, I apologise.
>
>
>
> Re Kent’s point about section 8.4 overriding section 7.8 behaviour. Is
> that a common approach to RFCs, that subsequent sections can overrule prior
> sections without needing to add clarity in those prior sections? If so, why
> are there so many forward references to capabilities in section 7?
>
>
>
> With the diffs in the errata, I am unclear what happens when reporting an
> error in an existing erratum. If the resultant erratum replaces the
> previous one, it would make sense to provide the diff against the original
> text. If it becomes an additional erratum, it would make sense to provide
> the diff against the previous erratum.
>
>
>
> Re Andy’s point about the text on <kill-session> in section 7.9 being
> ambiguous, that is why I proposed the change. However, if that change is
> not correct, then surely we still need an erratum to clarify what the
> intent truly is. Clearly Andy is of the opinion an erratum is not
> sufficient and this needs to be fixed in a new version of the protocol
> which is why I’m confused as to why he doesn’t want to open this as a
> netconf-next issue.
>
>
>
> For the work we are currently undertaking, persistent confirmed commits
> could be very useful. But if the RFC is ambiguous, errata cannot fix it and
> it isn’t a netconf-next issue we will have to remove support for it. But if
> that is the case then presumably we should not support any of
> :confirmed-commit:1.1.
>
>
>


It seems that some text in RFC 4741 was not updated in RFC 6241 to
support the addition of the <persist> and <persist-id> parameters.

The intent of the authors (and WG) during development of RFC 6241 was
that the <persist> parameter would decouple the confirmed commit procedure
from the session that issued the confirmed commit operation.

An errata is appropriate if the WG agrees
   (a) what text is incorrect
   (b) what is the intent of the incorrect text
   (c) what is the correct replacement text

It does not seem that any of these conditions are met in this case so I
guess it
is a netconf-next issue.


Jonathan
>

Andy


>
>
> *From:* netconf <netconf-bounces@ietf.org>; *On Behalf Of *Andy Bierman
> *Sent:* 16 May 2019 20:11
> *To:* Mahesh Jethanandani <mjethanandani@gmail.com>;
> *Cc:* Kent Watsen <kent@watsen.net>;; netconf@ietf.org
> *Subject:* Re: [netconf] RFC 6241 Ambiguity
>
>
>
>
>
>
>
> On Thu, May 16, 2019 at 11:50 AM Mahesh Jethanandani <
> mjethanandani@gmail.com>; wrote:
>
> Hi Andy,
>
>
>
> On May 16, 2019, at 10:02 AM, Andy Bierman <andy@yumaworks.com>; wrote:
>
>
>
>
>
>
>
> On Wed, May 15, 2019 at 2:48 PM Kent Watsen <kent@watsen.net>; wrote:
>
>
>
>
>
> I don't think Erratum 5397 should be deleted. Though the original section
> 7.8 makes no mention of confirmed commits, section 7.9 does, but does not
> differentiate between a vanilla confirmed commit and a persistent confirmed
> commit. Since a persistent confirmed commit is still a type of confirmed
> commit, without clarification the second paragraph of the description would
> seem to apply.
>
>
>
> I would agree.
>
>
>
>
>
> 7.8 does not say anything about the <kill-session> is for the
> session that started a confirmed commit or extended a confirmed commmit.
> It could be interpreted to mean any kill-session for any session causes
> a confirmed commit to be rolled back.  The text below is so ambiguous it
>
> is not even clear the <kill-session> has to be for an existing session,
>
>
>       If a NETCONF server receives a <kill-session> request while
>
>       processing a confirmed commit (Section 8.4), it MUST restore the
>
>       configuration to its state before the confirmed commit was issued.
>
>
>
>
>
> While the original text in 7.8 was ambiguous, Erratum 5397 does seem to
> clarify that the <close-session> (not <kill-session), is for the session in
> question, and not any session.
>
>
>
>
>
> I do not agree that close-session overrides the text in sec 8.4 supports
> this procedure.
>
> It also makes no sense from an operational POV, since dropping the session
>
> (without a close-session) does not have this affect :
>
>
>
>
>
>    If the session issuing the confirmed commit is terminated *for any*
>
> *   reason* before the confirm timeout expires, the server MUST restore
>
>    the configuration to its state before the confirmed commit was
>
>    issued,* unless the confirmed commit also included a <persist>*
>
> *   element.*
>
>
>
> IMO this text overrides the close-session and kill-session text.
>
>
>
>
>
>
>
>       If a NETCONF server receives a <close-session> request while
>
>       processing a confirmed commit (Section 8.4) for that session, it
>
>       MUST restore the configuration to its state before the confirmed
>
>       commit was issued unless the confirmed commit included a <persist>
>
>       element.
>
> That is why I agree that Erratum 5397 should not be deleted, but should be
> modified to the text suggested by Jonathan.
>
>
>
>
>
> This makes no operational sense if the <persist> parameter was used.
>
>
>
>
>
>
>
> It's a minor point, but I could argue, as I wrote before, that such
> clarifications in 7.x are unnecessary because 8.4 provides overrides.   I
> prefer less text because it's easier to get right (wit this is at least the
> 3rd time Jonathan is at this now).  However "unnecessary" doesn't mean
> "wrong" and since we've already stepped in it, getting the 7.x errata right
> might be easier than getting 8.4 right.
>
>
>
>
>
>
>
> 8.4 para 3 says the confirmed commit is not tied to a session if the
> persist/persist0id mechanism is used.
>
>
>
>    If the <persist> element is not given in the confirmed commit
>
>    operation, any follow-up commit and the confirming commit MUST be
>
>    issued on the same session that issued the confirmed commit.  If the
>
>    <persist> element is given in the confirmed <commit> operation, a
>
>    follow-up commit and the confirming commit can be given on any
>
>    session, and they MUST include a <persist-id> element with a value
>
>    equal to the given value of the <persist> element.
>
>
>
> The problematic text is actually in <cancel_commit>
>
>
>
> 8.4.4.1.  <cancel-commit>
>
>
>
>    Description:
>
>
>
>          Cancels an ongoing confirmed commit.  If the <persist-id>
>
>          parameter is not given, the <cancel-commit> operation MUST be
>
>          issued on the same session that issued the confirmed commit.
>
>
>
> In order to cancel a confirmed commit (belonging to another client, i.e
> the persist-id is not known), the client issues a <kill-session> for
> any random or non-existent session.  It would make more sense to issue a
> <cancel-commit>
>
> (maybe require superuser) instead. The access control policy for
> <kill-session>
>
> is the wrong way to configure access to cancelling a confirmed commit.
>
>
>
> IMO these procedures are not well designed or documented, and an Errata
> cannot
>
> be used to fix it -- a new version of the protocol should fix it, in which
> WG and IETF consensus
>
> is reached for the selected solution.
>
>
>
> Do you want to open this as a netconf-next issue?
>
>
>
>
>
>
>
> not really
>
>
>
>
>
>
>
>
>
>
>
> With the diff, should that be against the original text or the original
> erratum?
>
>
>
> The diff is building on top of the original erratum. I would think a diff
> w.r.t. to the original erratum would make sense.
>
>
>
> It depends, are you correcting the earlier errata or filing a new one?
> Regardless, I expressed a diff for what I think the text should be (which
> you didn't comment on); how that is translated is up to you.
>
>
>
>
>
> Kent // contributor
>
>
>
>
>
> Andy
>
>
>
> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf
>
>
>
> Mahesh Jethanandani
>
> mjethanandani@gmail.com
>
>
>
>
>
>
>
>
>
> Andy
>
>
>
>
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Virus-free.
> www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> <#m_-270464312496652421_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>