[Netconf] RGW YANG push -18 LC comments [part 1]
Robert Wilton <rwilton@cisco.com> Tue, 04 September 2018 14:37 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D39F9130EEF for <netconf@ietfa.amsl.com>; Tue, 4 Sep 2018 07:37:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.611
X-Spam-Level:
X-Spam-Status: No, score=-12.611 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v0L1GWEQctf5 for <netconf@ietfa.amsl.com>; Tue, 4 Sep 2018 07:37:31 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF53C1277C8 for <netconf@ietf.org>; Tue, 4 Sep 2018 07:37:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14178; q=dns/txt; s=iport; t=1536071851; x=1537281451; h=from:subject:to:message-id:date:mime-version: content-transfer-encoding; bh=HbOmZWqok5WwCvVXJcM7snwH+MIV6T9cpVGzSnRkUwQ=; b=MjCx+DJFl8DmkXjsPOl/S9AvMQPnV/8D3JPBC3HkJX09z9BHOHombY5F z5jt/KQh+0Tgt4fLgAe0131bQprVMmjGbOFXtgDnor+D0k+ZxyaZxHyNO AAgjZQWP2cwW2M/L9eQwfx3oZes1E0X5ijtW234tFyyWJf2Oj5yGJql8B w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DkAwDGl45b/xbLJq1aHAEBAQQBAQoBAYMfggEShBqIcY04gR2XLwuIQzgUAQIBAQIBAQJtHQuFYQ8BBVocAgkdAl8NCAEBFQKDBoICh3WMZo5lgS6EbIURgQuJZIFBP4ESJwyCKoUNEIMXglcCh3qFN44lCYkvhkQGF4FAhw6GC4g8hTqFb4FYISeBLjMaCBsVO4JtkFM+ixQBJQIBgiEBAQ
X-IronPort-AV: E=Sophos;i="5.53,329,1531785600"; d="scan'208";a="6271505"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Sep 2018 14:37:27 +0000
Received: from [10.63.23.158] (dhcp-ensft1-uk-vla370-10-63-23-158.cisco.com [10.63.23.158]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTP id w84EbPqb018008 for <netconf@ietf.org>; Tue, 4 Sep 2018 14:37:26 GMT
From: Robert Wilton <rwilton@cisco.com>
To: "netconf@ietf.org" <netconf@ietf.org>
Message-ID: <386e425f-d250-a0a9-0927-1a484aed9042@cisco.com>
Date: Tue, 04 Sep 2018 15:37:25 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Outbound-SMTP-Client: 10.63.23.158, dhcp-ensft1-uk-vla370-10-63-23-158.cisco.com
X-Outbound-Node: aer-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/JPvuWPaF0SMkVu1xAoIQsH2j7aU>
Subject: [Netconf] RGW YANG push -18 LC comments [part 1]
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Sep 2018 14:37:34 -0000
Hi, I've reviewed the -18 YANG push draft up to section 4 so far . I've included my comments below. I think that they are all minor/cosmetic except for the issue regarding the dampened subscriptions which has been discussed below and probably does not need to be rehashed again. In the Abstract: (1) Is "continuous" the right choice of word here. E.g. I thought that sometimes the stream of updates is not continuous. Possibly remove "continuous"? In the Introduction: (2) "remote visibility" in the first sentence is a bit obscure. Perhaps replace the first sentence with "Traditional approaches to monitoring management data on remote devices have been built upon polling". (3) The work isn't actually fruitless if polling is the only available option, hence perhaps change: OLD: "For applications that monitor for changes, many remote polling cycles place ultimately fruitless load on the network, devices, and applications." NEW: "For applications that monitor for changes, many remote polling cycles place unwanted load on the network, devices, and applications, particularly if the monitored values are only changing infrequently." (4) In paragraph starting " A more effective alternative", possibly suggest changing "publisher" to "server" since the introduction is before the definitions/acronyms where "publisher" is formally referenced. In definitions: (5) Suggest tying this definition more closely to the terminology already defined in RFC 8342, hence: OLD: o Datastore node: An instance of management information in a datastore. Also known as "object". NEW: o Datastore node: A node in the instantiated YANG data tree associated with a datastore. In this document, datastore nodes are often referred to as "YANG objects" or "objects" (6) "Datastore node update" definition: Does this update only contain the value, or does it also contain the path to the datastore node as well? If this also contains the path then it would be good if that was explicit in the definition. (7) Perhaps the following definition is more precise? Or by "updates" do you actually mean "update records"? There are other references to "updates" in the definitions, do these all refer to "update records"? If so then I would suggest moving the definition of "update record" above "datastore subscription". OLD: "Datastore subscription: A subscription to updates regarding contents of a datastore." NEW: "Datastore subscription: A subscription to a stream of datastore node updates." (8) Suggest removing "instantiated" from the following definition, and using descendant (which is used in 7950) instead of contained .. I also suggest moving the definition up, directly below "datastore node": OLD: o Datastore subtree: An instantiated datastore node and the datastore nodes that are hierarchically contained within it. NEW: o Datastore subtree: A datastore node and all its descendant datastore nodes." (9) Sec 3. Solution overview, last sentence. It is not "YANG objects" that are being pushed, but surely "datastore node updates" or perhaps "update records" that are pushed, or even "Changes to YANG objects" Sec 3.1 Subscription model: (10) Perhaps change"subtrees within a datastore" to "datastore subtrees". (11) It is not obvious to me from this text what "Anchor time" is, although I suspect that it is described in more detail later in the document. Given that the section on-change subscriptions has more detail for various parameters, I wonder whether it would be helpful to describe anchor time in more detail in this section? (12) Dampening period: The text states that "The dampening period collectively applies to the set of all datastore nodes selected by a single subscription and sent to a single receiver." This would imply that if a single subscription had multiple receivers that they would be dampened independently, but it wasn't obvious to me that this makes sense. I would assume that for a given subscription that all receivers would receive the same update records. (13) Rather than "No Sync on start", it might be better to refer to this as "sync on start", which could be defined as a boolean with default true [I've not checked the YANG model] Sec 3.2. Negotiation of Subscription Policies (14) "Random guessing at" => "Random guessing of". Although, I think that probably this first sentence, and the "Therfore, " could just be deleted. I.e. starting the paragraph "In order to minimize ..." (15) Suggest minor rewording of 3.3. third paragraph: OLD: In that case, updates are sent only for those objects within the scope that do support on-change updates whereas other objects are excluded from update records, whether or not their values actually change. NEW: In that case, updates are sent only for those objects within the scope that do support on-change updates, whereas other objects are excluded from update records, even if their values change. (16) Question on 3.3. fifth paragraph (below), it's unclear to me what is meant by "which are current at the time": "Values sent at the end of the dampening period are the current values of all changed objects which are current at the time the dampening period expires." (17) I still doubt that all implementations will strictly follow all of 3.3. paragraph 5, particularly the created and deleted within a dampening period because I perceive that it is particularly difficult to implement cleanly/efficiently. However, this issue has been discussed previously, and I have no particular desire to slow the RFC progress down with further discussion on this. (18) Section 3.3, conceptual process, step 1 states that access control rules are checked to ensure the receiver is authorized to view all subscribed datastore nodes, but I think that this should state that the access control rules are used to filter the subscribed datastore nodes to those that the client has access rights to. (19) A related question: When happens if there is an access control change, i.e. the receiver had access previously, but then it was revoked. Does it see a delete? Or does it not get any notification? Similarly, if they didn't previously have access, but then access was granted before the end of the dampening period? OK, I see that this is described in more detail in section 3.9, paragraph 3. Perhaps a forward reference would be useful here. (20) Section 3.3, last paragraph, "can be created" => "must be created". (21) Section 3.4, second paragraph doesn't quite scan. "This includes indicating the fact that an update is incomplete as part of a push- update respectively push-change-update notification ..." (22) Section 3.4, 3rd paragraph, "able fulfill" => "able to fulfill" (23) Section 3.5.2, 1st paragraph, "not restricted to configuration objects only" => "not only restricted to configuration objects". (24) Section 3.5.2, 2nd paragraph, possible alternative text: OLD: A publisher will indicate a change to the effect that a value of a datastore node has been updated by indicating a "replace" operation (applied to the datastore node) in the patch. When a new datastore node was created (other than an entry in a user ordered list), a publisher will indicate a "create" operation in the patch. When a datastore node was deleted, the publisher indicates this by a "delete". When a new entry in a user-ordered list was created, the publisher indicates this by an "insert" operation. When an entry in a user-ordered list was moved, the publisher indicates this by a "move" operation. NEW: A publisher indicates the type of change to a datastore node using the different YANG patch operations: the "create" operation is used for newly created objects (except entries in a user-ordered list), the "delete" operation is used for deleted objects (including in user-ordered lists), the "replace" operation is used when only the object value changes, the "insert" operation is used when a new entry is inserted in a list, and the "move" operation is used when an existing entry in a user-ordered list is moved. (25) Section 3.5.2, last paragraph: If you want to allow duplicate "create" and "delete" events, then it might be cleaner to encode them as "merge" and "remove"? I.e. it seems that you have created a slightly different encoding from vanilla YANG patch because of the way that errors are handled differently. Ideally, it would be better if a client could just apply this as regular YANG patch, but this only works with the encoding described here if the clients copy of the datastore is in sync with the servers old copy of the datastore at the point that the patch is generated from. This seems slightly fragile to unexpected inconsistencies between client and server (which I appreciate that you try and avoid). (26) Section 3.6, second paragraph, would it not be easier to allow the client to replace an existing filter rather than having to explicitly remove the old filter and add the new one? Or if you mean that any new filter replaces the existing filter, then this may be more clearly indicated with the text: "An RPC request proposing a new selection filter replaces any existing filter. " (27) Section 3.6, paragraph 6, starting "XPath". The "boolean" example is unclear to me given that a xpath filter always returns a node set so can't return a boolean result. I also suggest changing "passes a datastore node" to "includes a datastore node". (28) Section 3.6, paragraph 7. I think that the text must be more explicit on when the filter is evaluated for a periodic subscription. Am I right in thinking that it is only evaluated once when the subscription is created, or the subscription is changed? Specifically, if the nodeset evaluated during the lifetime of an Xpath subscription changes then does that affect which nodes are returned? (29) Section 3.7, paragraph 3: Perhaps make this text conditional to dampened subscriptions. Presumably for non dampened subscriptions all changes are reported as separate push-change-update notifications? OLD: In cases where multiple changes have occurred and the object has not been deleted, the object's most current value is reported. NEW: In cases where multiple changes have occurred in a subscription that has dampening enabled, and the object has not been deleted, the object's most current value is reported. (30) Section 3.7, paragraph 5, "Ethernet port" => "Ethernet interface" (31) Section 3.7, last paragraph: Why start at "1" rather than "0". On overflow, why overflow to "1" rather than "0", is that deliberate? If you are going to force it to "1" then I would also restrict the upper bound to int32 max rather than uint32 max to make life easier in Java land ... (32) Section 3.8, tree diagrams. I would think that another key metric regarding whether a subscription can be satisfied would be object-rate and data-rate. E.g. a publisher implementation may be able to push 100k objects/second, so a client has a choice of either monitoring less objects, or decreasing the period. Hence I was wondering whether rates should be provided in addition to the object-count-estimate/limit and kilobyte-estimate/limit. Of course, a rate is also implicitly defined by including the period hint, so perhaps that is sufficient without needing to send more fields back to the client. (33) Section 3.9, 2nd paragraph, "particular each" => "particular" (34) Section 3.9, 3rd paragraph: It was not entirely obvious to me what the 3rd paragraph text (reproduced below) actually means. I think that this boils down to: If, after access control has been applied, there are no objects remaining in an update record then only a single empty "push-update" notification MAY be sent and empty "push-change-update" messages MUST NOT be sent. This is required to ensure that clients cannot surreptitiously monitor objects that they do not have access to via carefully crafted selection filters. "A publisher MUST allow for the possibility that a subscription's selection filter references non-existent or access-protected data. Such support permits a receiver the ability to monitor the entire lifecyle of some datastore tree. In this case, all "push-update" notifications must be sent empty, and no "push-change-update" notifications will be sent until some data becomes visible for a receiver." (35) Section 3.10. This text seems to be very closely related to the text in section 3.3, so perhaps section 3.10 would be better moved to become section 3.3.1? (36) Section 3.10, last paragraph. "will be expected to" => "SHOULD"? (37) Section 3.11.1 "incomplete-update" flag. In the YANG definition this flag is set in the header of the message (i.e. before the data), but for applications that are generating the notifications in a streamed way, it would probably be better to put the flag after data. This potentially minimizes the requirement that a publisher has to buffer all data to be able to set the incomplete-update flag if necessary. (38) Section 3.11.1 3rd paragraph and bullet points. With the text as currently written, it is acceptable for a publisher to do nothing even if an error is hit. They can satisfy the first "MUST" by selecting the 2nd choice, and they can satisfy the "MAY" of the second choice by doing nothing at all. Instead I think that the text should state that the publisher MUST set the "incomplete-update" flag, or suspend the subscription, or both. Thanks, Rob
- [Netconf] RGW YANG push -18 LC comments [part 1] Robert Wilton
- Re: [Netconf] RGW YANG push -18 LC comments [part… Alexander Clemm
- Re: [Netconf] RGW YANG push -18 LC comments [part… Robert Wilton
- Re: [Netconf] RGW YANG push -18 LC comments [part… Alexander Clemm
- Re: [Netconf] RGW YANG push -18 LC comments [part… Robert Wilton
- Re: [Netconf] RGW YANG push -18 LC comments [part… Martin Bjorklund