Re: [Netconf] Is there a problem with confirmed commits?
"Jonathan Hansford" <jonathan@hansfords.net> Mon, 14 January 2019 16:05 UTC
Return-Path: <jonathan@hansfords.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FC5E12894E for <netconf@ietfa.amsl.com>; Mon, 14 Jan 2019 08:05:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=hansfords.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U3J_A-bO5Pki for <netconf@ietfa.amsl.com>; Mon, 14 Jan 2019 08:04:59 -0800 (PST)
Received: from mail.myfast.site (mail.myfast.site [109.203.117.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68D0013110B for <netconf@ietf.org>; Mon, 14 Jan 2019 08:04:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=hansfords.net; s=default; h=Content-Transfer-Encoding:Content-Type: Mime-Version:Reply-To:References:In-Reply-To:Message-Id:Date:Subject:To:From: Sender:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=e3LDffkbQQBJgaanwB/e44fN4TfpcOpnRWd9BwFTCow=; b=NwcMqYMwqa9IozfF548cm2qRal frpTAozpFK4b5jFm4fNMoHpoFbM4tEaeddWnxCY4cCX4iDth0Q5CFM/D2d+em/10GcnwAb6bLyLHh SoHjd/09OKF8xkQd5+PwehCPpRD1ArqDJbdBEPS+kg5IoAPtNyRA7mGWBfgnCoeVBN+X2SlFsNESl Yda68Gfj9nwGZIqVaWKRO6DWHTawTS0smyfDR1PRSLTm6zSUAcg/cJs3fX7NV6AmrDEHdvLrUUj7D In+QhJ8mc4cpEMoRH92Gy6phSDh7zFd56Q6eIVO2OQcvV1ByAOS5H/uZsa4wAWBpXQpwC6r4tMoXv okDsvDZA==;
Received: from [51.52.247.166] (port=61279 helo=[172.16.1.65]) by mail.myfast.site with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <jonathan@hansfords.net>) id 1gj4jQ-00Goap-FX; Mon, 14 Jan 2019 16:04:57 +0000
From: Jonathan Hansford <jonathan@hansfords.net>
To: Robert Wilton <rwilton@cisco.com>, "netconf@ietf.org" <netconf@ietf.org>
Date: Mon, 14 Jan 2019 16:05:03 +0000
Message-Id: <em586327fb-0cd6-4300-9bf2-3a4c22f2ae3b@morpheus>
In-Reply-To: <2492d27d-d64f-58bd-6006-2b10128f2813@cisco.com>
References: <em106ef27b-c989-4e0b-b819-413fef852d53@morpheus> <20190114135056.t6sow7dbcyow6qcn@anna.jacobs.jacobs-university.de> <em5dfb175c-7835-43eb-a767-38e270601427@morpheus> <20190114154026.tbevjbcdn3oh34uz@anna.jacobs.jacobs-university.de> <2492d27d-d64f-58bd-6006-2b10128f2813@cisco.com>
Reply-To: Jonathan Hansford <jonathan@hansfords.net>
User-Agent: eM_Client/7.2.34062.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Antivirus: Avast (VPS 190114-0, 14/01/2019), Outbound message
X-Antivirus-Status: Clean
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - mail.myfast.site
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - hansfords.net
X-Get-Message-Sender-Via: mail.myfast.site: authenticated_id: jonathan@hansfords.net
X-Authenticated-Sender: mail.myfast.site: jonathan@hansfords.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/RbAeQt_DDy7XjtC-gwZ5ntpkCx4>
Subject: Re: [Netconf] Is there a problem with confirmed commits?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jan 2019 16:05:02 -0000
And maybe a discard_changes before the lock is better behaviour (or is there something that prevents that?) to ensure the lock will succeed. ------ Original Message ------ From: "Robert Wilton" <rwilton@cisco.com> To: "netconf@ietf.org" <netconf@ietf.org> Cc: "Jonathan Hansford" <jonathan@hansfords.net> Sent: 14/01/2019 15:48:58 Subject: Re: [Netconf] Is there a problem with confirmed commits? >Hi Juergen, > >On 14/01/2019 15:40, Juergen Schoenwaelder wrote: >>It seems the <candidate> datastore should not be allowed to be used as >>long as a persistent confirmed commit is still ongoing. I leave it to >>Martin to check whether this is said somewhere or an omission. >> >>In general, an application can't assume that <candidate> contains >>anything sensible. Hence, the proper way is to lock <candidate> and >>then to make sure it contains something sensible, i.e., issuing a >>discard_changes. > >But the text that you quote below states that a client cannot acquire a lock on candidate if it contains any changes. Doesn't this implies that discard_changes after acquiring the lock should be unnecessary? > >Thanks, >Rob > > >> And I think implementations should not allow an >>application to obtain a lock on <candidate> while a commit is active. >>The text on page 45 already says: >> >> A lock MUST NOT be granted if any of the following conditions is >> true: >> >> [...] >> >> * The target configuration is <candidate>, it has already been >> modified, and these changes have not been committed or rolled >> back. >> >>I think this covers the case of an ongoing but not completed >>persistent confirmed commit, no? >> >>/js >> >>On Mon, Jan 14, 2019 at 03:14:02PM +0000, Jonathan Hansford wrote: >>>If a persistent confirmed commit has not timed out, the running >>>configuration datastore will be the same as the candidate and >>><discard-changes> won't change its contents. Any edit of candidate will be >>>based on the configuration resulting from the persistent confirmed commit. >>> >>>If the persistent confirmed commit has timed out, the running configuration >>>datastore will have reverted and <discard-changes> will change candidate. >>>Any edit of candidate in this case will be based on the configuration prior >>>to the start of the persistent confirmed commit. >>> >>>------ Original Message ------ >>>From: "Juergen Schoenwaelder" <j.schoenwaelder@jacobs-university.de> >>>To: "Jonathan Hansford" <jonathan@hansfords.net> >>>Cc: "netconf@ietf.org" <netconf@ietf.org> >>>Sent: 14/01/2019 13:50:56 >>>Subject: Re: [Netconf] Is there a problem with confirmed commits? >>> >>>>Hi, >>>> >>>>I have not yet understood where you see a problem. In general, >>>><candidate/> contains arbitrary stuff and hence it is the client's >>>>responsibility to clear any arbitrary stuff found in <candidate/> >>>>after obtaining a lock. If does not really matter whether there has >>>>been a failed confirmed commit before or something else. I think the >>>>general safe pattern is: >>>> >>>>lock(candidate) >>>>discard_changes() >>>>push_whatever_needed() >>>>commit() >>>>unlock(candidate) >>>> >>>>If you do a confirmed commit and the session disappears, then the lock >>>>will disappear as well. But I do not think this creates a race >>>>condition, or I am just not yet seeing it. Perhaps it helps to write >>>>down the sequence of actions that leads to a race. >>>> >>>>/js >>>> >>>>On Mon, Jan 14, 2019 at 12:50:38PM +0000, Jonathan Hansford wrote: >>>>> Hi, >>>>> >>>>> No one seems to be responding to my email and proposed erratum around >>>>> the subject of confirmed commits (apart from Martin), but I would really >>>>> like to know it I am missing something here. As far as I can tell, >>>>> session termination during a confirmed commit leads to unpredictable >>>>> behaviour and I would like to know whether anyone is using confirmed >>>>> commits and how (if at all) they address the issues outlined below. My >>>>> assumptions are that locks are used and :writable-running is not >>>>> supported. >>>>> >>>>> If the <candidate> and <running> configuration datastores are locked to >>>>> prevent concurrent access, and a confirmed commit sequence is >>>>> interrupted by the session terminating, the locks will automatically be >>>>> released but the server MUST NOT accept a lock on <running> from any >>>>> session if another session has an ongoing confirmed <commit>. >>>>> Consequently, after session termination no client can acquire a <lock> >>>>> on <running>, not even the one that initiated the confirmed <commit>, >>>>> until after the confirmed <commit> has timed out. However, if the >>>>> confirmed <commit> included the <persist> parameter, the original client >>>>> could still issue a <commit> using the persist-id to complete the >>>>> sequence prior to the timeout, even without a lock. >>>>> >>>>> Of course, the problem now is the race for the new lock on <candidate>. >>>>> If the original client is successful then all is good. But if a new >>>>> client locks <candidate> before the timeout on the confirmed commit, >>>>> whether or not they precede <lock> with <discard-changes>, <candidate> >>>>> will be the same as <running> and the new client will pick up everything >>>>> from the previous session. However, the client won’t be able to lock >>>>> <running> until after the timeout, at which point <running> reverts but >>>>> <candidate> still represents the previous session. If the client tries >>>>> to lock <candidate> after the timeout, <running> will have reverted and >>>>> the lock will only be granted after a <discard-changes> which will cause >>>>> the <candidate> to revert. So, depending on when the lock on <candidate> >>>>> occurs relative to the confirmed commit timeout, the client could be >>>>> editing <candidate> in one of two states. Further, before the timeout on >>>>> the confirmed commit, even if the new client has locked candidate, the >>>>> original client could still issue a confirming commit (they don’t need a >>>>> lock on <candidate> to do so) which would persistently commit any edits >>>>> made by the new client. NOTE: it is not the use of the persist-id that >>>>> introduces this behaviour; a new client would have the same problem even >>>>> if a confirmed commit was not intended to persist beyond a session >>>>> termination. >>>>> >>>>> If the server also supports the :startup capability then, if the session >>>>> termination was due to the server rebooting, the behaviour above would >>>>> be further complicated by <running> now containing the configuration >>>>> from the <startup> configuration datastore. >>>>> >>>>> Am I right? >>>>> >>>>> Jonathan >>>>> >>>>> --- >>>>> This email has been checked for viruses by Avast antivirus software. >>>>> https://www.avast.com/antivirus >>>>> _______________________________________________ >>>>> Netconf mailing list >>>>> Netconf@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/netconf >>>> >>>>-- >>>>Juergen Schoenwaelder Jacobs University Bremen gGmbH >>>>Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany >>>>Fax: +49 421 200 3103 <https://www.jacobs-university.de/>
- [Netconf] Is there a problem with confirmed commi… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Martin Bjorklund
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Robert Wilton
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Andy Bierman
- Re: [Netconf] Is there a problem with confirmed c… jonathan
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford
- Re: [Netconf] Is there a problem with confirmed c… Juergen Schoenwaelder
- Re: [Netconf] Is there a problem with confirmed c… Jonathan Hansford