IETF Logo Mail Archive

[Netconf] 4741bis -- :url capability issues

Andy Bierman <andyb@iwl.com> Fri, 30 April 2010 02:26 UTC

Return-Path: <andyb@iwl.com>
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AAC893A68DF for <netconf@core3.amsl.com>; Thu, 29 Apr 2010 19:26:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.068
X-Spam-Level:
X-Spam-Status: No, score=-2.068 tagged_above=-999 required=5 tests=[AWL=-1.069, BAYES_50=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ae6q5-dqhF+Q for <netconf@core3.amsl.com>; Thu, 29 Apr 2010 19:25:57 -0700 (PDT)
Received: from smtp114.iad.emailsrvr.com (smtp114.iad.emailsrvr.com [207.97.245.114]) by core3.amsl.com (Postfix) with ESMTP id 377373A67A4 for <netconf@ietf.org>; Thu, 29 Apr 2010 19:25:57 -0700 (PDT)
Received: from relay1.r1.iad.emailsrvr.com (localhost [127.0.0.1]) by relay1.r1.iad.emailsrvr.com (SMTP Server) with ESMTP id 78D0544C02B for <netconf@ietf.org>; Thu, 29 Apr 2010 22:25:43 -0400 (EDT)
Received: by relay1.r1.iad.emailsrvr.com (Authenticated sender: andyb-AT-iwlcorp.com) with ESMTPSA id 438C244C098 for <netconf@ietf.org>; Thu, 29 Apr 2010 22:25:42 -0400 (EDT)
Message-ID: <4BDA3FA5.4020306@iwl.com>
Date: Thu, 29 Apr 2010 19:25:41 -0700
From: Andy Bierman <andyb@iwl.com>
Organization: Interworking Labs, Inc.
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: NETCONF <netconf@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [Netconf] 4741bis -- :url capability issues
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: andyb@iwl.com
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 02:26:01 -0000

Hi,

Here are more issues for 4741bis:

1) :url as a source for <edit-config>
   (Martin already raised this issue)

         choice edit-content {
           mandatory true;
           anyxml config {
             description
               "Inline Config content: 'config' element.
                This is not full 'anyxml' because the <config>
                element cannot directly contain a text node.";
           }
           leaf url {
             if-feature url;
             type inet:uri;
           }
         }

   The edit-config operation allows <url> as a source,
   but there is no explanation what the file has to contain.
   Does it even have to be XML?

   There is no <get-config> support for a URL database,
   so why should there be any partial database editing?
   Since the URL file always represents a complete database,
   there are no operations other than copy-config and delete-config
   that apply to it.

   Proposed solution:
     - Delete 'url' as a source for <edit-config>
     - Delete section 8.8.5.1.


2) There is no lock support at all for URL databases, so it is 
   not even clear that copy and delete are properly supported.

   Issue: Should <url> be allowed in <lock> and <unlock>
   operations?

3) :url interoperability

   It is not clear what a client application should expect
   for any given scheme, or what schemes a server SHOULD
   or even MAY support.

   Issue: is the :url capability interoperable?
   If not, what should be done about it?

4) :url security considerations

   The security considerations for external database representations
   of NETCONF configurations are ignored, which should probably be
   fixed, if anybody knows what to write.

   Current text:

       Similarly, just because someone says "go write a configuration
       through the URL capability at a particular place", this does not mean
       that an element should do it without proper authorization.

   Issue:  Are the security considerations clear enough or are
   more details needed?  (e.g., file system permissions for 'file' scheme,
   clear-text on-the-wire for 'ftp' and 'http' schemes.

5) 'file' scheme

   It is not clear whether:
     - absolute path specs must be supported by the server
     - the path-spec represents a conceptual file-system in 
       the server, or the real file-system.
     - sub-directories must be supported
     - how many sub-directory levels deep are allowed
     - other restrictions apply, such as naming, number of files, etc.
     - if the internal mirrored NV-store is really a file,
       whether this file is accessible via the <url> parameter.
     - if the external :startup config is accessible via the <url> 
       parameter.

   Issue: are any guidelines needed for the 'file' scheme?
   This is the most likely scheme to be supported by a server.



Andy

v2.23.0 | Report a Bug | By Email