IETF Logo Mail Archive

Re: [Netconf] Comments on draft-lhotka-netconf-restconf-transactions-00

Robert Wilton <rwilton@cisco.com> Fri, 13 July 2018 10:02 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B943130EA8 for <netconf@ietfa.amsl.com>; Fri, 13 Jul 2018 03:02:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DbAD-5SfiR4H for <netconf@ietfa.amsl.com>; Fri, 13 Jul 2018 03:02:07 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 383FD12F1A2 for <netconf@ietf.org>; Fri, 13 Jul 2018 03:02:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8019; q=dns/txt; s=iport; t=1531476127; x=1532685727; h=subject:to:references:from:message-id:date:mime-version: in-reply-to:content-transfer-encoding; bh=R2ktzT1YauoT06Uqel3xTtgZlZwPXG7u2JADphFQUhA=; b=YLani9TYfx7g4CUlgewVRSrOURPx2W6Ol5qNKOzoYAjlnvEWHKZKe/Qp kIzXORM/90dQ9XU3TK7t+a9yWMLB/U1OotZB/tCQzGkTI9Yv7dsZUNUbz 8lsxJvc6nyYg6IQQu/3/8ikqQgEomC+0lBXfOxKAR5f0XTZ3AXGF3AAFw Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B0AQAWeEhb/xbLJq1TAQgZAQEBAQEBAQEBAQEBBwEBAQEBhRkSKIN7iGONOix1ljoLhGwCgm43FQECAQECAQECbSiFNgEBAQMBIw8BBTwVCxgCAiYCAlcGAQwGAgEBF4MFgXgIqUaBLoRbhWOBC4lOP4ERJ4I1NYRRBQ+DF4JVAplZCY8hBoFDhA+CRyWFI4d9hEKFVYFXIoFSMxoIGxWDJJBUPjCJTiuCGwEB
X-IronPort-AV: E=Sophos;i="5.51,347,1526342400"; d="scan'208";a="5146397"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Jul 2018 10:02:05 +0000
Received: from [10.63.23.105] (dhcp-ensft1-uk-vla370-10-63-23-105.cisco.com [10.63.23.105]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTP id w6DA2599028980; Fri, 13 Jul 2018 10:02:05 GMT
To: Ladislav Lhotka <lhotka@nic.cz>, "netconf@ietf.org" <netconf@ietf.org>
References: <b26d88fe-2797-a8f8-a2e3-a5aed2fae6d7@cisco.com> <87sh4ofjyd.fsf@nic.cz>
From: Robert Wilton <rwilton@cisco.com>
Message-ID: <7794cb8f-caba-c652-abfa-db754b509dd2@cisco.com>
Date: Fri, 13 Jul 2018 11:02:04 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <87sh4ofjyd.fsf@nic.cz>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/WKG4vVujXCJ1-rXGV8oHDW4qNOg>
Subject: Re: [Netconf] Comments on draft-lhotka-netconf-restconf-transactions-00
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2018 10:02:10 -0000

Hi Lada,


On 12/07/2018 18:22, Ladislav Lhotka wrote:
> Hi Rob,
>
> thanks for your comments, please see inline.
>
> Robert Wilton <rwilton@cisco.com> writes:
>
>> Hi Lada,
>>
>> I've had a read of this draft, and have provided some comments below.
>>
>> So, my top level comment is that I don't know whether or not RESTCONF
>> needs this functionality or not.  I've heard some operators state that
>> they think that clients can just construct an "atomic" change, and hence
>> don't have the need for a server side staging area.  Perhaps a good
>> question to ask in Montreal?
> I think what you mean is an analogy to git, where all changes are
> applied on the client's side and then new commits are pushed to the
> server. However, git was designed for this mode of operation - I think
> with RESTCONF it wouldn't be so efficient. And also, the client
> functionality would be probably difficult to implement in a plain
> browser whereas browser-based clients can be easily used with RESTCONF
> extended according to my draft.
No, I wasn't thinking that they would be separate commits, but a single 
client commit.

I guess it may depend on whether it is a machine constructing the 
configuration change (in which case merging it into a single request 
should be plausibly straight forward), or human's doing the interaction, 
although even then I still wonder whether creating an edit buffer on the 
client side, and then pushing that to the server as a single update 
isn't a slightly cleaner paradigm.

Perhaps the draft could have a background that explains some of the 
expected usages of private candidate datastores.

>
>> The rest of my comments below, apply to the proposed technical solution,
>> and obviously only apply if this is a needed enhancement. :-)
>>
>> 1) Generally, I definitely prefer the idea of per session staging areas
>> (aka private candidates) described in this draft over a shared lockable
>> candidate datastore.  This follows my belief that loosely coupled
>> concurrent systems are more robust than tightly coupled ones (e.g. with
>> shared locking).
>>
>> 2) I don't think that this draft needs to mention <intended> at all.
>> Instead, everywhere you mention <intended> then you should be saying
>> <running>.  I.e. your staging datastores should update <running> on a
>> commit operation, just like a commit of <candidate> updates <running>.
>> <intended> is always just updated as a side effect of a write to
>> <running>, and as such is a tangential consideration.
> The main reason for using <intended> is that the target datastore into
> which staging datastores are merged has to be valid at all
> times. <running> has somewhat fuzzy semantics both in NETCONF and under
> NMDA. But yes, the text also says that essentially we have <running> and
> <intended> being the same. NMDA explicitly permits this simplification.

<running> has the configuration supplied by the user before any template 
expansion, or inactive config removal.
<intended> is the same configuration data, but after template expansion, 
inactive config removal, and any other random config manipulations that 
the server might do.

If the device doesn't do "template expansion, inactive config removal, 
and any other random config manipulations", then <intended> is trivially 
the same as <running>.

Whenever <running> is due to be changed, <intended> is also updated at 
the same time, and validated.

Hence <intended> is always valid, and by implication, so is <running>, 
since you cannot make a change to <running> without also updating, and 
validating <intended> at the exact same time.  I.e. they succeed or fail 
together.

I think that your <staging> datastore design works much better with NMDA 
if you update <running> instead of <intended>.

>> 3) Rather than having clients interact via {+restconf}/data, I think
>> that it would be much better to require NMDA and then have clients
>> interact via {+restconf}/ds/ietf-restconf-transactions:staging, as per
>> draft-ietf-netconf-nmda-restconf-04 section 3.1.  The new staging
>> datastore identity should also be defined in your module to inherit from
>> ietf-datastores:datastore identity.  I think that this probably also
>> more closely aligns to restful principals.
> Again, in RESTCONF it is unclear what the "unified" datastore really
> is. We wanted to make the semantics clear and explicit and, in
> particular, permit configuration edits only via the staging
> datastore. With your suggestion, it is not clear to me whether the
> client could also interact with {+restconf}/data.
The problem with {+restconf}/data is that is combines the *desired* 
configuration with the *actual* operational state.  This combination 
cannot always be done in a sane way if the system isn't in a steady state.

I think that we should be trying to deprecate {+restconf}/data, I think 
that cleaner/simpler semantics can be achieved by interacting via 
explicit datastores.

E.g.
(1) If a RESTCONF client wants to make an atomic update to the 
configuration, then it just writes to <running>.
(2) If a RESTCONF client wants private staged configuration then it does 
it via <staging> and a commit to <running>.  From a system perspective 
this is pretty much the same as (1) any way.
(3 ) If a shared candidate datastore is required, then a client writes 
to <candidate> and then commits configuration to <running>.
(4) If <running> can be locked, then attempts by other clients to commit 
to <running> when it is locked must fail.


>
>> 4) So, I think that the <staging> datastore itself only contains the
>> proposed changes (additions, modifications, and deletes) to <running>
>> when they are committed.  I think that clients may also want to see the
>> combined configuration of the current contents of <running> with the
>> delta held in <staging> applied.  This could be exposed either as (i) a
>> new RPC, (ii) as an extra query parameter or (iii) As another read-only
>> datastore.  A new RPC has the disadvantage that it probably wouldn't
>> support all the query parameters, so my instinctive preference would be
>> to one of the other two latter options.
> Do you mean to be able to see the result of a "dry run" of a commit?
> This would be certainly possible and, in fact, in our implementation it
> is pretty trivial.
let me ask two different question first:

(1) If I call GET on <staging> then do I see just what I have changed 
(and explicitly don't see anything that I haven't changed), or do I see 
all of the base configuration with my private changes merged in?

(2) If the answer to Q1 is you see the base configuration + private 
changes merged in, then is it the base configuration fixed from the 
point in time that <staging> was initialized? Or does it float, i.e. it 
always updates to the latest committed base configuration in running?

>
>> 5) If private candidate datastores are being added to RESTCONF, then
>> should they also be added to NETCONF?  If they are added to both then I
>> think that they should be added in the same way, as much as possible,
>> perhaps both could be updated in a single draft to save repetitive
>> text?  In general, I like (Kent's?) idea of NETCONF WG writing a RFC
>> that describes all the common parts of NETCONF and RESTCONF that the
>> individual protocol docs can then reference rather than writing similar
>> or equivalent text in two places.
> But private candidates are already an option in NETCONF, right? One
> possibility would be to make it the ONLY option, because shared candidates
> have known problems.
How do you do private candidate in NETCONF?  I thought that it was only 
shared candidate that had been standardized.

Thanks,
Rob


>
> Thanks, Lada
>
>> But otherwise, I think that it is an interesting idea, and certainly
>> warrants some WG discussion.
>>
>> Thanks,
>> Rob
>>

v2.23.0 | Report a Bug | By Email