IETF Logo Mail Archive

Re: [netconf] Should a NETCONF server implement YANG Library 1.1 if it does not support NETCONF NMDA?

Andy Bierman <andy@yumaworks.com> Sat, 03 July 2021 19:33 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D1663A2191 for <netconf@ietfa.amsl.com>; Sat, 3 Jul 2021 12:33:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zC4g5KSni3Ww for <netconf@ietfa.amsl.com>; Sat, 3 Jul 2021 12:33:48 -0700 (PDT)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C9123A2190 for <netconf@ietf.org>; Sat, 3 Jul 2021 12:33:47 -0700 (PDT)
Received: by mail-lj1-x22a.google.com with SMTP id h6so18467902ljl.8 for <netconf@ietf.org>; Sat, 03 Jul 2021 12:33:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lvlYz4a76mSKuuUvqBSPdE04y6627cwHaJhAKDAH65g=; b=AaY+vOsKTHon1E/keuDEuaA9BBM4OmHHOB6ertIyp2hBm6lu0U0rJcb27eQVFX9TKd lsCl2DInWR+MgZpeBx4vtNzWxBJxdkajtFUfk+G0ejjRCh793YBrGu7CAoozcl++rrBz 6UmlDim0mQKC8f6CHjkQk2+DXMDdQN34gj71/jwh/GOtDEjJgsXDA//q29SabVQk5cq0 lB8RLv/FR4pzw68FNw/og9jaMud7JXos3oSSsMQtRfJ0xQeTEZHS2t8XFwExdwQJ4MXH 5SsoYKIMZAH6x2vemBgv8ke34pvyE+XNCytJKf0RSwh/ibtslufSGqLjnD/+Su3TS8LM H2ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lvlYz4a76mSKuuUvqBSPdE04y6627cwHaJhAKDAH65g=; b=nmBy6EoslV1nkKNLGZiTxHls0R55vMOevSXA29iugsWuIJJvuyGm7fFe/AE3Pgbf3G otUWSHUu5D8L7c5Od/RlNkWYwNvblaVcCiAcg8409TNeRPAr+W93YX+tH8+RPYQxBRvN pNib82bMwPDBwbiG+AnsavrTZ+6P38JYWnkOZ4wiTgfypUYAMej9UfG6FbjNptjDt7Iv FxbQ9dm70vb1daJkjPgU4WbUm4+NUXBxQ3XD8vj6Em2aAZ2kpLyO1tjUpg8+PtSe6fSE V2ygB0srK38bFYur+PJ1XOht8c7EXJwsXQEv4r2knQtL4vpxnIdSMde87M/ULFAemhFt h0pg==
X-Gm-Message-State: AOAM532mUc5QA5lTKJONWY2CmIjA9OzMTK/+NoC7MXmGzzwJUuS2nIna 9/ZepySjW/HWY7w1sI1DPhxLWi/cpExW2IRiqyDxfg==
X-Google-Smtp-Source: ABdhPJx4E3s8F8/RJIJDyMEHPZgUEcE3NFp0mP7/7HvUNgacyIS2TlHLxvJ8BCL0WTOgbBsStT3bCjzHsT/9oFHPMwI=
X-Received: by 2002:a05:651c:544:: with SMTP id q4mr4438853ljp.105.1625340823350; Sat, 03 Jul 2021 12:33:43 -0700 (PDT)
MIME-Version: 1.0
References: <d8bd1bec-834c-3247-8269-0f9d915dd36a@mg-soft.si> <ee2ced1d-2d74-093a-d377-73907e03c7fa@lightside-instruments.com> <CABCOCHQomyGQxbg-svjZTcKPjc+BWodPaugSE8LFC_fXj-Uw6Q@mail.gmail.com> <a5c08314-3687-59bc-a44c-1044b6c06b33@mg-soft.si> <CABCOCHQ8L4M8ZwNdUgcPX=Ba0uYs6mkX_cAthkZc74vpdqnunw@mail.gmail.com> <12702921-2d78-84b2-8601-2ab225da0b52@mg-soft.si> <CABCOCHT1MTKiGsHN1NsLf7jvHjr0b16gJ4=Oy2PPdBkOSsT=6g@mail.gmail.com> <749468b4-1eb2-b2d1-1709-5dbf09bef2fa@mg-soft.si>
In-Reply-To: <749468b4-1eb2-b2d1-1709-5dbf09bef2fa@mg-soft.si>
From: Andy Bierman <andy@yumaworks.com>
Date: Sat, 03 Jul 2021 12:33:32 -0700
Message-ID: <CABCOCHT-AKjWVAcL7Hq9JAL=E1t=4FFrTct6A9co7g-sgpaM1Q@mail.gmail.com>
To: Jernej Tuljak <jernej.tuljak@mg-soft.si>
Cc: Vladimir Vassilev <vladimir@lightside-instruments.com>, Netconf <netconf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006a465b05c63d2647"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/a__xp8Zpo3fcUwBRjScVRw1FpYY>
Subject: Re: [netconf] Should a NETCONF server implement YANG Library 1.1 if it does not support NETCONF NMDA?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jul 2021 19:33:54 -0000

Hi,

We already agreed that implementation of the NMDA version
by a non-NMDA server is not useful, so no reason to discuss it further.

The general topic on the impact of complexity on deployment of
standards is probably out of scope here. Let's just say that
the pre-defined partitioning of functionality (e.g. YANG features)
is just a suggestion to vendors.


Andy


On Sat, Jul 3, 2021 at 12:12 PM Jernej Tuljak <jernej.tuljak@mg-soft.si>
wrote:

> On 03/07/2021 17:57, Andy Bierman wrote:
>
>
>
> On Fri, Jul 2, 2021 at 2:22 AM Jernej Tuljak <jernej.tuljak@mg-soft.si>
> wrote:
>
>> On 01/07/2021 16:58, Andy Bierman wrote:
>>
>>
>>
>> On Thu, Jul 1, 2021 at 7:32 AM Jernej Tuljak <jernej.tuljak@mg-soft.si>
>> wrote:
>>
>>> On 01/07/2021 14:25, Andy Bierman wrote:
>>>
>>>
>>>
>>> On Thu, Jul 1, 2021 at 1:36 AM Vladimir Vassilev <
>>> vladimir@lightside-instruments.com> wrote:
>>>
>>>>
>>>> On 30/06/2021 10.33, Jernej Tuljak wrote:
>>>> > Hi,
>>>> >
>>>> > I have a relatively simple question, stated in the subject.
>>>> >
>>>> > I cannot find any concrete text that would advise against, prohibit
>>>> or
>>>> > encourage such a thing, but is ietf-yang-library@2019-01-04 intended
>>>> > to be used in such a way; to be implemented in a non-NMDA NETCONF
>>>> server?
>>>> >
>>>> > How should a NMDA enabled NETCONF client handle a situation where
>>>> > :yang-library:1.1 capability is advertised by the NETCONF server, but
>>>> > ietf-netconf-nmda module is not (assuming that the client is also
>>>> > capable of acting as a legacy client)?
>>>>
>>>> IMO all NETCONF servers that implement :yang-library:1.0 implement NMDA
>>>> where "all datastores have exactly the same schema". Those servers can
>>>> trivially implement :yang-library:1.1. I am not aware of any formal
>>>> requirement for such implementation to also implement ietf-netconf-nmda
>>>> - e.g. <get-data>.
>>>>
>>>
>>> Correct.
>>> If module A does not import or even mention module B,
>>> then it safe to assume that there is no requirement to implement B
>>> if A is supported.
>>>
>>> It is trivial for the server to support the new YANG library, and at
>>> least 2 implementations
>>> use the same approach even if NMDA is enabled.
>>>
>>>
>>> I'm more interested in the case where the server does not support NMDA
>>> but implements YANG Library 1.1. I'd like to see a concrete example of the
>>> server's <hello> message and content of a response to a client's <get>
>>> request on /ietf-yang-library:yang-library data tree branch for this case.
>>>
>>>
>>
>> I don't understand why there would be any confusion about <get> processing
>> of config=false data nodes, or why such data nodes under the
>> /yang-library subtree would be special.
>>
>>
>> I'd like to see what you consider to be a sane response to a query on
>> that branch, if the server does not support NMDA. I would also like to see
>> how the server properly announces its support for YANG Library 1.1, if it
>> does not support NMDA.
>>
>
>
> This is academic since we do not use the 2019 version unless NMDA is
> enabled,
> because the redundant data is not helpful to the operator.
> I do not think RFC 8525 imposes NMDA requirements, so it should be possible
> to comply with this RFC but not RFC 8342.
>
> Example:
>   - 1 module set
>   - 1 schema containing the 1 module-set
>   - 1 datastore entry for running
>
> I guess your issue is that <operational> should not be included, so any
> module
> that has config=false nodes cannot be properly represented.  Or the server
> can
> implement <operational> for just config=false nodes, since it has no
> support
> for operational values of config=true data nodes.
>
>
> No, my issue here is, that there are too many ways one can choose to
> populate this part of YANG Library 1.1, if the server does not support
> NMDA, because nothing exists to guide implementations on how to do
> properly. Therefore the client side is forced to rely on what is
> practically guesswork to try to understand something as basic as model
> compliance announcements from the server side.
>
> Even the (purely academic) solution you suggest, 1 datastore, 1 schema and
> 1 module-set, is a gray area from my perspective. Why did you choose only
> ds:running, for example? Why not list ds:running, ds:candidate, ds:startup
> and ds:operational? Why not only ds:operational? Why list any at all - they
> are optional as per model?
>
> The real issue for me regarding these is that they are defined in
> ietf-datastores, published only as part of RFC8342, titled "NMDA", which
> the server does not implement. My interpretation of the available documents
> is that those names may only represent one thing - NMDA datastores. To try
> to stretch their definitions to also cover legacy datastores + operational
> state of a device leads to something that is ambiguous at best.
>
> Even just advertising
> urn:ietf:params:netconf:capability:yang-library:1.1?revision=2019-01-04&content-id=123
> in <hello> seems problematic. That capability is a NETCONF extension to
> support NMDA, defined only in RFC8526, which the server does not implement.
> You used the A and B module analogy in a previous message. Does such an
> analogy not apply also to the RFCs where the modules were published?
>
> We have seen implementations in the wild do random things in order try to
> support YANG Library 1.1 in a non-NMDA context. And it has caused
> interoperability problems for us. That is why I'm asking the question in
> this thread.
>
> Jernej
>
>
> We allow YANG Push to be used without NMDA in this way,
> because YANG Push is popular/useful and NMDA is not.
>
>
>
>>
>>
>> We have seen different approaches used in the wild and none of them make
>>> much sense to us. The intention of YANG Library 1.1 seems to be pretty
>>> clear - to announce NMDA datastore schema compliance. I do not see how it
>>> can be used in a different context so an example would be appreciated
>>> greatly.
>>>
>>
>> I do not see any text requiring more than one module-set list entry to be
>> populated,
>> except for rules on how <operational> can be different from a
>> conventional datastore.
>>
>>
>> Are you saying that a non-NMDA server implementing YANG Library 1.1 is
>> only expected/required to populate one <module-set> entry and not
>> instantiate <schema> and <datastore> at all, since those are not supported?
>> That is exactly why I asked for an example.
>>
>
> No -- see above.
>
>
>>
>>
>> Our server does not use the 2019 version unless NMDA is actually enabled.
>>
>>
>> To me, that is the only decision that makes sense.
>>
>> There are already enough copies of the module info in the server without
>> the /yang-library copy.
>>
>>
>> What is the latter copy supposed to contain and what meaning does it
>> convey to the client if the server does not support NMDA?
>>
>
>
> Not sure why this is a problem.
> The server has no special datastore for operational values for
> configuration data nodes.
> Other than that, it is the same as NMDA.
>
>
>
>
>>
>> I agree there is no value in providing the 2019 version in a non-NMDA
>> server.
>>
>>
>> That is my view as well.
>>
>> A non-NMDA client will be looking for the 2016 version anyway.
>>
>>
>> You seem to be implying that the client side cannot support both (NMDA
>> and legacy) and decide which to use during <hello> exchange and some
>> additional queries immediately after?
>>
>
>
> The client can <get> /modules-state or /yang-library.
> We cannot take away /modules-state from our server.
> Too much code out there depends on it.
>
>
>
>>
>>
>> Even if NMDA is enabled on our server, it only supports 1 module-set,
>> because our clients do not support multiple schema trees per session.
>>
>>
>> All server implementations we have encountered are like that. So far. But
>> like I said before, I'm more interested in non-NMDA servers that implement
>> YANG Library 1.1.
>>
>
>> Jernej
>>
>>
>
> Andy
>
>
>>
>>
>>
>>
>>> Jernej
>>>
>>
>>
>> Andy
>>
>>
>>>
>>>
>>> It has never been trivial for a client to support NMDA, and that is why
>>> NMDA
>>> is not being adopted (but the server-centric WG still thinks the jury is
>>> out on NMDA).
>>>
>>>
>>>>
>>>> IMO client software using <get> and <get-config> should not need
>>>> changes
>>>> to support device servers upgraded to support :yang-library:1.1 with or
>>>> without implementation of ietf-netconf-nmda (<get-data> etc.).
>>>>
>>>>
>>> This is not just an opinion.
>>> No words in RFC 6241 are altered because NMDA is implemented.
>>> The <get> and <get-config> operations work exactly the same as before
>>> NMDA existed.
>>>
>>>
>>>
>>>> /Vladimir
>>>>
>>>>
>>>>
>>>
>>> Andy
>>>
>>>
>>>
>>>> >
>>>> > Jernej
>>>> >
>>>> > _______________________________________________
>>>> > netconf mailing list
>>>> > netconf@ietf.org
>>>> > https://www.ietf.org/mailman/listinfo/netconf
>>>>
>>>> _______________________________________________
>>>> netconf mailing list
>>>> netconf@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/netconf
>>>>
>>>
>>> _______________________________________________
>>> netconf mailing listnetconf@ietf.orghttps://www.ietf.org/mailman/listinfo/netconf
>>>
>>>
>>>
>>
>

v2.23.0 | Report a Bug | By Email