Re: [Netconf] New draft: draft-mm-netconf-time-capability-00
Andy Bierman <andy@yumaworks.com> Thu, 18 July 2013 15:00 UTC
Return-Path: <andy@yumaworks.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 867CA11E80E1 for <netconf@ietfa.amsl.com>; Thu, 18 Jul 2013 08:00:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.767
X-Spam-Level:
X-Spam-Status: No, score=-2.767 tagged_above=-999 required=5 tests=[AWL=0.210, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tPtD8mz8RhJD for <netconf@ietfa.amsl.com>; Thu, 18 Jul 2013 08:00:06 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id ED96411E814F for <netconf@ietf.org>; Thu, 18 Jul 2013 07:59:27 -0700 (PDT)
Received: by mail-pb0-f44.google.com with SMTP id uo1so3271638pbc.3 for <netconf@ietf.org>; Thu, 18 Jul 2013 07:59:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=ZyXMOEfJsRi9edir9Lk4//5WrvCXc8ArGmtXnrVmAuk=; b=Sh4xqt82p9PR6Bvdad2Kq/6oOSsILyXPJZyXodT0VQmERPh5nQA0wn9mDsVb1x41KR BlSKbiWi5SFq+w/e7SrdDLcWLjOq6RsRs+b4D4m8t0aaYGK+62JiFuxjGHaJWerWihGY gHzvGNAmgQ782mwa7ghIKklxZBbmVFIeT61oy8RG5vuiRcLsQDE9lWmiT8qpK+n0PuQu AybCbtfSKmEgF0otWzi0c4TFfB/fxwkGd5lVPRq8MOsbQruFrTzLDGzCbj/X40U6IHEI vjvu/SKpyfHIOQM9NVPLh2J8nnFvHM3tQ7H/9LhSm4CUY0ixISv4sYcHCiQFHc81JlrW wZFw==
MIME-Version: 1.0
X-Received: by 10.66.234.71 with SMTP id uc7mr13449944pac.10.1374159562414; Thu, 18 Jul 2013 07:59:22 -0700 (PDT)
Received: by 10.70.12.161 with HTTP; Thu, 18 Jul 2013 07:59:22 -0700 (PDT)
In-Reply-To: <20130718174814.Horde.4U20NHGbDvb8NzPI8g2QFQ6@webmail.technion.ac.il>
References: <20130708104818.Horde.WJEDWO_XoOj_pIO2WxwcEg5@webmail.technion.ac.il> <CABCOCHTBt0wB-dLm+b_0GQD8nLG6558v4+D1FuR0kn=wOo3y7w@mail.gmail.com> <51E7E10F.7060209@ericsson.com> <CABCOCHTSi5u9T=szXv6aS7wUVBrVHM6UwgxuyuRWoi1B1khMqQ@mail.gmail.com> <20130718174814.Horde.4U20NHGbDvb8NzPI8g2QFQ6@webmail.technion.ac.il>
Date: Thu, 18 Jul 2013 07:59:22 -0700
Message-ID: <CABCOCHQVRTfVgXBdnUW-pKPQgtxVQxF4u6=dVocVOst=URaoWA@mail.gmail.com>
From: Andy Bierman <andy@yumaworks.com>
To: Tal Mizrahi <dew@tx.technion.ac.il>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQkaP/kF3mFZMADkVeKCBZ54Lrm84uqDqEI6B3hyZx3P2GhYsxDErLuB8uXbNfeLYqG2iihx
Cc: moses@ee.technion.ac.il, netconf@ietf.org
Subject: Re: [Netconf] New draft: draft-mm-netconf-time-capability-00
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2013 15:00:13 -0000
On Thu, Jul 18, 2013 at 7:48 AM, Tal Mizrahi <dew@tx.technion.ac.il> wrote: > Hi Andy, > >> I like the solution in draft-kwatsen-conditional-enablement-00 >> better than this one because it covers more use-cases and >> seems more tractable. > > > The concept in our draft is to suggest a general solution, allowing servers > to coordinate any type of operation, including commit, edit-config, or any > future operations that may come up. We are also targeting a higher > resolution than hours. > I think your solution has use-cases outside of configuration. - synchronized actions across multiple servers (e.g., <reset-foo>) - synchronized <get> across multiple servers > Your points below are well taken. > > Thanks, > Tal. > > Andy > > Quoting Andy Bierman <andy@yumaworks.com>: > >> Hi, >> >> There are lots of operational problems with delayed operations. >> I like the solution in draft-kwatsen-conditional-enablement-00 >> better than this one because it covers more use-cases and >> seems more tractable. >> >> For example: >> * in order to stage time-triggered-config, >> the user and access control can be checked once at the time >> the request is made. >> * the normal RPC mechanism is used >> (1 request and 1 immediate reply) >> * the staged config can be viewed or deleted with standard >> protocol operations, using standard access control >> [Not clear what filters would need to be added.] >> * conditional-enablement easily handles periodic config to >> support maintenance windows, URL blocking, etc. >> * time-shift applies to config activation, which is much less >> complicated than delaying arbitrary protocol operations. >> >> >> Andy >> >> >> On Thu, Jul 18, 2013 at 5:35 AM, Balazs Lengyel >> <balazs.lengyel@ericsson.com> wrote: >>> >>> Hello, >>> - The idea that scheduled time should be the required completion time for >>> an >>> operation is unfortunate. That assumes a device can estimate how long a >>> complex configuration operation will take. That is already a a risky >>> assumption. Even worse some operations might depend on external factors >>> like >>> traffic load, I/O related delays, interaction with external nodes. It is >>> impossible to estimate these delays. >>> - because of the above IMO nanosecond precision for timing is not >>> realistic. >>> The YANG time types are good enough. Anyway in many protocols we have >>> timers >>> on the scale of seconds, so coordinating configuration changes between >>> nodes >>> with milli/nanosecond precision does not look like a sensible goal. >>> >>> - there must be a way to check pending scheduled operations. This has >>> some >>> interesting access control issues as well. Can I see other peoples >>> pending >>> operations? Even if I can read them, what if I do not have rights to a >>> managed object included in a pending operation? I should not be able to >>> read >>> it. >>> - there must be a way to remove pending scheduled operations. >>> >>> - often a configuration session will consist of multiple operations: >>> (lock, >>> edit-config, unlock), (lock, discard-changes, edit-config, commit, >>> unlock). >>> If I can only schedule single operations does that mean I can not use >>> lock? >>> If I want to schedule commit, should I keep the running and the candidate >>> configurations locked to ensure I commit, what I really want? What if my >>> session is closed e.g. by a network timeout? >>> >>> - if a management user is removed/undefined will his pending operations >>> also >>> be removed, or will they stand there and fail at the scheduled execution >>> time? The latter case will confuse people that do not know the user was >>> removed. >>> >>> - generally timed operations work nicely if no one else configures the >>> node >>> while my changes are pending. What is the proposed method to ensure this? >>> >>> regards Balazs >>> >>> On 2013-07-08 16:27, Andy Bierman wrote: >>>> >>>> >>>> Hi, >>>> >>>> I do not support a general time-scheduled protocol operation mechanism >>>> for >>>> all NETCONF operations. There is one interesting use-case mentioned: >>>> synchronized <commit> (or <edit-config> on :writable-running) operations >>>> across multiple servers. >>>> >>>> The proposal doesn't actually work within NETCONF because <rpc> requests >>>> within a single session are serialized. This solution seems to send 1 >>>> <rpc-reply> >>>> when the operation is finally executed. How does the client know the >>>> operation >>>> was scheduled successfully? IMO, a better solution would be an >>>> immediate >>>> <rpc-reply> (scheduled OK) and the execution results sent in a >>>> <notification>. >>>> >>>> How do clients monitor what operations are pending? >>>> >>>> What if the NACM rules change while the operation is pending? >>>> Does access control get checked twice? Clients should not be able >>>> to schedule operations they are not permitted to execute. >>>> >>>> What if a session is lost or closed before its scheduled operation is >>>> started? >>>> >>>> What if the server reboots while operations are pending? >>>> >>>> IMO, YANG date-and-time is better time parameter than 'seconds since >>>> 1970'. >>>> It is already supported by NETCONF servers. >>>> >>>> How does a client cancel an operation? >>>> Can client A cancel operations for client B, >>>> assuming client A is allowed to invoke <kill-session>? >>>> >>>> >>>> >>>> Andy >>>> >>>> On Mon, Jul 8, 2013 at 12:48 AM, Tal Mizrahi <dew@tx.technion.ac.il> >>>> wrote: >>>>> >>>>> >>>>> Hi, >>>>> >>>>> We have submitted a new draft titled “Time Capability in NETCONF”. >>>>> http://tools.ietf.org/html/draft-mm-netconf-time-capability-00 >>>>> >>>>> Any comments will be welcome. >>>>> Thanks, >>>>> Tal Mizrahi. >>>>> >>>>> _______________________________________________ >>>>> Netconf mailing list >>>>> Netconf@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/netconf >>>> >>>> >>>> _______________________________________________ >>>> Netconf mailing list >>>> Netconf@ietf.org >>>> https://www.ietf.org/mailman/listinfo/netconf >>>> >>> >>> -- >>> Balazs Lengyel Ericsson Hungary Ltd. >>> System Manager >>> ECN: 831 7320 Tel: +36-1-437-7320 >>> Mobile: +36-70-330-7909 email: Balazs.Lengyel@ericsson.com >>> > >
- [Netconf] New draft: draft-mm-netconf-time-capabi… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Jonathan Hansford
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Andy Bierman
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Andy Bierman
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Balazs Lengyel
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Andy Bierman
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Andy Bierman
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Andy Bierman
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Radek Krejčí
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Balazs Lengyel
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Juergen Schoenwaelder
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Balazs Lengyel
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Tal Mizrahi
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Martin Bjorklund
- Re: [Netconf] New draft: draft-mm-netconf-time-ca… Andy Bierman