[netconf] Re: Private candidates -03 and points for discussion
"James Cumming (Nokia)" <james.cumming@nokia.com> Wed, 26 June 2024 18:08 UTC
Return-Path: <james.cumming@nokia.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8493AC14F5FA for <netconf@ietfa.amsl.com>; Wed, 26 Jun 2024 11:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.254
X-Spam-Level:
X-Spam-Status: No, score=-7.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LngqPcYPqlfm for <netconf@ietfa.amsl.com>; Wed, 26 Jun 2024 11:07:59 -0700 (PDT)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2059.outbound.protection.outlook.com [40.107.244.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF969C14F6F0 for <netconf@ietf.org>; Wed, 26 Jun 2024 11:07:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SIaHSRyG8loPtIbNrcGU1udcoCz9xqslwjgKt1ACR3JZ/vIBBBY9h4BcY2adk0p3tN+WzTJy3Xbwhag6krabJ8/FBHFc+mYn75uUVsu5SnJEowONGOWVK0X0o9U/E+S8eLUWJjUxzSzNNFA2FppnDTSKvW23bm6EusdKd3vLRqF2ZkCwwsaVYtaz20ieS4ixL1RdfH0wtDrVwtdVojZiojRy2vd6RyWmVurDibCEa9V9P1k/lPrHOQh7eaZqyaVHKgPa6AiymJW6igvJsWqYgZbGTumC0eBaUAPvV7PQrQ5eWjBsOHSbfrTA6aePdGGyYstfDm3rQRilVdYxto6aZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7fVvBdWLKIkOSNu7CvIr6ik2NdpiBVtxQAA/sLgSt0I=; b=SnO8qBlqK/O/O8ax1lT7iSId1SEprMBnKhPv4BmPFTlacVXdL9ivdag6VFzF2NkA+hAghl0MqHMZxgejBvtx/h0FhjDM6SJvEw93iDoMGp61TxEW+Q/Jjt7UN4AulIAQc+TCoSnY3KpVUSXkc0R0Ca2zJub7Ywl1GaI3lXkSIT0guH536ktU4rZnQTh0FWQYNoVFsG5gW1M1QYj8MoGY6eRNoBfYR0orJDuTyIiJVqKhiHd+A6RxVRFYjacj6GOakVaHiWsb4vHygpGaDP78Ly/Fr6ukwe6UHe0hZjR1zV7YwJd6RBaDLHjAt0xZMM6IKJeTI3QZPt3wp4xj1MfQvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7fVvBdWLKIkOSNu7CvIr6ik2NdpiBVtxQAA/sLgSt0I=; b=nWUn2WXoQCrW1GBGW5bUex3cvB2PjI3J5r1KpTRxGtAkqSOTwEYFKh81Qqfut/Ldfc9pHWpNwyo9D9+/scKx1tThZUXT4VHU1XX6/a1CXnwQpiPI2ot/94ht3H41Ot7xIW51hrc7+Br0CnK7QW48GkMcyidF3QbOWBg2f/CB/o2JbCf3TGsTFuK4Yr6gRDkhOiN2+9rz7Egv7gVo1FMgzCezmbgy2WxSo2fuPDr9GKqF/Clh0oOJCqEBiWfIhsNUlN7YqSYg5tVD8VzLB2MQ9wOIuS8mKmYInIUdJTJi1jAzyQe9QoDLmc6Va+2upTUWsx0Egw7BtLxLsVHsMgh40w==
Received: from SA1PR08MB7215.namprd08.prod.outlook.com (2603:10b6:806:1a9::17) by BY3PR08MB7041.namprd08.prod.outlook.com (2603:10b6:a03:365::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.30; Wed, 26 Jun 2024 18:07:54 +0000
Received: from SA1PR08MB7215.namprd08.prod.outlook.com ([fe80::b10c:f208:adaa:c369]) by SA1PR08MB7215.namprd08.prod.outlook.com ([fe80::b10c:f208:adaa:c369%5]) with mapi id 15.20.7698.025; Wed, 26 Jun 2024 18:07:54 +0000
From: "James Cumming (Nokia)" <james.cumming@nokia.com>
To: Kent Watsen <kent+ietf@watsen.net>
Thread-Topic: [netconf] Private candidates -03 and points for discussion
Thread-Index: AQHasshrKw25DAipPkipeZ7yv6WucrHGqeSAgBPU50A=
Date: Wed, 26 Jun 2024 18:07:35 +0000
Message-ID: <SA1PR08MB72150B89F47272FE8797976CFFD62@SA1PR08MB7215.namprd08.prod.outlook.com>
References: <SA1PR08MB721579B2324BCFBF0061BC21FFF32@SA1PR08MB7215.namprd08.prod.outlook.com> <0100019014b5327e-0f40b891-8923-4063-a02c-cce7f2ab7923-000000@email.amazonses.com>
In-Reply-To: <0100019014b5327e-0f40b891-8923-4063-a02c-cce7f2ab7923-000000@email.amazonses.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR08MB7215:EE_|BY3PR08MB7041:EE_
x-ms-office365-filtering-correlation-id: d69fb9be-e9c9-4839-17ea-08dc960ae686
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230038|1800799022|366014|376012|38070700016;
x-microsoft-antispam-message-info: 9a/fH0mFRmt8qd062VHfkcRALu/BRhvOwMeNiQLGbJkHC61C3FXWFwPuX+KlTqZ3LDK9g/gUH97eW1iQRgV1Xn8Qc7Sw4XXRfgCSyA1BnxwnlCwP8kTxguNnNnHi6FsFkIznLAS96RNNv1K59hdGD81KriRohrBvVi68jwOH0bf3pjX/UqE7c/9IeKJaMZGZHzuppfZswxe8ON4yftf1z6bsYNsC65t8hNBlrQL9851zZx65pfmmrUixkQ6oTZEUZF/z9mvZ7mnPQKvZpQ7noR9VdbooFfacdsAbrxLbZfRj3UJrvlaYi3qf7I2e8vsk/mgv/C0RWi3kfb6pS3eus7cuZDJ2Ff3NqEIBzjDpQHBzIYtXoO0FNfyN64eRVIv93pht2+9d+Jlvcszs6NaN/DchU3dru9gvovxwECtQGsJvCRTzX+2S9VvOWXQ7yLYCop9dya7rkfWVY4eGXVU2ZIARLQxqg14hL5zwWo6poAYXprPWSavxaqCK4L7XgEw4Ag5AKOviKghIRpsAS81Djq0rVjEFkORvHam0iv2W8raLA8eOe+SOfJnpFL0PyYC6AkTST4VkNKH2Rqsg7LySO5UMsSk4GVpSn5mHzgyT8lNKWKbmYRHoORB+vqrwuGs2d6DvbgajwvwQ62BEuu9JPcSvLGOdE4MGRmkiTyaG9Yvs05D/e/uCAaaJwAEP35enXLnx7Vu403Q9dob1MdFwZmSD9axVYlncO9THgz1otKeCTXI/q2x3r2A29hnj4BbRKDg089IptgP7Bc3FG3PakqBAOLIRAzfvod4ICFGm7PF59TKAQNMRMr/y9PRvmszXwgCx+wIoWZd4J/sViVbuBhFwlGBlWVMLCiftw6At4nnqyqH3OlV6iOjvwJH96btJanXStnI0OEa6ql+JFMmYmLvEgp3KmfcRw3RJiaZbcz8hXo59vo0bthraVqYaPazEAGRCis61GEBo8lQGLxBWAVPq1kSCLvWX4bQSwdy9i5zL5GLwbQsTq5trDtz08Aw5hTovHRs/nqy+2HKfVV4zVbVc94ODGC88VWFG+QrrhIqQQmaawgoWEb768lHLIemm5jGylTsha9NtTs6xjg2Izvmrsk3CLrxJO/aYM99lhbo2xWGtIEtwxdEcD5U2tLNQ2U/XaJCJjSxFEUEI58EKtGEaa4+MxUiak31wfAYttOReqhVEUM7FjpWXWPv2z5OUb+8XYM0za6V3AjZ+3/85nRG//cogVgSoK7q3reNM7LQGRfWxqltVTGTCong7EmqzlY7UBsrU1fvVbU71DkiPCjmF5a8NanRzCGnXvl/tOpukDUNLc/CNeItLL7qt33WDDHIvk1qQQJbHIAIreSwNYlE7EM83Gl5kIzzCGEYqsxU=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR08MB7215.namprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230038)(1800799022)(366014)(376012)(38070700016);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Yfi/Xk9gK4he2MXGoeMG9wwE+gGZPWzC0vRJadJy0JO7DSedx6Dc6V4wFDHnG+UVxO0KGU895uB6sZ5mrN7m63NLaZ9rAjREuBDDRC5dsG+MudPyJ4aEwdukS6cC1CfGZ6sm1t5RCEa1HmiemVcgG5tV1aFNfs85wmOXZd3qWMQOR4zvg0aFuCnF8laKq9/u53OgcE/YbymRxrSQWQN1e4CdAcQ7muL1fi0bA4wsLr66vSicoiKusRCpn5aTZAF1dCnVO/uUBLril9GfV5lVJDxNb92ZsEbIiuQ8z2y/9ni+GyPKjAAD5ep1b8qk/II+coA3rTw/Cv9jdPzNTK64tzv9+juyfHLouNkpk1sBW0AZ5xQarw2f1fj8O97lUwLEIcxHMji00aQiMrUTFLmm1vPDxq8aVfUOGTQzhDwRw1mLOvXs04TjWwHYXJWlk792u2DF+ixp9mHqZtvZLRDoJrElLx7OqV6nQpGGrfG1P4YcMO9SFZDX1JprTvOlSS6rP1HRyPtPo+0dRw3RmG3P6mhXQuHpDxsKZfo443rYYSFBDpvKNVyc82LG07yMs+S1FJX/w3DRXOjPQ4QtPwOjxDJItX49rDq9H6pTRVfr8gWwfXzoKiD+BLbEBVGDVtC0r0ad+IUls1LsPhk6ecmylRdx4YZyl4BM8gxFZ+qtfJJ4vxEZot3gC+Eac6JbLu/tZ4xfiEIgjvDAB71/ZaF5AyM14IUzkptnkFcdJ+rjt0ve8Rc2SnsTOmZPSE9l9zTd7MhaMDI7Lk7Bs9wPoEJ0gV2wrU03vuS7jTZDwC4gJZZF5V/KdN84mdvPw8ON6J4eHqRq7K5h3/+1WlrN6fbH94tqD6/FmuhyhB8rENTiPyvXHAWIr+NyvrxPeA7ir95rxQ3E5Y3hNGn3uGEMbKfqBofhyp1ieL+Kmw//bgVIL4bRD5G8Bu1vTE1eq7ovS++JP3gbkcU131bzdPmXgQCLOeI7RtD8NXK6jeDK0Np2fNULjeChhotOWGLxHF8WmSk9BbVfLn8L3mlYp/vgmWE1YnaH+RG6Ah8xrJO86eMFNLld/8J8KUgMzgLnZloM9ei6awjc7833764vs60sqkpTQKNF4RHzL0cX8IRTOmkaFx9YlaBWNjS4NwROGN/Sb2dhGPsN1MBF8mvxWfaABnJyZXGN4xKMOBRRhp+6roBNivg35WsTo8hx+3I1B16fUZMCEolfzY1QILerKYZ6ayP+Wr0X1m/oChtS7YxEzUDeZOcT+RnLfqz5xugU9romwaHTVn63q22XzgsMgikPB1O5rUg/es9xtCqoEeTqDOOzDUsfwLcnf6hUwKh8cH+1ptBJdQel5Fzl/SSM0PNCvI8iMQaiPX5w5ChHNLWcIEswwzTo32C1p+Xmtb1k2YLfdRCVAjnB/bPFhcX6lVGi+0U1tzsmzazqcL9uy6DVLGvWVLOGby7T2m6c4NUNe9g3cZttgonSp1cQ4KgcDhNXnCM15BRE2RbPWNRtzYlQTVwuiDhS36K1EotiIaFM/DFyYu+U6jkG5/g236YzS64EuMQp3SYfB2nu+3tIR7GmlOUeJMY+BCgw5vWHGe98fgFPwbqw
Content-Type: multipart/alternative; boundary="_000_SA1PR08MB72150B89F47272FE8797976CFFD62SA1PR08MB7215namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR08MB7215.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d69fb9be-e9c9-4839-17ea-08dc960ae686
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jun 2024 18:07:54.0534 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oHaMZXYUZY0e40StUxmJU3a12FbZ4w26qq7CxAEbyYIAKz4To3bORA5KLjw6hBg/v+GAMlk7ipd/fkS2sGu0yA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY3PR08MB7041
Message-ID-Hash: VCO5Y5D2ULVT4UH37W643EPEGKTBM3PJ
X-Message-ID-Hash: VCO5Y5D2ULVT4UH37W643EPEGKTBM3PJ
X-MailFrom: james.cumming@nokia.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netconf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "netconf@ietf.org" <netconf@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netconf] Re: Private candidates -03 and points for discussion
List-Id: NETCONF WG list <netconf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/v56QqIxEeHQ8r-aQwio7h3B5tKM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Owner: <mailto:netconf-owner@ietf.org>
List-Post: <mailto:netconf@ietf.org>
List-Subscribe: <mailto:netconf-join@ietf.org>
List-Unsubscribe: <mailto:netconf-leave@ietf.org>
Hi Kent, Thanks for taking the time to review and provide your feedback. It’s much appreciated. Please find some responses/comments/questions interleaved. Thanks James Hi James, On May 30, 2024, at 3:36 PM, James Cumming (Nokia) <james.cumming=40nokia.com@dmarc.ietf.org<mailto:james.cumming=40nokia.com@dmarc.ietf.org>> wrote: Good morning/evening everyone, The authors/editors of the private candidates draft have just published a new -03 version of the draft (https://datatracker.ietf.org/doc/draft-ietf-netconf-privcand/) which we believe address the comments from the last (couple of) IETF meetings. We would like to invite everyone to review the draft and provide any feedback. Whilst addressing the points raised, a few other issues were identified and we have proposed solutions to these in the draft as well. Here is a summary of the changes in no particular order: 1. Added Andy Bierman as a contributor 2. Section 4.7.2.11.1: Identified that commit-confirmed behaviour was unclear so provided some detail on how this should work with private candidates (and confirming that it is supported). We considered how to deal with confirmed commits that expire their timer or are cancelled. We also considered whether alternate sessions should be able to cancel them. 3. Added the YANG models to the draft as requested. This led us to a procedural question. This draft is meant to operate for NMDA and non-NMDA capable servers. It is also adding a new base operation (update) and has some additive changes to other older YANG models. The discussion here is what the procedure should be for this. All changes are additive and therefore this fact, coupled with the RFC sections that state that this draft updates the proceeding RFCs we hope is sufficient here. We did discuss the option to do augmentation rather than updates but this feels fairly awkward for clients given the base operation and the additional datastore identity. The approach we have in the draft (currently) also follows the suggestion given to another draft last meeting that was also looking to add new items to a base YANG model. This approach is certainly common for drafts without embedded YANG models. I don’t understand the “awkward for clients” comment. I am surprised to see "ietf-netconf”, “ietf-datastore”, and "ietf-nmda-compare" being published by this I-D. It seems that augments would work fine. [Augments do work for most of the changes. The decision to update was based around providing a consistent approach to all of the operations making private-candidates feel like part of the base specification. For example <edit-config><target><candidate/></target></edit-config> becomes <edit-config><target><private-candidate/></target></edit-config> rather than <edit-config><target><private-candidate xmlns=”new_ns”/></target></edit-config>. The same difference would be created for identity datastores. This is probably something we would like to have a chair / AD ruling on and we will cover it in our slot in IETF120 in person as well.] Regarding ietf-netconf, RFC 6241’s only noteworthy “update” is by RFC 8526 (NMDA for NETCONF) which defines two new operations and “augments” in the “datastore” parameter into a number of existing RPCs. Regarding ietf-datastore, note that “identity” statements were used in part to enable new declarations to occur outside RFC 8342 (NMDA). For example, this is what the “system-config” draft has: https://datatracker.ietf.org/doc/html/draft-ietf-netmod-system-config-06#name-yang-module Can you remind me, what was the other draft last meeting that was also looking to add new items to a base YANG model? [I was trying to find the details in the minutes but was unable to. I recall that it may have been the system datastore update I do recall that it was Benoit who was discussing it] 1. 2. Updated the RFC list that this draft updates One of the RFCs listed is RFC 8526, but the string “8526" isn’t found anywhere else in the draft... When “updating” an RFC, it is customary to have a paragraph or section (called “Updates to RFC XXXX”) in the Introduction that provides details. For instance, https://datatracker.ietf.org/doc/html/rfc8526 uses paragraphs while https://datatracker.ietf.org/doc/html/draft-ietf-netmod-system-config-06#name-introduction uses sections. BTW, should this draft also “update" RFC 8342, for the same reasons as the system-config draft? [Thanks Kent. Rob is working on some text to cover this.] 1. 2. Section 4.6.1: Made the ‘what constitutes a conflict’ section explicit with a minimum set of requirements 3. Section 4.6.1: Added scope for servers to add additional requirements to conflict detection mechanisms beyond the minimum set (which are mandatory). Transaction ID is explicitly mentioned as one such example here. 4. Section 4.7.2.9: Identified the delete-config operation needed updating as well so provided a solution for this 5. Section 4.7.1.1: Added a statement calling out that the update operation is atomic and provided a definition 6. Section 4.6.1: Explained in more detail how each node is marked as in conflict which covers the discussed use-case of servers deciding to call update themselves (without client prompting) 7. Added an updated NMDA diagram to visually explain how the solution fits into NMDA 8. Various grammatical enhancements We look forward to further discussion. While focusing on the above, I noticed a number of editorial issues. It would be a significant effort for me to provide a review of at that level of detail. Hopefully most of these will be addressed automatically in time. High-level comments: - I wonder if Section 3 is needed, or perhaps it could reduced to a paragraph in the Introduction? Generally I don’t think specs should provide a lot of motivating justification... [I reviewed it again and this section is IMHO a reasonable size to explain the problem statement. I would welcome any additional views from the WG] - Regarding Section 4.4.1, the go-to solution these days is to use YANG Library. Capabilities are only maintained for legacy clients. FWIW, I suspect that a NETCONF 2.0 would eliminate the <hello> messages. [Thanks, we missed detailing this and will add it] - Regarding Section 4.4.2, given the previous comment, I’m opposed to a client-sent capability having a significant role. [The draft aims to keep an approach that works for NMDA and non-NMDA clients and servers, so that all clients can benefit from the new functionality if the server supports it. What the above comment boils down to is whether the WG feels a client should be able to select between private-candidates and shared-candidates on a session-by-session basis. If we feel they should (as they can in NMDA by targeting a specific datastore) then the current approach is probably the right one. If we feel that a client should not be able to select between private and shared candidates on a per-session basis, then the alternative is to allow a server to specifically select a mode (perhaps in config but ‘how’ would be out of scope for the document) that is present for the lifetime of that choice… i.e. if a server implements private candidates a non-NMDA client will always get private-candidates and never be able to target the shared candidate.] Regarding Section 4.3, I don’t understand why there is a difference. Please make the solutions the same so that, e.g., an RC server can be built on top on an NC server, and vice versa. BTW, why destroy the private candidate at all, can't each user have their own perpetually? Does it matter? [Let me try to address each part of this in turn: Why is there a difference? It is a natural approach in NETCONF to tie the candidate to the NETCONF session ID for a few reasons. Firstly, this is communicated clearly at the start of each session and a session on a router is tied to it (at least in the implementations I have seen). The NETCONF spec delineates nicely between the transport layer (e.g. SSH) where the authentication (and the ties to the user are handled) and the NETCONF protocol layer. Blending these seemed unnatural. Our understanding (which comes with a request for RESTCONF expert assistance) is that in RESTCONF there is no such session ID with which to tie the candidate to, therefore at the suggestion of the WG we selected the client identity (ie the RESTCONF username). I note that you say RC can rely on NC. I’m not sure if this is implementation specific or spec described so any guidance is welcome. Why destroy the private-candidate at all? If the private-candidate is tied to the NETCONF session ID then closing of this session would destroy this candidate. Leaving it in place would just bloat the memory usage in a node. This is based of my answer for why we are attaching it to the session-id rather than the username. In RESTCONF we could choose not to destroy the private-candidate at all, but this would lead to significant memory overhead, for example 5000 users would have 5000 copies of running (as according to the spec a candidate is a full copy, although implementations may not implement it this way). Another issue is that over time the probability of a private candidate being out of date is very high, therefore, any workflow would require a client to do an update immediately on starting the session in order to get the config back in sync. Does it matter? To answer this question in both contexts…. Does it matter that there is a slightly different implementation for NETCONF and RESTCONF? I don’t think so, they are functionally very similar in the key parts of the draft. Does it matter whether a candidate is destroyed at all? Yes, in order to ensure optimal memory management of a node over a significant period of time (that may have a significant number of users).] James and Rob Kent // contributor [Thanks Kent! We hope to have a -04 for the WG to review prior to IETF120] From: Kent Watsen <kent+ietf@watsen.net> Date: Thursday, 13 June 2024 at 23:05 To: James Cumming (Nokia) <james.cumming@nokia.com> Cc: netconf@ietf.org <netconf@ietf.org> Subject: Re: [netconf] Private candidates -03 and points for discussion CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information. Hi James, On May 30, 2024, at 3:36 PM, James Cumming (Nokia) <james.cumming=40nokia.com@dmarc.ietf.org> wrote: Good morning/evening everyone, The authors/editors of the private candidates draft have just published a new -03 version of the draft (https://datatracker.ietf.org/doc/draft-ietf-netconf-privcand/) which we believe address the comments from the last (couple of) IETF meetings. We would like to invite everyone to review the draft and provide any feedback. Whilst addressing the points raised, a few other issues were identified and we have proposed solutions to these in the draft as well. Here is a summary of the changes in no particular order: 1. Added Andy Bierman as a contributor 2. Section 4.7.2.11.1: Identified that commit-confirmed behaviour was unclear so provided some detail on how this should work with private candidates (and confirming that it is supported). We considered how to deal with confirmed commits that expire their timer or are cancelled. We also considered whether alternate sessions should be able to cancel them. 3. Added the YANG models to the draft as requested. This led us to a procedural question. This draft is meant to operate for NMDA and non-NMDA capable servers. It is also adding a new base operation (update) and has some additive changes to other older YANG models. The discussion here is what the procedure should be for this. All changes are additive and therefore this fact, coupled with the RFC sections that state that this draft updates the proceeding RFCs we hope is sufficient here. We did discuss the option to do augmentation rather than updates but this feels fairly awkward for clients given the base operation and the additional datastore identity. The approach we have in the draft (currently) also follows the suggestion given to another draft last meeting that was also looking to add new items to a base YANG model. This approach is certainly common for drafts without embedded YANG models. I don’t understand the “awkward for clients” comment. I am surprised to see "ietf-netconf”, “ietf-datastore”, and "ietf-nmda-compare" being published by this I-D. It seems that augments would work fine. Regarding ietf-netconf, RFC 6241’s only noteworthy “update” is by RFC 8526 (NMDA for NETCONF) which defines two new operations and “augments” in the “datastore” parameter into a number of existing RPCs. Regarding ietf-datastore, note that “identity” statements were used in part to enable new declarations to occur outside RFC 8342 (NMDA). For example, this is what the “system-config” draft has: https://datatracker.ietf.org/doc/html/draft-ietf-netmod-system-config-06#name-yang-module Can you remind me, what was the other draft last meeting that was also looking to add new items to a base YANG model? 1. 2. Updated the RFC list that this draft updates One of the RFCs listed is RFC 8526, but the string “8526" isn’t found anywhere else in the draft... When “updating” an RFC, it is customary to have a paragraph or section (called “Updates to RFC XXXX”) in the Introduction that provides details. For instance, https://datatracker.ietf.org/doc/html/rfc8526 uses paragraphs while https://datatracker.ietf.org/doc/html/draft-ietf-netmod-system-config-06#name-introduction uses sections. BTW, should this draft also “update" RFC 8342, for the same reasons as the system-config draft? 1. 2. Section 4.6.1: Made the ‘what constitutes a conflict’ section explicit with a minimum set of requirements 3. Section 4.6.1: Added scope for servers to add additional requirements to conflict detection mechanisms beyond the minimum set (which are mandatory). Transaction ID is explicitly mentioned as one such example here. 4. Section 4.7.2.9: Identified the delete-config operation needed updating as well so provided a solution for this 5. Section 4.7.1.1: Added a statement calling out that the update operation is atomic and provided a definition 6. Section 4.6.1: Explained in more detail how each node is marked as in conflict which covers the discussed use-case of servers deciding to call update themselves (without client prompting) 7. Added an updated NMDA diagram to visually explain how the solution fits into NMDA 8. Various grammatical enhancements We look forward to further discussion. While focusing on the above, I noticed a number of editorial issues. It would be a significant effort for me to provide a review of at that level of detail. Hopefully most of these will be addressed automatically in time. High-level comments: - I wonder if Section 3 is needed, or perhaps it could reduced to a paragraph in the Introduction? Generally I don’t think specs should provide a lot of motivating justification... - Regarding Section 4.4.1, the go-to solution these days is to use YANG Library. Capabilities are only maintained for legacy clients. FWIW, I suspect that a NETCONF 2.0 would eliminate the <hello> messages. - Regarding Section 4.4.2, given the previous comment, I’m opposed to a client-sent capability having a significant role. Regarding Section 4.3, I don’t understand why there is a difference. Please make the solutions the same so that, e.g., an RC server can be built on top on an NC server, and vice versa. BTW, why destroy the private candidate at all, can't each user have their own perpetually? Does it matter? James and Rob Kent // contributor
- [netconf] Private candidates -03 and points for d… James Cumming (Nokia)
- [netconf] Re: Private candidates -03 and points f… Jan Lindblad (jlindbla)
- [netconf] Re: Private candidates -03 and points f… Kent Watsen
- [netconf] Re: Private candidates -03 and points f… James Cumming (Nokia)
- [netconf] Re: Private candidates -03 and points f… Andy Bierman
- [netconf] Re: Private candidates -03 and points f… maqiufang (A)
- [netconf] Re: Private candidates -03 and points f… Andy Bierman
- [netconf] Re: Private candidates -03 and points f… Andy Bierman
- [netconf] Re: Private candidates -03 and points f… James Cumming (Nokia)
- [netconf] Re: Private candidates -03 and points f… James Cumming (Nokia)