IETF Logo Mail Archive

Re: [netconf] Should a NETCONF server implement YANG Library 1.1 if it does not support NETCONF NMDA?

Robert Varga <nite@hq.sk> Thu, 14 April 2022 19:14 UTC

Return-Path: <nite@hq.sk>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04A8C3A0BEE for <netconf@ietfa.amsl.com>; Thu, 14 Apr 2022 12:14:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hq.sk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P80t57Dh9PPU for <netconf@ietfa.amsl.com>; Thu, 14 Apr 2022 12:13:55 -0700 (PDT)
Received: from mail.hq.sk (hq.sk [81.89.59.181]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 608743A0C49 for <netconf@ietf.org>; Thu, 14 Apr 2022 12:13:53 -0700 (PDT)
Received: from [192.168.1.147] (chello085216197060.chello.sk [85.216.197.60]) by mail.hq.sk (Postfix) with ESMTPSA id 61CEB245D68; Thu, 14 Apr 2022 21:13:50 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hq.sk; s=mail; t=1649963630; bh=etC3glhKC6P96PcVgr5hTGiJ+4fT87nBCB0zf1IibPI=; h=Date:From:Subject:To:Cc:References:In-Reply-To; b=oSxlNY5tleDBfhktOELhaH4hCGcCpDquQJOHgcoAs69yEDO+2jV082LLcXlfbmDVE ZqMUwXkqLlNTAhRbr/PIFluoZMaeCkK31rEXsP8RUB7+Lc1nRR9pasYnNL8gZ/i54T w72W5yueRPbWlcG9O0M6d8T2fcE56Xu6peScikSA=
Message-ID: <e6cc2f0d-8f40-e93d-2c02-968888d52c5d@hq.sk>
Date: Thu, 14 Apr 2022 21:13:49 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
From: Robert Varga <nite@hq.sk>
To: Jernej Tuljak <jernej.tuljak@mg-soft.si>, Andy Bierman <andy@yumaworks.com>
Cc: Netconf <netconf@ietf.org>
References: <d8bd1bec-834c-3247-8269-0f9d915dd36a@mg-soft.si> <ee2ced1d-2d74-093a-d377-73907e03c7fa@lightside-instruments.com> <CABCOCHQomyGQxbg-svjZTcKPjc+BWodPaugSE8LFC_fXj-Uw6Q@mail.gmail.com> <a5c08314-3687-59bc-a44c-1044b6c06b33@mg-soft.si> <CABCOCHQ8L4M8ZwNdUgcPX=Ba0uYs6mkX_cAthkZc74vpdqnunw@mail.gmail.com> <12702921-2d78-84b2-8601-2ab225da0b52@mg-soft.si> <CABCOCHT1MTKiGsHN1NsLf7jvHjr0b16gJ4=Oy2PPdBkOSsT=6g@mail.gmail.com> <749468b4-1eb2-b2d1-1709-5dbf09bef2fa@mg-soft.si>
Content-Language: en-US
In-Reply-To: <749468b4-1eb2-b2d1-1709-5dbf09bef2fa@mg-soft.si>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------iT4jcoa2KeCcukO0HdR8AsHO"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/vpOTs0wigDbkCK_LCi6QXi2LeCo>
Subject: Re: [netconf] Should a NETCONF server implement YANG Library 1.1 if it does not support NETCONF NMDA?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2022 19:14:01 -0000

On 03/07/2021 21:12, Jernej Tuljak wrote:
> On 03/07/2021 17:57, Andy Bierman wrote:
>>
>>
>> On Fri, Jul 2, 2021 at 2:22 AM Jernej Tuljak <jernej.tuljak@mg-soft.si
>> <mailto:jernej.tuljak@mg-soft.si>> wrote:
>>
>> This is academic since we do not use the 2019 version unless NMDA is
>> enabled,
>> because the redundant data is not helpful to the operator.
>> I do not think RFC 8525 imposes NMDA requirements, so it should be
>> possible
>> to comply with this RFC but not RFC 8342.
>>
>> Example:
>>   - 1 module set 
>>   - 1 schema containing the 1 module-set
>>   - 1 datastore entry for running
>>
>> I guess your issue is that <operational> should not be included, so
>> any module
>> that has config=false nodes cannot be properly represented.  Or the
>> server can
>> implement <operational> for just config=false nodes, since it has no
>> support
>> for operational values of config=true data nodes.
> 
> No, my issue here is, that there are too many ways one can choose to
> populate this part of YANG Library 1.1, if the server does not support
> NMDA, because nothing exists to guide implementations on how to do
> properly. Therefore the client side is forced to rely on what is
> practically guesswork to try to understand something as basic as model
> compliance announcements from the server side.

(sorry for the late response, this got stuck in drafts for way too long)

With my implementer (but not NMDA just yet) hat on:

I agree, RFC8525/6 model is perhaps a bit too flexible. I agree there is
room for some best practices, which we can probably recommend as what to
do in these situations. This may even help simplify clients, as
sometimes you can make assumptions on what servers you are talking to.

> Even the (purely academic) solution you suggest, 1 datastore, 1 schema
> and 1 module-set, is a gray area from my perspective. Why did you choose
> only ds:running, for example? Why not list ds:running, ds:candidate,
> ds:startup and ds:operational? Why not only ds:operational? Why list any
> at all - they are optional as per model?

I think the correct answer is: one module set, one datastore schema and
one entry for each datastore you support.

> The real issue for me regarding these is that they are defined in
> ietf-datastores, published only as part of RFC8342, titled "NMDA", which
> the server does not implement. My interpretation of the available
> documents is that those names may only represent one thing - NMDA
> datastores. To try to stretch their definitions to also cover legacy
> datastores + operational state of a device leads to something that is
> ambiguous at best.

Not quite. running/candidate/startup datastores were defined by RFC4741.
RFC8342 clarifies their lifecycle and relationship to YANG (i.e. RFC8342
Figure 1 should have appeared in RFC6241), proposes (IMHO) a much better
lifecycle model and gives the each datastore a manifestation in YANG.

> Even just advertising
> urn:ietf:params:netconf:capability:yang-library:1.1?revision=2019-01-04&content-id=123
> in <hello> seems problematic. That capability is a NETCONF extension to
> support NMDA, defined only in RFC8526, which the server does not
> implement. You used the A and B module analogy in a previous message.
> Does such an analogy not apply also to the RFCs where the modules were
> published?

Right, and a server not implementing RFC8526 should not be advertizing
it. That does not mean the server cannot implement RFC8525 yang-library.

> We have seen implementations in the wild do random things in order try
> to support YANG Library 1.1 in a non-NMDA context. And it has caused
> interoperability problems for us. That is why I'm asking the question in
> this thread.

Understood and agreed. I think it is worth arriving at some sort of
recommendation how a non-RFC8432-compliant server should preferably
implement RFC8525. I would assume it would be a completely mechanic way
of deriving the contents of RFC8525 /yang-library from RFC7895 
/modules-state -- that would clean up exactly these sorts of 
shenanigans, I think.

Regards,
Robert

v2.23.0 | Report a Bug | By Email