Re: [netmod] AD review: draft-ietf-netmod-revised-datastores-08

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Thu, 21 December 2017 13:20 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B33312D868 for <netmod@ietfa.amsl.com>; Thu, 21 Dec 2017 05:20:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Op0Ox9PKH5-O for <netmod@ietfa.amsl.com>; Thu, 21 Dec 2017 05:20:33 -0800 (PST)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A72E12D867 for <netmod@ietf.org>; Thu, 21 Dec 2017 05:20:33 -0800 (PST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id 3B22A731; Thu, 21 Dec 2017 14:20:32 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.217]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id aq59LaczcuWY; Thu, 21 Dec 2017 14:20:31 +0100 (CET)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Thu, 21 Dec 2017 14:20:32 +0100 (CET)
Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46]) by hermes.jacobs-university.de (Postfix) with ESMTP id 2768620130; Thu, 21 Dec 2017 14:20:32 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius1.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id UQf4N_k0qIUS; Thu, 21 Dec 2017 14:20:31 +0100 (CET)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 4CC9E20073; Thu, 21 Dec 2017 14:20:31 +0100 (CET)
Received: by elstar.local (Postfix, from userid 501) id 1BBB841F6C1F; Thu, 21 Dec 2017 14:20:30 +0100 (CET)
Date: Thu, 21 Dec 2017 14:20:30 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Vladimir Vassilev <vladimir@transpacket.com>
Cc: Robert Wilton <rwilton@cisco.com>, NETMOD Working Group <netmod@ietf.org>
Message-ID: <20171221132030.7zebh2xkhddmql3c@elstar.local>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Vladimir Vassilev <vladimir@transpacket.com>, Robert Wilton <rwilton@cisco.com>, NETMOD Working Group <netmod@ietf.org>
References: <e2fd599f-7547-d2f7-d450-f67a3f409ae1@cisco.com> <fe856e5c-5760-9bb9-ace3-cec0cfb39278@cisco.com> <79d1baae-397d-883e-3bc0-e1c5f71fc4f8@transpacket.com> <64f59023-e000-18c4-8830-29ba6e9be7e9@cisco.com> <6e899e21-8931-b61c-3b73-6c8a8a1c912a@transpacket.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: 8bit
In-Reply-To: <6e899e21-8931-b61c-3b73-6c8a8a1c912a@transpacket.com>
User-Agent: NeoMutt/20171215
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/2WSQXmIdgnA2vCFQLRNzIOpisGs>
Subject: Re: [netmod] AD review: draft-ietf-netmod-revised-datastores-08
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2017 13:20:35 -0000

On Thu, Dec 21, 2017 at 02:03:45PM +0100, Vladimir Vassilev wrote:
> On 12/21/2017 11:34 AM, Robert Wilton wrote:
> 
> > Hi Vladimir,
> > 
> > First point of clarification is that this is not about running/intended
> > at all.  The contents of running/intended do not change in anyway
> > depending on whether hardware is present or absent.
> > 
> > The section is only concerned with how the configuration is applied in
> > operational, and basically says that you cannot apply configuration for
> > resources that are missing (which seems reasonable).  E.g. I cannot
> > configure an IP address on a physical interface that isn't there.  Or if
> > the physical interface gets removed then the configuration associated
> > with that interface is also removed from operational.
> > 
> > Operational isn't validated and data model constraints are allowed to be
> > broken (ideally transiently).
> I want to focus on this. IMO giving up schema validitiy for any datastore is
> unacceptable price. Pre-NMDA devices had full model support in operational
> data (all YANG constrains part of the model without discrimination were
> enforced).

There was a long debate about the value of returning the true
operational state. What do you do if the operational state is invalid?
A server can reject configuration changes if they lead to invalid
state, a server can not reject reality.

> If this is about to change it will compromise interoperability
> and a significant portion of the client implementation workload that can be
> automated will need to be coded in hand and tested. Unresolved leafrefs,
> undefined behaviour of different implementations removing different
> configuration nodes in violation of YANG semantic constraints (which I do
> not think can be so clearly separated from the syntactic constraints when
> one considers types like leafref, instance-identifier etc.) and the
> corresponding side effects based on the server implementators own creativity
> is eventually going to create more problems.
> 
> 1. IMO the only acceptable solution is to have YANG valid operational
> datastore at all times. operational like any other datastore MUST be valid
> YANG data tree and it has to be a system implementation task to consider all
> complications resulting from the removal of the resources leading to any
> data transformations. If this is difficult or impossible other mechanisms to
> flag missing resources should be used (e.g.
> /interfaces/interface/oper-status=not-present) This sounds like a useful
> contract providing the value of a standard the alternative does not.

As said above, it is impossible to report valid operational state if
the operational state is not valid according to the models.

> 2. Even with the change in 1. I do not see the removal of intended
> configuration nodes from operational as a solution worth implementing on our
> servers. I do not see a real world plug-and-play scenario that can be
> automatically solved without specific additions to the models e.g.
> /interfaces/interface/oper-status=not-present is oversimplified solution but
> it needs to be extended exactly as much as the solution provided by the
> removal of config true; nodes without the sacrifice of YANG validity of
> operational.

Your thinking is likely wrong. <operational> reports the operational
state. It may have little in common with <intended>. Trying to derive
operational from intended is likely a not well working approach.

> 3. Solutions like /interfaces/interface/admin-state stop working. With the
> interface removed you can no longer figure if the if-mib has or does not
> have the interface enabled so an operator has to use SNMP or wait for a
> replacement line card to be connected to figure this bit of information.

At least on my boxes, if I remove a line card, the interface also
disappears in SNMP tables. Stuff that is operationally not present is
simply operationally not present.

> My
> interpretation of the MAY as requirement level in sec. 5.3. The Operational
> State Datastore (<operational>) is that plug-and-play solutions can be
> implemented without this limited approach that has the same problem as the
> pre-NMDA only now we have to have /interfaces-state to keep config false;
> data relevant to hardware that is configured but not present:
> 
>    configuration data nodes supported in a configuration datastore
>    MAY be omitted from <operational> if a server is not able to
>    accurately report them.
> 
> I realize this discussion comes late. I have stated my objections to this
> particular part of the NMDA draft earlier.

I believe there is a conceptual misunderstanding. I think there never
was a requirement that a server reports the state of hardware that is
not present.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>