Re: [netmod] Review of draft-ma-netmod-immutable-flag-00
Reshad Rahman <reshad@yahoo.com> Wed, 23 March 2022 21:38 UTC
Return-Path: <reshad@yahoo.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 882393A10FF
for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 14:38:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001,
RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id d6_aYDai_33l for <netmod@ietfa.amsl.com>;
Wed, 23 Mar 2022 14:38:00 -0700 (PDT)
Received: from sonic304-10.consmr.mail.bf2.yahoo.com
(sonic304-10.consmr.mail.bf2.yahoo.com [74.6.128.33])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 2B1583A0B25
for <netmod@ietf.org>; Wed, 23 Mar 2022 14:38:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1648071479; bh=GTPNLcm/bjIG4trfxgHWG2J0M5rtcvNudbOe5LhcBlw=;
h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject:Reply-To;
b=Xq0naUcoHyssGBpvCagyVE6o9EhPx7j3MSnjJp77U5laMpRVWvKUzwnIlmgaaKz401QFQ5xVhBZM2T05lgpyRuLiOBpuKzHoaJWM9YbRIJ9iQQtJKVllJ0X+DJsDzLs+EGnmPjbQrg1cs5d5L+J07vydYQrWrcoWoXqfYyr/y6Nu9obmKENDHk+0jOM5pazNzmlZICE0zhchwLd7902sGJRlVQFHx2oOvIt8ieJdYHklX/RDojCaaS+YSrlR1pQvQcoVyBfiJzdaB/2vDOe8Z+rT8vSRaeHqTDjNQwOknoQAqg0zq8cJG1A3Z/LO2WseehDAfa7WltTAwhDBAVM7yQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1648071479;
bh=KfTZJBHKA9Q5Y9tWfaNr+cMQVVu2nGpNSe/Tj3bxDIZ=;
h=X-Sonic-MF:Date:From:To:Subject:From:Subject;
b=PnxNyvLmprh9w5f7csXyZeMZyweL4KthY1RgRlX5B26Iaocrt28duJaLa67YlR0NQeKNAXm5Bbqb7L7q7KNwvQUEgTd4IlbOjkcB/a/pwZE2gISuv0kN0vjhfytxzc9UMzyHuqyNMRfzuoe4y3bAONvxEThRP2btGB6AKxqziQHyj9IsEniKAF6+Jcv0IC3A9c6sToWVbPCXlxfkMoWzMJbHi9TqoLz9Yho+e/U8TpGh7SSmDfzzwbJk0CwcV6IPGi0gAYQvqblqPFQt5zczr6ebPH2LGitjTRYXziIXgeTbl6mhGxJIu6EjznZSbsGK+hgedgXxErJO1QfW3OcETg==
X-YMail-OSG: sn5VRUgVM1kZXLvLUTafIklA_4XBPhIg22yhual9dIg_sbq0npL1.4RLoot15Om
n9tgsnZAcO_oTXpfkRLi7QnXRSAqTXawmvEtsh5dXsI1uogyYVAyval93yWyo5CZcHnXeJpXeest
KQ4eMsIZF_hirTVYHgzDRbDELephp0XxRz_sTUjb4SeYIUP2e1EyL8_u2b6uxpabzcDHZ1UvBD3g
nIX.VZJDIp6Lk26NaKbL2q3b._c6gSmmZ7mqY_6eOY24ZackdIoZWGFP4Skd8T16PQm0iz4U6h.x
sAAD23hRAiCut.f6sOP9kPxx9wR3JJzSgIXLnwck8_fjDxXO2.oViw5y6WNCtxMRwMEgC2ZdyTYC
F7FrCPDAQ51gf_4a86y.mJmRl08lL_.E6tMPAGAD539ffIUErad.LGvD6yZRWUL4wTfI.g.gUdNR
r4KxsFwFmpmsNOvESHg6A8YTPMknNQrwkFLg8Xsh6MT50uQPNVUpdSRRY6sH7vBZ0zf34BpWUHzK
W1bfL0LL0QU_5cGT04R6o12OJZ5IRXkAAXY15oFaVtGhOSy6XRuSYnfKFtUbcOpxT.559o2U4476
34sU9RfBQmHq38eyooC8GVxNvEDDFbVMIcJGGd444pA57iMLLFoudY66rIty2uAER4QEZrEGpnoq
qiPC4KzeWgEB8QwZJ6vcbfQS.6eevTwjeZIh6cmMsiUIB6GDLmQGuDIQmUCNu2R5dFEHmYMWKqJ9
LAHwCjvNA9oAFebPuRsr8AoUApiiWR_E49xmYAz2Tg5DN6zGHxmOFYTh7YBKbIeODlggrz.54JL4
gYurupxHAdajmZmrglI4R68s43pT67iP2M.2tnvfE_GsGsAQphWeYTGVnKgGa0WW_TVOp_599Q9.
.82aZeLXeeI9JsyDNOLv1ywGahqYVYK9_Jnx4F4HYWCHqq.dPO2ZA3rzcp8rgnNtoDcinyLfWvyC
nkah5SJNNvKyF0w_JO8In_pj2pEP2GpFyiz.x5qLK6CcqDyaqEFC3XhKxBHKTafqk2sKCYY0CTnR
PPHVeXdjxRcvpg.nUlrDpPPQYb6r1UC2YB2p4SOKPso5P1NSeZ9KxsWZ2Wa8cU9aSx86OfDzZ_QX
a2ftdEMNsL0Q5vmOFZODNXunrLg9NZPskTBjUHQJpNfZaFfLvOVPAKmiflzppwT5OMPcHCeP7F5k
jjFRmk8wjf46DJxKubGgEMKEa4twdz1XLQeGoJ.33z0UbdAQPWvbUqnPVHnauMBZOpX1o4O8cjMT
hK0GcIDG_kaz7Qx5Mn.bytUatWezOw0ZyR_RPylQR17SFtUvhh.p9imbcWS6Amuen.c1jU2o_mYc
fyQCvbtuMZD3CgjUUoXL8QwA.cJzLzrvisYD2e9Bw0KGnfwZ23fEwi413NC1u7iIgd7h94yLfm.3
CMqoRQkzE9bDogFft7C6vy4pUL2RhgDQOM2isa2LAtQe27NTAIkQq3bV41x.gq8.xez1OqZM8vdA
U4DenrbTjlLNYm8HipoYnFJmbBgU0tEeJcAsoAeW2opey7G2o4HTJAMrH9wldUJZaVYGD2wdt1KG
nFK8ftM2ArinWJbudYzu1NC7b_LKTgmdMt1y_abEQnrC_5a7P216eBJ_7Xer7NtX74neXAMOoI7R
gecHs9gBVrx0vcoTAhcNC6g9rYCIAHbFzyp53RZUeXDwvk.vsxfCfu5WKtlgV6YcBXpzLa7G8Jnw
ommg_KhCZC2JI2e6KB7xXkzxsC_9G5iNg7ymJuTH8CEN_N6F.RXMfbcMuqk_d7pkEMdhPDxUu2ZI
eXH7jU13eoFGY83Z.Xr75YuKYoVsoVsHKdpXFl9AIqeRLM42ABjhjq9qMkqs9paTXDEmyG_oMlYj
A0.0ZmSUp3qfc8zIojuJ.ExKXK2fh1f_WAVnd..tOvCSurxnM_wYkEoJWjTNv4FUZfoCtN586emd
Mlml7pPbD8kHX2oBIF24Ntc0oS7YOyWOSB8DJKLRQjddaLqXkey1gT4IflW5nJO2ViutMllb1D74
DopPg0MxJ2teF.rpBZhplc2SNFjZLvJJJNtK5h0rSBvaWpstohME30MN6cN0s6aQDiKVnyf0gYYr
lLnjM84v3wuaEq72GHMKTEVc_jvGwxLPkFE5_8U8cqf16AFNAFMjkh7zstfQH5dKozEDYrjRpvPQ
cs3A30RFbO3HIbAsCzib0epKg5k4IY2nBqcpAzt9NB5OF5MKf1vP6SuJfwLigK.e1.AHiWe.IsdL
gAUMRA7g3howWwDaBni3Gs6qLN14reFlZeJb5fAAUTrffypTjTmfQR57nkRR_TN9xc3gDyqzY0YI
cewtIhiScPqQYmaxO8FoLk.lgwLyC1uOTIv2H_Tue0qI-
X-Sonic-MF: <reshad@yahoo.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic304.consmr.mail.bf2.yahoo.com with HTTP; Wed, 23 Mar 2022 21:37:59 +0000
Date: Wed, 23 Mar 2022 21:35:39 +0000 (UTC)
From: Reshad Rahman <reshad@yahoo.com>
Reply-To: Reshad Rahman <reshad@yahoo.com>
To: "'netmod@ietf.org'" <netmod@ietf.org>,
=?UTF-8?Q?Bal=C3=A1zs_Lengyel?= <balazs.lengyel=40ericsson.com@dmarc.ietf.org>
Message-ID: <1438643430.1224197.1648071339243@mail.yahoo.com>
In-Reply-To: <VI1PR0701MB2351E62F3090536AEAB993DBF0189@VI1PR0701MB2351.eurprd07.prod.outlook.com>
References: <VI1PR0701MB2351E62F3090536AEAB993DBF0189@VI1PR0701MB2351.eurprd07.prod.outlook.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_1224196_1506822806.1648071339238"
X-Mailer: WebService/1.1.19894 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/2ebB1dfx1rNbyjo8QqlK3gaYDBU>
Subject: Re: [netmod] Review of draft-ma-netmod-immutable-flag-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>,
<mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>,
<mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 21:38:06 -0000
Hi,
I went through the doc, have not reviewed it extensively but +1 to this comment from Balazs. I don't see the use-case for supporting this per instance either.
If we make this a schema property it can be documented in a transparent manner
with a YANG extension statement. If it is handled as instance connected metadata
the client cannot know a-priori whether a data node is or is not immutable. This information
is only available in runtime. System integrators, OSS developers will have a problem.
Regards,Reshad.
On Wednesday, March 23, 2022, 03:23:32 PM EDT, Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org> wrote:
Hello,
I did a review of the immutable draft. My comments questions are below.
Regards Balazs
General)
I think this work is important and valuable, but it needs quite a lot improvements.
Why is immutable connected to instances. IMO it should be a schema property.
If we connect it to instances it is hard/impossible to specify “it is prohibited to create a
new container, list entry of leaf-list value”. That is clearly needed for the
capability-check use-case. Maybe allow it on both schema and instance ?
If we make this a schema property it can be documented in a transparent manner
with a YANG extension statement. If it is handled as instance connected metadata
the client cannot know a-priori whether a data node is or is not immutable. This information
is only available in runtime. System integrators, OSS developers will have a problem.
As immutability is connected to instance (now) this raises the question how
stable this property is?
- We don't say anything; the server can keep it stable or make the data node
immutable every odd second and writable every even second
- The property should be relatively stable in an unspecified manner
- The property shall be set when the data node is created and the property
should not change till the data node is deleted/replaced
- Can the immutable property be set on just some interfaces e.g. the
leaf is readOnly on the CLI but writable on Netconf ?
If we make immutable a schema-property, the problem will not arise.
IMO it would be important to list the use-cases we want to solve. I provide 3 below.
Ch 1)
I don't like paragraph 2. Someone could say just declare the interface name
config=false which is a quite usual solution.
I would rather change the first and second paragraphs to:
"YANG [RFC7950] is a data modeling language used to model both state
and configuration data, based on the "config" statement. However there is data
that should not be modifiable by the client, but still needs to be declared
as config true. Some examples of this problem are presented below:
Interfaces are represented as list entries. The list schema node must be
defined as config=true as many of its child leaves need to be configurable by
the client. However the interface name and type values are set by the system,
based on the hardware actually present in the device, and must not be modified
by clients. The natural solution would be to declare the name (which is the
list's key) and the type as config=false. However according to the rules of
YANG the key leaf for a configuration list must also be config=true. Thus the
leaf /interfaces/interface/name is config true even if it might not be
writable in some systems.
System capabilities might be represented as system-set data nodes in the model.
Configurable data nodes might need constraints specified as "when", "must" or
"path" statements to ensure that configuration is set according to the system's
capabilities. E.g.,
- a timer can support the values 1,5,8 seconds. This is defined in the
leaf-list ‘supported-timer-values’.
- When the configurable ‘interface-timer’ leaf is set it should be ensured that
one of the supported values is used. The natural solution would be to make the
‘interface-timer’ a leaf-ref pointing at the ‘supported-timer-values’.
However, this is not possible as ‘supported-timer-values’ must be readOnly thus
config=false while ‘interface-timer’ must be writable thus config=true.
According to the rules of YANG it is not allowed to put a constraint between
config true and false schema nodes.
If configuration is created by the system (e.g., copied from the <system>
datastore to the <running> datastore it might need to be protected. In some
cases there is a need to ensure that system-originated configuration shall
not be altered even after it is copied over to the <running> datastore.”
Ch 2)
"Create an immutable data node with a same value initially set by
the system if it doesn't exist in the datastore, e.g., explicitly
configure a system generated interface name in <running>;"
IMO this is not needed because
- If the data already exists in the <running> datastore it cannot be
created according to Netconf rules.
- If it does not exist in the <running> datastore there is nothing that could
be immutable as immutable is linked to the instances.
The above is independent of what is defined in <system>
Until now we never
had any constraints between 2 datastores like:
you can update datastore1 if datastore2 contains something.
I don't think we want to introduce that either.
"Comment: Should we allow the client delete an "immutable" system
instantiated node in <running> ?"
Once a data node is instantiated there is no record where it came from.
https://datatracker.ietf.org/doc/html/rfc8342#section-5.3.4 states that origin
is only maintained in the <operations> datastore. Unless we want to introduce
it into <running>. So the even the question is wrong as we don't know which
data is system instantiated.
Servers MUST reject any attempt to the "create", "delete" and
"update" access operations on an immutable data node "
Create cannot be handled. see comment on chapter 2.
Ch2 last paragraph) Edit-config is not allowed towards the startup datastore
so it shouldn't be mentioned here. Why wait with error reporting for candidate.
Is there any chance that the immutability might change?
A.2) Interesting example, but it would not work because the use may always
insert a rule(-list) before the immutable rule(s) that will make the imuutable
rules ineffective. The problem is that the rule(-sets) are a user ordered list
where the order matters. It is not enough to protect the individual rule(sets)
the order would also need protection.
IMHO it would be much easier and just as useful to define an extension statement:
extension immutable {
description
"Indicates that a data node contains data that is
loaded by the system and cannot be created/deleted/changed through the
Netconf, Restconf or other management interfaces like SNMP, CLI.
The data MAY be marked as config true to allow leafref,
when or must constraints to be based on it.
The statement MUST only be a substatement of the leaf, leaf-list,
container, list, anydata, anyxml statements.
Zero or one static-data statement per parent statement is allowed.
The argument is a boolean value indicating whether the data node
is considered static-data or not. If static-data is not specified,
the default is the same as the parent data node's value. For top
level data nodes the default value is false.
When the effective immutable value is true, the ‘description’ statement of
the parent statement SHOULD contain the text 'This data node (tree)
cannot be changed in a running system.' ";
argument value;
}
_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
- [netmod] Review of draft-ma-netmod-immutable-flag… Balázs Lengyel
- Re: [netmod] Review of draft-ma-netmod-immutable-… Reshad Rahman