Re: [netmod] Review of draft-ma-netmod-immutable-flag-00
Reshad Rahman <reshad@yahoo.com> Wed, 23 March 2022 21:38 UTC
Return-Path: <reshad@yahoo.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882393A10FF for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 14:38:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6_aYDai_33l for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 14:38:00 -0700 (PDT)
Received: from sonic304-10.consmr.mail.bf2.yahoo.com (sonic304-10.consmr.mail.bf2.yahoo.com [74.6.128.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B1583A0B25 for <netmod@ietf.org>; Wed, 23 Mar 2022 14:38:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1648071479; bh=GTPNLcm/bjIG4trfxgHWG2J0M5rtcvNudbOe5LhcBlw=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject:Reply-To; b=Xq0naUcoHyssGBpvCagyVE6o9EhPx7j3MSnjJp77U5laMpRVWvKUzwnIlmgaaKz401QFQ5xVhBZM2T05lgpyRuLiOBpuKzHoaJWM9YbRIJ9iQQtJKVllJ0X+DJsDzLs+EGnmPjbQrg1cs5d5L+J07vydYQrWrcoWoXqfYyr/y6Nu9obmKENDHk+0jOM5pazNzmlZICE0zhchwLd7902sGJRlVQFHx2oOvIt8ieJdYHklX/RDojCaaS+YSrlR1pQvQcoVyBfiJzdaB/2vDOe8Z+rT8vSRaeHqTDjNQwOknoQAqg0zq8cJG1A3Z/LO2WseehDAfa7WltTAwhDBAVM7yQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1648071479; bh=KfTZJBHKA9Q5Y9tWfaNr+cMQVVu2nGpNSe/Tj3bxDIZ=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=PnxNyvLmprh9w5f7csXyZeMZyweL4KthY1RgRlX5B26Iaocrt28duJaLa67YlR0NQeKNAXm5Bbqb7L7q7KNwvQUEgTd4IlbOjkcB/a/pwZE2gISuv0kN0vjhfytxzc9UMzyHuqyNMRfzuoe4y3bAONvxEThRP2btGB6AKxqziQHyj9IsEniKAF6+Jcv0IC3A9c6sToWVbPCXlxfkMoWzMJbHi9TqoLz9Yho+e/U8TpGh7SSmDfzzwbJk0CwcV6IPGi0gAYQvqblqPFQt5zczr6ebPH2LGitjTRYXziIXgeTbl6mhGxJIu6EjznZSbsGK+hgedgXxErJO1QfW3OcETg==
X-YMail-OSG: sn5VRUgVM1kZXLvLUTafIklA_4XBPhIg22yhual9dIg_sbq0npL1.4RLoot15Om n9tgsnZAcO_oTXpfkRLi7QnXRSAqTXawmvEtsh5dXsI1uogyYVAyval93yWyo5CZcHnXeJpXeest KQ4eMsIZF_hirTVYHgzDRbDELephp0XxRz_sTUjb4SeYIUP2e1EyL8_u2b6uxpabzcDHZ1UvBD3g nIX.VZJDIp6Lk26NaKbL2q3b._c6gSmmZ7mqY_6eOY24ZackdIoZWGFP4Skd8T16PQm0iz4U6h.x sAAD23hRAiCut.f6sOP9kPxx9wR3JJzSgIXLnwck8_fjDxXO2.oViw5y6WNCtxMRwMEgC2ZdyTYC F7FrCPDAQ51gf_4a86y.mJmRl08lL_.E6tMPAGAD539ffIUErad.LGvD6yZRWUL4wTfI.g.gUdNR r4KxsFwFmpmsNOvESHg6A8YTPMknNQrwkFLg8Xsh6MT50uQPNVUpdSRRY6sH7vBZ0zf34BpWUHzK W1bfL0LL0QU_5cGT04R6o12OJZ5IRXkAAXY15oFaVtGhOSy6XRuSYnfKFtUbcOpxT.559o2U4476 34sU9RfBQmHq38eyooC8GVxNvEDDFbVMIcJGGd444pA57iMLLFoudY66rIty2uAER4QEZrEGpnoq qiPC4KzeWgEB8QwZJ6vcbfQS.6eevTwjeZIh6cmMsiUIB6GDLmQGuDIQmUCNu2R5dFEHmYMWKqJ9 LAHwCjvNA9oAFebPuRsr8AoUApiiWR_E49xmYAz2Tg5DN6zGHxmOFYTh7YBKbIeODlggrz.54JL4 gYurupxHAdajmZmrglI4R68s43pT67iP2M.2tnvfE_GsGsAQphWeYTGVnKgGa0WW_TVOp_599Q9. .82aZeLXeeI9JsyDNOLv1ywGahqYVYK9_Jnx4F4HYWCHqq.dPO2ZA3rzcp8rgnNtoDcinyLfWvyC nkah5SJNNvKyF0w_JO8In_pj2pEP2GpFyiz.x5qLK6CcqDyaqEFC3XhKxBHKTafqk2sKCYY0CTnR PPHVeXdjxRcvpg.nUlrDpPPQYb6r1UC2YB2p4SOKPso5P1NSeZ9KxsWZ2Wa8cU9aSx86OfDzZ_QX a2ftdEMNsL0Q5vmOFZODNXunrLg9NZPskTBjUHQJpNfZaFfLvOVPAKmiflzppwT5OMPcHCeP7F5k jjFRmk8wjf46DJxKubGgEMKEa4twdz1XLQeGoJ.33z0UbdAQPWvbUqnPVHnauMBZOpX1o4O8cjMT hK0GcIDG_kaz7Qx5Mn.bytUatWezOw0ZyR_RPylQR17SFtUvhh.p9imbcWS6Amuen.c1jU2o_mYc fyQCvbtuMZD3CgjUUoXL8QwA.cJzLzrvisYD2e9Bw0KGnfwZ23fEwi413NC1u7iIgd7h94yLfm.3 CMqoRQkzE9bDogFft7C6vy4pUL2RhgDQOM2isa2LAtQe27NTAIkQq3bV41x.gq8.xez1OqZM8vdA U4DenrbTjlLNYm8HipoYnFJmbBgU0tEeJcAsoAeW2opey7G2o4HTJAMrH9wldUJZaVYGD2wdt1KG nFK8ftM2ArinWJbudYzu1NC7b_LKTgmdMt1y_abEQnrC_5a7P216eBJ_7Xer7NtX74neXAMOoI7R gecHs9gBVrx0vcoTAhcNC6g9rYCIAHbFzyp53RZUeXDwvk.vsxfCfu5WKtlgV6YcBXpzLa7G8Jnw ommg_KhCZC2JI2e6KB7xXkzxsC_9G5iNg7ymJuTH8CEN_N6F.RXMfbcMuqk_d7pkEMdhPDxUu2ZI eXH7jU13eoFGY83Z.Xr75YuKYoVsoVsHKdpXFl9AIqeRLM42ABjhjq9qMkqs9paTXDEmyG_oMlYj A0.0ZmSUp3qfc8zIojuJ.ExKXK2fh1f_WAVnd..tOvCSurxnM_wYkEoJWjTNv4FUZfoCtN586emd Mlml7pPbD8kHX2oBIF24Ntc0oS7YOyWOSB8DJKLRQjddaLqXkey1gT4IflW5nJO2ViutMllb1D74 DopPg0MxJ2teF.rpBZhplc2SNFjZLvJJJNtK5h0rSBvaWpstohME30MN6cN0s6aQDiKVnyf0gYYr lLnjM84v3wuaEq72GHMKTEVc_jvGwxLPkFE5_8U8cqf16AFNAFMjkh7zstfQH5dKozEDYrjRpvPQ cs3A30RFbO3HIbAsCzib0epKg5k4IY2nBqcpAzt9NB5OF5MKf1vP6SuJfwLigK.e1.AHiWe.IsdL gAUMRA7g3howWwDaBni3Gs6qLN14reFlZeJb5fAAUTrffypTjTmfQR57nkRR_TN9xc3gDyqzY0YI cewtIhiScPqQYmaxO8FoLk.lgwLyC1uOTIv2H_Tue0qI-
X-Sonic-MF: <reshad@yahoo.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.bf2.yahoo.com with HTTP; Wed, 23 Mar 2022 21:37:59 +0000
Date: Wed, 23 Mar 2022 21:35:39 +0000
From: Reshad Rahman <reshad@yahoo.com>
Reply-To: Reshad Rahman <reshad@yahoo.com>
To: "'netmod@ietf.org'" <netmod@ietf.org>, Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org>
Message-ID: <1438643430.1224197.1648071339243@mail.yahoo.com>
In-Reply-To: <VI1PR0701MB2351E62F3090536AEAB993DBF0189@VI1PR0701MB2351.eurprd07.prod.outlook.com>
References: <VI1PR0701MB2351E62F3090536AEAB993DBF0189@VI1PR0701MB2351.eurprd07.prod.outlook.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1224196_1506822806.1648071339238"
X-Mailer: WebService/1.1.19894 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/2ebB1dfx1rNbyjo8QqlK3gaYDBU>
Subject: Re: [netmod] Review of draft-ma-netmod-immutable-flag-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 21:38:06 -0000
Hi, I went through the doc, have not reviewed it extensively but +1 to this comment from Balazs. I don't see the use-case for supporting this per instance either. If we make this a schema property it can be documented in a transparent manner with a YANG extension statement. If it is handled as instance connected metadata the client cannot know a-priori whether a data node is or is not immutable. This information is only available in runtime. System integrators, OSS developers will have a problem. Regards,Reshad. On Wednesday, March 23, 2022, 03:23:32 PM EDT, Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org> wrote: Hello, I did a review of the immutable draft. My comments questions are below. Regards Balazs General) I think this work is important and valuable, but it needs quite a lot improvements. Why is immutable connected to instances. IMO it should be a schema property. If we connect it to instances it is hard/impossible to specify “it is prohibited to create a new container, list entry of leaf-list value”. That is clearly needed for the capability-check use-case. Maybe allow it on both schema and instance ? If we make this a schema property it can be documented in a transparent manner with a YANG extension statement. If it is handled as instance connected metadata the client cannot know a-priori whether a data node is or is not immutable. This information is only available in runtime. System integrators, OSS developers will have a problem. As immutability is connected to instance (now) this raises the question how stable this property is? - We don't say anything; the server can keep it stable or make the data node immutable every odd second and writable every even second - The property should be relatively stable in an unspecified manner - The property shall be set when the data node is created and the property should not change till the data node is deleted/replaced - Can the immutable property be set on just some interfaces e.g. the leaf is readOnly on the CLI but writable on Netconf ? If we make immutable a schema-property, the problem will not arise. IMO it would be important to list the use-cases we want to solve. I provide 3 below. Ch 1) I don't like paragraph 2. Someone could say just declare the interface name config=false which is a quite usual solution. I would rather change the first and second paragraphs to: "YANG [RFC7950] is a data modeling language used to model both state and configuration data, based on the "config" statement. However there is data that should not be modifiable by the client, but still needs to be declared as config true. Some examples of this problem are presented below: Interfaces are represented as list entries. The list schema node must be defined as config=true as many of its child leaves need to be configurable by the client. However the interface name and type values are set by the system, based on the hardware actually present in the device, and must not be modified by clients. The natural solution would be to declare the name (which is the list's key) and the type as config=false. However according to the rules of YANG the key leaf for a configuration list must also be config=true. Thus the leaf /interfaces/interface/name is config true even if it might not be writable in some systems. System capabilities might be represented as system-set data nodes in the model. Configurable data nodes might need constraints specified as "when", "must" or "path" statements to ensure that configuration is set according to the system's capabilities. E.g., - a timer can support the values 1,5,8 seconds. This is defined in the leaf-list ‘supported-timer-values’. - When the configurable ‘interface-timer’ leaf is set it should be ensured that one of the supported values is used. The natural solution would be to make the ‘interface-timer’ a leaf-ref pointing at the ‘supported-timer-values’. However, this is not possible as ‘supported-timer-values’ must be readOnly thus config=false while ‘interface-timer’ must be writable thus config=true. According to the rules of YANG it is not allowed to put a constraint between config true and false schema nodes. If configuration is created by the system (e.g., copied from the <system> datastore to the <running> datastore it might need to be protected. In some cases there is a need to ensure that system-originated configuration shall not be altered even after it is copied over to the <running> datastore.” Ch 2) "Create an immutable data node with a same value initially set by the system if it doesn't exist in the datastore, e.g., explicitly configure a system generated interface name in <running>;" IMO this is not needed because - If the data already exists in the <running> datastore it cannot be created according to Netconf rules. - If it does not exist in the <running> datastore there is nothing that could be immutable as immutable is linked to the instances. The above is independent of what is defined in <system> Until now we never had any constraints between 2 datastores like: you can update datastore1 if datastore2 contains something. I don't think we want to introduce that either. "Comment: Should we allow the client delete an "immutable" system instantiated node in <running> ?" Once a data node is instantiated there is no record where it came from. https://datatracker.ietf.org/doc/html/rfc8342#section-5.3.4 states that origin is only maintained in the <operations> datastore. Unless we want to introduce it into <running>. So the even the question is wrong as we don't know which data is system instantiated. Servers MUST reject any attempt to the "create", "delete" and "update" access operations on an immutable data node " Create cannot be handled. see comment on chapter 2. Ch2 last paragraph) Edit-config is not allowed towards the startup datastore so it shouldn't be mentioned here. Why wait with error reporting for candidate. Is there any chance that the immutability might change? A.2) Interesting example, but it would not work because the use may always insert a rule(-list) before the immutable rule(s) that will make the imuutable rules ineffective. The problem is that the rule(-sets) are a user ordered list where the order matters. It is not enough to protect the individual rule(sets) the order would also need protection. IMHO it would be much easier and just as useful to define an extension statement: extension immutable { description "Indicates that a data node contains data that is loaded by the system and cannot be created/deleted/changed through the Netconf, Restconf or other management interfaces like SNMP, CLI. The data MAY be marked as config true to allow leafref, when or must constraints to be based on it. The statement MUST only be a substatement of the leaf, leaf-list, container, list, anydata, anyxml statements. Zero or one static-data statement per parent statement is allowed. The argument is a boolean value indicating whether the data node is considered static-data or not. If static-data is not specified, the default is the same as the parent data node's value. For top level data nodes the default value is false. When the effective immutable value is true, the ‘description’ statement of the parent statement SHOULD contain the text 'This data node (tree) cannot be changed in a running system.' "; argument value; } _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
- [netmod] Review of draft-ma-netmod-immutable-flag… Balázs Lengyel
- Re: [netmod] Review of draft-ma-netmod-immutable-… Reshad Rahman