[netmod] leafref to lists that contain system-controlled entries

"Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com> Fri, 13 October 2017 18:43 UTC

Return-Path: <jason.sterne@nokia.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E58E134249 for <netmod@ietfa.amsl.com>; Fri, 13 Oct 2017 11:43:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id omTxvWPgFy2b for <netmod@ietfa.amsl.com>; Fri, 13 Oct 2017 11:43:49 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00110.outbound.protection.outlook.com [40.107.0.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 878F013300C for <netmod@ietf.org>; Fri, 13 Oct 2017 11:43:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kXOrY7Z6Txp3WAZCHL3gBJlp7F9pOyyoKieeNl5E8/Q=; b=lRSxxnYFlZkaH2cuu5SmCpP8/dy7QDLzZ5/aTbjs1SxOyRwQaq5Nu+niyho+L291nTo25Z1b66iOp3o+BX45PjxI8SNN3Kty8eo9YI6V2U3OURsRQYpnal2ha7RDhMxKUZTcO5JhWWGmc4h71bb0pefWMCTnIKFK5Dg+wwjKKWc=
Received: from HE1PR07MB0843.eurprd07.prod.outlook.com (10.162.24.16) by HE1PR07MB0842.eurprd07.prod.outlook.com (10.162.24.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.5; Fri, 13 Oct 2017 18:43:45 +0000
Received: from HE1PR07MB0843.eurprd07.prod.outlook.com ([fe80::98e6:b6da:7d7d:25b9]) by HE1PR07MB0843.eurprd07.prod.outlook.com ([fe80::98e6:b6da:7d7d:25b9%16]) with mapi id 15.20.0077.021; Fri, 13 Oct 2017 18:43:45 +0000
From: "Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com>
To: "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: leafref to lists that contain system-controlled entries
Thread-Index: AdNETq1mxw6yfiPkS3eq6pji6usdqw==
Date: Fri, 13 Oct 2017 18:43:45 +0000
Message-ID: <HE1PR07MB08435A124031631CF19E92BE9B480@HE1PR07MB0843.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jason.sterne@nokia.com;
x-originating-ip: [135.245.20.19]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR07MB0842; 6:t4IiZT+6P4u/HBMaDjHUYq7jJs+5sKaeKzZazQhX96zr0Ju7OApEL3QvqJyJRrOQ1IedHw+IZCwSpTBP0JmVl55qhVUFe71Pn0Qi5R1zMjJcaMdIxIDIIOcnFXW/Hu+yDqmu064BwuKI9xlCTYF0h9C/ckg4+oBN/i0053qaVLxsLUt63c3/GrwrMRpUvoHXlB7kfh6qlNbeF4dtORVBCkbIm6yoJdeKtgGOR5dyXBcm0rMrNN4jvxcNTEgogfY7bdi0vaSwE9U3YxNngsygZsg5ArmvkvjmaTwrK+ADg1Rl5BGhI61D32nmdCsRlQmS5HaCXov5/UCX6e0ZsXvdlA==; 5:eMOdBhgXdCr9lUvVoYIGpFmLU5d7WQNHx/9DGuiCjzywtq4XC/o1CgEmJeut52ZsckWMeelexhmVxMMNiH1CdVI09mUslQpM7Pbjs3oICoB9Zz5oG2WXMMX+bqYIL0DALdizIVMQAmyQojHRZP/Mig==; 24:ywLRoOa5BiBsuiRn/Gk8Lo42tt3wbsSoiY/j2VEf0OZdS3pJoVml2rP47mAB7b73Dzuwf3MPS5xcLVv+LN2RxJJkdY3lHKqr2iwJ9QtGIUQ=; 7:srOLUPftiZIzGkpEhFzKMMcQD7JnzRkx7wCS2N1spMLsYvCXHP4nvmKvJMbqXoNZ0Rg32+QYNnb5UFAAJNAz8ata2IryT6C4clEZ3RuAoSeUNyrgengboRQ6lmeHrGoPAtti6Y61JOnrjcEhUbHK4WIcdbKD92UC/jltevAYG8oGNkNXQhJKVa7gB1XOzrPyR6HKI7uGsBw0aHVFmJ+HgHHcmFoGH+eWY4fgyAkg9G8=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: b9499e9a-7cae-4f1d-e04a-08d5126a5594
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:HE1PR07MB0842;
x-ms-traffictypediagnostic: HE1PR07MB0842:
x-exchange-antispam-report-test: UriScan:(158342451672863)(21748063052155);
x-microsoft-antispam-prvs: <HE1PR07MB08424ECE4D7C0D752E01E7859B480@HE1PR07MB0842.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123560025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:HE1PR07MB0842; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:HE1PR07MB0842;
x-forefront-prvs: 04599F3534
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(39860400002)(53754006)(189002)(199003)(6506006)(6436002)(2351001)(6306002)(236005)(5640700003)(189998001)(790700001)(6116002)(3846002)(102836003)(106356001)(105586002)(53936002)(5660300001)(7696004)(316002)(66066001)(7736002)(74316002)(54896002)(55016002)(3660700001)(99286003)(9686003)(97736004)(19609705001)(606006)(5630700001)(68736007)(33656002)(86362001)(2906002)(81156014)(14454004)(81166006)(1730700003)(8676002)(8936002)(54356999)(478600001)(3280700002)(50986999)(5250100002)(2501003)(2900100001)(6916009)(966005)(101416001)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR07MB0842; H:HE1PR07MB0843.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB08435A124031631CF19E92BE9B480HE1PR07MB0843eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Oct 2017 18:43:45.2102 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB0842
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/3X6lLc1NRWlzrwwj-tnnXqlH1DI>
Subject: [netmod] leafref to lists that contain system-controlled entries
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Oct 2017 18:43:51 -0000

Hi all,

There are a few threads on the mailing list that touch on the concept of system-controlled resources (mostly list entries):

https://mailarchive.ietf.org/arch/msg/netmod/3fTSHIh_MfHzmuDCoicAGiXA2E0
https://mailarchive.ietf.org/arch/msg/netmod/KIsSgKByQWpqYzA4i6Bwc8fuH3w
https://mailarchive.ietf.org/arch/msg/netmod/mjLJdiYErtNG41dJ5bJ5ji07cz0

A few drafts & RFCs also refer to the concept:
https://tools.ietf.org/html/draft-ietf-netmod-revised-datastores-04
https://tools.ietf.org/html/rfc7223

Several vendor implementations have list entries (instance data) that are populated by the server and can be referenced (leafref) from other places in the configuration.  These system entries are useful pre-created policies, interfaces, etc that can then be used (and referred-to) by operators in their explicit configuration.

If those entries are only expected to exist in the <operational> datastore, then in theory any references to them in user created configuration will cause a validation problem in the candidate/running (missing leafref target).

One solution discussed in the mailing lists is to change every reference to lists that could contain a system created entry to a "require-instance false" leafref.  But then some useful validation is lost.  In many cases the model is more correctly "require-instance true" but the set of targets includes the system create entries.

Another solution discussed is to have the system created entries appear in the <intended> datastore (as part of template/expansion).  That would make validation pass on the intended datastore, but then the candidate/running/startup datastores would not be valid (would be missing leafref targets if any part of the config refers to system created entries).  THis sounds similar to the problem that has been discussed in the past about the fact that templates (in the running) basically mean the running/candidate aren't necessarily valid (until after template expansion, which means only the intended would be valid).

Another approach could be to actually have those system created entries show up in running/candidate.  That would ensure that references to those entries are valid.  But if the whole concept of templates just cause the running/candidate to not be valid anyways maybe we wouldn't worry about the invalid aspect of references to system created list entries ?

Rgds,
Jason