IETF Logo Mail Archive

Re: [netmod] comments on revised-datastores-00

Ladislav Lhotka <lhotka@nic.cz> Thu, 17 November 2016 05:39 UTC

Return-Path: <lhotka@nic.cz>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFF84129891 for <netmod@ietfa.amsl.com>; Wed, 16 Nov 2016 21:39:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.497
X-Spam-Level:
X-Spam-Status: No, score=-8.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mx1rlYyUBF41 for <netmod@ietfa.amsl.com>; Wed, 16 Nov 2016 21:39:37 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D7B0129898 for <netmod@ietf.org>; Wed, 16 Nov 2016 21:39:14 -0800 (PST)
Received: from t2001067c03700128219144e1014c7ec2.v6.meeting.ietf.org (unknown [IPv6:2001:67c:370:128:2191:44e1:14c:7ec2]) by mail.nic.cz (Postfix) with ESMTPSA id DFBA362054; Thu, 17 Nov 2016 06:39:11 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1479361153; bh=S9RllPwJ30+CSeMQF1klDDOil+CEWpnAoszqOAVxDQ4=; h=From:Date:To; b=DFdkguLtyW5Xv/f67DGjcLSXGlrDCnbyqj/pWZWBnQ03DTLljdeopxAiP+DyCzwoB TYwSD46f4jHCiouBnAE0sQLUbU2qmi3GuICaE7tVHhn4YG1BgeP4roNCbXac8tpKrM lmcIhZp2MN7pvNjnG2AbU2a8MaK6jsFYsHDm12LI=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Ladislav Lhotka <lhotka@nic.cz>
In-Reply-To: <CABCOCHRUEmwytt8nt7Wm5X=9HTERUt++j843BN_sEyq5Rko7Aw@mail.gmail.com>
Date: Thu, 17 Nov 2016 14:39:07 +0900
Content-Transfer-Encoding: quoted-printable
Message-Id: <F45BA0C8-4707-4172-98A7-AEE0F606B612@nic.cz>
References: <m2eg2d600s.fsf@dhcp-8ee8.meeting.ietf.org> <20161115061450.GA48891@elstar.local> <m2oa1gqer7.fsf@dhcp-8ee8.meeting.ietf.org> <20161116.092657.1863684993696157894.mbj@tail-f.com> <m2r36an4oq.fsf@dhcp-8ee8.meeting.ietf.org> <CABCOCHRUEmwytt8nt7Wm5X=9HTERUt++j843BN_sEyq5Rko7Aw@mail.gmail.com>
To: Andy Bierman <andy@yumaworks.com>
X-Mailer: Apple Mail (2.3251)
X-Virus-Scanned: clamav-milter 0.98.7 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/3ar_IbZWhe5L6jUQCiFt9Y_y3XE>
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] comments on revised-datastores-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 05:39:40 -0000

> On 17 Nov 2016, at 14:07, Andy Bierman <andy@yumaworks.com> wrote:
> 
> 
> 
> On Wed, Nov 16, 2016 at 7:52 PM, Ladislav Lhotka <lhotka@nic.cz> wrote:
> Martin Bjorklund <mbj@tail-f.com> writes:
> 
> > Ladislav Lhotka <lhotka@nic.cz> wrote:
> >> Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> writes:
> >>
> >> > On Tue, Nov 15, 2016 at 09:48:35AM +0900, Ladislav Lhotka wrote:
> >> >> Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> writes:
> >> >>
> >> >> > On Mon, Nov 14, 2016 at 11:23:04AM +0900, Ladislav Lhotka wrote:
> >> >> >> Hi,
> >> >> >>
> >> >> >> I've read the revised-datastores-00 document, in general I like it, here
> >> >> >> are my initial comments and questions:
> >> >> >>
> >> >> >> 1. Even if <intended> is valid, it can still be in conflict with the
> >> >> >>    actual content of <applied> that may come from e.g. dynamic
> >> >> >>    configuration protocols. How are such cases supposed to be resolved?
> >> >> >
> >> >> > Yes. The whole idea is to expose these potential differences instead
> >> >> > of hiding them behind a curtain.
> >> >>
> >> >> That's fine but it doesn't answer my question.
> >> >>
> >> >
> >> > Then I do not understand the question. What does it mean for a
> >> > datastore to be in conflict with a different datastore?
> >>
> >> For example:
> >>
> >> - the data model has a choice with caseA and caseB. A NC/RC client
> >>   configures caseA, <intended> is valid, but <applied> already contains
> >>   caseB configured by a "dynamic configuration protocol"; or
> >>
> >> - a leafref refers to a leaf that exists in <intended> but not in
> >>   <applied>.
> >
> > An open issue is what to do with semantic constrains.  For now, let's
> > assume they do not have to be valid.  This implies that you can have
> > leafrefs in <applied> that refer to non-existing leafs.
> >
> > However, for choices, I don't think two cases can exist at the same
> > time even in operational state.  If we allow this, where do we draw
> > the line - can a container or leaf exist in multiple instances?  can
> > a leaf of type int32 contain a string?
> 
> Certainly not. Rather than validate <intended>, it may be better to
> first merge <intended> with current content of <applied> to get the tentative
> future content of <applied>, and apply validation on it.
> 
> 
> 
> IMO this is not correct.
> 
> The running config cannot really be safely validated under this new model,
> because unexpanded templates and inactive nodes should not part of the
> validation.

I didn't mention validation of <running> at all.

> 
> The intended datastore should always be YANG-valid.
> It is disjoint from the applied datastore.

So let's say we have a list with min-elements = 1 (such as the list of RIBs), and there is already one entry provided by the system. what has to be done in order to make <intended> valid? Should the system-controlled entry permeate up to <intended>?

> 
> Using your example of case A and case B -- it is OK for a control plane
> protocol to override intended config (e.g., select case B causing case A
> to be deleted from applied).  The intended is not altered (case A still exists
> in intended).

According to the picture, control plane protocols affect operational state, so it is OK. 

> 
> The applied datastore should be valid independent of intended.
> You cannot merge them (e.g. case A and B not allowed to both exist).

I can merge them and report they the submitted <intended> would make <applied> invalid, i.e. the edit would be rejected.

Lada

> You can only compare them to find out that intended was overridden
> by a control protocol (e.g. case B is being used, not case A)
> 
> If the control protocol changes get removed then applied should reflect
> the intended (e.g. case A reappears in applied)
> 
> 
> Andy
> 
> 
> 
> 
> >
> >> >> >> 2. What is the distinction between dynamic configuration protocols and
> >> >> >>    control-plane protocols?
> >> >> >
> >> >> > Good question. I believe this to be at the end implementation specific.
> >> >> > The question I think really is whether a control-plane protocol interacts
> >> >> > with the configuration management component or not.
> >> >>
> >> >> OK, perhaps it can be said that dynamic configuration protocols modify
> >> >> "config true" data. Maybe a term like "configuration interface" may be
> >> >> better because it needn't be a communication protocol, and it needn't be
> >> >> any more dynamic than NETCONF/RESTCONF is.
> >> >
> >> > Yes, we know that 'dynamic' is potentially misleading.
> >>
> >> My take from yesterday's discussion is that in fact the classification
> >> is implementation-dependent.
> >
> > Yes it probably is.  But I'm not sure it is actually a problem.
> 
> It isn't, but you could base the classification on where each
> contribution comes in instead of using fuzzy terms like dynamic
> configuration protocol.
> 
> >
> >> For example, if I use standard Linux
> >> command-line tools such as "ip", their result can be seen only in
> >> operational state, so they are like control-plane protocols. However, if
> >> an implementation patches these tools so as to write to <applied>, then
> >> they are dynamic configuration protocols.
> >>
> >> >
> >> >> >> 5. Is it necessary that "<operational-state> datastore contains all
> >> >> >>    configuration data actually used by the system"? For example, static
> >> >> >>    routes should appear in RIBs, so having them separately in operational
> >> >> >>    state seems redundant.
> >> >> >
> >> >> > I do not understand your question. Is the RIB exposed or not? Anyway,
> >> >> > we need a general model and not a model for specific aspects such as
> >> >> > routing. Yes, there can be redundancy but there can also be semantic
> >> >> > differences. The <operational-state> datastore tells me what is
> >> >> > actually used (regardless of what has happened with the statically
> >> >> > configured values). In other words, if I want to debug what my box is
> >> >> > actually doing, looking at the <operational-state> datastore is
> >> >> > probably a good idea.
> >> >>
> >> >> But could this part of operational state be possibly different from
> >> >> what's already in <applied>?
> >> >
> >> > This is subtle since we are not really able to define precisely what
> >> > the boundaries of a datastore are. Is something applied if the
> >> > responsible daemon accepted information? Or is it applied if the
> >> > daemon communicated information to the kernel? Or is it applied if the
> >> > linecard accepted the information from the kernel? Or is it applied if
> >> > the specific registers of the linecard have been programmed?
> >>
> >> In my view, at some point the configuration system hands over the data
> >> to the backend that's responsible for performing the changes, and the
> >> data passed to the backend should be the content of <applied>.
> >
> > The data passed to the backends is <intended>.  The backend then tries
> > to apply it, and the result is <applied>/<operational-state>.
> 
> Hmm, but dynamic configuration protocols contribute to <applied>, and
> their contributions also have to be passed to the backend, right?
> 
> It would make more sense to me if <applied> contained the data (from all sources)
> that the configuration system considers valid and passes it to the
> backend. Whether or not (and when) the system makes the data effective
> then wouldn't be an issue.
> 
> Lada
> 
> >
> >
> >
> > /martin
> >
> >> Whether
> >> the changes take effect in the system or not may be discovered from
> >> operational state data but the configuration processing should be
> >> already over.
> >>
> >> > Similarily, how is operational state obtained? It is likely that an
> >> > implementation does not read linecard registers on every operational
> >> > state request. As a consequence, we might have systems where applied
> >> > really is just a subset of operational state and this may be true for
> >> > a large number of systems but I would not rule out the possibility of
> >> > having differences between applied and operational state.
> >>
> >> We don't currently have static routes in routing-state, despite all
> >> criticism about duplication of config and state values, so it seems
> >> rather backwards to duplicate it in the new datastore model. What's
> >> important for an operator is to see whether a static route appears in a
> >> RIB or not.
> >>
> >> Lada
> >>
> >> >
> >> > /js
> >> >
> >> > --
> >> > Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> >> > Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> >> > Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> >>
> >> --
> >> Ladislav Lhotka, CZ.NIC Labs
> >> PGP Key ID: E74E8C0C
> >>
> >> _______________________________________________
> >> netmod mailing list
> >> netmod@ietf.org
> >> https://www.ietf.org/mailman/listinfo/netmod
> >>
> 
> --
> Ladislav Lhotka, CZ.NIC Labs
> PGP Key ID: E74E8C0C
> 
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod

--
Ladislav Lhotka, CZ.NIC Labs
PGP Key ID: E74E8C0C

v2.23.0 | Report a Bug | By Email