Re: [netmod] comments on revised-datastores-00
Ladislav Lhotka <lhotka@nic.cz> Thu, 17 November 2016 05:39 UTC
Return-Path: <lhotka@nic.cz>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFF84129891 for <netmod@ietfa.amsl.com>; Wed, 16 Nov 2016 21:39:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.497
X-Spam-Level:
X-Spam-Status: No, score=-8.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mx1rlYyUBF41 for <netmod@ietfa.amsl.com>; Wed, 16 Nov 2016 21:39:37 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D7B0129898 for <netmod@ietf.org>; Wed, 16 Nov 2016 21:39:14 -0800 (PST)
Received: from t2001067c03700128219144e1014c7ec2.v6.meeting.ietf.org (unknown [IPv6:2001:67c:370:128:2191:44e1:14c:7ec2]) by mail.nic.cz (Postfix) with ESMTPSA id DFBA362054; Thu, 17 Nov 2016 06:39:11 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1479361153; bh=S9RllPwJ30+CSeMQF1klDDOil+CEWpnAoszqOAVxDQ4=; h=From:Date:To; b=DFdkguLtyW5Xv/f67DGjcLSXGlrDCnbyqj/pWZWBnQ03DTLljdeopxAiP+DyCzwoB TYwSD46f4jHCiouBnAE0sQLUbU2qmi3GuICaE7tVHhn4YG1BgeP4roNCbXac8tpKrM lmcIhZp2MN7pvNjnG2AbU2a8MaK6jsFYsHDm12LI=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Ladislav Lhotka <lhotka@nic.cz>
In-Reply-To: <CABCOCHRUEmwytt8nt7Wm5X=9HTERUt++j843BN_sEyq5Rko7Aw@mail.gmail.com>
Date: Thu, 17 Nov 2016 14:39:07 +0900
Content-Transfer-Encoding: quoted-printable
Message-Id: <F45BA0C8-4707-4172-98A7-AEE0F606B612@nic.cz>
References: <m2eg2d600s.fsf@dhcp-8ee8.meeting.ietf.org> <20161115061450.GA48891@elstar.local> <m2oa1gqer7.fsf@dhcp-8ee8.meeting.ietf.org> <20161116.092657.1863684993696157894.mbj@tail-f.com> <m2r36an4oq.fsf@dhcp-8ee8.meeting.ietf.org> <CABCOCHRUEmwytt8nt7Wm5X=9HTERUt++j843BN_sEyq5Rko7Aw@mail.gmail.com>
To: Andy Bierman <andy@yumaworks.com>
X-Mailer: Apple Mail (2.3251)
X-Virus-Scanned: clamav-milter 0.98.7 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/3ar_IbZWhe5L6jUQCiFt9Y_y3XE>
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] comments on revised-datastores-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 05:39:40 -0000
> On 17 Nov 2016, at 14:07, Andy Bierman <andy@yumaworks.com> wrote: > > > > On Wed, Nov 16, 2016 at 7:52 PM, Ladislav Lhotka <lhotka@nic.cz> wrote: > Martin Bjorklund <mbj@tail-f.com> writes: > > > Ladislav Lhotka <lhotka@nic.cz> wrote: > >> Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> writes: > >> > >> > On Tue, Nov 15, 2016 at 09:48:35AM +0900, Ladislav Lhotka wrote: > >> >> Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> writes: > >> >> > >> >> > On Mon, Nov 14, 2016 at 11:23:04AM +0900, Ladislav Lhotka wrote: > >> >> >> Hi, > >> >> >> > >> >> >> I've read the revised-datastores-00 document, in general I like it, here > >> >> >> are my initial comments and questions: > >> >> >> > >> >> >> 1. Even if <intended> is valid, it can still be in conflict with the > >> >> >> actual content of <applied> that may come from e.g. dynamic > >> >> >> configuration protocols. How are such cases supposed to be resolved? > >> >> > > >> >> > Yes. The whole idea is to expose these potential differences instead > >> >> > of hiding them behind a curtain. > >> >> > >> >> That's fine but it doesn't answer my question. > >> >> > >> > > >> > Then I do not understand the question. What does it mean for a > >> > datastore to be in conflict with a different datastore? > >> > >> For example: > >> > >> - the data model has a choice with caseA and caseB. A NC/RC client > >> configures caseA, <intended> is valid, but <applied> already contains > >> caseB configured by a "dynamic configuration protocol"; or > >> > >> - a leafref refers to a leaf that exists in <intended> but not in > >> <applied>. > > > > An open issue is what to do with semantic constrains. For now, let's > > assume they do not have to be valid. This implies that you can have > > leafrefs in <applied> that refer to non-existing leafs. > > > > However, for choices, I don't think two cases can exist at the same > > time even in operational state. If we allow this, where do we draw > > the line - can a container or leaf exist in multiple instances? can > > a leaf of type int32 contain a string? > > Certainly not. Rather than validate <intended>, it may be better to > first merge <intended> with current content of <applied> to get the tentative > future content of <applied>, and apply validation on it. > > > > IMO this is not correct. > > The running config cannot really be safely validated under this new model, > because unexpanded templates and inactive nodes should not part of the > validation. I didn't mention validation of <running> at all. > > The intended datastore should always be YANG-valid. > It is disjoint from the applied datastore. So let's say we have a list with min-elements = 1 (such as the list of RIBs), and there is already one entry provided by the system. what has to be done in order to make <intended> valid? Should the system-controlled entry permeate up to <intended>? > > Using your example of case A and case B -- it is OK for a control plane > protocol to override intended config (e.g., select case B causing case A > to be deleted from applied). The intended is not altered (case A still exists > in intended). According to the picture, control plane protocols affect operational state, so it is OK. > > The applied datastore should be valid independent of intended. > You cannot merge them (e.g. case A and B not allowed to both exist). I can merge them and report they the submitted <intended> would make <applied> invalid, i.e. the edit would be rejected. Lada > You can only compare them to find out that intended was overridden > by a control protocol (e.g. case B is being used, not case A) > > If the control protocol changes get removed then applied should reflect > the intended (e.g. case A reappears in applied) > > > Andy > > > > > > > >> >> >> 2. What is the distinction between dynamic configuration protocols and > >> >> >> control-plane protocols? > >> >> > > >> >> > Good question. I believe this to be at the end implementation specific. > >> >> > The question I think really is whether a control-plane protocol interacts > >> >> > with the configuration management component or not. > >> >> > >> >> OK, perhaps it can be said that dynamic configuration protocols modify > >> >> "config true" data. Maybe a term like "configuration interface" may be > >> >> better because it needn't be a communication protocol, and it needn't be > >> >> any more dynamic than NETCONF/RESTCONF is. > >> > > >> > Yes, we know that 'dynamic' is potentially misleading. > >> > >> My take from yesterday's discussion is that in fact the classification > >> is implementation-dependent. > > > > Yes it probably is. But I'm not sure it is actually a problem. > > It isn't, but you could base the classification on where each > contribution comes in instead of using fuzzy terms like dynamic > configuration protocol. > > > > >> For example, if I use standard Linux > >> command-line tools such as "ip", their result can be seen only in > >> operational state, so they are like control-plane protocols. However, if > >> an implementation patches these tools so as to write to <applied>, then > >> they are dynamic configuration protocols. > >> > >> > > >> >> >> 5. Is it necessary that "<operational-state> datastore contains all > >> >> >> configuration data actually used by the system"? For example, static > >> >> >> routes should appear in RIBs, so having them separately in operational > >> >> >> state seems redundant. > >> >> > > >> >> > I do not understand your question. Is the RIB exposed or not? Anyway, > >> >> > we need a general model and not a model for specific aspects such as > >> >> > routing. Yes, there can be redundancy but there can also be semantic > >> >> > differences. The <operational-state> datastore tells me what is > >> >> > actually used (regardless of what has happened with the statically > >> >> > configured values). In other words, if I want to debug what my box is > >> >> > actually doing, looking at the <operational-state> datastore is > >> >> > probably a good idea. > >> >> > >> >> But could this part of operational state be possibly different from > >> >> what's already in <applied>? > >> > > >> > This is subtle since we are not really able to define precisely what > >> > the boundaries of a datastore are. Is something applied if the > >> > responsible daemon accepted information? Or is it applied if the > >> > daemon communicated information to the kernel? Or is it applied if the > >> > linecard accepted the information from the kernel? Or is it applied if > >> > the specific registers of the linecard have been programmed? > >> > >> In my view, at some point the configuration system hands over the data > >> to the backend that's responsible for performing the changes, and the > >> data passed to the backend should be the content of <applied>. > > > > The data passed to the backends is <intended>. The backend then tries > > to apply it, and the result is <applied>/<operational-state>. > > Hmm, but dynamic configuration protocols contribute to <applied>, and > their contributions also have to be passed to the backend, right? > > It would make more sense to me if <applied> contained the data (from all sources) > that the configuration system considers valid and passes it to the > backend. Whether or not (and when) the system makes the data effective > then wouldn't be an issue. > > Lada > > > > > > > > > /martin > > > >> Whether > >> the changes take effect in the system or not may be discovered from > >> operational state data but the configuration processing should be > >> already over. > >> > >> > Similarily, how is operational state obtained? It is likely that an > >> > implementation does not read linecard registers on every operational > >> > state request. As a consequence, we might have systems where applied > >> > really is just a subset of operational state and this may be true for > >> > a large number of systems but I would not rule out the possibility of > >> > having differences between applied and operational state. > >> > >> We don't currently have static routes in routing-state, despite all > >> criticism about duplication of config and state values, so it seems > >> rather backwards to duplicate it in the new datastore model. What's > >> important for an operator is to see whether a static route appears in a > >> RIB or not. > >> > >> Lada > >> > >> > > >> > /js > >> > > >> > -- > >> > Juergen Schoenwaelder Jacobs University Bremen gGmbH > >> > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > >> > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > >> > >> -- > >> Ladislav Lhotka, CZ.NIC Labs > >> PGP Key ID: E74E8C0C > >> > >> _______________________________________________ > >> netmod mailing list > >> netmod@ietf.org > >> https://www.ietf.org/mailman/listinfo/netmod > >> > > -- > Ladislav Lhotka, CZ.NIC Labs > PGP Key ID: E74E8C0C > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod -- Ladislav Lhotka, CZ.NIC Labs PGP Key ID: E74E8C0C
- [netmod] comments on revised-datastores-00 Ladislav Lhotka
- Re: [netmod] comments on revised-datastores-00 Juergen Schoenwaelder
- Re: [netmod] comments on revised-datastores-00 Susan Hares
- Re: [netmod] comments on revised-datastores-00 Martin Bjorklund
- Re: [netmod] comments on revised-datastores-00 Andy Bierman
- Re: [netmod] comments on revised-datastores-00 Juergen Schoenwaelder
- Re: [netmod] comments on revised-datastores-00 Susan Hares
- Re: [netmod] comments on revised-datastores-00 Ladislav Lhotka
- Re: [netmod] comments on revised-datastores-00 Juergen Schoenwaelder
- Re: [netmod] comments on revised-datastores-00 Ladislav Lhotka
- Re: [netmod] comments on revised-datastores-00 Juergen Schoenwaelder
- Re: [netmod] comments on revised-datastores-00 Martin Bjorklund
- Re: [netmod] comments on revised-datastores-00 Martin Bjorklund
- Re: [netmod] comments on revised-datastores-00 Ladislav Lhotka
- Re: [netmod] comments on revised-datastores-00 Andy Bierman
- Re: [netmod] comments on revised-datastores-00 Ladislav Lhotka
- Re: [netmod] comments on revised-datastores-00 Phil Shafer
- Re: [netmod] comments on revised-datastores-00 Ladislav Lhotka
- Re: [netmod] comments on revised-datastores-00 Martin Bjorklund
- Re: [netmod] comments on revised-datastores-00 Martin Bjorklund
- Re: [netmod] comments on revised-datastores-00 Martin Bjorklund
- Re: [netmod] comments on revised-datastores-00 Martin Bjorklund