Re: [netmod] AD review: draft-ietf-netmod-snmp-cfg-05
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Mon, 21 July 2014 20:48 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF4F51A0328 for <netmod@ietfa.amsl.com>; Mon, 21 Jul 2014 13:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.951
X-Spam-Level:
X-Spam-Status: No, score=-0.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, J_CHICKENPOX_15=0.6, RP_MATCHES_RCVD=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TzRWyx9esilr for <netmod@ietfa.amsl.com>; Mon, 21 Jul 2014 13:48:29 -0700 (PDT)
Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B09921A0070 for <netmod@ietf.org>; Mon, 21 Jul 2014 13:48:28 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id 7293AEB2; Mon, 21 Jul 2014 22:48:27 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas3.jacobs-university.de ([10.70.0.220]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id gGYkj4UhpPmp; Mon, 21 Jul 2014 22:48:22 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Mon, 21 Jul 2014 22:48:26 +0200 (CEST)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id 88A942002C; Mon, 21 Jul 2014 22:48:26 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id tX82ExF1P16J; Mon, 21 Jul 2014 22:48:24 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 1F01420017; Mon, 21 Jul 2014 22:48:24 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 12E0B2DDF1A0; Mon, 21 Jul 2014 22:48:24 +0200 (CEST)
Date: Mon, 21 Jul 2014 22:48:24 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Benoit Claise <bclaise@cisco.com>
Message-ID: <20140721204824.GA10157@elstar.local>
Mail-Followup-To: Benoit Claise <bclaise@cisco.com>, NETMOD Working Group <netmod@ietf.org>, draft-ietf-netmod-snmp-cfg@tools.ietf.org
References: <538D7EF7.4030202@cisco.com> <538DF48C.6030605@cisco.com> <20140607070213.GA21144@elstar.local> <53A04683.3040308@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <53A04683.3040308@cisco.com>
User-Agent: Mutt/1.4.2.3i
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/7UgRtrans5PvcDAmCNhbFSqrziI
Cc: draft-ietf-netmod-snmp-cfg@tools.ietf.org, NETMOD Working Group <netmod@ietf.org>
Subject: Re: [netmod] AD review: draft-ietf-netmod-snmp-cfg-05
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 20:48:31 -0000
On Tue, Jun 17, 2014 at 03:45:39PM +0200, Benoit Claise wrote: > >>My feedback: > >>- > >> > >> The configuration data model in particular_targets_SNMP deployments > >> where SNMP runs in read-only mode and NETCONF is used to configure > >> the SNMP agent. Nevertheless, the data model has been_designed_to > >> allow implementations that support write access both via SNMP and > >> NETCONF in order to interwork with SNMP-managed management > >> applications manipulating SNMP agent configuration using SNMP. > >> > >> The YANG data model focuses on configuration. > >> > >>I don't understand what you mean by "targets" or "designed to" > >>So you made some tradeoffs in the design? Is this the way we should > >>understand this? > >>If which one? > >I think "in particular targets" should be read as in "will likely be > >primarily used in". Or to say it in other words: If a deployment uses > >SNMP to configure SNMP agents, then this data model may be of limited > >value. > I didn't read this way the first time. Maybe it's only me... > > > >Concerning "designed to": The data model has been designed to cover > >everything that the SNMP configuration models describe. It allows an > >implementation that supports both configuration via NETCONF and > >configuration via SNMP. The details are discussed in section 3.2. > I didn't read this way the first time. Your new wording makes it clearer > to me. > Again, maybe it's just me... We tried to improve the text. Please check the next version of the I-D. > >>- At the beginning of VACM and SNMP, we faced one issue. Someone with a > >>read-only community string could query the read-write community string. > >> > >> > >>Router#sh run | i snmp > >> > >>snmp-server engineID local 000000090200009092827820 > >> > >>snmp-server group v1group v1 read includeeverything > >> > >>snmp-server view includeeverything internet included > >> > >>snmp-server community _claise _RW > >> > >>snmp-server user _public _v1group v1 > >> > >>... > >> > >>"snmpwalk -v 1 <Router> _public _internet.6.3.16 | grep _claise_"... you > >>would be surprised > >> > >>Basically, the trick is that we need a default view on VACM. > >>I see http://tools.ietf.org/html/rfc3415#section-7.4 > >>Do we need something specific in this draft to stress that issue? > >I do not think that this document is the place to discuss how default > >VACM rules should look like. This should go into a separate document > >because this is not specific to the YANG data model but rather > >specific to VACM. > Yes, this is specific to VACM, but having an extra document just for > this might be an overkill. > Adding one sentence in the Security Considerations would be make IMO. We have added some additional text and we also tagged the community such that NACM by default denies access. The other editorial issues have been dealt with as well. There should be an announcement of the new I-D shortly. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [netmod] AD review: draft-ietf-netmod-snmp-cfg-05 Benoit Claise
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Juergen Schoenwaelder
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Randy Presuhn
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Benoit Claise
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Benoit Claise
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Juergen Schoenwaelder
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Juergen Schoenwaelder