Re: [netmod] kw comments on draft-voit-netmod-yang-mount-requirements
"Eric Voit (evoit)" <evoit@cisco.com> Fri, 08 April 2016 02:52 UTC
Return-Path: <evoit@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C050B12D62B for <netmod@ietfa.amsl.com>; Thu, 7 Apr 2016 19:52:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.531
X-Spam-Level:
X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Fz7FvJ2OSIm for <netmod@ietfa.amsl.com>; Thu, 7 Apr 2016 19:52:34 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7763612D153 for <netmod@ietf.org>; Thu, 7 Apr 2016 19:52:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15814; q=dns/txt; s=iport; t=1460083954; x=1461293554; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=p7uYf/MM7EE4pswmDvVNoEb9rGno3mZ1ksFCQc125LA=; b=kmNQFPYYuSML/Stro/o2JlSFvpXTWtEp15sx9G94f69DINDx3x4Q6xuq MKUF1SBWiWBY+l7MNCRR5pROLyMIQnspNDe6bIEgodR0F96g/WF9bjpj0 JOt3F9ciSUmWu0NbNrEAcHUjcWPuju5e8iGno5NZrginc4pIgwRFMaTU3 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ACAgDyGwdX/5FdJa1dgzdTfQa6QAENgXMXCoUiSgIcgSI4FAEBAQEBAQFlJ4RBAQEBAwEBAQEgEToEBwUHBAIBCBEEAQEBAgIjAwICAiULFAEICAIEAQ0FCBOIBAgOsBKSEgEBAQEBAQEBAQEBAQEBAQEBAQEBAREEfIUlhEuEBSKDGIJWBYdthWGBMokEAY4EgW6HdYUxjyMBHgEBQoIEGYFKbId+BxcHGH4BAQE
X-IronPort-AV: E=Sophos;i="5.24,449,1454976000"; d="scan'208";a="258059842"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Apr 2016 02:52:32 +0000
Received: from XCH-RTP-004.cisco.com (xch-rtp-004.cisco.com [64.101.220.144]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id u382qWnI018560 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 8 Apr 2016 02:52:32 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-004.cisco.com (64.101.220.144) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 7 Apr 2016 22:52:31 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1104.009; Thu, 7 Apr 2016 22:52:31 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Ladislav Lhotka <lhotka@nic.cz>, Martin Bjorklund <mbj@tail-f.com>, "Alexander Clemm (alex)" <alex@cisco.com>, "kwatsen@juniper.net" <kwatsen@juniper.net>
Thread-Topic: [netmod] kw comments on draft-voit-netmod-yang-mount-requirements
Thread-Index: AQHRkAAY1dIqVaLFu0y/L6aVF65SwZ9/XLCg
Date: Fri, 08 Apr 2016 02:52:31 +0000
Message-ID: <ed5a1f9e1fe04579956c2b271bca4358@XCH-RTP-013.cisco.com>
References: <20160405.113822.1614298419822308565.mbj@tail-f.com> <16B50CA8-0076-413D-87D1-FFBE6A54175C@nic.cz> <8eab257636824a178c19ebaf83d80dca@XCH-RTP-001.cisco.com> <20160406.091852.487853511276571798.mbj@tail-f.com> <m24mbeapj0.fsf@nic.cz>
In-Reply-To: <m24mbeapj0.fsf@nic.cz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.227.207]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/netmod/8nEjlxQOZ-HWydnxRpbWWsu3n3g>
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] kw comments on draft-voit-netmod-yang-mount-requirements
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2016 02:52:37 -0000
> Ladislav Lhotka, Wednesday, April 06, 2016 8:30 AM > > Martin Bjorklund <mbj@tail-f.com> writes: > > > Hi, > > > > "Alexander Clemm (alex)" <alex@cisco.com> wrote: > >> Hi, Martin, Lada, > >> > >> unfortunately I wasn't able to attend the discussion, but I have one > >> comment regarding the "definition" vs "implementation" distinction. > > > > I probably failed to communicate my point clearly. I did not want to > > make the distinction in this way. > > > >> Clearly, peer-mount and alias-mount have a definition component to > >> it. > > > > Yes, absolutely. I don't think I implied that they didn't. > > > >> This is why the YANG extensions were defined to define mountpoints. > >> This definition component can be aligned with structural mount, and > >> the goal needs to be to reuse the same. So far, so good. > > > > Yes, this was my point. In Eric's presentation he had "schema mount", > > "peer-mount", and "alias-mount" on the same level; all three different > > variations of the generic concept "YANG Mount". I think that is > > incorrect; we should have a generic "schema mount", with "peer-mount" > > and "alias-mount" being specializations of this concept. > > I would go even further: schema mount and peer mount are independent and > orthogonal (not sure about alias mount - this is probably still something else). > That is, I can build a data model with schema mount, and use it for validating a > good old local datastore. Conversely, it is IMO possible to apply peer mount and > validate the data against a data model that's constructed according to the > existing rules. Peer Mount implementations have been read-only (so far). It would be good to avoid requiring the transactional requirements for write and therefore the needs to bring in and validate with the schema. Such a requirement would be very heavy-weight for use with remote systems. It might not even be possible if those remote systems have access control permissions which don't permit visibility against objects used for such validations. > So, even though it may be sometimes beneficial to combine schema mount and > peer mount, I believe they can and should be implemented as two independent > concepts. A pure schema mount should have no security implications, whereas > accessing remote data certainly has some. And accepting a (sub)schema from an > external source requires IMO even higher level of trust. Read-only access control objects should be easier for a sub-schema rather a full schema. For remote system access we already need these security elements for a get, hopefully we are not requiring anything new when we insert the peer mount abstraction. Eric > Lada > > > > > > >> The aspect that I don't think I agree with is that peer-mount and > >> alias-mount should be treated merely as an "implementation". > > > > Again, this is not what I wrote. I wrote that: > > > > the client doesn't *necessarily* have to know if the the interfaces > > data is implemented w/ "peer mount" or some other mechanism. > > > > [note "necessarily"] > > > > I agree that *some* clients need to be able to manage mount targets > > etc, but not all. > > > >> I think > >> I understand where you are coming from - to the user of mounted data, > >> they don't care if there are other "instances" of the same data and > >> how the data they see is populated. That said, I don't think this > >> viewpoint is entirely correct, because there are certain semantics > >> associated with it, and also because there are different implications > >> with regards to mountpoint management which need to be reflected in > >> the model. (For example, for peer-mount, there needs to be > >> information on the remote system.) > >> > >> For the semantics, I think the fact should be captured when mounted > >> data depends on target data. We capture conditions and constraints > >> for semantically accurate models; the fact that the "aliased" data > >> reflects another instance in another subtree is something that sure > >> needs to be captured and understood. > > > > If the client is fully aware of the alias mount concept, why bother > > with it? > > > > As I have said previously, we (tail-f) have had alias mount > > implemented for many years (we call it "symlink"), and we have bad > > experiences with all scenarios but the very simplest ones (simple leaf > > to leaf alias). And even in this case users get pretty confused by > > errors caused by validation that depends on the target leaf. > > > >> For example, without reflecting > >> this relationship, an application might try to set an authoritative > >> subtree/datanode to one value, the mounted version of it to a > >> different value. So, whether or not there is an alias, or a peer, to > >> an instance of data is something that should be reflected in the > >> model. In other words, I don't think you can see the mountpoint and > >> data mounted below it in entire isolation from the rest of the system. > >> Another question concerns what you are actually mounting. In > >> alias-mount, the mounted subtree may actually have been augmented and > >> have other data nodes underneath it. Does the mounting apply to also > >> augmenting data? For structural mount, the answer is clearly "no", > >> but for peer-mount it doesn't have to be. > > > > I don't understand what you mean. Maybe you can show an example? > > > > > > /martin > > > > > >> > >> --- Alex > >> > >> > >> -----Original Message----- > >> From: netmod [mailto:netmod-bounces@ietf.org] On Behalf Of Ladislav > >> Lhotka > >> Sent: Tuesday, April 05, 2016 4:57 AM > >> To: Martin Björklund <mbj@tail-f.com> > >> Cc: netmod@ietf.org > >> Subject: Re: [netmod] kw comments on > >> draft-voit-netmod-yang-mount-requirements > >> > >> > >> > On 05 Apr 2016, at 06:38, Martin Bjorklund <mbj@tail-f.com> wrote: > >> > > >> > Hi, > >> > > >> > Kent Watsen <kwatsen@juniper.net> wrote: > >> >> [As a contributor] > >> >> > >> >> Note: this is a -00 document, but only because the draft's name > >> >> changed. In reality this is like a > >> >> draft-voit-netmod-peer-mount-requirements-04. Looking at the > >> >> diffs, there aren't many changes, mostly cleanup and adding the > >> >> "schema mount" concept. That is, the new "yang mount" term is use > >> >> to cover all of "schema mount", "alias mount", and "peer mount". > >> >> > >> >> My comment is mostly high-level. I'm wondering about the need for > >> >> this draft to include schema mount at all. That is, a schema > >> >> mount solution draft is now an adopted WG item, and I'm unsure if > >> >> the authors of that draft are looking to this one to define requirements. > >> >> Perhaps the goal is to define the umbrella term "yang mount", but > >> >> to be honest, I don't really see a need to have a term that spans > >> >> both schema and data mounts. I'm not sure how others feel about > >> >> this, but my thoughts are that we should define terms like: > >> >> > >> >> - scheme-mount > >> >> - data-mount > >> >> - remote data mount (a.k.a. peer mount) > >> >> - local data mount (a.k.a. alias mount) > >> >> > >> >> More so than: > >> >> > >> >> yang-mount > >> >> - scheme-mount > >> >> - alias-mount > >> >> - peer-mount > >> > > >> > Listening to Eric's presentation yesterday, I realized that I have > >> > a slightly different view on these terms. > >> > > >> > I prefer to separate the *schema* (data model) from how things are > >> > implemented. The various proposals for specific implementations > >> > (peer > >> > >> Yes, I expressed this opinion already in Yokohama. Moreover, Eliot's > >> presentation indicated that there are use cases in which YANG is used > >> for modelling data outside the context of a management protocol. So > >> IMO it is legitimate to require that even with schema mount it is > >> possible to write a compact specification of the complete schema. > >> Such a schema is static as before, the only change is that we have > >> more flexibility in composing the modules, whereas currently they can > >> be only put side by side. Also, there needn't be any mechanism like > >> peer mount, all data may be local. > >> > >> Perhaps this use case is really different from the more dynamic > >> situation where the server needs to fetch the subschemas at runtime > >> and the data are contributed by an external entity. > >> > >> Lada > >> > >> > mount and alias mount etc) all need a "schema mount" to take of > >> > defining a proper data model. (This was the whole point of defining > >> > structural-mount...) > >> > > >> > For example, suppose we have: > >> > > >> > container logical-devices { > >> > list logical-device { > >> > key name; > >> > ... > >> > yangmnt:mount-point logical-device; > >> > } > >> > } > >> > > >> > With the associated yang-library, a client might learn that > >> > ietf-interfaces is mounted under the "logical-device" mount mount. > >> > > >> > Now, the client knows that there are paths: > >> > > >> > /logical-devices/logical-device/if:interfaces/if:interface > >> > > >> > but the client doesn't necessarily have to know if the the > >> > interfaces data is implemented w/ "peer mount" or some other mechanism. > >> > > >> > > >> > So, in my view, we have: > >> > > >> > schema mount > >> > | > >> > +---- peer mount > >> > +---- alias mount > >> > +---- other cool mount > >> > > >> > > >> > > >> > As a concrete example, peer mount might be used like this (example > >> > taken from draft-clemm-netmod-mount-03): > >> > > >> > import ietf-schema-mount { > >> > prefix yangmnt; > >> > } > >> > import ietf-peer-mount { > >> > prefix pmnt; > >> > } > >> > > >> > ... > >> > > >> > list network-element { > >> > key "element-id"; > >> > leaf element-id { > >> > type element-ID; > >> > } > >> > container element-address { > >> > ... // choice definition that allows to specify > >> > // host name, > >> > // IP addresses, URIs, etc > >> > } > >> > yangmnt:mount-point "interfaces" { > >> > pmnt:target "./element-address"; > >> > pmnt:subtree "/if:interfaces"; > >> > } > >> > ... > >> > } > >> > > >> > > >> > A client that knows about the generic, abstract schema mount can > >> > work with this, without knowing anything of the specific > >> > implementation of peer mount. > >> > > >> > [Actually, since peer mount is just one implementation technique, > >> > I'd prefer to decouple the definition of this implementation detail > >> > from the data model, but that's a different topic.] > >> > > >> > > >> > /martin > >> > > >> > _______________________________________________ > >> > netmod mailing list > >> > netmod@ietf.org > >> > https://www.ietf.org/mailman/listinfo/netmod > >> > >> -- > >> Ladislav Lhotka, CZ.NIC Labs > >> PGP Key ID: E74E8C0C > >> > >> > >> > >> > >> _______________________________________________ > >> netmod mailing list > >> netmod@ietf.org > >> https://www.ietf.org/mailman/listinfo/netmod > >> > > -- > Ladislav Lhotka, CZ.NIC Labs > PGP Key ID: E74E8C0C > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod
- [netmod] kw comments on draft-voit-netmod-yang-mo… Kent Watsen
- Re: [netmod] kw comments on draft-voit-netmod-yan… Martin Bjorklund
- Re: [netmod] kw comments on draft-voit-netmod-yan… Ladislav Lhotka
- Re: [netmod] kw comments on draft-voit-netmod-yan… Alexander Clemm (alex)
- Re: [netmod] kw comments on draft-voit-netmod-yan… Martin Bjorklund
- Re: [netmod] kw comments on draft-voit-netmod-yan… Ladislav Lhotka
- Re: [netmod] kw comments on draft-voit-netmod-yan… Eric Voit (evoit)
- Re: [netmod] kw comments on draft-voit-netmod-yan… Eric Voit (evoit)
- Re: [netmod] kw comments on draft-voit-netmod-yan… Juergen Schoenwaelder
- Re: [netmod] kw comments on draft-voit-netmod-yan… Eric Voit (evoit)
- Re: [netmod] kw comments on draft-voit-netmod-yan… Alexander Clemm (alex)
- Re: [netmod] kw comments on draft-voit-netmod-yan… Juergen Schoenwaelder