Re: [netmod] a few comments on draft-wilton-netmod-opstate-yang

[Martin Bjorklund <mbj@tail-f.com>]

Robert Wilton <rwilton@cisco.com> wrote:
> 
> 
> On 08/02/2016 19:41, Martin Bjorklund wrote:
> > Hi,
> >
> > Robert Wilton <rwilton@cisco.com> wrote:
> >> Hi Martin,
> >>
> >> On 08/02/2016 13:45, Martin Bjorklund wrote:
> >>> Robert Wilton <rwilton@cisco.com> wrote:
> >>>> On 06/02/2016 00:41, Andy Bierman wrote:
> >>> [...]
> >>>
> >>>>> IMO, this solution is a non-starter.
> >>>> OK, and yet my understanding is that the folks requesting a solution
> >>>> to the opstate problem are saying that the applied datastore approach
> >>>> is also a non-starter, or at least very undesirable.
> >>> But the key to finding a solution that works for everyone is to
> >>> understand *why* a datastore is a non-starter.  As I noted in a
> >> [Caveat - I don't speak for the OpenConfig operators, this is just
> >> my perception from previous drafts, conversations, implementing some
> >> of the OpenConfig models]
> >>
> >> My understanding is that they want something this is very similar to
> >> how the OpenConfig models look.  After all, their preferred solution
> >> to the opstate problem would be for IETF to standardize on the
> >> approach used in OpenConfig model design.  E.g. all config nodes are
> >> defined in groupings, and then instantiated under both "config" and
> >> "state" containers.
> >>
> >> I believe that their concerns are primarily about how the operators
> >> systems interact with the models from a management client
> >> perspective rather than device implementation concerns.
> >>
> >> With the OpenConfig model/approach they get:
> >>   - The choice of having one single tree that contains all the data
> >>     (intended, applied and derived) - but can be split into multiple
> >>     trees if they wish.  (I.e. with their model they have no
> >>     requirement to be aware of separate data stores at all.)
> >>   - Every piece of data in that tree has a unique path to identify it
> >>     (makes the data easy to interact with).
> >>   - The intended config, applied config, and derived state can all be
> >>     programmatically compared.
> >>   - Related information is co-located in the tree (e.g. if you were
> >>     browsing the data tree).
> > Here's a slightly updated version of a drawing that has been used to
> > explain how configuration data flows through the system:
> >
> >    [candidate] -> [running/intended] -> [applied]
> >                          |
> >                          v
> >                      [startup]
> >
> > We used to have three instantiations of configuration nodes, now we
> > have four (applied).
> >
> > Three of these are datastores.  They can be programmatically compared
> > (even without data model knowledge).  Note that a "datastore" can be
> > viewed as a label (with associated semantics) of an instantiation of
> > these nodes.
> >
> > It is unclear to me why applied must be special (modelled explicitly
> > rather than a named instantiation of the nodes).
> 
> I would say that applied configuration differs from the other three in
> that it isn't really configuration at all.
> 
> It is a just a representation of what the system is currently doing,
> but to make it easy to relate back to the configuration it happens to
> use an equivalent schema as for the configuration (but logically with
> the config:true labels replaced with config:false).

Just like "running" is not writable in a server that supports
"candidate" but not :writable-running.

> Given that the applied configuration is operational state, technically
> I think that it should just be part of the existing "operational
> state" datastore.  But then the problem is that the nodes have the
> same path as the intended configuration nodes in the running
> configuration datastore and hence the namespace will collide during a
> get request ...

This is a problem/known issue with <get> in NETCONF.  There have been
various proposals to fix this, e.g. Andy's "get2".  I'd rather fix the
problem in the protocol once, than in all data models.


> > Your list above applies only to the intended,applied subset of the
> > instantiations.  If you want to e.g. check how startup differs from
> > running you need a different mechanism than to check how applied
> > differs from running, which means different code paths etc.
> >
> >> With a datastore solution, I think that it means:
> >>   - Either they have to put intended and applied config into separate
> >>     trees, or they have to come up with their own scheme to combine
> >>     them into a single tree (given that the cfg intended/applied names
> >>     clash).
> > Do you mean in their proprietary protocol?
> No, I was meaning in the proprietary management systems application
> code.
> 
> >
> >>   - If separate trees, to ensure paths are unique they would need to
> >>     prefix every path with the name of the datastore/tree (hassle).
> > I don't see why it would be such a hassle; compare:
> >
> >    /intended/interfaces/interface[name='eth0']/mtu
> >
> > vs.
> >
> >    /interfaces/interface[name='eth0']/config/mtu
> I think that the existing protocol messages (e.g. NETCONF/etc) don't
> explicitly include the datastore name in the request/reply.  Often the
> appropriate data store is inferred from the context (or the request).
> Hence more code is needed to add/remove the datastore name when
> appropriate.
> 
> E.g. when I do a get request on
> "/intended/interfaces/interface[name='eth0']/mtu" I need to remember
> to strip off "/intended", and ensure that I frame the request to the
> right datastore.  And when I get a rpc-reply from a get-config request
> I need to know the context of the request so that I can annotate the
> reply with the appropriate datastore.

... just like I have to remember to remove the last occurance of
"config" and replace it with "state" to get applied.  This (path
handling) is trivial in both solutions.

> What if I want to get both
> "/intended/interfaces/interface[name='eth0']/mtu" and
> "/applied/interfaces/interface[name='eth0']/mtu"?  Do I need to split
> this into two separate requests and combine the responses?

Currently yes.  Just like if you want to get both the values from
startup and from running.  Also in this case, I'd prefer to solve the
problem generically in the protocol.


/martin


> So, given the choice between the two paths above, once of them seems
> to involve more code and work on the client side, and more chance of
> mistakes/confusion.
> 
> Rob
> 
>