IETF Logo Mail Archive

Re: [netmod] AD review: draft-ietf-netmod-revised-datastores-08

Andy Bierman <andy@yumaworks.com> Thu, 21 December 2017 22:50 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38D281201F2 for <netmod@ietfa.amsl.com>; Thu, 21 Dec 2017 14:50:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 97wXAtpvCVpG for <netmod@ietfa.amsl.com>; Thu, 21 Dec 2017 14:50:03 -0800 (PST)
Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 800A91200C5 for <netmod@ietf.org>; Thu, 21 Dec 2017 14:50:02 -0800 (PST)
Received: by mail-lf0-x22f.google.com with SMTP id c19so9722304lfg.3 for <netmod@ietf.org>; Thu, 21 Dec 2017 14:50:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=/8gKGoYKheamw9+4sep2/0vmhZ7G2rDIf6aRObibprE=; b=CrS3mKrd1/8IsYtfse2aDZ7bXMmsUqM6qO2xpRksc88wBnIQ9yIhsZiOTFfv7RqQD5 F7tvPCn1EPsspaSRElmPpQXdLuSWI+LL8PzMOqFlsjERgzTYiV3bQAvELHuaN29TkOFk 6OMkrSnWsXaPh0+Id4B5xpYB8QtrQPttRgSaqWp6+Ht7ORtKsgEdbG3E+sHUm2s6rGKa tAI6NxMY6jdMwBU1oxYEWw0Jm3/UVJ7YLUWdAqPGF2Am3XumgRvy3uZTlebmJmXiNwJB 9iRQb4svATfccgUxxL7jFtVjIgJY00ro+9MXkQuOJSvHoxjJ+FWRGaIHKtVvddakGUSJ uXTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=/8gKGoYKheamw9+4sep2/0vmhZ7G2rDIf6aRObibprE=; b=bqM1LreXiVQ/eXpajNJwSGNcsZz7CjuvN7TLz7iU3+WmJt9p4539OFHNzxQMpIttZk Vjv767kr8X7i3sHHmypBd3URutxcLOeQAGz9g1UTQOV2qd2O8YIU4UBT5mMjpjPIIMsa 0vX563/r8PQ77bMGCyRkwUv/NG59tggQN2ejNA2CNjUNbiK3x7z2VA1d/Ngrgvdd5vKK gz/hfTw+f3E/Qe9/1xpY9BTuTX7XWUvaA6pXsfNPc3tBWCHdJtKg3jWVebs8D4kYQGDZ MISauqMmW45C+VJiz9FuYu4AhPHQinkRKI88rH1W+7TsnUnHDUUf2KkoppxctLPNug6s sc9w==
X-Gm-Message-State: AKGB3mJnf4qUrWh/3yscmtxUeUuUmlA+lqD6Qv6JGO456TlsJ33P8Ku3 MCj+6LkhSAi+/6fdxmSMsl9+XzL/NFY7Z5YDf/R07g==
X-Google-Smtp-Source: ACJfBout+qT7MHxDxl88cYcqMzoZ0sdWQ2A/F33ivoGb7BxVLNX+REmI5p2+mhVUe3vbnJI1Y1ssKDvmAxMwvznT0XY=
X-Received: by 10.46.83.9 with SMTP id h9mr7635819ljb.68.1513896600642; Thu, 21 Dec 2017 14:50:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.33.81 with HTTP; Thu, 21 Dec 2017 14:49:59 -0800 (PST)
In-Reply-To: <20171221222742.izrmwpbiwgoc7col@elstar.local>
References: <e2fd599f-7547-d2f7-d450-f67a3f409ae1@cisco.com> <fe856e5c-5760-9bb9-ace3-cec0cfb39278@cisco.com> <79d1baae-397d-883e-3bc0-e1c5f71fc4f8@transpacket.com> <64f59023-e000-18c4-8830-29ba6e9be7e9@cisco.com> <6e899e21-8931-b61c-3b73-6c8a8a1c912a@transpacket.com> <20171221132030.7zebh2xkhddmql3c@elstar.local> <e268a6b6-9024-be90-0225-3cd191185d97@transpacket.com> <20171221222742.izrmwpbiwgoc7col@elstar.local>
From: Andy Bierman <andy@yumaworks.com>
Date: Thu, 21 Dec 2017 14:49:59 -0800
Message-ID: <CABCOCHSULx3XjmWK8PjynJ-8Se3+cav9A7d7VeYLs2u5jppf=g@mail.gmail.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Vladimir Vassilev <vladimir@transpacket.com>, NETMOD Working Group <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="f4030436096e1bbab90560e185cd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/BYf-QBfA6fQfb-QQzhN8bFM4yVE>
Subject: Re: [netmod] AD review: draft-ietf-netmod-revised-datastores-08
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2017 22:50:06 -0000

Hi,

It should be clear somehow that server requirements to provide config=false
data
that is valid according to the YANG definitions is not affected by NMDA.
That is not being taken away.  The ability to validate operational values
of configuration data has never been provided, and therefore is not being
taken away either.

A constraint on config=true nodes only applies to configuration datastores.
These are the only constraints that should be ignored in <operational>.
Constraints on config=false nodes still apply in <operational>.


Andy



On Thu, Dec 21, 2017 at 2:27 PM, Juergen Schoenwaelder <
j.schoenwaelder@jacobs-university.de> wrote:

> On Thu, Dec 21, 2017 at 07:52:54PM +0100, Vladimir Vassilev wrote:
> > On 12/21/2017 02:20 PM, Juergen Schoenwaelder wrote:
> >
> > > On Thu, Dec 21, 2017 at 02:03:45PM +0100, Vladimir Vassilev wrote:
> > > > On 12/21/2017 11:34 AM, Robert Wilton wrote:
> > > >
> > > > > Hi Vladimir,
> > > > >
> > > > > First point of clarification is that this is not about
> running/intended
> > > > > at all.  The contents of running/intended do not change in anyway
> > > > > depending on whether hardware is present or absent.
> > > > >
> > > > > The section is only concerned with how the configuration is
> applied in
> > > > > operational, and basically says that you cannot apply
> configuration for
> > > > > resources that are missing (which seems reasonable).  E.g. I cannot
> > > > > configure an IP address on a physical interface that isn't there.
> Or if
> > > > > the physical interface gets removed then the configuration
> associated
> > > > > with that interface is also removed from operational.
> > > > >
> > > > > Operational isn't validated and data model constraints are allowed
> to be
> > > > > broken (ideally transiently).
> > > > I want to focus on this. IMO giving up schema validitiy for any
> datastore is
> > > > unacceptable price. Pre-NMDA devices had full model support in
> operational
> > > > data (all YANG constrains part of the model without discrimination
> were
> > > > enforced).
> > > There was a long debate about the value of returning the true
> > > operational state. What do you do if the operational state is invalid?
> > > A server can reject configuration changes if they lead to invalid
> > > state, a server can not reject reality.
> > IMO if the model can represent reality then data conforming to the model
> > can. If not a better model is needed not a hack that breaks the datastore
> > conformance to the YANG model. I do not see how
> > /interfaces/interface/oper-status=not-present was not representing the
> > reality of a system with removed line card that is configured and ready
> to
> > resume operation as soon as the line card is reconnected.
>
> I assume this is all system and implementation specific. If your
> system knows about interfaces that are not present (i.e., there is
> operational state about them), you can report these interfaces.  But
> 'is configured' is confusing here. I am not sure a line card that does
> not exist should be considered configured. But yes, this may be system
> specific. Anyway, draft-ietf-netmod-rfc7223bis-01.txt still has
> oper-status 'not-present' - so this seems to be a mood point.
>
> > > > If this is about to change it will compromise interoperability
> > > > and a significant portion of the client implementation workload that
> can be
> > > > automated will need to be coded in hand and tested. Unresolved
> leafrefs,
> > > > undefined behaviour of different implementations removing different
> > > > configuration nodes in violation of YANG semantic constraints (which
> I do
> > > > not think can be so clearly separated from the syntactic constraints
> when
> > > > one considers types like leafref, instance-identifier etc.) and the
> > > > corresponding side effects based on the server implementators own
> creativity
> > > > is eventually going to create more problems.
> > > >
> > > > 1. IMO the only acceptable solution is to have YANG valid operational
> > > > datastore at all times. operational like any other datastore MUST be
> valid
> > > > YANG data tree and it has to be a system implementation task to
> consider all
> > > > complications resulting from the removal of the resources leading to
> any
> > > > data transformations. If this is difficult or impossible other
> mechanisms to
> > > > flag missing resources should be used (e.g.
> > > > /interfaces/interface/oper-status=not-present) This sounds like a
> useful
> > > > contract providing the value of a standard the alternative does not.
> > > As said above, it is impossible to report valid operational state if
> > > the operational state is not valid according to the models.
> > >
> > > > 2. Even with the change in 1. I do not see the removal of intended
> > > > configuration nodes from operational as a solution worth
> implementing on our
> > > > servers. I do not see a real world plug-and-play scenario that can be
> > > > automatically solved without specific additions to the models e.g.
> > > > /interfaces/interface/oper-status=not-present is oversimplified
> solution but
> > > > it needs to be extended exactly as much as the solution provided by
> the
> > > > removal of config true; nodes without the sacrifice of YANG validity
> of
> > > > operational.
> > > Your thinking is likely wrong. <operational> reports the operational
> > > state. It may have little in common with <intended>. Trying to derive
> > > operational from intended is likely a not well working approach.
> > The proposal for this solution ("derive operational from intended" e.g.
> > merge /interfaces-state in /interfaces) comes from the revised datastores
> > draft not me.
> >
> > By definition config true; data represents intent. Reusing the model of a
> > config true; data to represent state absent of intent (e.g.
> > /interfaces/interface with origin="or:system") is a hack. The hack works
> > fine without compromising the conformance of operational to the YANG
> model
> > as long as certain conditions are met. I am pointing out that one of the
> > conditions is to keep all of the intended configuration data present in
> > 'operational' and handle missing resources with conventional means e.g.
> > /interfaces/interface/oper-status=not-present instead of adding the
> straw
> > that breaks the camel's back.
>
> I fail to see why you believe all objects that appear in intended
> configuration needs to exist in applied configuration. In fact,
> operators told us very clearly that they care about the distinction
> between intended and applied config.
>
> > > > 3. Solutions like /interfaces/interface/admin-state stop working.
> With the
> > > > interface removed you can no longer figure if the if-mib has or does
> not
> > > > have the interface enabled so an operator has to use SNMP or wait
> for a
> > > > replacement line card to be connected to figure this bit of
> information.
> > > At least on my boxes, if I remove a line card, the interface also
> > > disappears in SNMP tables. Stuff that is operationally not present is
> > > simply operationally not present.
> > >
> > > > My
> > > > interpretation of the MAY as requirement level in sec. 5.3. The
> Operational
> > > > State Datastore (<operational>) is that plug-and-play solutions can
> be
> > > > implemented without this limited approach that has the same problem
> as the
> > > > pre-NMDA only now we have to have /interfaces-state to keep config
> false;
> > > > data relevant to hardware that is configured but not present:
> > > >
> > > >     configuration data nodes supported in a configuration datastore
> > > >     MAY be omitted from <operational> if a server is not able to
> > > >     accurately report them.
> > > >
> > > > I realize this discussion comes late. I have stated my objections to
> this
> > > > particular part of the NMDA draft earlier.
> > > I believe there is a conceptual misunderstanding. I think there never
> > > was a requirement that a server reports the state of hardware that is
> > > not present.
> > "Data relevant to hardware that is configured but not present" is
> different
> > from "state of hardware that is not present". For example information
> > indicating when the line card became unavailable, what was the reason, or
> > other information like how many packets that had this interface as egress
> > destination are being dropped as a result of the removal.
>
> I think that systems handle non-existing interfaces differently. It
> seems that ietf-interfaces is flexible enough to accomodate the
> differnet styles.
>
> /js
>
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
>

v2.23.0 | Report a Bug | By Email