IETF Logo Mail Archive

Re: [netmod] system configuration sync mechanism

"Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com> Fri, 13 August 2021 21:02 UTC

Return-Path: <jason.sterne@nokia.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA0173A263C for <netmod@ietfa.amsl.com>; Fri, 13 Aug 2021 14:02:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.352
X-Spam-Level:
X-Spam-Status: No, score=-2.352 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R0wkMZiFxI3f for <netmod@ietfa.amsl.com>; Fri, 13 Aug 2021 14:02:34 -0700 (PDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2130.outbound.protection.outlook.com [40.107.92.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DF2C3A2638 for <netmod@ietf.org>; Fri, 13 Aug 2021 14:02:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K2MbbbzsDOnu5Diqrq+KlIn1fumusBEXdtCyiv/NW2ySOf03qSFsc+lqKXvPngAeYtihS/s/qskh2jsMu1a4JdpwuVoI8hewCqpMwUXNCaDg619Psq5MbfAmkSisM9LfPywWBfD3juBrMrV67/418kfTd6b/zhrCaEubrEbS7A9YlWRF4Xxu1JqqE4CHrAkGY08KZEVtM9xc3phd8nYWRqHZmXMwTNuRf+ivEv/ACpOin1amdgZY2IU6hbH8Gge6darLhKW4pN7J/BvHjQWLkg6kNKYULPpGwmYCkDasdIejiA01tHPMogng/dfqGSxfbDH/ha36s2zSj9LmYJA0gQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+xUuOTOAoOCMnfuLZ2CSBjxCTGATzQT8tjR8U3afdK4=; b=AndF/x8OGIShx1szIfnNca3y4jBuzTnj+eVYovbuWpMa2G8vexE16vRjEvaWFSkIRl8mjzLRwcnfmYTCANcwIfqdpsc2yd/aVOrz41+80ggz6qLs+ShCaJjPxfXTJ7Y3KUaj/PhSEr3jRvYDKJv3v3eCkIP0Jovdb9PKq7GVbEuRYkx9wuSwC/kcTOZeS7tjDBZwg4Bh5v/8hJ1LoR0WVXPLVG9vxZEC/zjqSd2ziU4kgHCBrsDoJQHYjNdVbzU/6xWfoQNXngujSRC6BBjh5g+vNeQflsnC3Y+/A9qz0AIoPbKs87BCiHU4B7LVyhImZ6FUPA0K595hHCwWywgkug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+xUuOTOAoOCMnfuLZ2CSBjxCTGATzQT8tjR8U3afdK4=; b=P9PwOFD1DvfEl6GzTTVjz5Tl51ejftMTs0qbyrBoxqhAgiL5AUpn7DNZ0FO5GEb4rzTTR8iMGzCuUsxKbwgBb5IsZbxaIDJe6+WGy1T6DEVPo4GTGXYV6vRRXKUsS09fFGbBw03iNxb+68cN3n52AZp2JSq8U7kKSPTikuM4W5Q=
Received: from DM6PR08MB5084.namprd08.prod.outlook.com (2603:10b6:5:41::29) by DM5PR08MB2412.namprd08.prod.outlook.com (2603:10b6:3:70::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.16; Fri, 13 Aug 2021 21:02:32 +0000
Received: from DM6PR08MB5084.namprd08.prod.outlook.com ([fe80::1c4f:c615:7111:f171]) by DM6PR08MB5084.namprd08.prod.outlook.com ([fe80::1c4f:c615:7111:f171%5]) with mapi id 15.20.4415.017; Fri, 13 Aug 2021 21:02:31 +0000
From: "Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com>
To: Andy Bierman <andy@yumaworks.com>
CC: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Kent Watsen <kent@watsen.net>, NetMod WG <netmod@ietf.org>
Thread-Topic: [netmod] system configuration sync mechanism
Thread-Index: AQHXiTj1ANBqfgbXY0OJQ2APDweat6truCeggAAPsACABi4fAA==
Date: Fri, 13 Aug 2021 21:02:31 +0000
Message-ID: <DM6PR08MB5084455E315E53F63BF7C9D29BFA9@DM6PR08MB5084.namprd08.prod.outlook.com>
References: <CABCOCHR+E7uh5EOxXaMaFEBb-Oi0U_4G41Z=Jwk3mUAcodnAPg@mail.gmail.com> <0100017b1128b30f-fe4c9258-3392-476a-ae21-604d2a80f523-000000@email.amazonses.com> <20210804133956.p73si5f63t4esmcj@anna.jacobs.jacobs-university.de> <CABCOCHSmHOQnSXwfHVr8p=2Xx8ERThtAtVk8iWgYObqNuqfo4Q@mail.gmail.com> <BN7PR08MB50739BBC55241126003EBC399BF69@BN7PR08MB5073.namprd08.prod.outlook.com> <CABCOCHQQHtSP47HVPu3+KXi1wK0qwfTh-Sw5z=9pF47RjsqByw@mail.gmail.com>
In-Reply-To: <CABCOCHQQHtSP47HVPu3+KXi1wK0qwfTh-Sw5z=9pF47RjsqByw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: yumaworks.com; dkim=none (message not signed) header.d=none;yumaworks.com; dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 080cccab-d2e1-4785-46f0-08d95e9daae0
x-ms-traffictypediagnostic: DM5PR08MB2412:
x-microsoft-antispam-prvs: <DM5PR08MB2412B62183679B3E0293C1739BFA9@DM5PR08MB2412.namprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rKz53mbWloa6PWqn7R3ISSPzNTXhZqN+rUq5RvnF6cr4zdie5NHA/eYE6sV04J793Kb77xWx0Rl8bDTdjY8CRS82kBReK8K9qallwhVCt32zNxYCB4U6Dwm1p/Co5j/iVzn6Vs0ekd6S9oWPpH45EGWvaPiPqLBIoWOCqwXC8lJYNZ5OhmkfQhER7XSBA0F8Sz0UlCe9DsvAx2WlcZSOfTILFBVtjT2ChyEIE/rL0ugpFHrws1TAN9h28+f/aW5apksRq1IDCDUmUvSDo78I2NSAjYv9Ifz/uHcfP1zsikKXau+3Qp02/bsDeHemsKsB1e2fSXHKqOLilaj7kmvgZox6CsRjW3Z9bBHxMZsaVTeI9F27/QYskDGznWNuOFsMWXlJbawqbHn7HvD2pzF+eZqorArZwUSovT8cAImxAAEYIPNyYHSNRTgKVIwkdO0NzkGhOxJZeKSKyCAxg78YdM4GFSPRBIcGir0rcZGy7vv7LcDqOXUxnK9GKKtphgKvC0I7YZcCsl7jnEuqkHlufkTu8y2buySnlrg6kSuhsgnM6BDMEq//abnvn8dEhT7Zs6j0+4Xi5ZGtx6V8WkYDy4McVxrqqt0QSCXt2cU6F78o2p1f48z0PJEJ188jVSUoF93jj66c9wLohMeZqK4znyjwD2zsvpA2szxAQvBPzHb8zBoFubQGLNmY6F9Vj4zuMB+h9EDVYGgx7c/7LDzvOzomSi3nx4J3mugiyy0B+z6bzzySbeOf0iZcwluX29OAB4OfddqSdub3kdnH3CtJWRDWT0gv4800L8vgrJvoafJl3CRUs+9EF8sjjL4/7U0ZkLp5coDEE5LgxrsTOjpM3w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR08MB5084.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(396003)(346002)(366004)(136003)(39860400002)(316002)(166002)(38070700005)(6916009)(52536014)(55016002)(5660300002)(33656002)(7696005)(64756008)(26005)(8936002)(478600001)(54906003)(8676002)(66476007)(53546011)(71200400001)(66946007)(38100700002)(186003)(122000001)(966005)(9326002)(66556008)(66446008)(2906002)(83380400001)(76116006)(9686003)(86362001)(4326008)(6506007)(66574015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rPK8bzooUap8UNZg9maKww+zsQHcssiIUFfEeJgQsKwCx1gIxgjaBPzHXmsAfgE1pL1AK0KYmJYYepZ6UsOCMPIETaa57+xe68qR8tOMkKtNMGDqxrF6zP0ZObgyoH9Jk33mEfpYXEr+k9tKv5UBxnZptb81O+C1WLkk3+t0OvtD01RvN30mBcq0Vp949lXc2qfuMd49WVEflnJG56pc7e3i4SW5RgWpFox+MXRhZKKt6/1RIdxgAS6/MHEdWgKJg7Vx/X8KtRCmga9bEXr2wej7+EyCbFLZpFU8PS07lxcDl+8dTzNEoWk18KRUJE0kbXqbvdRIzKIYu78tAfh7Vgm34iJQ6O0CDkCx9O81gzUqqZ3zeqXnxTY+jBOVqHWlfQf9yizHxZX1raLmex9M4GWGnWtPYedplpAYrJ5yBR5vBP4p7ixuTNZ9ZndVAIiil2mU4suxnG4VVqGfqRJERjJKEkw4Qoja6l4d9FpmcG5SJkigqz24TXkeGfNOIAsJC/+q/tL2WTSsstk3/SOTxX2ttXRSuSVLleKrG35nWWIVDiZenNAWm+KTw+ay5OMcikx1g+PNn3nPF4Jd7t8aKWseYUufXrAZt4s3E1WwvyWNu0XOxs/q1MdI4fh88WRQVh6Dmqh/uoa2h8BszSxem2SgUHox+Zzh8EAiG98AOM/Hx1fXT8mNWBN7PJaYSkxGHfUMT/dbE4lFIrCYXOztrIxmbPs8NMttcKtDc3uRthY+6wKglZPY/qeubX/eUSaGRhflraT65aG/vMrGkOz0LK1HUPxwZOu0HclwNPczPkHz10COhgtlTmew+00Qhvc2vcrVn0I6Mf5W//W3QAGaGicyJNPcgMz0fG60NWBXzSIcg+huLzapheuzoZIqn7YpKNGJ7oRFpghAOHwJSHzeMa1Yc9NGgTjL6NIiVeq07pif3T25OwUGDRBd8OM/s7IhrBh0Vdg0s6XJEWi1EVkWjxymTzS4OU/AplfJ44a22KKcjOEaBi3viNl3KLZJkANlQCcWBab88ARWwSt+8sSN+EeNDcnOMg6bhwXbuYgu3L/xILz96/ImwoLRsvgVcScbP2id8xDYvjXV75miSG+qppQmZQBXWBT5Qx9kAGooYulhKMVN2oJKysLdVffwLDWSPjChpdlmWvInLJp1Z/epxdD+hFisEz96AScVGwbBankUGAZAqvTlWYDheqXX6jQms7Vj+PgwQN1gnb5xD8gYv275oC/TfiInQKvM/cZ8XSDZMCcAcoXu0/uADuaGjwg5AuOjJhtjri/aaimivEd6BOwRRdROvYTKbjNM2Ua91HqSR1n/Fss+ukQDZTe0NsbB
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR08MB5084455E315E53F63BF7C9D29BFA9DM6PR08MB5084namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR08MB5084.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 080cccab-d2e1-4785-46f0-08d95e9daae0
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2021 21:02:31.8267 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: H6GKFZ2Xl1BP1fm+TbqlYQjZiWA+ifCqmXohzx+wi1NdZ80WH9eyuUItEWwQ4aUrczznpGrtnJNDVdn5nt7F1Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR08MB2412
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/ERmwCg6fVkPtbYn_Vkcgf9J6dJU>
Subject: Re: [netmod] system configuration sync mechanism
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2021 21:02:41 -0000

Hi Andy,
Pls see inline.
Jason

From: Andy Bierman <andy@yumaworks.com>
Sent: Monday, August 9, 2021 6:23 PM
To: Sterne, Jason (Nokia - CA/Ottawa) <jason.sterne@nokia.com>
Cc: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>; Kent Watsen <kent@watsen.net>; NetMod WG <netmod@ietf.org>
Subject: Re: [netmod] system configuration sync mechanism



On Mon, Aug 9, 2021 at 2:51 PM Sterne, Jason (Nokia - CA/Ottawa) <jason.sterne@nokia.com<mailto:jason.sterne@nokia.com>> wrote:
Hi guys,

I'm late to the game on this thread but I did read through the entire thing (whew - can't promise I absorbed every nuance though). I am familiar with this issue. I've been dealing with it from the server implementation side (some clients *do* complain if there are references to missing "system config" list entries).

One of the pretty fundamental issues IMO is whether we want good ol' standard <running> to always be valid (including for an offline client or tool to be able to validate instance data retrieved from a server against the YANG models). Even without this "system config" topic, we already have a looming problem with config templates & expansion.  Servers with YANG models that document a lot of constraints (e.g. leafrefs, mandatory statements, etc) are more likely to hit this issue of an invalid running config (offline).

I'm doubtful that it is easy for a client to know how templates are expanded for all given servers. Unless that expansion is fully standardized (which would be challenging given multiple different shipping implementations in the industry), there can be some subtle corner cases and it can be complex (multiple levels of template application, exclusion rules, etc).

I agree there can be dynamically added system config (e.g. create a new qos policy, and some queue list entries are automatically created inside that policy).

Note that config added by the system could be deletable or non-deletable. For deletable items there were some previous discussions a few years ago that those list entries could be simply a default config that is populated if the startup datastore is empty at boot time.

The system config list entries could also have leafs that are modifiable and leafs that are immutable. For the modifiable objects I think this is basically the system merging the explicit config with the system config (with the explicit taking precedence).

Perhaps a lot of this system config is a legacy hold over from human-driven CLIs. For machine interfaces maybe it's reasonable to have clients explicitly define their config *if* they need offline validation of <running> to succeed (i.e. allow clients to explicitly configure any of the system config policies they are actually using & referencing).  In many cases, users want the "master" view of the config to live up in the client/OSS side and just push it down to the server (without having the server touch the contents of the running, i.e. a read-back should return identically what was sent).

It might be good to set up a virtual interim or call of some sort to discuss this one. It is pretty complex.


I think Balasz captured the 2 use-cases very well.
[>>JTS: ] I looked back at Balasz' email and I don't see clear use cases. Do you mean his P1, etc principles ?

For implementations that combine the system into <running>, undoing
this behavior would be quite disruptive and therefore not likely to be done.

[>>JTS: ] I'm not necessarily advocating for the existence of a <system> DS, but there are various implementations for this problem space and some don't put these system objects (list entries) into <running>. I'm doubtful about automatically putting system config into <running>. That means the client no longer really owns/controls <running>. Readback won't return what was sent. The definitive <running> would then have to sit on the server (i.e. can't have the client as the definitive view/ownership of running).

It would help to have some common understanding of the contents of <system>.
Maybe start with the well-known "interface problem".  The system configures almost empty physical interfaces.
The user is allowed to add, modify, and delete all descendants except the "name" and "type" leaf,
which are set by the system.

In this case <running> will have the /interfaces/interface nodes in them (or else the client-accessible
nodes could not be represented in NETCONF).  So any config=true XPath can point at name or type leafs
in <running> or <operational>.
[>>JTS: ] An alternative is that these interfaces are *not* added to <running> unless a client explicitly adds them. The server could potentially consider leafrefs to them valid even if they aren't explicitly added. But if a user has a workflow that does offline validation, then they could explicitly add the interfaces into <running>

I have heard that <system> is needed because it has nodes in it that do not exist
in <running> or <operational>, but could exist.

The premise is that the server could have created these nodes
but it did not for some reason.  And the client can inspect these nodes and somehow
force the server to change the nodes it adds to <running>. (So what is the real use-case then?)

Retrieving the system-created nodes with origin=system is already supported by NMDA.
[>>JTS: ] I don't think reading these nodes from <operational> addresses the issue. Clients do a <get-config> from <running> (or maybe <intended>) and want to be able to validate that config against the YANG model (without having to do additional reads from operational).






Jason


Andy



From: netmod <netmod-bounces@ietf.org<mailto:netmod-bounces@ietf.org>> On Behalf Of Andy Bierman
Sent: Wednesday, August 4, 2021 9:59 AM
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de<mailto:j.schoenwaelder@jacobs-university.de>>; Kent Watsen <kent@watsen.net<mailto:kent@watsen.net>>; Andy Bierman <andy@yumaworks.com<mailto:andy@yumaworks.com>>; NetMod WG <netmod@ietf.org<mailto:netmod@ietf.org>>
Subject: Re: [netmod] system configuration sync mechanism



On Wed, Aug 4, 2021 at 6:39 AM Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de<mailto:j.schoenwaelder@jacobs-university.de>> wrote:
The figure in RFC 8342 section 5 documents what was agreed upon
before. System configuration flows into <operational> but not upwards
into <running>. Over the years, we discussed several corner cases
(including things like configuring a new user and the system
automatically assigns an unused uid, which afterwards needs to be kept
stable). While there are for sure tricky corner cases, I am not
convinced that the model defined in RFC 8342 for the general cases is
wrong and that merging a new system datastore into <running> is the
right approach. If people want to change the model documented in RFC
8342, then they should make an explicit statement about this and
provide strong reasons that the model is flawed or incomplete.

Note that the model does allow having a system client merging config
into <running> (ideally controlled by an ACM so that such a client can
be turned off if it leads to surprises).


This is a solved problem in proprietary ways.  It is simple to treat system config
as an access control issue.

I am quite concerned that NMDA is getting extended in ways that lead to
confusion and poor interoperability.  Adding a new datastore is very serious.
IMO ANY new datastore (even factory default) should be standardized in
a new version of NMDA (replacing RFC 8342).

A datastore has a lot of baggage
   - YANG library
   - YANG XPath evaluation
   - subtree and XPath filtered retrieval
   - usage in RPC operations (ds:datastore data type parameter)

Every time a datastore is added, all the existing RPC operations that use
datastores need to be clarified wrt/ support for the new datastore.
(Of course this is never done, leading to lots of interoperability issues)

I am quite confused by the XPath discussions because XPath can only
access existing nodes (i.e. the "accessible tree")
https://datatracker.ietf.org/doc/html/rfc7950#section-6.4.1

So what does it mean for the system datastore to contain possible values that
cannot be represented in <operational>? The accessible tree cannot include
these values, so XPath-based validation cannot use them.



/js


Andy


On Wed, Aug 04, 2021 at 12:34:45PM +0000, Kent Watsen wrote:
>
> I am confused by the confusion  ;)
>
> You all know that JUNOS implemented this concept before YANG was even a thing, right?
>
> Admittedly, it’s not a “datastore“, but flexing the NMDA is where we can do better.
>
> A “with-system” mechanism could also work.  The only downside is the inability for a client to get only the system configuration, without the rest of <running>.
>
> Please stop stating/suggesting “config true” nodes are referencing “config false” nodes,  or that config is referencing operational state.  There is no intention to break either of these tenants here.
>
> I think that some folks just joined the conversation and may have missed out when we covered all this before.
>
> The draft needs to be updated to more clearly identify the goals.
>
> K.
>
>
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org<mailto:netmod@ietf.org>
> https://www.ietf.org/mailman/listinfo/netmod

--
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email