IETF Logo Mail Archive

Re: [netmod] New Version Notification for draft-ma-netmod-immutable-flag-07.txt

"maqiufang (A)" <maqiufang1@huawei.com> Thu, 06 July 2023 12:16 UTC

Return-Path: <maqiufang1@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9933C151709 for <netmod@ietfa.amsl.com>; Thu, 6 Jul 2023 05:16:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SqaGMJhFJUch for <netmod@ietfa.amsl.com>; Thu, 6 Jul 2023 05:16:28 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33C1FC15170B for <netmod@ietf.org>; Thu, 6 Jul 2023 05:16:28 -0700 (PDT)
Received: from lhrpeml100002.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Qxb5y5yjwz683Pb for <netmod@ietf.org>; Thu, 6 Jul 2023 20:13:26 +0800 (CST)
Received: from kwepemm000020.china.huawei.com (7.193.23.93) by lhrpeml100002.china.huawei.com (7.191.160.241) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 6 Jul 2023 13:16:25 +0100
Received: from kwepemm600017.china.huawei.com (7.193.23.234) by kwepemm000020.china.huawei.com (7.193.23.93) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 6 Jul 2023 20:16:23 +0800
Received: from kwepemm600017.china.huawei.com ([7.193.23.234]) by kwepemm600017.china.huawei.com ([7.193.23.234]) with mapi id 15.01.2507.027; Thu, 6 Jul 2023 20:16:23 +0800
From: "maqiufang (A)" <maqiufang1@huawei.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "Rob Wilton (rwilton)" <rwilton@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] New Version Notification for draft-ma-netmod-immutable-flag-07.txt
Thread-Index: AdmPAUCQTktnNaidT1uVXyTqmjjWPa93RzEAr2aWGUChWoVQAP/+ZCxwgAYyBQD/+42owA==
Date: Thu, 06 Jul 2023 12:16:23 +0000
Message-ID: <73386f263e9046faa61d5014d8c87e69@huawei.com>
References: <9a7d1b8bc5a84ed086816c0e64a6b869@huawei.com> <0100018878be1759-3cc2ba8d-7a67-4c6e-88c6-abfd98441495-000000@email.amazonses.com> <BY5PR11MB41969B4B6E51E261F0404077B54EA@BY5PR11MB4196.namprd11.prod.outlook.com> <fd193929826847af8d2eadf56c8333c5@huawei.com> <BY5PR11MB4196386EEC680EC0D3F2E844B52AA@BY5PR11MB4196.namprd11.prod.outlook.com> <5d3d8aa7b2f6496dbcf129cc7ce31a3a@huawei.com> <010001891c4f75ef-2a386ed9-a4b7-4f2d-aa0d-a498df88efb2-000000@email.amazonses.com>
In-Reply-To: <010001891c4f75ef-2a386ed9-a4b7-4f2d-aa0d-a498df88efb2-000000@email.amazonses.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.118.147]
Content-Type: multipart/alternative; boundary="_000_73386f263e9046faa61d5014d8c87e69huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/FWP_ukO7D-caqI66EiS8QnVD1gw>
Subject: Re: [netmod] New Version Notification for draft-ma-netmod-immutable-flag-07.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jul 2023 12:16:31 -0000

Hi, Kent


Cherry picking a few items below.


[Rob Wilton (rwilton)]
I think that the document is unclear about how it interplays with the system datastore, e.g., I find very few references to the system datastore, so I think that it would be helpful for that to be clarified.
[Qiufang] Sure. That’s true, most of the references to system datastore document only appear in the use case appendix, I agree that this should be more explicit, to point out that only the server can create immutable configuration, and thus immutable data appears in <system>(if exists). A client may create a same value of immutable node as in <system> (e.g., to fulfil leafref constraints), but is not allowed to modify or override (https://www.ietf.org/archive/id/draft-ietf-netmod-system-config-01.html#section-5.4) immutable node with different values. Will clarify in the next version.
But I think we don’t necessarily want immutable flag to be coupled with system datastore, that is to say, even a server doesn’t implement a <system> datastore, it could still be possible to have non-modifiable system configuration somewhere (e.g., in <operational>), and thus an immutable flag could be helpful in this case. Make sense?

The WG extracted the immutable-flag idea out of, at that time, the “with-system” draft, for this reason.
Exactly. When we were discussing the “with-system” draft (about 2 years ago), we were trying to identify all categories of system configuration, like resource-dependent vs. resource-independent, applied-immediately vs. applied-after-referenced, deletable system config vs. non-deletable system config, modifiable system config vs. non-modifiable system config…
However, I only recall one case used for justification (see below).  It would be good to identify others cases.
Yes, your case provided blow is one of them, others I can recall are like, the well-known "interface problem" : The system configures an interface when it’s physically present with its name, ip-address, type, enabled, etc., the user is allowed to add, modify, and delete all descendant nodes but except the "name" and "type" leaf; the hidden and immutable junos-default group which contains system predefined system configuration for comment use; the immutable system capability related configuration (e.g., case in https://www.ietf.org/archive/id/draft-ma-netmod-immutable-flag-07.html#appendix-A.1).
The one case I recall, is when a device implements the concept of sub-devices, whereby NETCONF-clients connect to the sub-device, and have the illusion of being connected to a real device, using the same YANG and everything, just with lesser access.  For instance, the parent/host device may be able to set, e.g., the MTU on an interface shared with a sub-device, but the MTU value is immutable to sub-device NC-clients.

This validity of this case is questionable.  Specifically, that it is a case independent of system configuration at all.  It seems reasonable to opine that the MTU is, in fact, system configuration from the POV of the NC-client.



If this is the case, then I’m not sure that I understand the value of the “extension immutable”, can you give examples of where this would be useful please?
[Qiufang] The “extension immutable” is considered to be used if a particular data node is always considered to be immutable independent of any its instance(s).
A YANG extension makes immutability even visible for the client at implementation time (not just runtime), Therefore, the client has the opportunity to avoid error response in its NMS design/development time due to attempts to override immutable configuration.

We do have an open issue regarding should the "immutable" metadata annotation also be returned for nodes described as “extension immutable” so that there is a single source of truth.

Regarding the open-issue.  Food for thought.

Assuming a client supports servers implementing this YANG module, how often do we expect the client to request configuration (get-config) with the immutable annotation included?  Would it be all the time, or only when a server returns a write-access error?
I assume it won’t be too often, since the immutability must only change by software upgrade or license change?
Each time when above factors occur, a client may include a "with-immutable" parameter in its request to query the contents of <system> or <operational>, then understand what system configuration cannot be overridden.
Or simply do nothing, but query the immutability of certain system nodes until an RPC error returned.
What’s the overhead and does it matter?  Recall, the flag is hierarchal, so if returned for immutable nodes also set in the YANG module, via the extension statement, there’s a compression that occurs that may result in the overhead not being so bad.
By “compression”, you mean omission?
Indeed, the metadata annotation of immutability doesn’t have to be explicitly declared for every node, since most can be omitted by default inheriting the immutability of its parent node. If not specified, the default immutable annotation value of a top-level node instance is immutable=”false”.



Possibly, if the WG decides to adopt this work, it might be worth considering whether this would be better documented as part of the system datastore draft?
[Qiufang] Since we have decided to limit the scope of immutable flag to system configuration and not support non-transactional APIs, it makes sense to me for it to be documented in the system datastore draft.
But as I mentioned above, we would like the immutable flag to work even when the system datastore is not implemented.
Even that said, I'm open to this, and okay to document it as part of system datastore draft if the WG thinks it's a good idea.

Currently the “system-config” draft has an Informative reference to this draft.  Should it be a Normative reference, and the “system-config” draft state definitively that system data is marked as such per the “immutable-flag” draft?
I think it is a good question.
I have Just re-read some statements regarding normative and informative references (https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/):
“Normative references specify documents that must be read to understand or implement the technology in the new RFC, or whose technology must be present for the technology in the new RFC to work.”
I am thinking whether we’d really like to mandate this, since immutable flag is intended to provide descriptive information for the client, and even nothing can prevent the client from ignoring it and still tries to override an immutable node.
And also, immutable-flag draft doesn’t apply to the server which doesn’t have any immutable system nodes.

Or do you mean to fold the “immutable-flag” draft back into the “system-config” draft (merge two drafts into one).  I personally do not wish for this.  Even if another immutable-flag use is never found.
Not sure if this is what Rob had in his mind. But I think I agree with you, I kind of hope we can draw clear boundaries between these two drafts.

Regards,
Rob

Best Regards,
Qiufang

Kent

Best Regards,
Qiufang

v2.23.0 | Report a Bug | By Email