Re: [netmod] WG Last Call: draft-ietf-netmod-yang-module-versioning-05
Reshad Rahman <reshad@yahoo.com> Tue, 19 April 2022 13:12 UTC
Return-Path: <reshad@yahoo.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DA173A1893 for <netmod@ietfa.amsl.com>; Tue, 19 Apr 2022 06:12:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ROFD7CfMCwO for <netmod@ietfa.amsl.com>; Tue, 19 Apr 2022 06:12:51 -0700 (PDT)
Received: from sonic313-13.consmr.mail.bf2.yahoo.com (sonic313-13.consmr.mail.bf2.yahoo.com [74.6.133.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1072A3A184B for <netmod@ietf.org>; Tue, 19 Apr 2022 06:12:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650373969; bh=jrXLyzsk0PLSJVDjemWOy/ex1fnZ0+YQ+JIy1FEihnM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=Es8WuBhg935KtutY11lHwHP8vkHzy4qEneoTIfBuRT6a+uMWpm2b8JgBUz/D6rtgUmcrPvjdF+acYD5uLFzwA7k5HNhUqlsDOt5dEWT4cNAFieP0EdL+qJOo58QYmyfsNfPF4LEF3y8uluy6XKYdDs5vVeYGftAkMqsynf5n8JkOGYe+jBCx240S1/JFszULrCK0BQENrJPQ6LHhyrEzsGpsBUrIYy8kIuyQMqwdsP7wysiXIp68lBOyp1s5K9f7Di81m10rswfsmBtFLf6Lr9sLxhPKkH3SJAA3CoI4xIAbfoVr3t7RLwkN1eDCgtPnf9SBPhvZHvgQX5xve0DCGg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1650373969; bh=q8LhX9yFGteKMNB68o8SeE7Bvu+ExdAt3VGigjB6NjB=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=alEj/wwtwwAvNZb1osiA5pF6iN25C3SoERMXGD4GgjF3FB0kGrX+MDy4Y1MQawTYdVvbO0v0Rat2hIu9MbARkkWbYnFZSN1Cq2SeYsBf0ZLDen5SzESLGE0IHuKKoM6C/4IWIhgsn1rhstUS9Xsgzkt3VszSl0QnygnwEXYAI9hCrMKuZzq1zLiE6vIaStvdtGtdtwBuM9QHYS083/2JvsFKQ9tt1Fw0MaSBQ6vK32vMdcLuRVVtUt3oyWru6VoDhDGSeEDbjA3JyIDNIk8UeueHPnhgq7Tj9ZwfUU+Js24ov8/552HQUf4hTwq1rrrRfvxdgt/9W/pzIQHLiIth6A==
X-YMail-OSG: _TmB_PkVM1mRkOCh3Oi7fuJCkQK5bFB7Fi7o_lWrpzOWQFdzZKhfikx_D9FVIcO SiNiQtTgF6gc_cM6RZjTIUYzLzwmImtDT7vX3v.gsagzAe7X.JB6aAwHQ8JmncfhdvlBP.KlXcox XN3_S1bLrxLbPpLdt8VBf3KuLKDswHom1cat4vFTvKnKcZV9cqbqcs8Z_lXtbgatdJFCD3XPmmqC rNtFqS2zuhuhFU0VcRO.T8EYBdmww9wRl6_LXEoD9pFloBaPQGDKL_Prenyv03oHDTppElIlFpJQ aXBLH8Zbq6WkcmHLBt_pOXK3PjTj4J.fR6_8vSfn3M3Q4hbSDy3OZ1i1HHh1SWgsM8dezUSr5Yjo LmpXK.loulMC4rwsNE0kBSLdP4feQRoRmEySdSPqEIAOHl0Iag1UYwjBUrwrD8UWZMnYOmgL9OzP ZN6I8EBinyzP_WInzD_uIc6OLwM5PUB0uXQMopjZV2PkPM3Ml6y0kaMTmjoOYaLSGvYN8pg9n842 2JeDECfwrqNuiEMSpsGdc37oahUsDEwzAO6Amqaic00Lu5aiia2S09s5EH6vM.TZfbou3GJQOEmL UURonMRufKHHF0LHcazCXTSRxeXxO5Zq3JkoYkBwRtlGHm55oplDs.W63NEWKSmI.kH5AQSOwE6w aSTeVCPN1tpHnvxU5wEnYjrwgjA_LP_jXWkP_GnT2aq0Ng5Abu0Yg58.ui_YCHnxZgakSKanNGoV mDxoDuFrdaXyjgnPIzR4deQFfIfAUIx2zIkrziVuRN6_tHqm6gRibCf1TE6CJqPIZTccka8h68Wf r1OKeWHAcRwPtOx00tJZC8NmcjfJl9xyBpOoyOyQQDal1szcbup6i486Gey6V7.McewTGiVHQn.J d3rJ0QW3GaPjcMepK5IHRcaXHYMgNrJI0udw7XP6VeUonAIsSxvDBMBkk1TYnkUlrxOBhPSg6lrm r6gycyYCNt4MMpaoL1VoGXVZiols6yzu95RazEZ5Ub1W_wE3Ib0jpjliTdhIy.pnf8gsuXb4GatK .v8AoMlBNZuKKEiGsvInsh8U6HHEsNaG4Q.9sOW8oMGMoWmQjQjHhxaVwZ8Kk9xymRDvUVLFbHbr Rl7F.n8djv27AQ433ilqhneyHKqP.bGRKHac2MWgO1wld2eCp4YD0awRsDKAyQcHFybUYatE7HuC FzygyO7DsGHee82WdsNJCcuWnz2g4GdNU29lfNzCbKZaV8s5vFIDMWoyjM5FBun2i_tfZCEd7tDW NGLrG75Kg6dml6ixU_CJaBuJpdXOVFMrU8lXN70n_Mz121pVoZVa9rPTPzMG7kQNrgKKfAE1WrY1 sZJ3w.ZcxUdU4x7es6JJJw0k8l0jIN8Pbf7HGNrYh1Vl00AoSUDtnt9rVFxBvk_osBlEIa9cSpp2 aY_H45spYK3ffJTqjv5F8H6mEj.bPp73G2YI6EHeJ2l3rTLW2OnnFiuWnYXd5jg7fMZvP8z1bi38 GWG5Kgtc1mKSKTF2rq429T4GjaGfpg4D6ygUM6gMFeC1KJ8u8DaL5HDqpB757GqXvKJglgVDzESl b_YEbZXo0zR2Um.UpuRy0FTHs_S2bgx9YQrklK48xIbZoFnsH8mC1Lu8XDfdjXFCRio086j2RCw1 3XI5BBMi99v8eSUWmMN3lcbSYv1OlznfvsGOvyA5w_BhXWDDz3FSqTG.tDLf6TJc6emDRDMYk6I7 t4hxYpTleIXfpXcQomQRxAqsBEPXGM.UuDUo6mYQANQ4DMOOHTlAL51FMnYwDSlUG4B8BsNkowQW 68L.pyIugizYjL0FTrnQ.WNM9fkVPqEZykIXgtbm9YqvMJfzX6C7PdZ6ukfhFjL.aHG0RrFeB9Lw A03Ao3tBaSY6rTxC2ceKDekPueT9d2UyWEEomMkhuVvLWIo35.R7fDhJAee3J0ZqPh55K.2wwn4E y7qs5OhJcHxk.J2IfVuqesyqvkAnPgs4xtotjGHT8ztOUBSJ4stA4EraLZhUf2wcxgGxQ58jXV2j QExToFwTMFxTbFPWGmHfz.j2Rh84fmmJ.LWsmP63sj8Oi2uDhebS0HkAVfK61w8.8t8cJatsaeqw MOVnJfyaIxkrnwMFyriy7DCgwnbeDwH3e.NCqsDv__u1qn_EnThP1qPaWc4BINOjf.Kb0T3QreDb Hsdpp_seAiNMlvCH.Bz2MOxRXAQwYkF26z3hwdOTMNDPbQHdR37CK5QH58uTLXMYE5_xOp6EFGtf ftd3P4c9beTOhOrp1Bh47XCR0Vf3Q.ljJz2gyo.y.OH68olXwIVAG0HoJiD4Ne3cRIvy2m0CLvpt It4XVFnS8zeCtfuLC82ykE8KMc0WwtxiCrTxwfdxScnI-
X-Sonic-MF: <reshad@yahoo.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.bf2.yahoo.com with HTTP; Tue, 19 Apr 2022 13:12:49 +0000
Date: Tue, 19 Apr 2022 13:12:43 +0000
From: Reshad Rahman <reshad@yahoo.com>
Reply-To: Reshad Rahman <reshad@yahoo.com>
To: Lou Berger <lberger@labn.net>, Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de>
Cc: NetMod WG Chairs <netmod-chairs@ietf.org>, NETMOD Group <netmod@ietf.org>
Message-ID: <497864281.58976.1650373963888@mail.yahoo.com>
In-Reply-To: <20220306110716.y5het4vjj6y3dfg6@anna>
References: <51ecbad2-c13b-1f31-a17e-ea2f40eadd6c@labn.net> <20220306110716.y5het4vjj6y3dfg6@anna>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_58975_537049548.1650373963884"
X-Mailer: WebService/1.1.20048 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/Gnf2eZdlPgL5PCCb1m28lWG8ahA>
Subject: Re: [netmod] WG Last Call: draft-ietf-netmod-yang-module-versioning-05
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2022 13:12:57 -0000
<Apologies for the delay>
Hi Jürgen,
We are still discussing some of points in your email in the weekly meeting, we will send a consolidated response soon.
Regards,Reshad.
On Sunday, March 6, 2022, 06:08:04 AM EST, Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de> wrote:
Hi,
below is my last call review.
Document: draft-ietf-netmod-yang-module-versioning-05
Date: 2022-03-06
* 1. Introduction
Is it "module lifecyle problems" or "module versioning problems"?
Can we perhaps be even more explicit? I also note that
[I-D.ietf-netmod-yang-solutions] has seemingly expired, perhaps this
document is not needed if we revise the introduction a bit and make
it more descriptive. And why are SDOs, vendors and industry
mentioned as explicit targets? Here is an attempt to make a
constructive proposal:
NEW
The current YANG [RFC7950] module update rules require that updates
of YANG modules preserve strict backwards compatibility. This has
caused problems as described in [I-D.ietf-netmod-yang-versioning-reqs].
This document recognizes the need to sometimes allow YANG modules
to evolve with non-backwards-compatible changes, which can cause
breakage to clients and importing YANG modules. Accepting that
non-backwards-compatible changes do sometimes occur, it is
important to have mechanisms to report where these changes occur,
and to manage their effect on clients and the broader YANG
ecosystem.
This document defines the foundation of a flexible versioning
solution. A companion document [I-D.ietf-netmod-yang-semver]
extends this work by introducing a semantic versioning scheme. In
addition, [I-D.ietf-netmod-yang-ver-selection] provides a schema
selection scheme that can be used by clients to choose which
schemas to use when interacting with a server from the available
schema that are supported and advertised by the server. This builds
on [I-D.ietf-netmod-yang-packages], which provides a mechanism to
group sets of related YANG modules revisions together into so
called YANG packages. Finally,
[I-D.ietf-netmod-yang-schema-comparison] specifies an algorithm
that can be used to compare two revisions of a YANG schema.
* 3.4.1. File names
- This looks like a SHOULD/MAY clash, what do you really suggest
here? Better don't use RFC 2119 language if the guideline is kind
of contradictory. ;-)
YANG module (or submodule) files MAY be identified using either
revision-date or revision-label. Typically, only one file name
SHOULD exist for the same module (or submodule) revision. Two file
names, one with the revision date and another with the revision
label, MAY exist for the same module (or submodule) revision
An implementation needs to be able to find the modules. If the
revision date is the unique key used by imports, then probably the
@ form needs to be there while the # form is nice to have? Well, I
am not really sure what the text in the I-D suggests. Perhaps it
says it SHMAY be implementation specific. ;-)
If we want interoperability at the file name level, a clear and
unambiguous baseline may be helpful. If we do not expect that,
there is no need to write rules using RFC 2119 keywords.
* 3.5. Examples for updating the YANG module revision history
Assuming the 2.x line is backwards compatible but the 3.x line is
not. How do I figure this out from the linear revision history
sorted by dates? Is the idea that I always only have a single branch
in the revision history in a module? Or can there be multiple
branches documented? Can branches merge again? If I can include the
history of multiple branches, is the idea that tools have to
understand the semantics of the revision labels to reconstruct the
revision history graph in order to make sense of the
rev:non-backwards-compatible markers? The linear order could easily
lead to misinterpretations, revision 2019-04-01 is BC but it would
appear in chronological order after 2019-03-01, to which it is NBC.
* 4. Import by derived revision
I agree that import by revision or derived is better than import by
revision and it would work great with the existing YANG module
update rules. That said, I do not see how it will work great with
update rules that allow BC and NBC updates. If we support richer
update semantics, we will need richer mechanisms to express
compatibility and it seems wrong to put that information into the
YANG import statement. To me, it seems much more reasonable to
maintain the compatibility contraints outside the module such that
updates on the compatibility rules can be made without having to
touch the YANG modules.
To fully automate things, it might be desirable to actually tag the
specific definitions that changed. When module A imports from B, it
matters what A is using from B. Perhaps the idea is that algorithms
compute this on the fly. I fear not all changes may be decidable to
be either BC or NBC. Has it been considered to have markup at the
statement level that provides details such as when something was
added, when something had an NBC change etc? Once you have markup at
that level, tools can decide whether an importing module is affected
by changes in an imported module or not.
It seems we are doing things backwards, we mark modules as having
NBC changes and then tooling may try to figure out what the causes
are. Would it not be easier to tag what has changed and then tooling
can calculate the rest?
I am not sure of this:
The argument to the "revision-or-derived" extension statement is a
revision date or a revision label.
Why is it useful that the value can be a revision date or a revision
label? I assume you also expect there to be a partial order on the
labels, no?
A particular revision of an imported module satisfies an import's
"revision-or-derived" extension statement if the imported module's
revision history contains a revision statement with a matching
revision date or revision label.
I am not sure, perhaps because I am not sure whether the revision
history can reflect branches. If I say revision-or-derived 2.1.0,
can I then get 3.0.0 (which is in a different branch)?
Yes, revision-or-derived is what we should have had in YANG. I fail
to see how it is useful in a versioning scheme that supports NBC
changes and some level of branching.
The "revision-or-derived" extension statement does not guarantee
that all module revisions that satisfy an import statement are
necessarily compatible; it only gives an indication that the
revisions are more likely to be compatible.
So how is this useful? The name "revision-or-derived" may be a
misnomer, it seems you really have "none-before". The name
"revision-or-derived" suggests a promise that is not really there.
I believe compatibility constraints need maintenance and grow to get
complex. Managing them inside of imports is in my view not a good
and scalable idea.
Adding, modifying or removing a "revision-or-derived" extension
statement is considered to be a BC change.
How can that be? Such changes fundamentally change how imports are
resolved.
Example 2 finally tells me by way of example what derived means. I
suggest to define the notion of "derived" earlier. The example seems
to suggest that derived is along the partial order induced by the
version labeling scheme (and this means tools need to be able to
reconstruct the versioning tree (can it be more than a strict
tree?). If this document is expected to work with different
versioning schemes, it seems this document needs to spell out which
requirements a versioning scheme has to satisfy for this document to
work properly (e.g., that there is a defined partial order on
version labels).
If a module import statement could resolve to more than one module
revision defined in the datastore schema, and none of those revisions
are implemented, then the import MUST resolve to the module revision
with the latest revision date.
Why has the latest revision date been chosen here? Just asking...
And has this anything to do with the versioning work or was this
just a convenient place to fix the ambiguity?
* 5.1. Updates to ietf-yang-library
Is this section here because it is essential to fix this ambiguity
for the versioning work or is this here just because it was a
convenient moment to fix this ambiguity?
7.1. Guidelines for YANG module authors
[...] If all dependencies have been updated to not import specific
revisions of a module, then the corresponding revision statements can
be removed from that module.
This seems to be somewhat pointless for open standard YANG modules
since there is no effective procedure I can imagine to determine
whether all dependencies have been updated. (Well, not sure what
dependencies means, I assume it means there are no modules anymore
importing a given revision.)
7.1.1. Making non-backwards-compatible changes to a YANG module
o NBC changes can be sometimes be done incrementally using the
"deprecated" status to provide clients time to adapt to NBC
changes.
Not sure what this means. Also note the double 'be'.
o NBC changes are done at once, i.e. without using "status"
statements. Depending on the change, this may have a big impact
on clients.
Not sure either, likely because I did not understand the previous
item. The third bullet also leaves me a bit puzzled. It seems as if
there is a relationship between NBC changes and status changes. If
so, this may need to be spelled out more clearly.
The detailed description of the "incremental" approach that follows
is helpful. Perhaps the bullets can simply be removed and we keep
the incremental approach as the suggested one?
8. Module Versioning Extension YANG Modules
- Replace '\d{4}-\d{2}-\d{2}' with the pattern used in RFC6991bis
(the \d does some surprising things, so I dropped it everywhere).
- RFC6991bis introduces the type revision-identifier but given this
work is getting stable it seems more logical to call the type
revision-date. This is also the term RFC 7950 uses. And I think
revision-date should be defined in ietf-yang-revisions and not in
RFC6991bis. (I guess we once called it revision-identifier
because there was no clear understanding yet that we will have a
revision-date and a revision-label.) Note that dropping the
definition of revision-identifier from RFC6991bis and defining a
revision-date type in ietf-yang-revisions also causes the
dependency on ietf-yang-types to go away.
9. Contributors
- Typo 'Discussons'
- Perhaps just list the names of the contributors comma separated
instead of making this a longish list.
10. Security Considerations
- I wonder whether confusion about versions can lead to exploitable
vulnerabilities. If client and server disagree on the meaning of
values, this may lead to exploitable situations. With the move to
allow NBC changes, a server may implement different semantics for
a given leaf and this probably deserves a warning. In a world
where semantics of definitions can change, client and server need
to be sure they work with compatible definitions.
- Another scenario to mention could be a system provisioning NACM
rules. Such a system may fail generating proper access control
rules if there is ambiguity about the version of a YANG module
implemented by the server for which NACM rules are provisioned.
In fact, a system provisioning NACM rules may need to provision
rules that continue to work even if client and server negotiate a
version for their interactions.
A. Examples of changes that are NBC
- I believe enlarging the value set of a data node is allowed, the
wording 'any changes that change or reduce the allowed value set'
seems to disallow this. Perhaps you wanted to say 'any changes
that reduce the allowed value set' instead?
* RFC 7950 compatibility
An RFC 7950 compliant implementation will treat
import example-module {
rev:revision-or-derived 2.0.0;
}
as if were
import example-module;
and hence it may import a revision that is not in the 2.0.0 branch.
I believe this is a problem. An RFC 7950 implementation will also
consider deprecate -> obsolete a legal BC change. I believe that
changing the YANG RFC 7950 update rules fundamentally must be done
in such a way that parsers not understanding the new rules fail
instead of producing surprising results (e.g. by bumping the YANG
version number.)
Even if this document is implemented by a parser, the parser may get
import example-module {
rev:revision-or-derived omicron;
}
without knowing what the possible labels are and what the order
relationship of them is. It seems that the revision-label-scheme
statement has to be mandatory and a parser needs to stop if the
announced revision-label-scheme is unknown to the parser.
On Mon, Feb 21, 2022 at 12:20:34PM -0500, Lou Berger wrote:
>
>
> All,
>
> This starts working group last call on
> https://datatracker.ietf.org/doc/draft-ietf-netmod-yang-module-versioning/
>
> The working group last call ends on March 7 th.
> Please send your comments to the working group mailing list.
>
> Positive comments, e.g., "I've reviewed this document
> and believe it is ready for publication", are welcome!
> This is useful and important, even from authors.
>
> Please note that once WG Last call is complete, this document will be held
> and submitted as a set with the other versioning documents (once they are
> ready) for publication request to the IESG.
>
> Thank you,
> Lou (Co-Chair & doc Shepherd)
>
>
>
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
--
Jürgen Schönwälder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax: +49 421 200 3103 <https://www.jacobs-university.de/>
_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
- [netmod] WG Last Call: draft-ietf-netmod-yang-mod… Lou Berger
- Re: [netmod] WG Last Call: draft-ietf-netmod-yang… Jürgen Schönwälder
- Re: [netmod] WG Last Call: draft-ietf-netmod-yang… Italo Busi
- Re: [netmod] WG Last Call: draft-ietf-netmod-yang… Lou Berger
- Re: [netmod] WG Last Call: draft-ietf-netmod-yang… Reshad Rahman
- Re: [netmod] WG Last Call: draft-ietf-netmod-yang… Reshad Rahman
- Re: [netmod] WG Last Call: draft-ietf-netmod-yang… Jason Sterne (Nokia)