Re: [netmod] leafref to lists that contain system-controlled entries

"Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com> Fri, 27 October 2017 17:46 UTC

Return-Path: <jason.sterne@nokia.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85A9B13F5AF for <netmod@ietfa.amsl.com>; Fri, 27 Oct 2017 10:46:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.69
X-Spam-Level:
X-Spam-Status: No, score=-4.69 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id duKzYlvIjQ_E for <netmod@ietfa.amsl.com>; Fri, 27 Oct 2017 10:46:21 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0105.outbound.protection.outlook.com [104.47.0.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE3C13F5AB for <netmod@ietf.org>; Fri, 27 Oct 2017 10:46:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+8FrXkoMf7KzDHa59f3Tt8Af1SYIqo2KgF2wOGtjrQo=; b=NZvlgmuYYmG9t05Ti5rave9+hDOFAt03z12xs1/RFTyv4VINAIc14tjjlL5rIxKjU/KPSiM5G+17xP3KnkrMyUunzDKY356GdYvZLXB8z2WPZyTgcGyjXI0lZhLN5lMAQn0dQwtZ++XOc0e9A/SNXoFxNfyvIMAQMfklRPy9V/E=
Received: from AM3PR07MB1124.eurprd07.prod.outlook.com (10.163.187.158) by AM3PR07MB1122.eurprd07.prod.outlook.com (10.163.187.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.3; Fri, 27 Oct 2017 17:46:17 +0000
Received: from AM3PR07MB1124.eurprd07.prod.outlook.com ([fe80::746c:4eb1:1f6a:9527]) by AM3PR07MB1124.eurprd07.prod.outlook.com ([fe80::746c:4eb1:1f6a:9527%14]) with mapi id 15.20.0178.003; Fri, 27 Oct 2017 17:46:17 +0000
From: "Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com>
To: Robert Wilton <rwilton@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] leafref to lists that contain system-controlled entries
Thread-Index: AdNETq1mxw6yfiPkS3eq6pji6usdqwCHGGKAAXuDgKAAGoxYAAChbbWQ
Date: Fri, 27 Oct 2017 17:46:17 +0000
Message-ID: <AM3PR07MB112435038E7693D15A6BC9089B5A0@AM3PR07MB1124.eurprd07.prod.outlook.com>
References: <HE1PR07MB08435A124031631CF19E92BE9B480@HE1PR07MB0843.eurprd07.prod.outlook.com> <63575583-0baa-b0eb-c729-9772988b4f22@cisco.com> <AM3PR07MB112441E99B994BEFF00CF1809B460@AM3PR07MB1124.eurprd07.prod.outlook.com> <2e520b70-9f5b-3101-d0fa-ae83dfe34fb6@cisco.com>
In-Reply-To: <2e520b70-9f5b-3101-d0fa-ae83dfe34fb6@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jason.sterne@nokia.com;
x-originating-ip: [135.245.20.24]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM3PR07MB1122; 6:tKB3QPU4dg9KBad/I876ZjBiws0U4LTU+QopUJPQId7enSph78B9gm+22ywxiQV8SDrp6p/UjP2ZDB+oaNNU8FV1N7c3T2QMQgwFjd9jGqbgc4WZazZGGyX3GkNcN3E7U4Dn1Zd7sZ8GdlVjnYyjU6bEdonpWcrG40q0Cr5g5AjAbfl2FTJmd4BVxDkFoY7oUadMT0dwXvVMNAWSWsn1rocU4HS2fQn7MZt0hQFzadKkS3G6mGswSPUSCoBqb34pX5FCqL/yvEiWmhy42XIBYijsfedRG2oG2BbhdrlSzqD1HjXXQcG87ehiMchB+Nnc/fvmaEiWVP285rWvzkUkqqWyboD/fici35RttLeW7zg=; 5:Nod4+6eWgRiUgQyo1z/GZ6oJB6A79OgoRaPq7qwkNFcA6MxUnmaCJMnroapurdPXUpZmk4g3SBUawjM6FQot5H5sHk/twtp0GyfL/4iqczHkDMza3Isjv5JbhelNbcN/ebtPxQUCA5dNzpjHUni3qhmAU1BoquDypua1iY59yok=; 24:oyg0gGQIChvtJBEFGlM4j1lShpO1pNXsbo0IP4GqEgOFDlGmXGek4I7m4lvTtJ3WMzh++zIyfuUqZCDFeaWUfWAzyBc9zkBAC83ZJGm4RWU=; 7:1qoLcdruFWJzKvJMwn++s3eh1+7iixlzLLCebGrbeubkbssxlHNTLzYGDCRxmAtpJDq23gDgfh03pLq4HHKlq4T/83j6lvs4wTepJ/1I8Uid/nCiU2PGVh1XG0h00foAPqtBzfi38iYEpscrDLE6QsNwrmXyGVy3XIKHxsOKRF7+DoMeeW7GJBQe3zFpetTR8XrlX/cibLfpxcik40aAEfISPH1Ml9dA+DVXytgzY1EwDfSec/zS9k6/q0mCJ6LS
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 73e3cfba-1f86-4cf4-6653-08d51d62a03a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(48565401081)(2017052603199); SRVR:AM3PR07MB1122;
x-ms-traffictypediagnostic: AM3PR07MB1122:
x-exchange-antispam-report-test: UriScan:(158342451672863)(82608151540597)(788757137089)(95692535739014)(21748063052155);
x-microsoft-antispam-prvs: <AM3PR07MB1122D8B755E0721F0B1EED2C9B5A0@AM3PR07MB1122.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3231020)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(3002001)(6055026)(6041248)(20161123562025)(20161123560025)(20161123555025)(20161123558100)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM3PR07MB1122; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM3PR07MB1122;
x-forefront-prvs: 0473A03F3F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(39860400002)(53754006)(51444003)(189002)(24454002)(199003)(8676002)(81156014)(6506006)(53546010)(25786009)(966005)(68736007)(6436002)(6246003)(93886005)(606006)(2906002)(9326002)(74316002)(14454004)(66066001)(97736004)(2501003)(86362001)(81166006)(478600001)(5250100002)(76176999)(8936002)(50986999)(55016002)(99286003)(54356999)(33656002)(229853002)(53936002)(7736002)(110136005)(6306002)(7696004)(54896002)(5660300001)(101416001)(236005)(316002)(3660700001)(3846002)(2950100002)(790700001)(2900100001)(6116002)(102836003)(9686003)(105586002)(189998001)(3280700002)(106356001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM3PR07MB1122; H:AM3PR07MB1124.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM3PR07MB112435038E7693D15A6BC9089B5A0AM3PR07MB1124eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 73e3cfba-1f86-4cf4-6653-08d51d62a03a
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2017 17:46:17.4038 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB1122
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/InKT1IuNGtEAz8ZwFyCaiSNT2rc>
Subject: Re: [netmod] leafref to lists that contain system-controlled entries
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 17:46:25 -0000

Hi Rob,
Please see inline.
Rgds,
Jason

From: Robert Wilton [mailto:rwilton@cisco.com]
Sent: Tuesday, October 24, 2017 8:26
To: Sterne, Jason (Nokia - CA/Ottawa) <jason.sterne@nokia.com>om>; netmod@ietf.org
Subject: Re: [netmod] leafref to lists that contain system-controlled entries


Hi Jason,

Please see further comments inline ...

On 24/10/2017 00:58, Sterne, Jason (Nokia - CA/Ottawa) wrote:
Thanks Rob.  Please see below.
Jason

From: Robert Wilton [mailto:rwilton@cisco.com]
Sent: Monday, October 16, 2017 6:40
To: Sterne, Jason (Nokia - CA/Ottawa) <jason.sterne@nokia.com><mailto:jason.sterne@nokia.com>; netmod@ietf.org<mailto:netmod@ietf.org>
Subject: Re: [netmod] leafref to lists that contain system-controlled entries


Hi Jason,

On 13/10/2017 19:43, Sterne, Jason (Nokia - CA/Ottawa) wrote:
Hi all,

There are a few threads on the mailing list that touch on the concept of system-controlled resources (mostly list entries):

https://mailarchive.ietf.org/arch/msg/netmod/3fTSHIh_MfHzmuDCoicAGiXA2E0
https://mailarchive.ietf.org/arch/msg/netmod/KIsSgKByQWpqYzA4i6Bwc8fuH3w
https://mailarchive.ietf.org/arch/msg/netmod/mjLJdiYErtNG41dJ5bJ5ji07cz0

A few drafts & RFCs also refer to the concept:
https://tools.ietf.org/html/draft-ietf-netmod-revised-datastores-04
https://tools.ietf.org/html/rfc7223

Several vendor implementations have list entries (instance data) that are populated by the server and can be referenced (leafref) from other places in the configuration.  These system entries are useful pre-created policies, interfaces, etc that can then be used (and referred-to) by operators in their explicit configuration.

If those entries are only expected to exist in the <operational> datastore, then in theory any references to them in user created configuration will cause a validation problem in the candidate/running (missing leafref target).

One solution discussed in the mailing lists is to change every reference to lists that could contain a system created entry to a "require-instance false" leafref.  But then some useful validation is lost.  In many cases the model is more correctly "require-instance true" but the set of targets includes the system create entries.

I agree that this is not a good general solution for system created configuration that is always expected to exist on the device because some of the useful validation is lost.

But I think that this solution does work well were the system created entries are truly dynamic in nature, e.g. it seems to work well for the topology YANG module where the topology may be explicitly configured, but would more normally be learned dynamically from protocol interactions, or perhaps be configured via a dynamic configuration protocol.

[>>JTS] OK - I think I follow you here.  You're saying that if there are references to truly dynamic entries, then since those entries will come and go (vs static bootup-time system entries that are always there), references to them will more likely be "require-instance false".   But that does mean the system has to allow references to non-existent entries, and you lose validation. You also risk errors like referencing a name that is just 1 char different from what you really wanted but the system can't tell you that you got it wrong.

Yes.  I don't think that you can solve this during existing YANG datastore validation, as it is defined today.

But I also think that NETCONF/YANG is potentially missing an RPC that is a step beyond validation, but before actually applying configuration.

YANG and the NMDA datastores draft makes it clear that both <running> and <intended> are always valid datastores. This means that the validation rules for these datastores really should not depend on the current hardware in a device if that hardware could be removed or change.  Otherwise, if you allow validation to depend on the current hardware capabilities, then if someone pulls out a linecard, that would cause a previously valid configuration to immediately become invalid, violating the rule that <running>/<intended> are always valid.
[>>JTS] In implementations that support templating today, the <running> is not always valid.  It is only upon expansion of the templates that you end up with a valid datastore (i.e. in the <intended>).  The template may provide missing mandatory parms, provide the actual targets of leafrefs, etc.
  I can't see a way to actually make <running> or <candidate> valid with the concept of templates  (unless we define validity as after a temporary expansion in some post-processed version of the <running> - but that would just be the <intended>).
  This problem of validity isn't specific to dynamic behavior (e.g. hardware coming & going), or to system provisioned objects.  It is a problem just with static config as well.


I think that a potential solution to this problem, is that a new NETCONF RPC could be defined that is a "<should-successfully-apply>" operation.   Processing during this new RPC would be able to check against current system resources, current hardware capabilities, etc, and would be designed to indicate whether the system expects (but does not guarantee) that the configuration would completely apply successfully without any errors or unapplied configuration.
[>>JTS] "completely apply successfully" does not necessarily mean the candidate or running are "valid" against the YANG model.
Configuration datastores would not have to always conform to this constraint, so that if an operator changed or removed a linecard, the configuration would still be "valid" (as per NMDA and RFC7950 rules) but would fail a subsequent "should-successfully-apply" check.
[>>JTS] I see it the other way around.  With template support, a <running> datastore will usually pass the "should-succesfully-apply" criteria but won't be 'valid'.






Another solution discussed is to have the system created entries appear in the <intended> datastore (as part of template/expansion).  That would make validation pass on the intended datastore, but then the candidate/running/startup datastores would not be valid (would be missing leafref targets if any part of the config refers to system created entries).  THis sounds similar to the problem that has been discussed in the past about the fact that templates (in the running) basically mean the running/candidate aren't necessarily valid (until after template expansion, which means only the intended would be valid).

I think that this solution is OK, but not necessarily ideal.

As you say, it means that <running>/<candidate>/<startup> may not be valid, which I see as quite a big down side.  Longer term, I think that it would be a good aim to allow the configuration to be validated off the device, if a client desired to do so.





Another approach could be to actually have those system created entries show up in running/candidate.  That would ensure that references to those entries are valid.  But if the whole concept of templates just cause the running/candidate to not be valid anyways maybe we wouldn't worry about the invalid aspect of references to system created list entries ?

I know that quite a few implementations do this today, but I'm generally not a fan of the system modifying <running>.  It seems that an overall architecture is much cleaner if <running> has a single source of truth and hence can be exclusively controlled by the client.

But I also like the approach where the client (rather than the device) explicitly writes these default entries into the configuration, if they are referenced elsewhere by the configuration, to make the configuration "complete".  E.g. if part of the configuration references the loopback0 interface then also explicitly add the necessary loopback0 configuration to instantiate the "loopback0" interface.  When this configuration is pushed to the device (i.e. using merge or replace operation semantics) then the system should silently accept/ignore the explicit configuration to create the loopback0 interface if it already exists on the system.

[>>JTS] Yes - that is another option and I like it.  If I follow you correctly, the server would never return these system entries in a <get-config> unless the client/operator had already explicitly 'created' them.
So the operator has the option to make the system entries visible or not.
Yes, exactly.




I think the server should still accept references to the system entries even if the client/operator hasn't explicitly created them.  The whole point is that those system entries are there and waiting for operators to use them from the start (without *having* to explicitly create or define them).   In that case the references would be 'dangling' (unresolved) as far as an offline validation is concerned (but a client could select to fix that by explicitly defining any entries they want to reference).
I think that this is OK.

Effectively, I see that being like a static system provided template for configuration that is merged with <running> to form <intended>, which is then validated.
[>>JTS] Yes.  But that means the <running> or <candidate> is not valid (but would pass your <should-succesfully-apply> check) , but the <intended> is valid.







At the moment, IETF, and other SDOs are busy defining standard YANG models, but for those models to end up being truly generic they also need to have consistency about which bits of configuration are always expected to implicitly exist on the device.  E.g. considering the example above of configuration referencing loopback0: if some systems automatically create a loopback0 interface and others do not, then a generic configuration needs to handle both scenarios.

If IETF standardizes YANG configuration templates, then perhaps it would be good to investigate whether some of these "useful default system properties" could instead be embodied into one or more standard device templates?  These templates could then be explicitly referenced in the <running> configuration.  This may allow <running> to be small, but still allow it to be "complete" and able to be validated off the box.
[>>JTS] I'm not clear on this approach.
OK, so this is just an idea:

1) Assume a YANG extension is defined to allow templates to be defined.
2) Further, assume that there is a way to store, and uniquely name some of those templates in a standard place.

So, perhaps IETF could define a template like this, which is stored as a well defined place:

<template>
  <name>ietf-basic-router-v1</name>
  <config>
    <interfaces>
      <interface>
        <name>Loopback0</name>
        <type>ianaift:loopback</type>
      </interface>
      <interface>
        <name>Null0</name>
        <type>ianaift:null</type>
      </interface>
    </interfaces>
  </config>
</template>

Now, when it comes to the configuration file for your device, it could look like this:
  <config>
    <use-remote-template>http://yang-templates.ietf.org/ietf-basic-router-v1</use-remote-template>

    ... rest of config as normal.
  </config>

So, the expanded configuration would include the explicit configuration for Loopback0 and Null0 interfaces, but that would be pulled via use of a remote template (the contents of which is probably already cached on the device).
[>>JTS] Sorry for harping on this point -> but this still means the candidate/running are not valid.  It is only post-expansion that a datastore becomes valid against the YANG model.   I'm not saying this "use-remote-template" idea doesn't have merit, but it still leaves us with the problem of invalid running/candidate.

It is also causing me to think that perhaps the transition from running->intended could also include the addition of the system provisioned objects (if they haven't been explicitly configured by the client as discussed above) as part of that 'expansion'.



How would the templates be referenced in the <running> ?  Can you give me an example ? (is this different than a direct reference to a system created entry that I am talking about ?)
The above is just an idea.  Normally I would expect configuration templates to be defined in the running configuration.  But here I was considering the idea that a template is predefined in some way, and then referenced, so that it doesn't have to be provided inline in the running configuration.



How would this allow <running> to be small ? Do the templates contain the full definition of the system created entries ?
Yes, I was assuming that the template could contain what might normally be represented as system created entries today.  Standard templates could either be defined by SDOs, vendors, or operators, as long as there is a way to reference them.

Thanks,
Rob





Thanks,
Rob





Rgds,
Jason






_______________________________________________

netmod mailing list

netmod@ietf.org<mailto:netmod@ietf.org>

https://www.ietf.org/mailman/listinfo/netmod