IETF Logo Mail Archive

Re: [netmod] OpsState and Schema-Mount

Ladislav Lhotka <lhotka@nic.cz> Wed, 10 August 2016 11:39 UTC

Return-Path: <lhotka@nic.cz>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDD4D12D7A5 for <netmod@ietfa.amsl.com>; Wed, 10 Aug 2016 04:39:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MstftrvsjFC for <netmod@ietfa.amsl.com>; Wed, 10 Aug 2016 04:39:35 -0700 (PDT)
Received: from trail.lhotka.name (trail.lhotka.name [77.48.224.143]) by ietfa.amsl.com (Postfix) with ESMTP id F06EA12D159 for <netmod@ietf.org>; Wed, 10 Aug 2016 04:39:34 -0700 (PDT)
Received: from localhost (unknown [195.113.220.110]) by trail.lhotka.name (Postfix) with ESMTPSA id 608AF1CC00D1; Wed, 10 Aug 2016 13:39:46 +0200 (CEST)
From: Ladislav Lhotka <lhotka@nic.cz>
To: Andy Bierman <andy@yumaworks.com>, Robert Wilton <rwilton@cisco.com>
In-Reply-To: <CABCOCHQQSojKJTz-ABkOGVqegY9Db3+BqHUmdWv08pu22XdFrA@mail.gmail.com>
References: <bed9398c-0e6a-450e-d2ac-b381b6bebf87@cisco.com> <5296754B-8178-4B1B-B4A6-FE228ABB8E7F@juniper.net> <9367f4b1-7814-e175-32e8-d518438b841d@cisco.com> <m24m79c1ja.fsf@birdie.labs.nic.cz> <D3BF8708.72620%acee@cisco.com> <552008CB-F216-4578-A709-AE0613C2EFB9@nic.cz> <12ed1a4d-44c5-9a51-b6d4-95e1620a24ee@cisco.com> <m260roedim.fsf@birdie.labs.nic.cz> <CABCOCHRF98sTa=MA1VTkZovOufL-=yQr9Gzy+ojnncjSfK1y0Q@mail.gmail.com> <e307c2fc-e621-b5c6-4fcc-67bbcdcb87b9@cisco.com> <20160729163220.GA3579@elstar.local> <68421198-703c-bb26-0fcc-f560e6fe108d@ericsson.com> <100B5D71-C23E-4C72-9EA2-2DB6574DEB87@nic.cz> <5153eab1-8d87-6e3c-3b54-441f683695e4@cisco.com> <D3C7B1A4.7482A%acee@cisco.com> <18066971-3353-b13f-04fa-e214a47ab9a7@cisco.com> <D3C8C14F.74A40%acee@cisco.com> <3175490B-E8DA-4819-B294-C64D1A7D8A40@juniper.net> <CABCOCHRuzTTBM-9OU5GaXS_fHmpNSn5Yp-3K6oXF33SeObSonA@mail.gmail.com> <2e78a895-84d3-6381-ca34-f49a830f3bb0@cisco.com> <CABCOCHQQSojKJTz-ABkOGVqegY9Db3+BqHUmdWv08pu22XdFrA@m ail.gmail.com>
User-Agent: Notmuch/0.22.1 (http://notmuchmail.org) Emacs/24.4.51.2 (x86_64-apple-darwin14.0.0)
Date: Wed, 10 Aug 2016 13:39:31 +0200
Message-ID: <m2eg5wn98s.fsf@birdie.labs.nic.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/IxLAiqXOuPcwsy-Z1BOEBzc15E4>
Cc: netmod WG <netmod@ietf.org>
Subject: Re: [netmod] OpsState and Schema-Mount
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2016 11:39:38 -0000

Andy Bierman <andy@yumaworks.com> writes:

> On Tue, Aug 9, 2016 at 5:24 AM, Robert Wilton <rwilton@cisco.com> wrote:
>
>> Hi Andy,
>> I don't properly understand the points that you are making, please see
>> clarifying comments/questions inline ...
>>
>> On 08/08/2016 22:51, Andy Bierman wrote:
>>
>>
>>
>> On Mon, Aug 8, 2016 at 1:16 PM, Kent Watsen <kwatsen@juniper.net> wrote:
>>
>>> Acee writes:
>>> >    Then I see no YANG language barriers in collapsing config and state
>>> trees
>>> >    - the model root just needs to be “config true”.
>>>
>>> Great, I think we’re all agreed.  Can we now discuss the text I proposed
>>> for 6087bis?  - here’s the link to my proposal:
>>> https://mailarchive.ietf.org/arch/msg/netmod/-zbXNhw2BJYMyrBT9nnCwoLAJ0s.
>>>
>>>
>> IMO this effort to avoid 2 containers is not well thought out.
>> Some concerns:
>>
>> 1) modularity
>>     placing the monitoring objects within the configuration means the
>> monitoring
>>     cannot be used on its own
>>
>> If it is one module with two top level augments (foo and foo-state) then
>> this problem still exists.  Hence, please can you clarify why converging
>> them on a single root node means that monitoring cannot be used on it own?
>> Wouldn't a device need to use deviations in both cases to strip out the
>> config nodes that they are not supporting?
>>
>>
> Before the "rule" I can choose to place monitoring in its own module
> without any reliance on other modules.  If the monitoring does not
> share indexing, what value is there in putting it in the config tree?
> I see none except a poor attempt at model classification.

Sometimes it may indeed make sense to keep configuration and state data
schemas in different modules. For instance, it may be useful (or even
necessary) to have common configuration but different state data for
different implementations, e.g. when devices use vastly different
internal architectures.

One example are packet filters: while it may be possible to have a
common configuration for Linux nftables and Cisco ACLs, monitoring or
debugging either implementation requires access to what the system is
doing under the hood, i.e. system-specific state data and counters.

Lada

>
>
>
>>
>>
>> 2) access control
>>     placing the monitoring data within configuration means the
>> monitoring-only clients
>>     need write permission turned on for the nodes they can access for
>> read-only
>>     This relies on granular and complex NACM rules which require regular
>> maintenance.
>>
>> Again, I don't quite follow this, in the specific example that I have
>> regarding putting a RIB under a config true NP container, I would have
>> thought that NACM read access would have been sufficient for a
>> monitoring-only client.  Is that not the case?
>>
>
>
> If the monitoring is rooting under config=true nodes, then those config=true
> nodes need to be created somehow.  A client with write access is probably
> required.
>
>
>
>>
>>
>> 3) YANG conformance
>>     placing the monitoring data inside the configuration means the
>> configuration
>>     will be required for conformance; it is not likely to be just 1 NP
>> container.
>>
>> Similar to my response to the first question, I thought that conformance
>> was done on a per module base, not a per sub-tree basis.  So even if you
>> have top level 'foo' and 'foo-state' as part of the same module don't you
>> run into the same conformance problem?
>>
>>
>>
> Much easier to solve the conformance since /foo-state does not need any
> objects from /foo
> to exist first.  Creating the /foo container means that all config=true
> requirements for
> that container must be implemented (or complex deviations used)
>
>
>>
>> 4) pointless;
>>    given that new RPC operations are needed to access applied config, the
>> only data not
>>    affected (and moved under the config container anyway) is stuff that
>> does not share
>>    the same indexing, or counters which are not part of the opstate
>> problem.
>>
>> Sorry, I don't really follow this one.  The original opstate draft put
>> forward by OpenConfig was asking for both applied-configuration and derived
>> state (e.g. statistics and other state) to be co-located under the same
>> structures.  The original discussions focused on applied configuration, but
>> when this was being discussed more recently the desire for a solution to
>> the co-located derived state was also discussed - which is why both
>> draft-schoenw-netmod-revised-datastores-01 and
>> draft-wilton-netmod-refined-datastores-01 propose solutions to this
>> problem.
>>
>
>
>> There are also benefits to merging this data:
>>
>> 1) Having co-located config and state data means that clients can easily
>> request config and state for a related object in a single request
>> 1b) Having co-located config and state makes it easier for clients to code
>> - they don't need to unify data across two (potentially different
>> structures/indexes).
>> 1c) Having a single structure, means less copying of the same organization
>> structure into both config and state sub trees (which could be a source of
>> bugs)
>>
>> 2) Having a single root makes schema mount work more nicely, it avoids a
>> duplicate hierarchy.
>>
>> 3) Finally, I also agree with Kent, in that merging these makes the models
>> easier to read and removes a historical wart.
>>
>>
>
> I don't agree with any of these "benefits".
> The protocol can be made to solve these problems. (1) is already solved.
> (1b) is pure speculation about implementation cost.
> (1c) also makes subjective implementation assumptions
> The new problems that are raised just make YANG worse and full of CLRs
> that confuse people trying to learn YANG.
>
>
>
>
>> Thanks,
>> Rob
>>
>>
>>
> Andy
>
>
>>
>>
>>
>> Andy
>>
>>
>> Hint: the first few edits are just nits...skip over the first few
>>> paragraphs until you start seeing large blocks of changed lines...
>>>
>>> Kent // as a contributor
>>>
>>>
>>>
>>> _______________________________________________
>>> netmod mailing list
>>> netmod@ietf.org
>>> https://www.ietf.org/mailman/listinfo/netmod
>>>
>>
>>
>>

-- 
Ladislav Lhotka, CZ.NIC Labs
PGP Key ID: E74E8C0C

v2.23.0 | Report a Bug | By Email