Re: [netmod] Comments on NMDA-04

Robert Wilton <rwilton@cisco.com> Thu, 28 September 2017 16:28 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2231B132D44 for <netmod@ietfa.amsl.com>; Thu, 28 Sep 2017 09:28:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IhVGn7Nl6L1E for <netmod@ietfa.amsl.com>; Thu, 28 Sep 2017 09:28:48 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0264134234 for <netmod@ietf.org>; Thu, 28 Sep 2017 09:28:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5092; q=dns/txt; s=iport; t=1506616119; x=1507825719; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=fuUPQLmLmhSQoh1OXlqruKPPmMReN4Lm69BUF6V6NYk=; b=U32hOWVpvhNQXCmjg8PycPKmOcIs1FIZqEHVaKAFGvZ+kVqcHODrbE4r MPbP6l9RGQ/jf+29vtazGDYi9qotL9oSxd+s7C5zU3ugNpRnY/y0OT7S+ L6yyjhTuQK4VvWwjnjrNNWaHVVjpryUq+Ec0LR9zzmX6QKFtkC9AoWQI+ A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ByAQDIIc1Z/xbLJq1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBhEBuhB+LE5BgljmCBAojhRgChGcVAQIBAQEBAQEBayiFGQEFIw8?= =?us-ascii?q?BBUEQCxgCAhEVAgJXBgEMCAEBii0Qpw2CJ4sRAQEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEZBYEOgh2DU4FqK4J9hD+BBIJUgmAFoSiHXo0Ci1uHK410h1mBOTUiQkwyIQg?= =?us-ascii?q?dFUmHHj+GeSyCFQEBAQ?=
X-IronPort-AV: E=Sophos;i="5.42,450,1500940800"; d="scan'208";a="697617866"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Sep 2017 16:28:37 +0000
Received: from [10.63.23.161] (dhcp-ensft1-uk-vla370-10-63-23-161.cisco.com [10.63.23.161]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v8SGSbiS011436; Thu, 28 Sep 2017 16:28:37 GMT
To: Balazs Lengyel <balazs.lengyel@ericsson.com>, Martin Bjorklund <mbj@tail-f.com>
Cc: netmod@ietf.org
References: <9ec6b2e4-36a7-87e6-59fa-828855235835@ericsson.com> <20170914.163239.143365521945928900.mbj@tail-f.com> <0605fab0-f879-e02d-4858-52a247571cb8@ericsson.com>
From: Robert Wilton <rwilton@cisco.com>
Message-ID: <bfebbf31-a241-2409-e126-770711e7e635@cisco.com>
Date: Thu, 28 Sep 2017 17:28:37 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <0605fab0-f879-e02d-4858-52a247571cb8@ericsson.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/JSCCj9aWb565sNx4oQsgKba2zhg>
Subject: Re: [netmod] Comments on NMDA-04
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2017 16:28:50 -0000

Hi,

Regarding the issue "Is it allowed to violate uniqueness of key 
values?", https://github.com/netmod-wg/datastore-dt/issues/10

We have discussed this further, and would like to extend the text in the 
draft to explicitly allow key uniqueness to be violated!

We have thought of several cases where it is possible that duplicate 
entries could appear, and we don't want to force any overhead on the 
device to guarantee that this does not occur, nor do we want to force 
synchronization between configuration processing and what is reported in 
<operational>.  Of course, in normal circumstances this constraint, like 
the others, should not be violated.  This is already stated in the draft.

Examples of where uniqueness of list keys could be violated include:
1) If a device is internally paging the results back for a long list, 
then it is possible that a entry could have been reported near the 
beginning of the list, then moved, and then reported again at the end of 
the list.
2) If the list being stored somewhere in the system has become corrupted 
and contains duplicate entries.  It is better to return truth.
3) On a distributed system where the list is being constructed from 
multiple nodes (e.g. linecards or peer devices) then if a list entry is 
moved from one node to another then it is again possible that an entry 
could be reported in both places (or neither) for a short interval 
before the system becomes consistent again.

Proposed text:

OLD:

    <operational> SHOULD conform to any constraints specified in the data
    model, but given the principal aim of returning "in use" values, it
    is possible that constraints MAY be violated under some
    circumstances, e.g., an abnormal value is "in use", or due to remnant
    configuration (see Section 4.3.1).  Note, that deviations are still
    used when it is known in advance that a device does not fully conform
    to the <operational> schema.

    Only semantic constraints MAY be violated, these are the YANG "when",
    "must", "mandatory", "unique", "min-elements", and "max-elements"
    statements.

NEW:

    <operational> SHOULD conform to any constraints specified in the data
    model, but given the principal aim of returning "in use" values, it
    is possible that constraints MAY be violated under some
    circumstances, e.g., an abnormal value is "in use", the structure of
    a list is being modified, or due to remnant configuration (see
    Section 4.3.1).  Note, that deviations are still used when it is
    known in advance that a device does not fully conform to the
    <operational> schema.

    Only semantic constraints MAY be violated, these are the YANG "when",
    "must", "mandatory", "unique", "min-elements", and "max-elements"
    statements; and the uniqueness of key values.

Again, if there are no objections, I will apply this change.

Thanks,
Rob


On 14/09/2017 16:44, Balazs Lengyel wrote:
> See below !
>
>
> On 2017-09-14 16:32, Martin Bjorklund wrote:
>
>>> CH 4.4.)  "Validation is performed on the contents of <intended>."
>>> This to me means that default data is not considered at validation
>> Note that RFC 7950, section 6.4.1, says:
>>
>>     In the accessible tree, all leafs and leaf-lists with default values
>>     in use exist (see Sections 7.6.1 and 7.7.2).
>>
>> So defaults are taken into account when intended is validated.
> BALAZS: Yes the two seem to contradict each other. This can be 
> understood in your way, however the current text is not clear enough. 
> I would add:
> Validation is performed on the contents of <intended> (EXTENDED WITH 
> DEFAULT CONFIGURATION).
>>> which would be a backwards incompatible change. Also if validation
>>> does not consider system configured data that would allow cases like
>>> multiple interfaces named lo0. One from <intended> one from system
>>> configuration. IMHO while it is OK to violate uniqueness because of
>>> remnant data, the above violation of uniqueness seems a bad idea.
>> If your system adds data to <running>, or to <intended>, it will be
>> validated.
>>
>>> Ch. 4.7) Is it allowed to violate uniqueness of key values? IMHO it
>>> should not be.
>> Agreed.  Note that the draft explicitly lists the constraints that can
>> be violated, and uniqueness of keys is not listed.
> BALAZS: If that is the intent I would propose to explicitly state it. 
> For me it was non-trivial.
> Can a a choice statement be violated? Having to existing branches at 
> the same time? It seems a semantic constraint to me. IMHO yes.
> Can an if-feature be violated? If  support has just changed and we 
> have some remnant config, I can very well imagine it violated.
>
> Also here could you change
> If a node in  <operational> does not meet the syntactic constraints 
> then it cannot   be returned
> to
> If a node in  <operational> does not meet the syntactic constraints 
> then it MUST NOT be returned
>> /martin
>