Re: [netmod] [Netconf] LC of NDMA NETCONF/RESTCONF drafts

Robert Wilton <rwilton@cisco.com> Wed, 07 February 2018 11:15 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56B80124235; Wed, 7 Feb 2018 03:15:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hwit3025lvjW; Wed, 7 Feb 2018 03:15:03 -0800 (PST)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40E5912778D; Wed, 7 Feb 2018 03:15:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=46334; q=dns/txt; s=iport; t=1518002102; x=1519211702; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=BjcF6vNsLiUyQO/5dHWiT94A3EW4zXYwoV3JpKb9A5M=; b=OI22OoKDUkpYjqPydZT25aOQNSQu1ghQaxYa2N4L5jIw/GjA9QPennEj glmGD0MztZb4W9JhwJj+jbrl9HOwRMSa4W8SubJc5aysSUAk7KhECsru+ +fv6HnpQJT6up/DDY0tGH/BZykr0PMp61a5s9lUi4uk1KrteT8Pz/nqXD Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B1AQBT33pa/xbLJq1SAQYDGQEBAQEBAQEBAQEBAQcBAQEBAYJZR4EXcCiDZYsYjzOJFY5SggADChgBCoM6gQ9PAoM9FQECAQEBAQEBAmsohSMBAQEDAQEBGAlLBAcFCQIJAhACAwMNDAIFAQYDAgIbBgYfAw4GAQwGAgEBFQKKAgMNCBCUFZ10gicmhFqCOg2BMYIKAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAUFhHCDbIFoKYF3gQ6Ca0QBAQKBRAEDDwI3Jg8HgjqCZQWaDReJUDUJkHOFB4IehieDc4FlhiGOQoExiBeBPDUjgVAzGggbFT2CRoIcORyCBkE3cIpbAiWCJAEBAQ
X-IronPort-AV: E=Sophos;i="5.46,473,1511827200"; d="scan'208,217";a="1863589"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2018 11:14:59 +0000
Received: from [10.63.23.78] (dhcp-ensft1-uk-vla370-10-63-23-78.cisco.com [10.63.23.78]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id w17BEwGf016271; Wed, 7 Feb 2018 11:14:59 GMT
To: Andy Bierman <andy@yumaworks.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Netconf <netconf@ietf.org>
Cc: NetMod WG <netmod@ietf.org>
References: <29b8034ef2a94523944d53767e6789be@XCH-RTP-013.cisco.com> <20180131181619.ziqdv5peqdeeuhl4@elstar.local> <CF1EAD28-5535-4E5B-BD32-99BB5C46EEAD@gmail.com> <20180205.184312.338993520253253388.mbj@tail-f.com> <39203004-C003-4C07-A376-006B6F7969D6@gmail.com> <CABCOCHS_0zXj+EgDTi0aRygFZULvOCpdsK0C_40H6kbCMd3faQ@mail.gmail.com>
From: Robert Wilton <rwilton@cisco.com>
Message-ID: <8d90fd4c-711a-1b90-529b-778f81e80bf5@cisco.com>
Date: Wed, 07 Feb 2018 11:14:58 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <CABCOCHS_0zXj+EgDTi0aRygFZULvOCpdsK0C_40H6kbCMd3faQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------5BC41D1C223CB253F73D2AE4"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/LtlkeEIXZZ8E0MZt4s6Q21Dky7c>
Subject: Re: [netmod] [Netconf] LC of NDMA NETCONF/RESTCONF drafts
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 11:15:08 -0000

Hi Andy,


On 07/02/2018 02:33, Andy Bierman wrote:
>
>
> On Mon, Feb 5, 2018 at 1:33 PM, Mahesh Jethanandani 
> <mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>> wrote:
>
>     For folks that provided comments as part of LC, please verify that
>     your comments have been adequately addressed by -03 version of the
>     draft.
>
>
>
> Most comments have been addressed.
>
>
>      The "with-defaults" parameter does not apply when interacting with an
>     operational datastore.
>
>
> There is no explanation of why the with-defaults parameter does not 
> apply to <operational>.
> This is confusing. The solution that has been a standard for years 
> still applies to
> all datastores, except a completely different mechanism 
> (origin-filter) is used instead
> for 1 datastore.
>
> If the server code can identify a default so it can be tagged 
> origin=or:default, then it can
> also support with-defaults.
>
> I prefer the sentence above be changed, so that a server MAY implement 
> with-defaults
> for <operational>.  If the client sends <with-defaults> it should be 
> OK to honor it instead
> of returning an error.
I have two concerns with changing this to a MAY:

(1) The most useful "with-defaults" behavior differs for <operational> 
vs the configuration datastores, but with-defaults only allows a single 
standard behavior to be specified.

E.g. for configuration datastores the most appropriate semantics (if the 
client doesn't explicitly ask for something else) is "explicit". i.e. 
you give back exactly what was put in.

But, for operational, the most appropriate semantics (if the client 
doesn't explicitly ask for something else) is something like 
"report-all", i.e. the device reports the precise current state 
including any defaults.  However, we felt that this would return too 
much unnecessary data, hence why the datastore architecture defines 
"in-use" data, allowing the server to prune out any data that is clearly 
irrelevant.

(2) <operational> is a new datastore.  I personally don't want each 
server choosing how the data is returned, which requires that clients 
must handle all variants.  It would be better for the draft to specify 
the standard semantics to use unless a client has explicitly requested 
something else.

I'm not opposed to a "with-defaults-bis", or a new draft covering 
"with-defaults" for <operational>", but I think that:
(i) We shouldn't delay the NMDA protocol drafts for this, this can be 
done as separate draft adding extra optional functionality.
(ii) The semantics for retrieving data from operational (or 
notifications) should be as defined by "in-use" in the NMDA 
architecture, unless a client has explicitly specified, or configured, a 
different behavior.
(iii) Probably the only existing option defined in "with-defaults" that 
makes sense for <operational> is a variant of "trim" that is specified 
to return what is defined as returning the "in-use" values, but also 
excluding any values that match a default value specified in the schema.

Thanks,
Rob


>
>
> Andy
>
>
>     Thanks
>
>     Mahesh Jethanandani
>     mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>
>
>     > On Feb 5, 2018, at 9:43 AM, Martin Bjorklund <mbj@tail-f.com
>     <mailto:mbj@tail-f.com>> wrote:
>     >
>     > Hi,
>     >
>     > Mahesh Jethanandani <mjethanandani@gmail.com
>     <mailto:mjethanandani@gmail.com>> wrote:
>     >> This closes the LC for the two NDMA drafts for NETCONF and
>     RESTCONF.
>     >>
>     >> As part of the LC, there were a couple of comments/questions
>     >> raised. In particular
>     >>
>     >> - Vladmir reported an error, which Martin said is fixed in his
>     local copy.
>     >
>     > Fixed.
>     >
>     >> - Robert suggested that “/yang-library/checksum” should be a
>     >>  reference. Juergen supported that comment, so I am assuming that
>     >>  that will be incorporated into the draft.
>     >
>     > Yes, fixed.
>     >
>     >> - Andy had questions around datastore set to “conventional”
>     >
>     > Fixed.
>     >
>     >>  , about origin filter limited to 1 source
>     >
>     > Fixed.
>     >
>     >>  and the behavior of with-defaults.
>     >
>     > There were no additional changes to the document from the discussion
>     > about this.
>     >
>     >>  I see some discussion around it with the authors
>     >>  agreeing that some of them need some text clarifying the
>     >>  position. Can the authors please post the suggested text/additions
>     >>  for the WG to review.
>     >> - Anything else??
>     >>
>     >> Once an updated draft has been posted, I will do a writeup on the
>     >> drafts and send it to IESG.
>     >
>     > The issues above are now addressed, in
>     > draft-ietf-netconf-nmda-netconf-03.
>     >
>     > There were no additional comments on
>     > draft-ietf-netconf-nmda-restconf-02, so I believe this version is
>     > ready.
>     >
>     >
>     > /martin
>     >
>     >
>     >>
>     >> Thanks.
>     >>
>     >>> On Jan 31, 2018, at 10:16 AM, Juergen Schoenwaelder
>     <j.schoenwaelder@jacobs-university.de
>     <mailto:j.schoenwaelder@jacobs-university.de>> wrote:
>     >>>
>     >>> On Wed, Jan 31, 2018 at 04:53:48PM +0000, Eric Voit (evoit) wrote:
>     >>>>
>     >>>> I do have one additional thought below on
>     draft-ietf-netmod-revised-datastores section 5.3 default handling
>     process.  See in-line...
>     >>>>
>     >>>
>     >>> Well, this document is with the RFC editor now. I do not think
>     it needs
>     >>> clarification. It already has text in 5.3 such as:
>     >>>
>     >>>  Requests to retrieve nodes from <operational> always return
>     the value
>     >>>  in use if the node exists, regardless of any default value
>     specified
>     >>>  in the YANG module.  If no value is returned for a given
>     node, then
>     >>>  this implies that the node is not used by the device.
>     >>>
>     >>> /js
>     >>>
>     >>>> From: Robert Wilton -X, January 31, 2018 6:31 AM
>     >>>>
>     >>>>
>     >>>> Hi Andy,
>     >>>>
>     >>>> On 31/01/2018 09:22, Andy Bierman wrote:
>     >>>>
>     >>>>
>     >>>> On Wed, Jan 31, 2018 at 12:11 AM, Juergen Schoenwaelder
>     <j.schoenwaelder@jacobs-university.de
>     <mailto:j.schoenwaelder@jacobs-university.de>
>     <mailto:j.schoenwaelder@jacobs-university.de
>     <mailto:j.schoenwaelder@jacobs-university.de>><mailto:j.schoenwaelder@jacobs-university.de
>     <mailto:j.schoenwaelder@jacobs-university.de>
>     <mailto:j.schoenwaelder@jacobs-university.de
>     <mailto:j.schoenwaelder@jacobs-university.de>>>> wrote:
>     >>>>> On Tue, Jan 30, 2018 at 12:35:33PM -0800, Andy Bierman wrote:
>     >>>>> Hi,
>     >>>>>
>     >>>>> I have some questions about these drafts.
>     >>>>>
>     >>>>> 1) what if datastore set to "conventional"?
>     >>>>>   There are many places where a datastore-ref type is used.
>     >>>>>   However, "conventional" is valid for base "datastore",
>     even though
>     >>>>>   it is ambiguous as a datastore selector.
>     >>>>
>     >>>> We can add explicit text that an identity that does not
>     resolve to a
>     >>>> datastore implemented by the server results in an invalid
>     value error.
>     >>>>
>     >>>>
>     >>>> OK
>     >>>>
>     >>>>
>     >>>>> 2) origin filter is limited to 1 source
>     >>>>>  This filtering seems rather limited.  A client must retrieve
>     >>>>> <with-origin> and check
>     >>>>>   all the values in use, then make repeated requests for
>     each source as a
>     >>>>> different
>     >>>>>   <origin-filter> leaf
>     >>>>
>     >>>> If the client does <with-origin>, then it has all origin
>     information
>     >>>> and it can filter locally. That said, we could make
>     origin-filter a
>     >>>> leaf-list which is logically ORed so that one can retrieve
>     >>>> origin-filter=or:system or origin-filter=or:learned in one
>     request.
>     >>>>
>     >>>>
>     >>>> OK
>     >>>>
>     >>>>> 3) with-defaults broken
>     >>>>>   The operational datastore does not support with-defaults.
>     >>>>>    Instead, the client must use origin-filter=or:default or
>     with-origin
>     >>>>>    and check all the origin attributes.  Since a client
>     needs to use
>     >>>>>    with-defaults for other datastores, this special handling of
>     >>>>> <operational>
>     >>>>>    seems unhelpful.
>     >>>>
>     >>>> I think the with-defaults semantics for conventional
>     configuration
>     >>>> datastores are much more complicated than necessary for the
>     >>>> operational state datastore. Note that that the operational state
>     >>>> datastore reports in-use values not really defaults:
>     >>>>
>     >>>> <leaf or:origin='default'>foo</leaf>
>     >>>>
>     >>>> This reports that the value 'foo' is in use and that it
>     originates
>     >>>> from a default value. Note that this could also be
>     >>>>
>     >>>> <leaf or:origin='intended'>foo</leaf>
>     >>>>
>     >>>> in case the intended configuration datastore configured the value
>     >>>> 'foo' (despite this value matching the default). The
>     with-defaults
>     >>>> solution is pretty complex because it tries to handle how
>     different
>     >>>> systems deal with configuration defaults. The idea is to not
>     carry
>     >>>> this complexity over to in-use values in the operational state
>     >>>> datastore.
>     >>>>
>     >>>>
>     >>>> Before NMDA, the client could decide if it wanted to retrieve
>     default nodes or not.
>     >>>> This client-choice has been removed from NMDA, which is a
>     problem.
>     >>>> We tried to reach a sensible compromise on the data returned
>     from operational (defined in section 5.3 of the NMDA architecture):
>     >>>> - it should return explicit values for everything that is
>     affecting the actual running state of the device (regardless of
>     whether the operational value matches a schema default value).
>     >>>> - it does not need to, and should not, return operational
>     values for stuff that isn't actually in use, i.e. don't return
>     needless and unwanted data.
>     >>>>
>     >>>> In particular, if no value is returned from a particular data
>     node in <operational> then, barring mgmt protocol errors, a client
>     can assume that any functionality associated with that data node
>     is off (i.e. not in use).
>     >>>>
>     >>>> Some examples to illustrate the behavior:
>     >>>>
>     >>>> (i) If a protocol, e.g. OSPF,  is not enabled/running then
>     <operational> does not need to return any data for it.  It would
>     be reasonable to return a flag to indicate that OSPF is not
>     enabled/running.
>     >>>>
>     >>>> (ii) If you have some funky widget on an interface that
>     defaults to being off and isn't being used then <operational>
>     don't need to return any data for it.
>     >>>>
>     >>>> (iii) But, if you have some funky widget on an interface that
>     defaults to being on, then the server should return data for it.
>     If it is actually enabled, then it would indicate that it is on
>     and return any associated values with its operational state, or if
>     it is disabled then it should explicitly report that it is off.
>     >>>>
>     >>>> (iv) I would regard that all applied configuration is "in
>     use" by the system, even if it matches the default value, and
>     hence it should be reported.
>     >>>>
>     >>>>
>     >>>> This behavior for <operational> is obviously slightly
>     different from the existing with-default handling that is
>     supported for configuration datastores.  As I recall, there were a
>     couple of reasons that we decided to have a different behavior for
>     <operational>:
>     >>>> (a) to have consistent semantics for all servers, rather than
>     different servers supporting different with-defaults behaviors
>     (which makes life harder for clients because they must cope with
>     all variants).
>     >>>> (b) to remove any potential ambiguity if data isn't
>     returned.  I.e. with the existing with-defaults semantics it is
>     not clear to me that servers will always return an explicit value
>     to indicate that a particular widget is off if the schema defines
>     that the default it that is enabled.  If the server doesn't
>     support a given widget at all, it is quite plausible that it will
>     just return no data for it.  In theory features/deviations should
>     handle this, but those don't work so well if different linecards
>     have different capabilities.  Hence being explicit about stuff
>     that is in use seems more robust.
>     >>>>
>     >>>> <eric> These are good examples.  It would be great if section
>     5.3 could be tweaked to make clearer the relationship between
>     running datastore defaults and other operational datastore
>     defaults for the same tree.
>     >>>>
>     >>>> For example, let’s say I create a configured subscription,
>     and the default transport protocol is NETCONF.  NETCONF will be
>     used for that subscription even though the node might not be
>     populated. In this case, the object would not appear in the
>     running datastore, but MUST* appear in the operational datastore
>     with the default origin (as it is in-use).
>     >>>>
>     >>>> This to me is the desired behavior as it doesn’t incorrectly
>     add information to the running datastore, but shows what is in-use
>     within operational.  I suspect other such relationships for other
>     operational tree defaults could be asserted, perhaps based on the
>     origin.
>     >>>>
>     >>>> (* Maybe ‘MUST eventually’, as obviously there is a temporal
>     relationship between the two datastores.)
>     >>>>
>     >>>> Eric
>     >>>>
>     >>>> Thanks,
>     >>>> Rob
>     >>>>
>     >>>>
>     >>>>
>     >>>>
>     >>>>
>     >>>>
>     >>>> /js
>     >>>>
>     >>>> Andy
>     >>>>
>     >>>> --
>     >>>> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
>     >>>> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen
>     | Germany
>     >>>> Fax:   +49 421 200 3103       
>      <https://www.jacobs-university.de/
>     <https://www.jacobs-university.de/>>
>     >>>>
>     >>>>
>     >>>>
>     >>>>
>     >>>>
>     >>>> _______________________________________________
>     >>>>
>     >>>> netmod mailing list
>     >>>>
>     >>>> netmod@ietf.org <mailto:netmod@ietf.org>
>     <mailto:netmod@ietf.org
>     <mailto:netmod@ietf.org>><mailto:netmod@ietf.org
>     <mailto:netmod@ietf.org> <mailto:netmod@ietf.org
>     <mailto:netmod@ietf.org>>>
>     >>>>
>     >>>> https://www.ietf.org/mailman/listinfo/netmod
>     <https://www.ietf.org/mailman/listinfo/netmod>
>     <https://www.ietf.org/mailman/listinfo/netmod
>     <https://www.ietf.org/mailman/listinfo/netmod>>
>     >>>>
>     >>>
>     >>>> _______________________________________________
>     >>>> netmod mailing list
>     >>>> netmod@ietf.org <mailto:netmod@ietf.org>
>     <mailto:netmod@ietf.org <mailto:netmod@ietf.org>>
>     >>>> https://www.ietf.org/mailman/listinfo/netmod
>     <https://www.ietf.org/mailman/listinfo/netmod>
>     <https://www.ietf.org/mailman/listinfo/netmod
>     <https://www.ietf.org/mailman/listinfo/netmod>>
>     >>>
>     >>>
>     >>> --
>     >>> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
>     >>> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen |
>     Germany
>     >>> Fax:   +49 421 200 3103       
>      <https://www.jacobs-university.de/
>     <https://www.jacobs-university.de/>
>     <https://www.jacobs-university.de/
>     <https://www.jacobs-university.de/>>>
>     >>>
>     >>> _______________________________________________
>     >>> netmod mailing list
>     >>> netmod@ietf.org <mailto:netmod@ietf.org>
>     <mailto:netmod@ietf.org <mailto:netmod@ietf.org>>
>     >>> https://www.ietf.org/mailman/listinfo/netmod
>     <https://www.ietf.org/mailman/listinfo/netmod>
>     <https://www.ietf.org/mailman/listinfo/netmod
>     <https://www.ietf.org/mailman/listinfo/netmod>>
>     >> Mahesh Jethanandani
>     >> mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>
>     >>
>
>     _______________________________________________
>     Netconf mailing list
>     Netconf@ietf.org <mailto:Netconf@ietf.org>
>     https://www.ietf.org/mailman/listinfo/netconf
>     <https://www.ietf.org/mailman/listinfo/netconf>
>
>
>
>
> _______________________________________________
> Netconf mailing list
> Netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf