Re: [netmod] MUST offline-validation of <running> alone be required? possible solution and further discussion
"Jason Sterne (Nokia)" <jason.sterne@nokia.com> Sun, 29 October 2023 20:50 UTC
Return-Path: <jason.sterne@nokia.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8353DC15107C; Sun, 29 Oct 2023 13:50:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UiTJ2i8PxRN2; Sun, 29 Oct 2023 13:50:48 -0700 (PDT)
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2122.outbound.protection.outlook.com [40.107.101.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F11AC14CE40; Sun, 29 Oct 2023 13:50:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TwoshIJpaazypgri/9db6MXkjAsiNcRtPxBE/eXANrSX9odI43qGwKMNcaK6342F9mLZbLJs1ENuWtoMymCX3oDgIwKoZi7AKC4Tg6XD856+PQ3cZQQH2MH/0OVjJ6ZSulr0M98UlRoFgd4j09mKB+/Ky8hzR1ZG7yrG17phRqX/J2QABDl2J/IlRXH9+sCNE/E35T9pyNmjEhxjMpWyeXYz7rKtobmRynWuQx3HXVEJKdzz5vjwW+zWinqBmtnBktkadqCWtzGUhVe/nb5V+u7+xBK4Rva7bNGcYvUHOE5gXwkjvjhqQonfklntMiAWDGCmB2xmzFeSSAnomhh55A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x1t2q+GiKHpmj61NkUbfokZXmBViSnoc9/jvA7qvaD0=; b=ayBVfOZ1wM2s1FtyRMeV3tXAesl6AFbPUckVdlQwYK90ZPYI1Fui1+EQU8qPMG517iDGZcQ+EV9wDFo4CmP7HJNAr3WuQ7LSA8FkusuMw07pdasaXHStqXkJcUfxBIR/a6EG5QKEVyXz/IDj+C9qXfiymWKoM8fYq9uf/LL6Gpww7NL6aR1sW9bqSTo6rZgdOp6s1yM15NOUdJkvjSg8QVMGo5cb4vPf7Tfb5+JR+7pMR4qutN+xDp/t/EgeeO0718zoT2lD0XPPUSR6x4vkzWtD1E7iFA4iKzVdApn159UAQbTxmA08UZzgCSAwkfzfPNxDwtW7XWjWS16Fz7VHEA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x1t2q+GiKHpmj61NkUbfokZXmBViSnoc9/jvA7qvaD0=; b=DiLzElEU+kw+LmmHHbLJnILqctRVu2Ht45tAwFuC44zymHa7xEMO0VBwVRiXjSAeIpCGMky3TWW46EYfXVBbSJ8KPcyaMm7Q802G0m8vIkgwfRXpp6wj8S9cu3gD71wIEMrxzEH74U+jkbjJQPlnAoKti+lh21RnOtbUqzr7e7TMmELGLuvXRx7YBte80qT83PMTgfMIJ3tQM33JhMWmeUHAiAJHgKdliBh3opte1wa/y5spKhamJhM7FxrXDmxaSpelUoMQ2gmd7RoA3+ajVSee2MBP/enH1DgYcXDBYWVlaOU+zt4RN50z9hbjnZnQPNdBWIiegXq1eP8Jnxo9xg==
Received: from DM6PR08MB5084.namprd08.prod.outlook.com (2603:10b6:5:41::29) by CH0PR08MB6891.namprd08.prod.outlook.com (2603:10b6:610:c0::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.27; Sun, 29 Oct 2023 20:50:41 +0000
Received: from DM6PR08MB5084.namprd08.prod.outlook.com ([fe80::a3ae:d9d9:d84d:1113]) by DM6PR08MB5084.namprd08.prod.outlook.com ([fe80::a3ae:d9d9:d84d:1113%6]) with mapi id 15.20.6933.026; Sun, 29 Oct 2023 20:50:40 +0000
From: "Jason Sterne (Nokia)" <jason.sterne@nokia.com>
To: "Jan Lindblad (jlindbla)" <jlindbla=40cisco.com@dmarc.ietf.org>, Kent Watsen <kent+ietf@watsen.net>
CC: "draft-ietf-netmod-system-config@ietf.org" <draft-ietf-netmod-system-config@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] MUST offline-validation of <running> alone be required? possible solution and further discussion
Thread-Index: AQHaCBqjKynngPpeYEms/vLVQT/8g7BcvxqAgABzCACABA0Y0A==
Date: Sun, 29 Oct 2023 20:50:39 +0000
Message-ID: <DM6PR08MB5084C80583F3FD619D0E0BB29BA2A@DM6PR08MB5084.namprd08.prod.outlook.com>
References: <5e41b4dcc0004504ae027844be5a2dc4@huawei.com> <82EDF77B-176C-4351-AA97-97B837D6F131@cisco.com> <0100018b6e688405-01c7a0ce-b86b-48d1-859b-b9b7f04842bd-000000@email.amazonses.com> <9415D258-F253-4065-8610-B2953576B11E@cisco.com>
In-Reply-To: <9415D258-F253-4065-8610-B2953576B11E@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR08MB5084:EE_|CH0PR08MB6891:EE_
x-ms-office365-filtering-correlation-id: fbf87327-3384-4fed-b2e9-08dbd8c0b5d9
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FMr6EgOARBx8+7dsVpS3PzJUCALo8SvMBRe5sZN7rWDY8masAmDW9Mg2TiJmv7wlXh75s138c8Zliz3QCj7P4KyDLBnPHu/sKPx/TqAxsct7clGdgNZ+pwJi8+ir7O3JcGe10k41N2qUi8YiVP7pLk34JViC+GExo9/JCtXmpWYj/y4aGVfgIXyag4dLn6S/6KLzMxRXJ6ymksgun1CsUGm63nzjEO6kc8t/6derheVUrdjrZqsFxfSV/gSorP6EWEroXRMrKtQp40uHw2gZ0fe303gq5hmC1FOu/wbFhdlEklRxsfV5dVzs+aRC5LmdPbAccH782SuFeKQuxhYJyAncnF1UiuEC0onStgRIHYJinrkOMT17s+HXNjnN61xjHEvlGQupDqlIyJtE7GMc9oQ3UoD1Lwf3gfeRnk3up07oqJSmVntNk9sfArqzR083cjnbXT8fGgJeoHrI0SMo/ZSafURCBD1asz+SmY4BpLgqeCFsL68Y+rDCjPdWoYs/EXU7AGEkTCE9LHNYrgl6Ir75J0NLtXM63WZnRiwlUzCi0dfPZkig53c/nHMty2DutNbwB0JPyPv0WqNLpUi5MSNqBV+blddGu22smUCj+xsZ+wsYvSlgvBflvzkeD8YylDJMZJXm2Io3xmKIcfZJJmGl4gWd6AOn89Rm2gLJwnkn8cfx37g9z/yWiQSN9b1B
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR08MB5084.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(346002)(366004)(39850400004)(376002)(136003)(230922051799003)(230173577357003)(230273577357003)(451199024)(64100799003)(1800799009)(186009)(55016003)(2906002)(66446008)(66476007)(64756008)(54906003)(66556008)(76116006)(66946007)(82960400001)(122000001)(166002)(316002)(38100700002)(71200400001)(7696005)(966005)(53546011)(6506007)(9686003)(478600001)(110136005)(83380400001)(26005)(5660300002)(41300700001)(8936002)(8676002)(86362001)(4326008)(33656002)(52536014)(38070700009)(84970400001)(66899024); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yuRjcKosz5ufLDE1tdEpC5y5CJ9eg77eoMFkuFp49nABKK5odgIc/Gb1bKK7jm1cwRu/qOWJuBssxQSeUc23h5AoHPzqWzI/ty13JqI5ZLBOfPTSYUiVVXZS5u4wZoH2soYWQYflD/bs04o0u3OubJnoJo6/dF6u+kkq5WCv2L6C6FkQtJ1EZCESv5W2mcBLIAjNL1/P1bJA2ot24Xu6/zMx3whliL8QYbjnak0OojguAFm+HhmmypzocVmJtTIDVQrbJsl4qqaDVw1Y7WEa5fZbkfRHUFT6cjoQDfCPdEex92eXC5GrEPTxrxWJUd/Of+y/cMuMHEfciO6nE/DJgzHl4AjBHxIO3YIOppLLFuQkKD7gIRVtfPm080peJRtcaC4fDv8HADotAnYNXq+JW635dHWegOzJYwp16IJRximNwXPMuM0kHT5eojo3Twrwutk9gqXbemB/cktmbNWPXLGvWwJg5n1IrGjNeW3PAcwdA+acr7GKEUpkls+PLA+suSRxMY/nU/vY5gSl/AIazgro+TAQIDL+uGKU+pntnN0grlEtJ2ENIJPBWfvCmUPNl2YeTl0yPV6JEl7CWyY/ftezZpJJETF4IafWvLKZANFO1yT9Kqmvb68lNhdtXxGibwSFMebH2i0tL/V6MhbKJ0WFIwndXPO0NcX0wGdYVMedD0JdUi4IBoRxcLaboA8vf1huCiU/YZebUQTD6/U7hIRmgRKwyF5UX9X/Gj11LGLGd5ZaHvJjjhBcpxNhBpcoHl2+OTMUiNaBqXipAe3X53IAo1uQkTyVGAXOxtLy5gGFr3h+W49EWbJkhSrH0435gQNeP/SsiUWo7k+z9z6tbExWv8XRLdICXzk72vGcv8hvjWA5Nk0b/i3U5iPf1DRU0+eoGJJQJrjRZrkxM1JjVguiDa0ZBoPQNKjwiPm7ko78JDZgf/B2AYofMJJ7HMlqNpO+ZHqIfKxkJJNruKSmWDH7vMk2ihmbOu8KqdrwDcGZqx60axl7jLW74C1470vmeknXBu9CEtZmlr72mEyNTNm44gIgSvRI6DxBZNSi0ZagAsix8rRSCn7+aoZ37g3aRe6qNrtWFoa0kc5VXiVj4MBzgkrxAqJRU+n9uSqXjypyw1GdDeyQfnNsHfRyoeu3xR3MNQU6RKvrQsTy7rZEok91QT3d/wVFiEoFWRDWytdhc/Q1jI6dM3Eloay4YWiaIcOb9FRPD5EZSR7H6wSqvw+GLk/Sx8aLCaLgUxdaYSSbTLJI8VPzWtywB9uoPUYQz0334u9IesgyQucYO/WoFcYBtMXJFz1wiJyaHqsTQn9wa6DN9RbRxkFeDCxcS8s8dpAazDZzlCMdJGmqEYcstbEMM18qBYcKncPfbc2VqnLrwiuQ7yZiep5vEGID3sGBKgh7Jp7Jv9tJ2ymoxat+H4fYIxNvaQGAlyM2LzZT1taGPRgGmVXA9pupUjnfq/5a3h1PnSEvu0Ngurx1VfXy14iSZMUKnYHVx75fNPXo20Z3AsBFtv9o7LcKlerBWlyjUPVIPw988ZhRnS6aO5aRkrEJr5g2lqNHoM6AYclH1ueRoz4cQh2phZXjnOac/BoQ
Content-Type: multipart/alternative; boundary="_000_DM6PR08MB5084C80583F3FD619D0E0BB29BA2ADM6PR08MB5084namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR08MB5084.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fbf87327-3384-4fed-b2e9-08dbd8c0b5d9
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2023 20:50:39.8785 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G4pdca5y/2hC4+mm3xNyHJoLg/uG4pr+ClOorlf1BhaqogwXgszesXcLGKbYBcIXxI8D9QTaW9bEaY3GfrT5fA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR08MB6891
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/OvihORLzInvntPcmgF4qEZuNqVQ>
Subject: Re: [netmod] MUST offline-validation of <running> alone be required? possible solution and further discussion
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Oct 2023 20:50:52 -0000
Hi all, I’m not super excited about the concept that clients should reverse-engineer proprietary server transformations and replicate those in the client. It may not be too difficult for the active/inactive node transformation, but configuration groups (apply groups) are not as straightforward and there is not a single objective “right” way to do those IMO (more complex function with a number of options on how to transform for various situations). If these transformations were standardized that might be a possible path (that won’t be an easy road though given multiple deployed implementations of config groups out there). At the moment I don’t see RFC 8342 as allowing running (as exactly presented in a <get-data> response from the server) to be invalid. Section 5.1.3 says the following: However, <running> MUST always be a valid configuration data tree, as defined in Section 8.1 of [RFC7950]<https://www.rfc-editor.org/rfc/rfc7950#section-8.1>. I’ve heard arguments that the “spirit” of that statement was really to mean that running + transformations is valid, but IMO that’s a bit of hand waving that isn’t clearly laid out in any RFC right now (or is at the least confusing and contradictory vs the quoted sentence above). Section 5.1.4 goes on to say that intended must always be valid as well. Jason From: netmod <netmod-bounces@ietf.org> On Behalf Of Jan Lindblad (jlindbla) Sent: Friday, October 27, 2023 2:46 AM To: Kent Watsen <kent+ietf@watsen.net> Cc: draft-ietf-netmod-system-config@ietf.org; netmod@ietf.org Subject: Re: [netmod] MUST offline-validation of <running> alone be required? possible solution and further discussion CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information. Kent, Very good. Our products are leveraging the features you mention in Junos systems, and we have similar functionality in our own. I certainly see good value in these "configuration transformations”, but I also know that much of this value can be realized without changes to YANG, since in fact we already have such features implemented while also supporting an always valid running at the same time. I agree more value could potentially be made available if the config transformations could be expressed more freely, but in my world, trading such a gain for the loss of a robust machine readable interface is a huge net negative. You are pointing to the crucial spot below when you say '''clients can "offline-validate <running>", when such features are in use, by groking and applying the processing-logic behind the features'''. If we can make a client grok and apply that processing logic by either a) applying processing logic defined in a standards track document, or b) applying a machine readable recipe (which is provided by the server) of what the transformations do exactly, I think this is a discussion worth pursuing. If, on the other hand, the suggestion is that clients should reverse engineer the black box transformation logic of each version of each type of system from each vendor and keep it up to date, then I think the potential value we're discussing here is dwarfed by the maintenance cost and interoperability concerns. So there you have it. To progress this idea of a changed definition of what "valid <running>" means, I think we would need to standardize the transformation logic in some way. There is some potential value, but surely a lot of work. Are we up for it? Best Regards, /jan RFC 8342 defines the ability for "configuration transformations” to map <running> to <intended>, which is "subject to validation”. Section 5.1.4 describes cross-cutting features, such as deactivating nodes and templating, that can result in an invalid <running>, when <running> is considered alone. However, clients can "offline-validate <running>", when such features are in use, by groking and applying the processing-logic behind the features (mimicking that which the server does to produce <intended>), and then YANG-validate the result (same as the server). All this is well understood, expected, and good - right? FWIW, these features have been implemented in Junos for as long as I know. And yes, the Juniper NMS systems I worked on offline-validated “<running>” before <edit-config> by mimicking the processing logic locally, as described above. What Qiufang proposes now adds to this. It is one more thing for clients wishing to offline-validate <running> to mimic. In this case, they need to mimic the merging of <running> and <system>, which entails the clients also fetching <system> from the server, in case they don’t have it already. None of this takes away from transactional interfaces, machine readable constraints, high automation levels, or the ability for clients to express intent. With regards to owner and consumer value, I see each of these three features (deactivating nodes, templating, and <system>) as providing clients greater/better flexibility/control/insight. Agreed? Kent On Oct 26, 2023, at 10:42 AM, Jan Lindblad (jlindbla) <jlindbla=40cisco.com@dmarc.ietf.org<mailto:jlindbla=40cisco.com@dmarc.ietf.org>> wrote: Qiufang, While we have tools that actually do offline validation a lot, I am not against discussing removing that possibility from YANG (in a multi-year plan), if there are strong benefits with this idea. So far I haven't seen them. In the old SNMP world, we had MIB models. They described what you could read and write, but not when you could do so or how things interacted. Now we have YANG-based interfaces that are transactional (sequencing no longer a client concern) and with machine readable constraints. I don't see any way to reach the high automation levels we are enjoying today without this. These principles are bringing a lot of very tangible owner and consumer value $€¥ every day. Running reflects the client's intent. If an upcoming intent can no longer be validated by anybody else than the system being managed, and the rules by which it validates running depends on a black box, then it becomes very hard for the client to express its intent. Sounds like we'd be going back to the SNMP age. If anyone can explain a) how a client should go about expressing its intent in a world where running no longer needs to be valid, and b) what the strong benefits of this model would be, I'd be happy to discuss. Best Regards, /jan I want to bring up a key issue that has been discussed before but hasn’t really been agreed upon: MUST offline-validation of <running> alone be required? The question behind this issue is about: must referenced system config always be copied into <running> to satisfy referential integrity constraints, or <running> is implicitly valid if <intended> is valid by merging <system> and <running> (after config transformation like removal of inactive config and expansion of templates) to create its contents, <running> alone doesn’t have to be offline valid. It feels like the WG has a mixed viewpoints, and I would like to find a solution and seek convergence here. Actually I am thinking, instead of directly stating in the draft that any referenced system config must be contained in <running>, we can point to RFC 7950 and RFC 8342 and state that <running> MUST always be a valid configuration data tree. So that we just leave it there and interpretations may vary. Anyway, the client can always explicitly copy referenced system config into <running> or use the “resolve-system” parameter if an offline-validation of <running> is needed. If we can reach an agreement on this handling, I believe then we can move on. One the other side, I also understand that we should not shy away from this issue and need effectively work it out. Below are some thoughts and inputs from the WG: • Yes, <running> alone must be offline valid o Pros • Clients can easily offline validate <running> without offline merging <system> and <running> (which would bring extra complexity to clients) o Cons: • Painful copy is needed. • Need to deal with the scenario where the system config has updated and a stale copy is still in <running> • No, Offline validation of <running> MAY consider other datastores as well, two options: o Treat it as a bug-fix in existing RFCs • Cons: might break legacy clients and existing tool chains o Wait for a new version of YANG/NC/RC • Cons: might incur delay Any further thoughts on this? Comments and suggestions would be much appreciated. Best Regards, Qiufang _______________________________________________ netmod mailing list netmod@ietf.org<mailto:netmod@ietf.org> https://www.ietf.org/mailman/listinfo/netmod _______________________________________________ netmod mailing list netmod@ietf.org<mailto:netmod@ietf.org> https://www.ietf.org/mailman/listinfo/netmod
- [netmod] MUST offline-validation of <running> alo… maqiufang (A)
- Re: [netmod] MUST offline-validation of <running>… Jürgen Schönwälder
- Re: [netmod] MUST offline-validation of <running>… Jan Lindblad (jlindbla)
- Re: [netmod] MUST offline-validation of <running>… Kent Watsen
- Re: [netmod] MUST offline-validation of <running>… Jan Lindblad (jlindbla)
- Re: [netmod] MUST offline-validation of <running>… Jason Sterne (Nokia)