Re: [netmod] OpsState and Schema-Mount
Ladislav Lhotka <lhotka@nic.cz> Thu, 11 August 2016 07:02 UTC
Return-Path: <lhotka@nic.cz>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C874F12D0C4 for <netmod@ietfa.amsl.com>; Thu, 11 Aug 2016 00:02:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.247
X-Spam-Level:
X-Spam-Status: No, score=-8.247 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.247] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUyIY1VXfK_A for <netmod@ietfa.amsl.com>; Thu, 11 Aug 2016 00:01:59 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0984C12B04F for <netmod@ietf.org>; Thu, 11 Aug 2016 00:01:59 -0700 (PDT)
Received: from [IPv6:2001:718:1a02:1:a0b8:585b:a5a9:4ab8] (unknown [IPv6:2001:718:1a02:1:a0b8:585b:a5a9:4ab8]) by mail.nic.cz (Postfix) with ESMTPSA id 1DC2161385; Thu, 11 Aug 2016 09:01:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1470898917; bh=xLng3I65JeYzvB0LXkzSe67FD78eWZqEH4/r38cxsOc=; h=From:Date:To; b=d8jlYMD8/jIfJLKRD++RP2F5tO2T9x8x1vreonsM3wceimLVZAN9K1sc561KpEo/D E3I1Sslx6/2b/8PX41SfrFbdEmOfLEm/039junONF1tqf/ZUj/bsBJkB+8a6lrfSvC vQdQK+WipdKetOO1Sl6y8UvL4jdpDLIsrbsdCcbU=
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Ladislav Lhotka <lhotka@nic.cz>
In-Reply-To: <1470866097387.66518@Aviatnet.com>
Date: Thu, 11 Aug 2016 09:01:57 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <25CF405C-AE56-490F-84D6-BDDE076CBE7B@nic.cz>
References: <bed9398c-0e6a-450e-d2ac-b381b6bebf87@cisco.com> <5296754B-8178-4B1B-B4A6-FE228ABB8E7F@juniper.net> <9367f4b1-7814-e175-32e8-d518438b841d@cisco.com> <m24m79c1ja.fsf@birdie.labs.nic.cz> <D3BF8708.72620%acee@cisco.com> <552008CB-F216-4578-A709-AE0613C2EFB9@nic.cz> <12ed1a4d-44c5-9a51-b6d4-95e1620a24ee@cisco.com> <m260roedim.fsf@birdie.labs.nic.cz> <CABCOCHRF98sTa=MA1VTkZovOufL-=yQr9Gzy+ojnncjSfK1y0Q@mail.gmail.com> <e307c2fc-e621-b5c6-4fcc-67bbcdcb87b9@cisco.com> <20160729163220.GA3579@elstar.local> <68421198-703c-bb26-0fcc-f560e6fe108d@ericsson.com> <100B5D71-C23E-4C72-9EA2-2DB6574DEB87@nic.cz> <5153eab1-8d87-6e3c-3b54-441f683695e4@cisco.com> <D3C7B1A4.7482A%acee@cisco.com> <18066971-3353-b13f-04fa-e214a47ab9a7@cisco.com> <D3C8C14F.74A40%acee@cisco.com> <3175490B-E8DA-4819-B294-C64D1A7D8A40@juniper.net> <CABCOCHRuzTTBM-9OU5GaXS_fHmpNSn5Yp-3K6oXF33SeObSonA@mail.gmail.com> <2e78a895-84d3-6381-ca34-f49a830f3bb0@cisco.com> <CABCOCHQQSojKJTz-ABkOGVqegY9Db3+BqHUmdWv08pu22XdFrA@m ail.gmail.com> <m2eg5wn98s.fsf@birdie.labs.nic.cz> <1470866097387.66518@Aviatnet.com>
To: Alex Campbell <Alex.Campbell@Aviatnet.com>
X-Mailer: Apple Mail (2.3124)
X-Virus-Scanned: clamav-milter 0.98.7 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/RPQZXLh3xlsNoPc63xgc_fXJ_gk>
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] OpsState and Schema-Mount
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2016 07:02:02 -0000
> On 10 Aug 2016, at 23:54, Alex Campbell <Alex.Campbell@Aviatnet.com> wrote: > > I think in this case it would make sense to implement both the hypothetical standard module's state data (which would be device-agnostic, such as a boolean value indicating whether each configured rule is active) and also a device-specific module providing access to the more detailed internal state. Right, that's one option, but for smaller devices (which could be, e.g., OpenWRT routers) it may be an overkill. If standard state data are in a separate module, an implementor can choose to implement them or not. Lada > > ________________________________________ > From: netmod <netmod-bounces@ietf.org> on behalf of Ladislav Lhotka <lhotka@nic.cz> > Sent: Wednesday, 10 August 2016 11:39 p.m. > To: Andy Bierman; Robert Wilton > Cc: netmod WG > Subject: Re: [netmod] OpsState and Schema-Mount > > Andy Bierman <andy@yumaworks.com> writes: > >> On Tue, Aug 9, 2016 at 5:24 AM, Robert Wilton <rwilton@cisco.com> wrote: >> >>> Hi Andy, >>> I don't properly understand the points that you are making, please see >>> clarifying comments/questions inline ... >>> >>> On 08/08/2016 22:51, Andy Bierman wrote: >>> >>> >>> >>> On Mon, Aug 8, 2016 at 1:16 PM, Kent Watsen <kwatsen@juniper.net> wrote: >>> >>>> Acee writes: >>>>> Then I see no YANG language barriers in collapsing config and state >>>> trees >>>>> - the model root just needs to be “config true”. >>>> >>>> Great, I think we’re all agreed. Can we now discuss the text I proposed >>>> for 6087bis? - here’s the link to my proposal: >>>> https://mailarchive.ietf.org/arch/msg/netmod/-zbXNhw2BJYMyrBT9nnCwoLAJ0s. >>>> >>>> >>> IMO this effort to avoid 2 containers is not well thought out. >>> Some concerns: >>> >>> 1) modularity >>> placing the monitoring objects within the configuration means the >>> monitoring >>> cannot be used on its own >>> >>> If it is one module with two top level augments (foo and foo-state) then >>> this problem still exists. Hence, please can you clarify why converging >>> them on a single root node means that monitoring cannot be used on it own? >>> Wouldn't a device need to use deviations in both cases to strip out the >>> config nodes that they are not supporting? >>> >>> >> Before the "rule" I can choose to place monitoring in its own module >> without any reliance on other modules. If the monitoring does not >> share indexing, what value is there in putting it in the config tree? >> I see none except a poor attempt at model classification. > > Sometimes it may indeed make sense to keep configuration and state data > schemas in different modules. For instance, it may be useful (or even > necessary) to have common configuration but different state data for > different implementations, e.g. when devices use vastly different > internal architectures. > > One example are packet filters: while it may be possible to have a > common configuration for Linux nftables and Cisco ACLs, monitoring or > debugging either implementation requires access to what the system is > doing under the hood, i.e. system-specific state data and counters. > > Lada > >> >> >> >>> >>> >>> 2) access control >>> placing the monitoring data within configuration means the >>> monitoring-only clients >>> need write permission turned on for the nodes they can access for >>> read-only >>> This relies on granular and complex NACM rules which require regular >>> maintenance. >>> >>> Again, I don't quite follow this, in the specific example that I have >>> regarding putting a RIB under a config true NP container, I would have >>> thought that NACM read access would have been sufficient for a >>> monitoring-only client. Is that not the case? >>> >> >> >> If the monitoring is rooting under config=true nodes, then those config=true >> nodes need to be created somehow. A client with write access is probably >> required. >> >> >> >>> >>> >>> 3) YANG conformance >>> placing the monitoring data inside the configuration means the >>> configuration >>> will be required for conformance; it is not likely to be just 1 NP >>> container. >>> >>> Similar to my response to the first question, I thought that conformance >>> was done on a per module base, not a per sub-tree basis. So even if you >>> have top level 'foo' and 'foo-state' as part of the same module don't you >>> run into the same conformance problem? >>> >>> >>> >> Much easier to solve the conformance since /foo-state does not need any >> objects from /foo >> to exist first. Creating the /foo container means that all config=true >> requirements for >> that container must be implemented (or complex deviations used) >> >> >>> >>> 4) pointless; >>> given that new RPC operations are needed to access applied config, the >>> only data not >>> affected (and moved under the config container anyway) is stuff that >>> does not share >>> the same indexing, or counters which are not part of the opstate >>> problem. >>> >>> Sorry, I don't really follow this one. The original opstate draft put >>> forward by OpenConfig was asking for both applied-configuration and derived >>> state (e.g. statistics and other state) to be co-located under the same >>> structures. The original discussions focused on applied configuration, but >>> when this was being discussed more recently the desire for a solution to >>> the co-located derived state was also discussed - which is why both >>> draft-schoenw-netmod-revised-datastores-01 and >>> draft-wilton-netmod-refined-datastores-01 propose solutions to this >>> problem. >>> >> >> >>> There are also benefits to merging this data: >>> >>> 1) Having co-located config and state data means that clients can easily >>> request config and state for a related object in a single request >>> 1b) Having co-located config and state makes it easier for clients to code >>> - they don't need to unify data across two (potentially different >>> structures/indexes). >>> 1c) Having a single structure, means less copying of the same organization >>> structure into both config and state sub trees (which could be a source of >>> bugs) >>> >>> 2) Having a single root makes schema mount work more nicely, it avoids a >>> duplicate hierarchy. >>> >>> 3) Finally, I also agree with Kent, in that merging these makes the models >>> easier to read and removes a historical wart. >>> >>> >> >> I don't agree with any of these "benefits". >> The protocol can be made to solve these problems. (1) is already solved. >> (1b) is pure speculation about implementation cost. >> (1c) also makes subjective implementation assumptions >> The new problems that are raised just make YANG worse and full of CLRs >> that confuse people trying to learn YANG. >> >> >> >> >>> Thanks, >>> Rob >>> >>> >>> >> Andy >> >> >>> >>> >>> >>> Andy >>> >>> >>> Hint: the first few edits are just nits...skip over the first few >>>> paragraphs until you start seeing large blocks of changed lines... >>>> >>>> Kent // as a contributor >>>> >>>> >>>> >>>> _______________________________________________ >>>> netmod mailing list >>>> netmod@ietf.org >>>> https://www.ietf.org/mailman/listinfo/netmod >>>> >>> >>> >>> > > -- > Ladislav Lhotka, CZ.NIC Labs > PGP Key ID: E74E8C0C > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod -- Ladislav Lhotka, CZ.NIC Labs PGP Key ID: E74E8C0C
- [netmod] OpsState Direction Impact on Recommended… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Rob Shakir
- Re: [netmod] OpsState and Schema-Mount Robert Wilton
- Re: [netmod] OpsState and Schema-Mount Ladislav Lhotka
- Re: [netmod] OpsState and Schema-Mount Alex Campbell
- Re: [netmod] OpsState and Schema-Mount Ladislav Lhotka
- Re: [netmod] OpsState and Schema-Mount Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Juergen Schoenwaelder
- Re: [netmod] OpsState and Schema-Mount Kent Watsen
- Re: [netmod] OpsState and Schema-Mount Andy Bierman
- Re: [netmod] OpsState and Schema-Mount Kent Watsen
- Re: [netmod] OpsState and Schema-Mount Ladislav Lhotka
- Re: [netmod] OpsState and Schema-Mount Andy Bierman
- Re: [netmod] OpsState and Schema-Mount Juergen Schoenwaelder
- Re: [netmod] OpsState and Schema-Mount Robert Wilton
- Re: [netmod] OpsState and Schema-Mount Robert Wilton
- Re: [netmod] OpsState and Schema-Mount Ladislav Lhotka
- Re: [netmod] OpsState and Schema-Mount Kent Watsen
- Re: [netmod] OpsState and Schema-Mount Andy Bierman
- Re: [netmod] OpsState and Schema-Mount Andy Bierman
- Re: [netmod] OpsState and Schema-Mount Kent Watsen
- Re: [netmod] OpsState and Schema-Mount Acee Lindem (acee)
- Re: [netmod] OpsState and Schema-Mount Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Kent Watsen
- Re: [netmod] OpsState and Schema-Mount Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Juergen Schoenwaelder
- Re: [netmod] OpsState Direction Impact on Recomme… Kent Watsen
- Re: [netmod] OpsState and Schema-Mount Robert Wilton
- Re: [netmod] OpsState and Schema-Mount Ladislav Lhotka
- Re: [netmod] OpsState Direction Impact on Recomme… Balazs Lengyel
- [netmod] OpsState and Schema-Mount Balazs Lengyel
- Re: [netmod] OpsState Direction Impact on Recomme… Balazs Lengyel
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Kent Watsen
- Re: [netmod] OpsState Direction Impact on Recomme… Juergen Schoenwaelder
- [netmod] Corollary to [OpsState Direction Impact … Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Lou Berger
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Ladislav Lhotka
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Ladislav Lhotka
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Ladislav Lhotka
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Ladislav Lhotka
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Kent Watsen
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Mahesh Jethanandani
- Re: [netmod] OpsState Direction Impact on Recomme… Xufeng Liu
- Re: [netmod] OpsState Direction Impact on Recomme… thomas nadeau
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Kent Watsen
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Kent Watsen
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Kent Watsen
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Alex Campbell
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Rob Shakir
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Juergen Schoenwaelder
- Re: [netmod] OpsState Direction Impact on Recomme… Lou Berger
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Acee Lindem (acee)
- Re: [netmod] OpsState Direction Impact on Recomme… Lou Berger
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman
- Re: [netmod] OpsState Direction Impact on Recomme… Robert Wilton
- Re: [netmod] OpsState Direction Impact on Recomme… Andy Bierman