IETF Logo Mail Archive

Re: [netmod] YANG 1.1 issue: enabled leaf design pattern

Andy Bierman <andy@yumaworks.com> Sun, 04 May 2014 17:17 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C03371A00D5 for <netmod@ietfa.amsl.com>; Sun, 4 May 2014 10:17:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x7HCG6g5Ricb for <netmod@ietfa.amsl.com>; Sun, 4 May 2014 10:17:00 -0700 (PDT)
Received: from mail-qg0-f49.google.com (mail-qg0-f49.google.com [209.85.192.49]) by ietfa.amsl.com (Postfix) with ESMTP id D9B621A0179 for <netmod@ietf.org>; Sun, 4 May 2014 10:16:59 -0700 (PDT)
Received: by mail-qg0-f49.google.com with SMTP id a108so222379qge.22 for <netmod@ietf.org>; Sun, 04 May 2014 10:16:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=AU5P9tN+OARDRIHE2/ySf8EHcqy62p9F4LI5U9UKhfA=; b=iUXuJ5Wp/o0DDwoxG9LEB6LAvoXHJSO1daz9b/5Exv6a6BRQ+frANg+5JDTlwu/38d +QbkT2FgUO4FXGNVNcCpTzy9pAWVIvSs2aCbNrQoeYRrK4G0zSu5jb0CKS4jCJxxz0av GkBO70V6jVn54WF5cqcgfdB6y5GJ6cKzVhuwf4LbpgUlqZ1GKLv407w2PeWMz+nADQ+u ZynMNkL4gpRbQU8SdOIVKilQMDpJ9lSUSChHgHMQZBTP0BnGKVv14uRjOobq8V11uslc GrXYamXcUoe6nBcdePTL/lZA93zpoNW1+FaErOSL2JZG+Ra5SApg4sjbfwCLxTYEFFKu 94tA==
X-Gm-Message-State: ALoCoQnRv5/GyU4XjGtDup57R3yKDUDh0JbFIeyfpJaj3A7B5VmIHRz7zJ0bql++sPYaa1qMcvr5
MIME-Version: 1.0
X-Received: by 10.140.27.212 with SMTP id 78mr35872847qgx.18.1399223816640; Sun, 04 May 2014 10:16:56 -0700 (PDT)
Received: by 10.140.104.14 with HTTP; Sun, 4 May 2014 10:16:56 -0700 (PDT)
In-Reply-To: <1D1A1E83-05E3-4449-B8F7-BEFFC716C45B@nic.cz>
References: <CABCOCHR_Kf2a9mD_rZ-mkw5NGob9Rp_pdSaQ0k40ER2aN56LLA@mail.gmail.com> <F17C1196-D388-4370-B9F1-0B6870A06C9A@nic.cz> <CABCOCHQS8q3FXN7SwWgU9nrxLWA7gdA=Hj+vEnctFi1hv8f5LA@mail.gmail.com> <9429DA92-078C-4F7D-9795-AF7D43B79142@nic.cz> <CABCOCHQR_QvmV7QJbVoG+=F_xroU=XcAn3xDwOjfZ-jcR89WFg@mail.gmail.com> <1D1A1E83-05E3-4449-B8F7-BEFFC716C45B@nic.cz>
Date: Sun, 04 May 2014 10:16:56 -0700
Message-ID: <CABCOCHRve4=mcxoADFzwDiWo-3S35pvFSqjKE65ArPbMcn0LnQ@mail.gmail.com>
From: Andy Bierman <andy@yumaworks.com>
To: Ladislav Lhotka <lhotka@nic.cz>
Content-Type: multipart/alternative; boundary="001a11c14d668d6fa204f8962e8c"
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/S_fQs0A3WG1yAKVybieWLFJgRpQ
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] YANG 1.1 issue: enabled leaf design pattern
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2014 17:17:03 -0000

On Sun, May 4, 2014 at 2:45 AM, Ladislav Lhotka <lhotka@nic.cz> wrote:

>
> On 04 May 2014, at 10:33, Andy Bierman <andy@yumaworks.com> wrote:
>
> >
> >
> >
> > On Sun, May 4, 2014 at 12:40 AM, Ladislav Lhotka <lhotka@nic.cz> wrote:
> >
> > On 03 May 2014, at 21:31, Andy Bierman <andy@yumaworks.com> wrote:
> >
> > >
> > >
> > >
> > > On Sat, May 3, 2014 at 11:50 AM, Ladislav Lhotka <lhotka@nic.cz>
> wrote:
> > >
> > > On 03 May 2014, at 18:42, Andy Bierman <andy@yumaworks.com> wrote:
> > >
> > > > Hi,
> > > >
> > > > Problem:
> > > >
> > > > The use of a leaf in the data model (such as the
> /interfaces/interface/enabled
> > > > leaf in the ietf-interfaces module) does not account for YANG
> validation rules
> > > > for many statements that can reference the disabled subtree from
> outside
> > > > of that subtree:
> > > >
> > > >     - must
> > > >     - when
> > > >     - unique
> > > >     - min-elements
> > > >     - max-elements
> > > >     - leafref (valid instances)
> > > >     - choices (disabled case is still the active case, so no other
> can be used)
> > >
> > > In my view, an "enabled false" leaf *operationally* disables a
> particular instance or function. For all other purposes related to
> datastore validation, the value of the enabled leaf doesn't matter. In
> other words, "enabled false" is not the same as commenting out the
> corresponding instance in the configuration.
> > >
> > >
> > > OK -- they may be different, but the enabled leaf is ad-hoc,
> > > and YANG designers must know about this leaf.  Adding or removing
> > > this leaf could break other YANG statements.
> > >
> > > E,g,
> > >
> > >
> > >    leaf active-foo-interface {
> > >        type  if:interface-ref;
> > >        mandatory true;
> > >    }
> > >
> > >
> > > By YANG validation rules, the  leafref test for interface name
> > > will include all disabled interfaces.
> >
> > Yes.
> >
> > >
> > > Doesn't every object that uses the interface-ref typedef need
> > > to have a must-stmt making sure the enabled leaf is set,
> > > if they want to activate a service on only enabled interfaces?
> > >
> > > (Is this the must-stmt to use?)
> > >
> > >    leaf active-foo-interface {
> > >        type  if:interface-ref;
> > >        must "/if:interfaces/if:interface[if:name=current()]/enabled";
> > >        mandatory true;
> > >    }
> > >
> > > Don't all must/when/leafref validation statements that want only
> > > active interfaces need to be written this way?
> >
> > I don't think so. An operator may want to pre-configure an interface in
> the disabled state, set up all references to it etc., so that everything
> will be up and running after setting the single "enabled" leaf to true.
> >
> > I said "this is what has to be written to identity active interfaces"
> > and you respond "maybe they want to select disabled interfaces".
>
> It's up to the server to interpret the entire configuration, so if a
> service is enabled in configuration but it depends on an interface that is
> currently disabled, the server might keep that service operationally
> disabled as well.
>
> Section 6 in the routing draft deals with exactly these interactions.
>
> If this situation has to be avoided for some reason, then yes, a "must"
> statement can be used to enforce, e.g., that a leafref only refers to an
> enabled interface. I don't see it as a problem though.
>
> I think it is OK that the "enabled" leafs are ad hoc because their
> semantics may be specific, too.
>
>

This is the part I really don't like.
These mechanisms should not be ad-hoc and different for every module.
There should be a standard way to operationally enable/disable config
and a standard way to comment/uncomment config.

IMO, we are making a big mistake by not standardizing a solution like the
xpath1.0
typedef in ietf-yang-types.yang.  If there was a reusable type for this
leaf, then tools
could use that to identify the design pattern and handle the enable/disable
edits
within the validation engine and the system instrumentation.

Sometimes following the CLI too closely leads to bad API decisions


Andy



> That said, I am not against introducing the "inactive" attribute but, as I
> understand it, its meaning will be different.
>
> > The complex must/when statements will be required to select
> > active interfaces.  In my example, the active-foo-interface MUST
> > be active. The foo service does not work when it is configured to
> > use a disabled interface.  I suspect very few services function correctly
> > using disabled interfaces.
>
> My point is that even if a service looks like being enabled in
> configuration, it may not be the case because some dependencies are not met
> - and this can be anticipated, as in the routing data model.
>
> Lada
>
> >
> >
> > Lada
> >
> >
> > Andy
> >
> >
> > >
> > > I agree this notion of "operationally disabled" is not the
> > > same as commenting out.  I don't think N/Y properly supports
> > > either one.
> > >
> > >
> > >
> > > Lada
> > >
> > > Andy
> > >
> > >
> > > >
> > > > The behavior for all of these statements needs to be clarified
> > > > when disabled nodes are involved.
> > > >
> > > > The 'enabled' leaf is like SMIv2 RowStatus TC, except that
> > > > it is ad-hoc and used randomly. SMIv2 does not have any
> > > > validation statements that can be affected by a 'notInService' row,
> > > > so RowStatus is not broken in SNMP.
> > > >
> > > > Solution:
> > > >
> > > > YANG 1.1 must define a "metadata plane" that applies to
> > > > configuration datastores.  Global attributes that are specific
> > > > to configuration datastores (e.g. with-defaults) will be included
> > > > in the standard metadata library. It is expected that protocols
> > > > using YANG will define operations for reading and writing
> > > > global attributes.
> > > >
> > > > YANG 1.1 must define an "enabled" global attribute that must
> > > > be supported in all YANG 1.1 tools. The YANG validation rules
> > > > must be adjusted to properly account for disabled subtrees.
> > > >
> > > > Side issue: should 'enabled' leafs be removed when converting
> > > > a YANG 1.0 module to YANG 1.1?
> > > >
> > > >
> > > > Andy
> > > >
> > > > _______________________________________________
> > > > netmod mailing list
> > > > netmod@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/netmod
> > >
> > > --
> > > Ladislav Lhotka, CZ.NIC Labs
> > > PGP Key ID: E74E8C0C
> > >
> > >
> > >
> > >
> > >
> >
> > --
> > Ladislav Lhotka, CZ.NIC Labs
> > PGP Key ID: E74E8C0C
> >
> >
> >
> >
> >
>
> --
> Ladislav Lhotka, CZ.NIC Labs
> PGP Key ID: E74E8C0C
>
>
>
>
>

v2.23.0 | Report a Bug | By Email