Re: [netmod] [Netconf] Alternative YANG library structure for 7895bis

Robert Wilton <> Mon, 11 December 2017 16:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AB553127076; Mon, 11 Dec 2017 08:37:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xnDfXUiRcVYD; Mon, 11 Dec 2017 08:37:49 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 171C4126DEE; Mon, 11 Dec 2017 08:37:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=8553; q=dns/txt; s=iport; t=1513010269; x=1514219869; h=subject:to:references:from:message-id:date:mime-version: in-reply-to:content-transfer-encoding; bh=EsV8cq/hoXqt4q6VEFBpss8vZiaijQw+q7bp/fcErjc=; b=fqX1xTJzSSAXPfsGEO2MtyFksMApT/X1B8GYl8smjFHYq6QQoSEDfTcE TL6VdEuOYnS9H09mdX5c9ANKUmY5SA4nhbYcplZuQ7Lh67yP61EXF0jzz zC68onknSnMNspA4GAN2QOB7VC9jTsTkgYvlcxQ9g8YCTsFU/nn4uILG0 s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.45,392,1508803200"; d="scan'208";a="785658"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Dec 2017 16:37:47 +0000
Received: from [] ( []) by (8.14.5/8.14.5) with ESMTP id vBBGbkaA028335; Mon, 11 Dec 2017 16:37:46 GMT
To: Vladimir Vassilev <>, "" <>, Netconf <>
References: <> <> <> <> <20171208150614.axuynu4atpg7aaj2@elstar.local> <> <20171208153442.roomf7rhixtckrfk@elstar.local> <> <> <> <> <> <>
From: Robert Wilton <>
Message-ID: <>
Date: Mon, 11 Dec 2017 16:37:46 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [netmod] [Netconf] Alternative YANG library structure for 7895bis
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Dec 2017 16:37:51 -0000

On 11/12/2017 15:53, Vladimir Vassilev wrote:
> On 12/11/2017 12:16 PM, Robert Wilton wrote:
>> Hi Vladimir,
>> On 09/12/2017 11:49, Vladimir Vassilev wrote:
>>> On 12/08/2017 07:01 PM, Andy Bierman wrote:
>>>> Hi,
>>>> A library per datastore sounds too complicated.
>>> I am not proposing that.
>> I'm slightly lost, because I thought that was exactly what you were 
>> proposing! ;-)
> I propose a solution that keeps ietf-yang-library a data model of a 
> single YANG context specification doing the datastore specific 
> modeling in ietf-datastores model instead. The solution can be both 
> flexible (independent yang-library data instances per datastore as my 
> example was focused on) or constrained ('not-implemented-in' modules 
> leaf-list). Here is everything that is needed:
> module: ietf-datastores
>     +--ro datastores-state
>        +--ro datastore* [name]
>        +--ro (model)?
>           +--:(same-as-operational)
>           +--:(constrained-to-operational)
>           |  +--ro not-implemented-in*       -> 
> /yanglib:module-state/module/name
>           +--:(unconstrained)
>              +--ro yang-library-datastore?   identityref
> ...
> container datastores-state {
>     config false;
>     list datastore {
>       key name;
>     }
>     choice model {
>         case same-as-operational {
>         }
>         case constrained-to-operational {
>           leaf-list not-implemented-in {
>             type leafref {
>               path "/yanglib:module-state/yanglib:module/yanglib:name";
>             }
>           }
>         }
>         case unconstrained {
>           leaf yang-library-datastore {
>             type identityref {
>               base ds:datastore;
>           }
>         }
>       }
>     }
>   }
> ...
> IMO ietf-yang-library as defined in rfc7895 is modular and reusable. I 
> do not see why this has to be compromised.

But a major version change to YANG library is happening here.

In rfc7895, if a module is implemented then it is implemented in all 
configuration datastores, and <operational> doesn't exist.

Alas, that is not what is required for NMDA, it needs different 
semantics with more granularity.  You cannot achieve this without 
changing the meaning of the existing YANG library data nodes, which will 
break clients.

>>> The fundamental point proposed is that the datastore relevant bits 
>>> are kept in the ietf-datastores module instead of merging everything 
>>> in a new ietf-yang-library entangled monster module. If needed 
>>> ietf-datastores can augment ietf-yang-library but ietf-yang-library 
>>> should be usable on its own without ietf-datastores. The solution is 
>>> coherent and modular and addresses the problem statement.
>> The issue with this is that datastore augmentations to YANG library 
>> would end up changing the meaning of the existing YANG library 
>> nodes.  E.g. an old client that ignores the datastore augmentations 
>> is going to get a nasty surprise when the server does not behave how 
>> it expects.  E.g. because the configuration node that it thinks 
>> should be there isn't there because it only supported in <operational>.
>> This was one of the reasons for changing YANG library.
> A well written client that finds out unsupported newer versions of 
> ietf-yang-library (which is reported in the capabilities) or any of 
> the NMDA modules is deployed should not do any damage. How exactly did 
> you solve the problem for the bad clients by changing the structure of 
> yang-library in a incompatible way is something I do not understand.

Servers have a choice:
If a server just wants to supports pre NMDA models + RPCs then it would 
use rfc7895.
If a server only wants to support post NMDA models + RPCs + clients, 
then it can use the new YANG library (and not implement the 
modules-state container).

If a server wants to support old and new clients then there are few choices:
(1) Use configuration to control which mode the server is running in.
(2) Run separate copies of the mgmt protocols on separate port numbers.
(3) Implement the NMDA models, and then publish the schema of 
<operational>, or perhaps <running>, in the modules-state container.  
Pre NMDA clients, using <get> would probably not see all system 
information.  This approach starts to have issues if there are 
differences between what is configurable and what is in operational.

>> In terms of the idea of just re-using YANG library but export a 
>> separate copy for each datastore I think that this has its own problems:
>> - I don't like the idea of returning meta-data along with 
>> configuration for a <get-data> on any of the configuration datastores.
> There is no meta data. The datastores contain only the config false; 
> /modules-state tree. I think I explained that very clearly.

YANG library doesn't represent regular server operational data, but 
instead it is meta-data about the server instance, which is why it is 
allowed to differ between NETCONF and RESTCONF (which I don't really like).

Yes, you explained returning /modules-state from candidate, running, 
intended, i2rs, etc.  Unfortunately I really dislike this approach 
because it feels like a backwards step where we have trying to get a 
clean split between configuration and state.   Hence defining a 
<get-server-metadata> RPC would be a better choice.

>> - How does a client know whether the YANG library for <running> 
>> applies to the whole server (as it does today) vs just applies to the 
>> <running> datastore (as it would for an NMDA server)?
> All datastore models are "case same-as-operational" for such systems.

This isn't about how the server implements it, but instead my concern is 
about how the client interacts with it.

I appreciate that it avoids a client having to parse a new YANG library, 
but more concerning for me is that the existing YANG clients will not 
see the behavior that they expect, and rather than failing, they will 
work in an unknown degraded fashion.

>> - It requires more handshaking between the client and server to get 
>> the schema, since a separate request would be required for each 
>> datastore that is supported.
> Correct. Flexibility and modularity come at a price. IMO modularity is 
> more important in this case. And there are solutions for the problem 
> e.g. send all <get-data> requests before waiting for replies. NETCONF 
> supports this.

I perceive that your argument is less about modularity, and instead it 
seems to be more centered around not making any changes to the structure 
of the existing YANG library.

>> So, for me, I think that the only way that this solution works, would 
>> be to define a new <get-server-metadata> RPC, but even then I think 
>> that it would make sense to combine the data together into a new YANG 
>> library structure.
> As I said my focus is on keeping ietf-yang-library modular (single 
> YANG model context). <get-server-metadata> or just adding datastore 
> identities allowing the client to use <get-data> to achieve the 
> retrieval of the data is of little importance to me.
This seems to be a complex approach, introducing new protocol semantics, 
or overloading operations, to avoid revising an existing module structure.

I don't think the new proposed YANG library structures are less modular, 
in fact, I would argue that some of the approaches are designed to make 
the structure more modular and reusable (e.g. by having named schema).


>> At the end of the day, I don't think that a new YANG library is going 
>> to be were the real cost for supporting NMDA comes from. I think that 
>> the real work is supporting <operational> independently from 
>> <running> both in the client and servers. But I also think that once 
>> servers start implementing this properly that it will simplify 
>> automation, because rather than a client having to guess what state a 
>> server is in, it can actually querey, or be notified of it, without 
>> having to write a lot of model specific code.
> +1
> Vladimir
>> Thanks,
>> Rob