IETF Logo Mail Archive

Re: [netmod] system configuration sync mechanism

Andy Bierman <andy@yumaworks.com> Mon, 16 August 2021 19:21 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF5E03A088F for <netmod@ietfa.amsl.com>; Mon, 16 Aug 2021 12:21:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L0hLr5_jX1sz for <netmod@ietfa.amsl.com>; Mon, 16 Aug 2021 12:20:55 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA0603A0898 for <netmod@ietf.org>; Mon, 16 Aug 2021 12:20:54 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id y7so28922278ljp.3 for <netmod@ietf.org>; Mon, 16 Aug 2021 12:20:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vZobQo4riFiEnR9y7MU/7wvrLYl/ONOfUxABA3UySXI=; b=bmuZV/STrD+ZEp7lq1xf83ozXpROq+WNgQwzwqzoGprxtVzsIRkXQVOcgNnx5OADVP V9bUTm6lRZsafTnuGFrlofho921ktdFkMuLM5DlVt8QxTyS8cwIdrUXyCexQPwsA0m5c M838ukGrH4xxCa50/1f45JJT5a2iqptOuO836JT/JgAMKqv1AnJxzytUU92Mfvv3rCNr yJFTPCyw2ulM8ZD8dC9zlKIm+Agb9M8P0K/Se2twpgJ9O2v6sLYDMv2wDLfJKyaaL/Ya /9J2mIbMfkA94wvJu88I5bVDu+5/3AmlCOxeAPc2xS66usaRihuHn8bRr0BvuXg4lEg6 YB8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vZobQo4riFiEnR9y7MU/7wvrLYl/ONOfUxABA3UySXI=; b=GOmA5gDu3q8Pkr5U+BB/e3Dz76KLcdFC6LTZ1nfoloVjTslVLpFHmCN6vx+uExP3Kh f0CYG4+HT/p8+eS46sP+1zjt0oQdSzgh39KG59KI2x4iHv9yn8Crua9nw9gOsHCR3m1H lEa374RQIPQzL2ZTOcrY5cNA2SNYTdY7peruHpG8j+U1TaO7vYVOOt0/AC3415PG4zaZ ObTnOvzeD8CZS6mrx1Ya2ksn0Rd+gtRc3SjqYeTvzDlCzO7u7yALT7QPY/UQqBu/g3mC cBuooyFXT6+Uchnv6jAfBjbG/PudKbg9kwhXRTSx3bQTzSxzmU0DBWuUpRv/UBDXMza6 WTjw==
X-Gm-Message-State: AOAM5332v3MKD8Qd8JtofJByv5PN2OfbhGvN43n+OI7Psx+9VZsS7QVh V5FnTx6I1KbgPcH01Td46WWE4DiHoHbUb3G9FoML1NBTMoARnotE
X-Google-Smtp-Source: ABdhPJw+MN9iF3RRrV/3kFwgVf7+Jvfpw5MwZY6v0NvVSuCxLDyIzF1PAxXo+WKVhQema7YoHzXd2Za62QpX+tDzPGY=
X-Received: by 2002:a2e:954b:: with SMTP id t11mr139732ljh.105.1629141652092; Mon, 16 Aug 2021 12:20:52 -0700 (PDT)
MIME-Version: 1.0
References: <CABCOCHR+E7uh5EOxXaMaFEBb-Oi0U_4G41Z=Jwk3mUAcodnAPg@mail.gmail.com> <0100017b1128b30f-fe4c9258-3392-476a-ae21-604d2a80f523-000000@email.amazonses.com> <20210804133956.p73si5f63t4esmcj@anna.jacobs.jacobs-university.de> <CABCOCHSmHOQnSXwfHVr8p=2Xx8ERThtAtVk8iWgYObqNuqfo4Q@mail.gmail.com> <BN7PR08MB50739BBC55241126003EBC399BF69@BN7PR08MB5073.namprd08.prod.outlook.com> <CABCOCHQQHtSP47HVPu3+KXi1wK0qwfTh-Sw5z=9pF47RjsqByw@mail.gmail.com> <DM6PR08MB5084455E315E53F63BF7C9D29BFA9@DM6PR08MB5084.namprd08.prod.outlook.com> <CABCOCHSeERgZE-F6TuSG06RnRvuwCXamy_FrydpEJpeksOuwfA@mail.gmail.com> <0100017b4b5c7621-4fc7fabb-b0f2-4169-a499-12ed91ec1241-000000@email.amazonses.com>
In-Reply-To: <0100017b4b5c7621-4fc7fabb-b0f2-4169-a499-12ed91ec1241-000000@email.amazonses.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Mon, 16 Aug 2021 12:20:41 -0700
Message-ID: <CABCOCHTTi0SMeai8CWrvNfWJvsEqY8RSdWD+QgYDL0zCLTNi0w@mail.gmail.com>
To: Kent Watsen <kent+ietf@watsen.net>
Cc: "Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com>, "netmod@ietf.org" <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000764b0305c9b219f0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/TRWaNbGnnhnwZNbwg9nK28KNmN8>
Subject: Re: [netmod] system configuration sync mechanism
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 19:21:01 -0000

On Sun, Aug 15, 2021 at 12:49 PM Kent Watsen <kent+ietf@watsen.net> wrote:

>
> It was a different email I think proposing extensions instead of a
> datastore.
>
>
> This email:
> https://mailarchive.ietf.org/arch/msg/netmod/SHRPSxHIDxsfF2t0GXXiyFHOnGw/
>
>

What is the purpose of system-configuration

Use-case A)    The system sets some values because it knows what they shall
be. In this case the client must not be allowed to modify these values. We
want to check configuration data against these values.  E.g., AcmeHomeRouter
has 5 interfaces called eth0, eth1, eth,2, eth3 and WAN. The client should
not try to add or remove interfaces to this set.

Use-case B)    The system provides initial values for something that can be
configured in many ways. In this case the client is free to modify the
system-defined values. E.g., an initial set of NACM rules is provided. In
this case any constraints based on the system data are very weak, as the
user can change the system-data itself.

It is possible to support these use-cases with access-control conventions.

I re-read RFC 8808 and 8342 again.
IMO this draft overlaps the factory-default datastore.
Unfortunately, RFC 8808 does not document NMDA, Appendix A3 details
https://datatracker.ietf.org/doc/html/rfc8342#appendix-A.3

It does not say if <factory-default> datastore feeds into <running> or into
<intended>.
It is not clear how <system> would interact with other datastores.
It is not clear why it is even needed since <factory-default> contains only
system settings.


K.
>
>
Andy

v2.23.0 | Report a Bug | By Email