Re: [netmod] AD review: draft-ietf-netmod-revised-datastores-08

Andy Bierman <andy@yumaworks.com> Mon, 08 January 2018 19:45 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9040126D46 for <netmod@ietfa.amsl.com>; Mon, 8 Jan 2018 11:45:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WduaGd4VInOc for <netmod@ietfa.amsl.com>; Mon, 8 Jan 2018 11:45:47 -0800 (PST)
Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77A5612426E for <netmod@ietf.org>; Mon, 8 Jan 2018 11:45:46 -0800 (PST)
Received: by mail-lf0-x22f.google.com with SMTP id c19so13350414lfg.3 for <netmod@ietf.org>; Mon, 08 Jan 2018 11:45:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=s6yQWm/QFChnT+MdlxNsy7NFczdyM+xUsBL820ap3dM=; b=LU+bF+KoGPZ5hgZbmXtX1MRnweyFc78NmGvXEhaTbSwcUidrmfK+UKaEShrGSgzHv6 VZmTLTRnkFy0Naw2NbgBmhHTbzj4ev2z/a4JrnlYwZHghUZNe3h72GzApLnehGzOgLDl rIvi2qjIaxMNqokYzzZZDbSBFVfhC0BP6Jb1sRK50cYbWs7weg71zVMmjNeklsmw6uSo NUuNgwbb3k7DwACU2gjArj4TjCY/kQ7E+0w/QqXB6hVhm7gsvwQoM+0TzbCD0KrIWW4+ YwT0gwl68nFcXHaq3PZcK7X/QSmAyGw0JKMsecZzSn0xXhCVdUAUZdI/q8ZoRygKRavx lEHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=s6yQWm/QFChnT+MdlxNsy7NFczdyM+xUsBL820ap3dM=; b=YKchRjcV9OyTfJP2R4nzVCpeBM2cfHL7/Ip4XCzHTUcgb+ohEn9JgGSx68bgx7pNar NFu7q/2YDOpWPsB5DDwW0Ma/KKjwI2C2N/pBJHnd4LcpEGaEQVNd2ZaNzVU5JuxARpFW pyJwYR4Cobc6ndlfBWaodriI6ZKX8Lps7vnGON2s3UGkzKz0woA8+bno5lNBBjVGZo2n LHleZOm+2vJ+Tv+L9Wt1siBXG2AbiusCscoMcjySxx2B1rfwYSeXiJvdhUE/twz6kvPV XiP5I37T3bzjsa+5YSSdAccFuVWqKYLdKMypEQfBTRVkr/fJT386YsxL3TJRPEWvLhrW 3+FA==
X-Gm-Message-State: AKGB3mIs6EwED0JtgDcyGrq2gfkzESVR0hn5mD2f6MW2nag9xaSkrKsh mFy5UkNfahndgsyqt1Ac/n5zG365g4x8LsW6yMfBJw==
X-Google-Smtp-Source: ACJfBosum5Mqaubv8cQ4w02JBnXABnycK2dvUoCUhDzg1QiMOxnV76RmwlMtD4hCsN9i8+/X34V3ILG90WVZT4r/toM=
X-Received: by 10.46.60.23 with SMTP id j23mr7139991lja.107.1515440744595; Mon, 08 Jan 2018 11:45:44 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.95.22 with HTTP; Mon, 8 Jan 2018 11:45:43 -0800 (PST)
In-Reply-To: <cf27d398-1883-c1ce-a54a-4644bac8a1dc@cisco.com>
References: <e2fd599f-7547-d2f7-d450-f67a3f409ae1@cisco.com> <fe856e5c-5760-9bb9-ace3-cec0cfb39278@cisco.com> <79d1baae-397d-883e-3bc0-e1c5f71fc4f8@transpacket.com> <64f59023-e000-18c4-8830-29ba6e9be7e9@cisco.com> <6e899e21-8931-b61c-3b73-6c8a8a1c912a@transpacket.com> <20171221132030.7zebh2xkhddmql3c@elstar.local> <e268a6b6-9024-be90-0225-3cd191185d97@transpacket.com> <20171221222742.izrmwpbiwgoc7col@elstar.local> <CABCOCHSULx3XjmWK8PjynJ-8Se3+cav9A7d7VeYLs2u5jppf=g@mail.gmail.com> <cf27d398-1883-c1ce-a54a-4644bac8a1dc@cisco.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Mon, 8 Jan 2018 11:45:43 -0800
Message-ID: <CABCOCHQCv8ih9uKFxmews_=3c_rX6fSAA=L8vtW91k-pMSHOEg@mail.gmail.com>
To: Robert Wilton <rwilton@cisco.com>
Cc: NETMOD Working Group <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="f4f5e807b0044298560562490ba7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/TtVhxb0cXis2qyoWQaxjUBdLwlY>
Subject: Re: [netmod] AD review: draft-ietf-netmod-revised-datastores-08
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2018 19:45:51 -0000

On Mon, Jan 8, 2018 at 5:55 AM, Robert Wilton <rwilton@cisco.com>; wrote:

> Hi Andy,
>
> Regarding your comment below, this intent is captured by this text
> describing the operational datastore in section 5.3:
>
>    <operational> SHOULD conform to any constraints specified in the data
>    model, but given the principal aim of returning "in use" values, it
>    is possible that constraints MAY be violated under some
>    circumstances, e.g., an abnormal value is "in use", the structure of
>    a list is being modified, or due to remnant configuration (see
>    Section 5.3.1).  Note, that deviations SHOULD be used when it is
>    known in advance that a device does not fully conform to the
>    <operational> schema.
>
>    Only semantic constraints MAY be violated, these are the YANG "when",
>    "must", "mandatory", "unique", "min-elements", and "max-elements"
>    statements; and the uniqueness of key values.
>
>    Syntactic constraints MUST NOT be violated, including hierarchical
>    organization, identifiers, and type-based constraints.  If a node in
>    <operational> does not meet the syntactic constraints then it MUST
>    NOT be returned, and some other mechanism should be used to flag the
>    error.
>
>
> Do you agree that this is sufficient?
>


Not really.
It does not address my concern, which is that NMDA is
removing the YANG constraints on config=false data nodes
for no apparent reason.

The server implementation requirements expressed in YANG constraints
are applicable to any data node, not just config=true data nodes.
The requirement to implement the ancestor nodes (with keys) does not change.
The requirement to conform to the YANG constraints defined within
config=false
data nodes does not change.

To do otherwise does not make sense.  E.g. "when" conditions that add
ethernet
counters only when the interface type is ethernetCsmacd. Why would it be OK
for
the server to ignore that when-stmt and add ethernet counters to every
interface?

IMO the text above can only apply to the operational values of config=true
nodes.


> Thanks,
> Rob
>


Andy


>
>
> On 21/12/2017 22:49, Andy Bierman wrote:
>
> Hi,
>
> It should be clear somehow that server requirements to provide
> config=false data
> that is valid according to the YANG definitions is not affected by NMDA.
> That is not being taken away.  The ability to validate operational values
> of configuration data has never been provided, and therefore is not being
> taken away either.
>
> A constraint on config=true nodes only applies to configuration datastores.
> These are the only constraints that should be ignored in <operational>.
> Constraints on config=false nodes still apply in <operational>.
>
>
> Andy
>
>
>
> On Thu, Dec 21, 2017 at 2:27 PM, Juergen Schoenwaelder <
> j.schoenwaelder@jacobs-university.de>; wrote:
>
>> On Thu, Dec 21, 2017 at 07:52:54PM +0100, Vladimir Vassilev wrote:
>> > On 12/21/2017 02:20 PM, Juergen Schoenwaelder wrote:
>> >
>> > > On Thu, Dec 21, 2017 at 02:03:45PM +0100, Vladimir Vassilev wrote:
>> > > > On 12/21/2017 11:34 AM, Robert Wilton wrote:
>> > > >
>> > > > > Hi Vladimir,
>> > > > >
>> > > > > First point of clarification is that this is not about
>> running/intended
>> > > > > at all.  The contents of running/intended do not change in anyway
>> > > > > depending on whether hardware is present or absent.
>> > > > >
>> > > > > The section is only concerned with how the configuration is
>> applied in
>> > > > > operational, and basically says that you cannot apply
>> configuration for
>> > > > > resources that are missing (which seems reasonable).  E.g. I
>> cannot
>> > > > > configure an IP address on a physical interface that isn't
>> there.  Or if
>> > > > > the physical interface gets removed then the configuration
>> associated
>> > > > > with that interface is also removed from operational.
>> > > > >
>> > > > > Operational isn't validated and data model constraints are
>> allowed to be
>> > > > > broken (ideally transiently).
>> > > > I want to focus on this. IMO giving up schema validitiy for any
>> datastore is
>> > > > unacceptable price. Pre-NMDA devices had full model support in
>> operational
>> > > > data (all YANG constrains part of the model without discrimination
>> were
>> > > > enforced).
>> > > There was a long debate about the value of returning the true
>> > > operational state. What do you do if the operational state is invalid?
>> > > A server can reject configuration changes if they lead to invalid
>> > > state, a server can not reject reality.
>> > IMO if the model can represent reality then data conforming to the model
>> > can. If not a better model is needed not a hack that breaks the
>> datastore
>> > conformance to the YANG model. I do not see how
>> > /interfaces/interface/oper-status=not-present was not representing the
>> > reality of a system with removed line card that is configured and ready
>> to
>> > resume operation as soon as the line card is reconnected.
>>
>> I assume this is all system and implementation specific. If your
>> system knows about interfaces that are not present (i.e., there is
>> operational state about them), you can report these interfaces.  But
>> 'is configured' is confusing here. I am not sure a line card that does
>> not exist should be considered configured. But yes, this may be system
>> specific. Anyway, draft-ietf-netmod-rfc7223bis-01.txt still has
>> oper-status 'not-present' - so this seems to be a mood point.
>>
>> > > > If this is about to change it will compromise interoperability
>> > > > and a significant portion of the client implementation workload
>> that can be
>> > > > automated will need to be coded in hand and tested. Unresolved
>> leafrefs,
>> > > > undefined behaviour of different implementations removing different
>> > > > configuration nodes in violation of YANG semantic constraints
>> (which I do
>> > > > not think can be so clearly separated from the syntactic
>> constraints when
>> > > > one considers types like leafref, instance-identifier etc.) and the
>> > > > corresponding side effects based on the server implementators own
>> creativity
>> > > > is eventually going to create more problems.
>> > > >
>> > > > 1. IMO the only acceptable solution is to have YANG valid
>> operational
>> > > > datastore at all times. operational like any other datastore MUST
>> be valid
>> > > > YANG data tree and it has to be a system implementation task to
>> consider all
>> > > > complications resulting from the removal of the resources leading
>> to any
>> > > > data transformations. If this is difficult or impossible other
>> mechanisms to
>> > > > flag missing resources should be used (e.g.
>> > > > /interfaces/interface/oper-status=not-present) This sounds like a
>> useful
>> > > > contract providing the value of a standard the alternative does not.
>> > > As said above, it is impossible to report valid operational state if
>> > > the operational state is not valid according to the models.
>> > >
>> > > > 2. Even with the change in 1. I do not see the removal of intended
>> > > > configuration nodes from operational as a solution worth
>> implementing on our
>> > > > servers. I do not see a real world plug-and-play scenario that can
>> be
>> > > > automatically solved without specific additions to the models e.g.
>> > > > /interfaces/interface/oper-status=not-present is oversimplified
>> solution but
>> > > > it needs to be extended exactly as much as the solution provided by
>> the
>> > > > removal of config true; nodes without the sacrifice of YANG
>> validity of
>> > > > operational.
>> > > Your thinking is likely wrong. <operational> reports the operational
>> > > state. It may have little in common with <intended>. Trying to derive
>> > > operational from intended is likely a not well working approach.
>> > The proposal for this solution ("derive operational from intended" e.g.
>> > merge /interfaces-state in /interfaces) comes from the revised
>> datastores
>> > draft not me.
>> >
>> > By definition config true; data represents intent. Reusing the model of
>> a
>> > config true; data to represent state absent of intent (e.g.
>> > /interfaces/interface with origin="or:system") is a hack. The hack works
>> > fine without compromising the conformance of operational to the YANG
>> model
>> > as long as certain conditions are met. I am pointing out that one of the
>> > conditions is to keep all of the intended configuration data present in
>> > 'operational' and handle missing resources with conventional means e.g.
>> > /interfaces/interface/oper-status=not-present instead of adding the
>> straw
>> > that breaks the camel's back.
>>
>> I fail to see why you believe all objects that appear in intended
>> configuration needs to exist in applied configuration. In fact,
>> operators told us very clearly that they care about the distinction
>> between intended and applied config.
>>
>> > > > 3. Solutions like /interfaces/interface/admin-state stop working.
>> With the
>> > > > interface removed you can no longer figure if the if-mib has or
>> does not
>> > > > have the interface enabled so an operator has to use SNMP or wait
>> for a
>> > > > replacement line card to be connected to figure this bit of
>> information.
>> > > At least on my boxes, if I remove a line card, the interface also
>> > > disappears in SNMP tables. Stuff that is operationally not present is
>> > > simply operationally not present.
>> > >
>> > > > My
>> > > > interpretation of the MAY as requirement level in sec. 5.3. The
>> Operational
>> > > > State Datastore (<operational>) is that plug-and-play solutions can
>> be
>> > > > implemented without this limited approach that has the same problem
>> as the
>> > > > pre-NMDA only now we have to have /interfaces-state to keep config
>> false;
>> > > > data relevant to hardware that is configured but not present:
>> > > >
>> > > >     configuration data nodes supported in a configuration datastore
>> > > >     MAY be omitted from <operational> if a server is not able to
>> > > >     accurately report them.
>> > > >
>> > > > I realize this discussion comes late. I have stated my objections
>> to this
>> > > > particular part of the NMDA draft earlier.
>> > > I believe there is a conceptual misunderstanding. I think there never
>> > > was a requirement that a server reports the state of hardware that is
>> > > not present.
>> > "Data relevant to hardware that is configured but not present" is
>> different
>> > from "state of hardware that is not present". For example information
>> > indicating when the line card became unavailable, what was the reason,
>> or
>> > other information like how many packets that had this interface as
>> egress
>> > destination are being dropped as a result of the removal.
>>
>> I think that systems handle non-existing interfaces differently. It
>> seems that ietf-interfaces is flexible enough to accomodate the
>> differnet styles.
>>
>> /js
>>
>> --
>> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
>> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
>> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
>>
>> _______________________________________________
>> netmod mailing list
>> netmod@ietf.org
>> https://www.ietf.org/mailman/listinfo/netmod
>>
>
>
>
> _______________________________________________
> netmod mailing listnetmod@ietf.orghttps://www.ietf.org/mailman/listinfo/netmod
>
>
>