[netmod] Review of draft-ma-netmod-immutable-flag-00
Balázs Lengyel <balazs.lengyel@ericsson.com> Wed, 23 March 2022 19:23 UTC
Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AD693A07DE for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 12:23:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Qs0AhDfYeeH for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 12:23:16 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0627.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::627]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C7773A07D6 for <netmod@ietf.org>; Wed, 23 Mar 2022 12:23:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PFc4K8I2LzRlAdFCgMNVMQuI1vklYbuUN2zyXCwveuBdb4uP6Fl4F14KDotLmc+1RTdYwuEHiPidT8dt0lyVqnFNsSBesj9/2H/8e8Lu1W9oJOYNMXFeKpayxEv+mVWDXJWvc0FyWpMWJ9wfM/XJxAtnHv2apthuoVlXJzEvuQX8SlIQFuUH9+vH+fwPh0JDAammBpI27OX9q3MskVTWRLvF5z8y1no8n4+WUpZ8cNpogwWEzI0evXDBvNL66NlgoXFfKjgmzmzCpM3EQKXv47aXv+PqseU5FIqJwyOGN1NDeF7a1+Nm03zSpy31/hVMFiJehwbqwrvvbu8LPKU0+w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v9ZNagvaGgBXMopgd5GTnLms+IViLFWsXDoYTzGzK7s=; b=lwkzKRE0O4N/phShjgWypQRoTypBe84FZ8+0wP5n6hb6DSGGxawtfzvMcShipNn/iNb5nePxSSApSHaKsDWsGsCugVNf/uCwAGnK0chZ2mw9THknPX0dFV7TS+D/YyiA6Vk43j7xfkfVzsqllhxsSleCgF/MjW8ScKTN8mS0B4sop+DV0Rcyem7PT9/LDKkD27w68x80cr4DPeS29b7V3IJsinc94qrkiZ18p+QhxFj3YquONvAj7irByj4uuwxzVZcqnQZJV0wRzIsPWEA1Um2IfBkxQT/ciSX0jPJ82QSoMuVPN0HiB+hjt5eJByWU4PbF05Q8XRjxwuX/THVHAg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v9ZNagvaGgBXMopgd5GTnLms+IViLFWsXDoYTzGzK7s=; b=H7dY1erLIREskQqELK/bEvG2smLz6sgvaWTglvqHrmMk5Y17nl8/41quWv2DyL/UA/xnfvrOaNv9XtYmXsqQPTODINz19kb/ZekA7vy/5i8lnfeuIMx9COzQ7tB3/P+RbPSI2YR0ZkheHkXPey5FYHHlTkeiDW0P/xnoKZxOTiQ=
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com (2603:10a6:800:6b::18) by AM0PR07MB3988.eurprd07.prod.outlook.com (2603:10a6:208:42::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.11; Wed, 23 Mar 2022 19:23:11 +0000
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::c540:395c:7164:f9d2]) by VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::c540:395c:7164:f9d2%6]) with mapi id 15.20.5102.016; Wed, 23 Mar 2022 19:23:11 +0000
From: Balázs Lengyel <balazs.lengyel@ericsson.com>
To: "'netmod@ietf.org'" <netmod@ietf.org>
Thread-Topic: Review of draft-ma-netmod-immutable-flag-00
Thread-Index: Adg+5o5LUFpy281uRpeA3m7BQ7wwjg==
Date: Wed, 23 Mar 2022 19:23:11 +0000
Message-ID: <VI1PR0701MB2351E62F3090536AEAB993DBF0189@VI1PR0701MB2351.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 753049e6-c120-4c85-41ce-08da0d0291da
x-ms-traffictypediagnostic: AM0PR07MB3988:EE_
x-microsoft-antispam-prvs: <AM0PR07MB39886437BC2DA142A6257207F0189@AM0PR07MB3988.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: aWoRgNjBIvRxtUW3clmWSZgY3kQb591oM7DLM7dbrV3I1o0yIKJCHX6adZD/4iT4LSdnJkCGrB2XOemQ7DS/NlSGknmVM/JiofCBGmmTXQPp7zc0oRa4nv8bc0gIzeZbhh5mZTtKXC5Ut0Na/exM6dH00mrH64k850Uc81kdEgKwd+otOtpcfRSGp9SErzujuvDqL1Zp1ozmCdl4TNOBf3PnojjgrzPU9WbvAODk16LlFawFjo17pbi58HmYnYNmoajsApWDfElhDZXCsOsdWCTdzytbuvg4Rpu01J1x8lOLxrvjVIeL7PzEpOYdHANisDl55AjUWkdlOmXKfCXlwHKo34LjtOQ5JaHDuf5U0icZQWKfCrn6ZpSODVAzRn8VGF821H8cVBr3tbW1LeeCosYrVZu84PHmPjtPbIJmAbBHyaSVDmKfkfh5C5DfuSKHg8UAMAQpyOb40f4uvsxI0WUuwKA69MjBbac0i3lSDgOoNLHJIqJehoBnusz/ettQ472VypPtJiuJYLko2dYC8vOkqRH2hUet1c35TI0T0LXWMW0Y6pzcc8w1AQ3QBJULR258sUl+ZtEMFM1R0MacpV/RzF4pIjBjuf18aKH95/mHpuq7ONQEh/64WYnYVxcFBmEnQoIxlFUDVj32YPouKdgj5cJBXNG2WNVxsNzAXhc+rdL2GARNTsS3ZRTHKi3OFwaOMyVeQzTb7MbsSq8Tnkdxyy+pLdVIat2IhJxFWXRRtC/r1BBjcTgeyGR+36k5n16GeeAU6bNZQkTQ5h9Ry55eazz+S5AplHWMPfSidGh8lKcz2A65ugzn19dM4g1t
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0701MB2351.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(9326002)(166002)(5660300002)(52536014)(8936002)(6506007)(7696005)(6916009)(9686003)(71200400001)(38070700005)(508600001)(966005)(66476007)(64756008)(8676002)(38100700002)(86362001)(66446008)(82960400001)(76116006)(66556008)(66946007)(122000001)(316002)(83380400001)(33656002)(186003)(26005)(55016003)(2906002)(491001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: bWHgUTJD4U2P+oDR2mKIS3ufW537j9qpf2AGrunpZnbDm4v8NCtdOn2VmlxlvjVEcNTIGnP/FXjG15tHQG/0zxbjYgzoubAQTQWnM7PMQwPQFfZUXVHjERyah4FujxA6ZabOuGycIDajUg4yOpBCEbvB9o8QlYAevEq0/yELSKMbKauYJ5Hj3u5Qhi/YqR4lNdLRmRTKqq6sVDwUxKCEMExGx8uG+rbL2/t+9KWK87Tj6AM8AVmL+cT68VWy0uyKOFH85vwhZSwi1R2Zw59X8+2Fbyyb1IYxVBaaHNwMymt6OpJrF2XRF1W4ngbNY8tpY4iGiWIyz9d0RIXkphcRArHkiYQhjVSZOqqGl7YQDnKkMxgvPMl/4BTi4BA3Shhwr/EDRaq55688ySqixyjG61hVU1puEapQWoZie+i3vk+FgXafAkS6UWQuwswR+8LJC/cwXXBovTqK4NOavrW5kWgzxXGtMMahNc6/vtcucjuUlhhfZZ6NxXOGoZ/VrweVeXP/WkOB1U3d0ZXj7QqrRaxeil2cMk8sdIgYpJrnpmlO7WKM2Y4+1t/Whrz6mR02C6sloRehh9k9c3sf6tUit6ib8P/+pwugUjBRax9IFG9CBJjsQ0IQ2j8uk4p+Low9gPbFlJz/pXfHRh83HWDiZSrCPtMRIXFloyXNHgLFtDNFP7E7TlTr+f4l+IB7YMMow7FoqtFHP0WTDV12ObQ9zJbnB4+eHljXPltowEqhx22OIdFaa5FBVgw+zceF5PuUZVBmHCsKdn3yXdCgFs2hg6qT2vfiD2ZjT6JNMZjL2N9ZWDb2RG6rLa+6VSszmpbAlojfMRbtHwOPm0CPVFcLLrErshJ5yLE7sURynRXomVEmqhxwC1uc+92giNQD9zWJUVsV31JpWqGoVtlhM4TGazTGD+Q3jeY0diYMOCJAsQWXAJXBjs7RIQYoh47seTf59G1OjfuYvKFSPFHHLjxRZpHHQ1/wYk9rO0sRSs0C8TYlyTfUod8dAgLwOIp/SpjI6YmXrIY3HKLTfV/VImW1WeJ1KnbiW7OPDzES5G1VAwZGllZ4N1ASLEix9ZFZ+SRHqNiMt6s/c1MiVv0E035CjgpDxZ/3TVk9GmNjL7JpGEG3Ih33oKw+vitJuTJ45Qduz3qp+8W9I3bnewviNHfFDAFQhud/UI+ys0lXx4PKp5Z9UvLWP/Mc3UZHDVJcFq9/DKS2InqSk4uIQqlY4u9wSe4Qb8tZjHaAXUoo5N+gU0L4y6zUtc/y0iJuG6Jryuq+n2OVJqDvdPEnsRB/ZSprjJCt4QHrQI2F6ishcKiCZsQpUNNua918IUD1H7/ibRCXXR4E+bhZiWejI4Y16fUovatOci94FLxVCmatWBxaXtg3JH4PZpBQ7dkC7kqVLElIkBXCg44w9Gc0vqmM174AzaUYn0ZQIdirVZZqNkPUDqGlIR8cokpthHAPhhS02S6J8RCyMCu2HzmNgb2eyHGhTQ==
Content-Type: multipart/alternative; boundary="_000_VI1PR0701MB2351E62F3090536AEAB993DBF0189VI1PR0701MB2351_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR0701MB2351.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 753049e6-c120-4c85-41ce-08da0d0291da
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2022 19:23:11.3035 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IZcaPzWP5ZXe9rgPPLqp7ih0ipOtF+QP9KCXIKK6+/NBjgeQoAhYZIgPgbTqj0yDjBtgPdFrIR4pvgtvCEbrCXPywuhqCbQVD4n4AAFBU9A=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB3988
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/VZSrbwIGgU1gMoZQ9w0rWJlXuw4>
Subject: [netmod] Review of draft-ma-netmod-immutable-flag-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 19:23:21 -0000
Hello,
I did a review of the immutable draft. My comments questions are below.
Regards Balazs
General)
I think this work is important and valuable, but it needs quite a lot improvements.
Why is immutable connected to instances. IMO it should be a schema property.
If we connect it to instances it is hard/impossible to specify "it is prohibited to create a
new container, list entry of leaf-list value". That is clearly needed for the
capability-check use-case. Maybe allow it on both schema and instance ?
If we make this a schema property it can be documented in a transparent manner
with a YANG extension statement. If it is handled as instance connected metadata
the client cannot know a-priori whether a data node is or is not immutable. This information
is only available in runtime. System integrators, OSS developers will have a problem.
As immutability is connected to instance (now) this raises the question how
stable this property is?
- We don't say anything; the server can keep it stable or make the data node
immutable every odd second and writable every even second
- The property should be relatively stable in an unspecified manner
- The property shall be set when the data node is created and the property
should not change till the data node is deleted/replaced
- Can the immutable property be set on just some interfaces e.g. the
leaf is readOnly on the CLI but writable on Netconf ?
If we make immutable a schema-property, the problem will not arise.
IMO it would be important to list the use-cases we want to solve. I provide 3 below.
Ch 1)
I don't like paragraph 2. Someone could say just declare the interface name
config=false which is a quite usual solution.
I would rather change the first and second paragraphs to:
"YANG [RFC7950] is a data modeling language used to model both state
and configuration data, based on the "config" statement. However there is data
that should not be modifiable by the client, but still needs to be declared
as config true. Some examples of this problem are presented below:
Interfaces are represented as list entries. The list schema node must be
defined as config=true as many of its child leaves need to be configurable by
the client. However the interface name and type values are set by the system,
based on the hardware actually present in the device, and must not be modified
by clients. The natural solution would be to declare the name (which is the
list's key) and the type as config=false. However according to the rules of
YANG the key leaf for a configuration list must also be config=true. Thus the
leaf /interfaces/interface/name is config true even if it might not be
writable in some systems.
System capabilities might be represented as system-set data nodes in the model.
Configurable data nodes might need constraints specified as "when", "must" or
"path" statements to ensure that configuration is set according to the system's
capabilities. E.g.,
- a timer can support the values 1,5,8 seconds. This is defined in the
leaf-list 'supported-timer-values'.
- When the configurable 'interface-timer' leaf is set it should be ensured that
one of the supported values is used. The natural solution would be to make the
'interface-timer' a leaf-ref pointing at the 'supported-timer-values'.
However, this is not possible as 'supported-timer-values' must be readOnly thus
config=false while 'interface-timer' must be writable thus config=true.
According to the rules of YANG it is not allowed to put a constraint between
config true and false schema nodes.
If configuration is created by the system (e.g., copied from the <system>
datastore to the <running> datastore it might need to be protected. In some
cases there is a need to ensure that system-originated configuration shall
not be altered even after it is copied over to the <running> datastore."
Ch 2)
"Create an immutable data node with a same value initially set by
the system if it doesn't exist in the datastore, e.g., explicitly
configure a system generated interface name in <running>;"
IMO this is not needed because
- If the data already exists in the <running> datastore it cannot be
created according to Netconf rules.
- If it does not exist in the <running> datastore there is nothing that could
be immutable as immutable is linked to the instances.
The above is independent of what is defined in <system>
Until now we never
had any constraints between 2 datastores like:
you can update datastore1 if datastore2 contains something.
I don't think we want to introduce that either.
"Comment: Should we allow the client delete an "immutable" system
instantiated node in <running> ?"
Once a data node is instantiated there is no record where it came from.
https://datatracker.ietf.org/doc/html/rfc8342#section-5.3.4 states that origin
is only maintained in the <operations> datastore. Unless we want to introduce
it into <running>. So the even the question is wrong as we don't know which
data is system instantiated.
Servers MUST reject any attempt to the "create", "delete" and
"update" access operations on an immutable data node "
Create cannot be handled. see comment on chapter 2.
Ch2 last paragraph) Edit-config is not allowed towards the startup datastore
so it shouldn't be mentioned here. Why wait with error reporting for candidate.
Is there any chance that the immutability might change?
A.2) Interesting example, but it would not work because the use may always
insert a rule(-list) before the immutable rule(s) that will make the imuutable
rules ineffective. The problem is that the rule(-sets) are a user ordered list
where the order matters. It is not enough to protect the individual rule(sets)
the order would also need protection.
IMHO it would be much easier and just as useful to define an extension statement:
extension immutable {
description
"Indicates that a data node contains data that is
loaded by the system and cannot be created/deleted/changed through the
Netconf, Restconf or other management interfaces like SNMP, CLI.
The data MAY be marked as config true to allow leafref,
when or must constraints to be based on it.
The statement MUST only be a substatement of the leaf, leaf-list,
container, list, anydata, anyxml statements.
Zero or one static-data statement per parent statement is allowed.
The argument is a boolean value indicating whether the data node
is considered static-data or not. If static-data is not specified,
the default is the same as the parent data node's value. For top
level data nodes the default value is false.
When the effective immutable value is true, the 'description' statement of
the parent statement SHOULD contain the text 'This data node (tree)
cannot be changed in a running system.' ";
argument value;
}
- [netmod] Review of draft-ma-netmod-immutable-flag… Balázs Lengyel
- Re: [netmod] Review of draft-ma-netmod-immutable-… Reshad Rahman