[netmod] Re: WGLC on system-config-05

"maqiufang (A)" <maqiufang1@huawei.com> Thu, 16 May 2024 07:15 UTC

Return-Path: <maqiufang1@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 036C8C1840D9; Thu, 16 May 2024 00:15:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.894
X-Spam-Level:
X-Spam-Status: No, score=-6.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gi3tZrncw0-3; Thu, 16 May 2024 00:15:44 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CF65C1D5C4A; Thu, 16 May 2024 00:15:44 -0700 (PDT)
Received: from mail.maildlp.com (unknown [172.18.186.231]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Vg1W71kbqz6D8bs; Thu, 16 May 2024 15:12:19 +0800 (CST)
Received: from lhrpeml500002.china.huawei.com (unknown [7.191.160.78]) by mail.maildlp.com (Postfix) with ESMTPS id 61BC3140D26; Thu, 16 May 2024 15:15:41 +0800 (CST)
Received: from kwepemm000019.china.huawei.com (7.193.23.135) by lhrpeml500002.china.huawei.com (7.191.160.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Thu, 16 May 2024 08:15:40 +0100
Received: from kwepemm600017.china.huawei.com (7.193.23.234) by kwepemm000019.china.huawei.com (7.193.23.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 16 May 2024 15:15:38 +0800
Received: from kwepemm600017.china.huawei.com ([7.193.23.234]) by kwepemm600017.china.huawei.com ([7.193.23.234]) with mapi id 15.01.2507.035; Thu, 16 May 2024 15:15:38 +0800
From: "maqiufang (A)" <maqiufang1@huawei.com>
To: Jason Sterne <jason.sterne@nokia.com>
Thread-Topic: [netmod] Re: WGLC on system-config-05
Thread-Index: AQHaovc0NEkWislGD0CYr/ThRXBUTLGRno+AgANj+gCAAP7lMA==
Date: Thu, 16 May 2024 07:15:38 +0000
Message-ID: <9ebb9756e1e24d7da0b3ea5840f36c7a@huawei.com>
References: <LV8PR11MB853674511A0F69E3CF760736B5E62@LV8PR11MB8536.namprd11.prod.outlook.com> <SN6PR08MB48474309B94BBCA17F3CA46A9BE72@SN6PR08MB4847.namprd08.prod.outlook.com> <18094edcb1b144e381e653820c2155af@huawei.com> <SN6PR08MB4847F2005D9219409B6CDCC29BE22@SN6PR08MB4847.namprd08.prod.outlook.com>
In-Reply-To: <SN6PR08MB4847F2005D9219409B6CDCC29BE22@SN6PR08MB4847.namprd08.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.118.147]
Content-Type: multipart/alternative; boundary="_000_9ebb9756e1e24d7da0b3ea5840f36c7ahuaweicom_"
MIME-Version: 1.0
Message-ID-Hash: GQQ2ORB5XONKTZFSQT755BTAFHH6OSPV
X-Message-ID-Hash: GQQ2ORB5XONKTZFSQT755BTAFHH6OSPV
X-MailFrom: maqiufang1@huawei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netmod.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-netmod-system-config@ietf.org" <draft-ietf-netmod-system-config@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netmod] Re: WGLC on system-config-05
List-Id: NETMOD WG list <netmod.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/Wsy_edyFW4tk7ymTOXxGZi-O6vk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Owner: <mailto:netmod-owner@ietf.org>
List-Post: <mailto:netmod@ietf.org>
List-Subscribe: <mailto:netmod-join@ietf.org>
List-Unsubscribe: <mailto:netmod-leave@ietf.org>

Hi, Jason,



Thanks for getting back to me. Please also find my response below inline...



-----Original Message-----

From: Jason Sterne (Nokia) [mailto:jason.sterne@nokia.com]

Sent: Tuesday, May 14, 2024 2:57 AM

To: maqiufang (A) <maqiufang1@huawei.com>; Rob Wilton (rwilton) <rwilton@cisco.com>; kent+ietf@watsen.net; NETMOD Group <netmod@ietf.org>; draft-ietf-netmod-system-config@ietf.org

Subject: RE: [netmod] Re: WGLC on system-config-05



Thx Qiufang. Please see inline.

Jason



From: maqiufang (A) <maqiufang1@huawei.com><mailto:&lt;maqiufang1@huawei.com&gt;>

Sent: Monday, May 13, 2024 3:47 AM

To: Jason Sterne (Nokia) <jason.sterne@nokia.com><mailto:&lt;jason.sterne@nokia.com&gt;>; Rob Wilton (rwilton) <rwilton@cisco.com><mailto:&lt;rwilton@cisco.com&gt;>; kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>; NETMOD Group <netmod@ietf.org><mailto:&lt;netmod@ietf.org&gt;>; draft-ietf-netmod-system-config@ietf.org<mailto:draft-ietf-netmod-system-config@ietf.org>

Subject: RE: [netmod] Re: WGLC on system-config-05



Hi, Jason and Rob,



Thanks you both for your valuable comments, all good points, much appreciated. Please also find my reply below inline...



-----Original Message-----

From: Jason Sterne (Nokia) [mailto:jason.sterne@nokia.com]

Sent: Saturday, May 11, 2024 12:29 AM

To: Rob Wilton (rwilton) <rwilton=40cisco.com@dmarc.ietf.org<mailto:rwilton=40cisco.com@dmarc.ietf.org>>; Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>>; netmod@ietf.org<mailto:netmod@ietf.org>; draft-ietf-netmod-system-config@ietf.org<mailto:draft-ietf-netmod-system-config@ietf.org>

Subject: RE: [netmod] Re: WGLC on system-config-05



Please see inline for comments on the "moderate level comments".  I'll try to reply later with more feedback on further items below.



Jason



From: Rob Wilton (rwilton) <rwilton=40cisco.com@dmarc.ietf.org<mailto:rwilton=40cisco.com@dmarc.ietf.org>>

Sent: Thursday, May 9, 2024 9:55 AM

To: Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>>; netmod@ietf.org<mailto:netmod@ietf.org>; draft-ietf-netmod-system-config@ietf.org<mailto:draft-ietf-netmod-system-config@ietf.org>

Subject: [netmod] Re: WGLC on system-config-05



CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information.



[Resending due to mailer issues.]

[Qiufang] Thanks, I see it's been accurately archived now.



Hi authors, chairs, WG,



I'm generally supportive of this work, but I think that there are still some potential corner cases that are not covered, or it isn't entirely obvious how they are handled.



Comments below.



Moderate level comments:



(1) p 7, sec 2.3.  Inactive-Until-Referenced



   There are some system configuration predefined (e.g., application

   ids, anti-x signatures, trust anchor certs, etc.) as a convenience

   for the clients, which must be referenced to be active.  The clients

   can also define their own configurations for their unique

   requirements.  Inactive-until-referenced system configuration is

   generated in <system> immediately when the device is powered on, but

   it is not active until being referenced.



I'm not sure whether Inactive-Until-Referenced actually needs to be defined, or to put it another way, I'm not sure whether this type of configuration is special to system datastores at all.  If a configuration (either explicitly in <running> or implicitly from <system>) defines a QoS policy that is not referenced from anywhere, (e.g., not applied to any interfaces) then I think that it up to the server to decide whether that unreferenced QoS policy is reported in operational or not, depending on server implementation.



[>>JTS:] I agree. I think section 2 may be mixing up two concepts:

  1.  Data dynamically being populated/removed from the system datastore, and

  2.  For data that is in the system datastore, whether it is "active" and present in the operational datastore



[Qiufang] Yes, it's actually from 2 dimensions to differentiate different kinds of system config: 1. Time of being generated; 2. Time of being applied.



For #2 I don't think there should be anything special. We could say something like: As with the running datastore, data present in the system datastore may or may not be present in the operational datastore depending on whether it is considered as active configuration or not by the server.



[Qiufang] I am personally okay to remove the third kind of definition to keep the definition dimension consistent, and maybe for system configuration being generated at both different times (immediately vs. conditional), they may be either applied by the server immediately or only after being referenced. I also think it's worth adding some text as Jason suggested, the client would benefit from the knowledge that there might be some system configuration that is defined there but not actually in use.



[>>JTS:] I think it is more than just removing the 3rd type defined in section 2. We probably need to rework to just have two types (for the one dimension):

  1.  Immediately-present

  2.  Conditionally-present



They would both related purely to presence of config in <system> (and not say anything about whether they are applied or active).

[Qiufang] Noted.



For #1 there is a bit of repeat with section 4.2. We should probably just talk about system config coming and going (and changing) in one place.



[Qiufang] I think you are referring to the QoS examples in the first paragraph of sec.4.2, right? We will move this to sec.2 in the new revision.



[>>JTS:] I wasn't just referring to the QoS example. It was the entire concept that the contents of the <system> datastore can change. But maybe it is OK if that concept is mentioned in the 2 places. Perhaps we should just refer back to section 2 from 4.2 when we mention things dynamically showing up in <system>.  I would not necessarily move your QoS example out of 4.2 - it seems useful there (as well as useful in section 2).
[Qiufang] I see your point now, Thanks for clarification. I agree to refer to section 2 (and maybe section 3 as well) in section 4.2, but then wouldn't that make the QoS example in Section 4.2 redundant?



We'd have to update other parts of the doc (e.g. 5.1) where these 3 types of data are mentioned.

[Qiufang]Yes, I agree.



(2) p 9, sec 5.1.  Conceptual Model of Datastores



   When the device is powered on, immediately-active system

   configuration is generated in <system> and active immediately, but

   inactive-until-referenced system configuration only becomes active if

   referenced by client-defined configuration.  However, conditionally-

   active system configuration will only be created and active when

   specific conditions on system resources are met.



I think that it should be "merged with system" not "merged into system" since the running configuration never ends up in the system datastore.



[>>JTS:] Yes. Jan mentioned the same.

[Qiufang] This will be fixed in the new revision, thanks!



(3) p 9, sec 5.1.  Conceptual Model of Datastores



                  additional nodes to a list entry or new list/leaf-

   list entries appearing in <running> extends the list entry or the

   whole list/leaf-list defined in <system> if the server allows the

   list/leaf-list to be updated.



How is this achieved?  This appears to suggest that there are two different merging behaviours (one choice is to be additive, the other is to replace), and it seems to be down to the server to choose what to do on a case-by-case basis.  I think that it would be cleaner to define a single merge behaviour if that is feasible (even if it is slightly less flexible).  Also, potentially it is appropriate for the merge behaviour to be different for list vs leaf-list (e.g., always merge list entries, but do a simple replace on leaf-lists).



[>>JTS:] I think part of the complication is that we want to allow the possibility that there is a list that contains entries in <system>, and it is a completely non-modifiable list (no new entries allowed). I think maybe that's what the "if the server allows" part is about.



I agree though that it should be a merge for lists (and the server can just error if that merge makes the list invalid, i.e. no additional entries allowed on top of what's in system).



For leaf-lists that a tough one (merge vs replace). I'm not sure what to do there (and can imagine use cases for both merge and replace).



[Qiufang] I think for both leaf-list and list cases, additive should be the right answer when merging(note that client has no way to remove system config, its lifecycle is beyond client control). But then ordering is another question if it is "ordered-by user". I am not sure this draft is right place to define how the merge should happen, merge operation is there as early as 6241. Is there any difference when it comes to <running> being merged with <system>, no? I expect the merge behavior in this document be consistent with what's defined elsewhere. Just noticed that Kent has already raised a netconf-next issue for this: https://github.com/netconf-wg/netconf-next/issues/19.Maybe the right thing to do is to remove any text related to the merge behavior which also related to this sentence?



[>>JTS:] You raise a good point about ordered-by user. That's going to make the merge problematic. I don't think currently existing definitions really address it for this draft. I'm doubtful we should actually define how merge of ordered-by-user lists should work for system->running. We may need to leave that undefined (system specific) or disallow it (error, or make it a replace). I'd lean towards leaving it undefined.

[Qiufang] I would also agree  to leave it undefined. Having that said, should the last paragraph or the entire sec.5.4 (https://datatracker.ietf.org/doc/html/draft-ietf-netmod-system-config-05#section-5.4) be removed? I think sec.5.4 should be independent of the merge behavior, i.e., whether it is replacement or addition behavior for list/leaf-list, and no matter what is the ordering of the merge result would be, sec.5.4 always makes sense.



(4) p 9, sec 5.1.  Conceptual Model of Datastores



                                      If a server implements

   <intended>, <system> MUST be merged into <intended>.



This sentence is just repetition and can be deleted.  The text above is still normative without the RFC 2119 MUST.



[Qiufang] Yes! It is always the case that <system> is merged into <intended>. Even though the server doesn't implement an explicit <intended>, there could also be a conceptual one. Will remove it in the new revision.



(5) p 13, sec 5.4.  Modifying (Overriding) System Configuration



   For instance, descendant nodes in a system-defined list entry may be

   modifiable or not, even if some system configuration has been copied

   into <running> earlier.  If a system node is non-modifiable, then

   writing a different value for that node MUST return an error.  The

   immutability of system configuration is defined in

   [I-D.ma-netmod-immutable-flag].



I think that some care is needed here.  E.g., if the modification was being done to <candidate>, then it isn't writing a different value to <candidate> that would return an error, but instead the <validate> or <commit> operation that would fail.



[>>JTS:] Agree. Maybe we can just add this?



If a system node is non-modifiable, then writing a different value for that node MUST return an error during a validate or commit operation.



[Qiufang]"A validate operation" is easy to be confused with the <validate> RPC operation, I think you're referring to the server's validation process, not just <validate> RPC operation, right?

Or we can just state writing a different value into <running> MUST return an error. I am okay with either.



[>>JTS:] I was talking about the <validate> operation. We should probably clarify this in the text and not just keep the current sentence.

[Qiufang]But if it is for <running> (with the writable-running capability), the error response should be returned during the <edit-config> operation.

See if the following text is better:

If a system node is non-modifiable, then writing a different value for that node MUST return an error during a <edit-config>, <validate> or <commit> operation, depending on the target datastore.





Best Regards,

Qiufang