IETF Logo Mail Archive

Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-01.txt

"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 20 May 2019 09:53 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BE6412012B for <netmod@ietfa.amsl.com>; Mon, 20 May 2019 02:53:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=kvWXbDNj; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=aDo7Jsny
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0mlLkuRDyao for <netmod@ietfa.amsl.com>; Mon, 20 May 2019 02:53:41 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA6B6120086 for <netmod@ietf.org>; Mon, 20 May 2019 02:53:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6878; q=dns/txt; s=iport; t=1558346021; x=1559555621; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Md0WWlLzA1e10ENI1+6qonLE1TOOsSRcRI13QOyeJNQ=; b=kvWXbDNjLVGS1OobfstW4/Sukyz3NAHntY75F9jQ9s+7r8OKu9iL605i dGeqZci+SQ+rd0y6z2v9mQb6zIXxJAK5g/xqOca3NraiLfXKwdHDdd6Mw dCKfHh1HgW5Nn8oWdxcAf/QkUi3IRiB1AaJNkmGioA2N45PeKfwSoCY29 Q=;
IronPort-PHdr: 9a23:gf0zxxPHVkwSanvFSMUl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu60/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBjhM//ucys8NM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AGAAANeOJc/5hdJa1iAxkBAQEBAQEBAQEBAQEHAQEBAQEBgVEEAQEBAQELAYE9JCwDaVUgBAsoCoQJg0cDhFKKJYJXlyeBLhSBEANUCQEBAQwBARgLCgIBAYN6RgIXgiEjNAkOAQMBAQQBAQIBBG0cDIVKAQEBBAEBEBERDAEBLAsBCwICAgEGAg4CAQQBAQECAhESAwICAhkMCxQBCAgBAQQBDQUIGoMBgWoDHQECDIkpkGACgTWIX3GBL4J5AQEFhH0Ygg8DBgWBBygBihyBFx0XgUA/gVeCFzU+gmEBAYEcLhkVCh4IgkMygiaNdpomCQKCDYYujGmCHYpPiTOMUoElhUiOTgIEAgQFAg4BAQWBTziBV3AVO4Jsgg8MF4NMM4RhhT9ygSmMYAGBIAEB
X-IronPort-AV: E=Sophos;i="5.60,491,1549929600"; d="scan'208";a="276236441"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 May 2019 09:53:38 +0000
Received: from XCH-ALN-020.cisco.com (xch-aln-020.cisco.com [173.36.7.30]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x4K9rctS003962 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 20 May 2019 09:53:38 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-020.cisco.com (173.36.7.30) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 20 May 2019 04:53:37 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 20 May 2019 04:53:36 -0500
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 20 May 2019 05:53:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Md0WWlLzA1e10ENI1+6qonLE1TOOsSRcRI13QOyeJNQ=; b=aDo7JsnyfBI/j24sST2Ja3li7n1Dp0T3hAmDZdBsH6kBbwT7+dUyS6Yw6E380CqipdbvAt4/vQg+luxsds/k5fKzC30VIyQb0Q0pk6X2iRxUbxZcM53g3W8glnM5b7HWUHWsuYzdmdAE3VhwNTTvnx1TBhWiEB7Q58dMuqsrWOI=
Received: from BYAPR11MB2631.namprd11.prod.outlook.com (52.135.227.28) by BYAPR11MB3750.namprd11.prod.outlook.com (20.178.238.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.16; Mon, 20 May 2019 09:53:35 +0000
Received: from BYAPR11MB2631.namprd11.prod.outlook.com ([fe80::d837:c1dd:cdb1:bb78]) by BYAPR11MB2631.namprd11.prod.outlook.com ([fe80::d837:c1dd:cdb1:bb78%7]) with mapi id 15.20.1900.019; Mon, 20 May 2019 09:53:35 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Qin Wu <bill.wu@huawei.com>
CC: "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] I-D Action: draft-ietf-netmod-factory-default-01.txt
Thread-Index: AdUOwKSkoNULWGbCSDC9QJu82XvZFwAE2qqAAAX4u5A=
Date: Mon, 20 May 2019 09:53:35 +0000
Message-ID: <BYAPR11MB26318B9124B97731713B5618B5060@BYAPR11MB2631.namprd11.prod.outlook.com>
References: <B8F9A780D330094D99AF023C5877DABAA4935F8C@nkgeml513-mbx.china.huawei.com> <20190520062003.i4wl2f7ekx34lctn@anna.jacobs.jacobs-university.de>
In-Reply-To: <20190520062003.i4wl2f7ekx34lctn@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [173.38.220.42]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bf723c3a-61ed-492d-b09a-08d6dd0906a4
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR11MB3750;
x-ms-traffictypediagnostic: BYAPR11MB3750:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BYAPR11MB3750BC15A5BB5602E71349D6B5060@BYAPR11MB3750.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 004395A01C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(366004)(346002)(396003)(376002)(189003)(199004)(13464003)(51444003)(25786009)(966005)(9686003)(6306002)(6246003)(53936002)(11346002)(476003)(14454004)(52536014)(76176011)(6116002)(86362001)(4326008)(76116006)(6506007)(66476007)(53546011)(102836004)(73956011)(66946007)(64756008)(66446008)(66556008)(3846002)(2906002)(71200400001)(71190400001)(74316002)(7696005)(99286004)(33656002)(7736002)(305945005)(14444005)(256004)(8676002)(8936002)(81166006)(229853002)(81156014)(68736007)(186003)(26005)(6436002)(55016002)(66066001)(446003)(5660300002)(478600001)(486006)(110136005)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3750; H:BYAPR11MB2631.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: +93y8/at6izV/BtjmAqkeTHjclYxWPmEAUE4jsM9nbYfuQvEhO+lqhweLtD4kV0eaIxFi7RZSqfcvPrdSZF0TO6CIcpedQaxq1K+HJ3zr37rhP7GrrxNKRi5uc2eoItEK9Vmh2F/gKVP2pLeI5nxDKGkVQAiLqBIpDrQqgT+U4Vb7ADnvj5rAQFECbP/IjqDP3t283QNhwWaGq5sHLdAQ+rigSmr1246guIcybnO8FB9dL0oTSMhRzqx52kMsGr29Dnze/tYwnnH5HrUNjqeWgGT1NjG7837kjvJPSIDzTw9B+ZTU1j5bGGMhuXmdO2hmhjC+fuX6YyNBSWubE/AGMELAz/x0pUEcqevtB/hISH/TdSjyLLmt2Wo/nZJQYRhwCPrUAL+57QchoPyEaUXvTHqpfyqUNhMxq8ER7cfQGk=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: bf723c3a-61ed-492d-b09a-08d6dd0906a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 May 2019 09:53:35.3815 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3750
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.30, xch-aln-020.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/YPdDoeM0xuqw7vTrUKCOMmYPFRY>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-01.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 09:53:43 -0000

If the purpose of the extending the copy-config operation to the factory-default datastore is just another generic way to do the factory-reset RPC then I would suggest that we don't modify copy-config as part of this draft.  Instead, I think that it would be good to fix this generically (for any datastore) in a future update of NETCONF - I see that you have already raised https://github.com/netconf-wg/netconf-next/issues/2 to track this.

In theory, a client could use copy-config in a slightly different way to the factory-reset RPC, i.e., to copy from the factory-default to candidate, then have the client modify the configuration until they are happy with it, before committing it.  But I'm not sure that this in the best approach.  If I was writing a client, I would choose to code the client to read from the factory-default datastore (if needed), then construct whatever the desired configuration of the device is, before pushing it to device.

For me, I think that the most important parts of this draft are being able to read from the factory-default datastore, and having an RPC to reset the device back to the factory-default state.  I would probably defer updating copy-config until it can be fixed properly in NETCONF.

Thanks,
Rob


> -----Original Message-----
> From: netmod <netmod-bounces@ietf.org> On Behalf Of Juergen Schoenwaelder
> Sent: 20 May 2019 07:20
> To: Qin Wu <bill.wu@huawei.com>
> Cc: netmod@ietf.org
> Subject: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-01.txt
> 
> On Mon, May 20, 2019 at 05:57:02AM +0000, Qin Wu wrote:
> > -----邮件原件-----
> > 发件人: Juergen Schoenwaelder
> > [mailto:j.schoenwaelder@jacobs-university.de]
> > 发送时间: 2019年5月17日 19:15
> > 收件人: Qin Wu <bill.wu@huawei.com>
> > 抄送: netmod@ietf.org
> > 主题: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-01.txt
> >
> > I think this does not work:
> >
> >       [...]  For <copy-config> operation,it can be used to copy
> >       the factory default content to another datastore, however the
> >       content of the datastore is not propagated automatically to any
> >       other datastores.
> >
> > You can't change the way things work. If something is committed to lets
> say <running>, then this triggers the propagation to <intended> and
> eventually <operational>. You can't come along and say that copy-config
> from a particular source stops this.
> > [Qin]:Automatic propagation we were referred to is that when we have
> > three datastores, let's say datastore A, datastore B, datastore C, one
> time <copy-config> operation can not copy content of datastore A to
> datstore B and datastore C at the same time, But you are right, content of
> <running> will be automatically propagated to <intended> and <operational>,
> we will see how to tweak the text.
> 
> This is not what the text says. And given the parameters of copy-config, it
> is obvious that you can't copy to multiple datastores.
> 
> > Is it really useful to expose factory default to copy config? Or said
> > differenlty, would it not make sense to fix copy-config (at some other
> > place) so that it can generically work with new datastores?
> > [Qin]: Note that this is just an option feature to <copy-config> to
> assign one single target datastore with factory default content, I am
> wondering why it can not be defined in this draft in a more generic way?
> > Even in RFC6241bis or a separate draft, if you add this feature support
> to <copy-config>, you will augment <copy-config> in the same way, if my
> understanding is correct.
> 
> No. You would allow any datastore, not a specific one.
> 
> >    The content of the factory-default datastore is usually not security
> >    sensitive as it is the same on any device of a certain type.
> >
> > I am not sure this is true.
> >
> > For non-trivial devices, the default is likely not static but something
> that takes into account device features available and the specific hardware
> configuration present. It is actually somewhat unclear what the factory-
> default datastore contains; the stuff I can expect to see in <running>
> after the reset or some static stuff that may be tweaked during the boot
> process to yield the initial <running>.
> > Or are we pretending these two are always the same?
> > [Qin]: We emphasize "usually not", to address your comments, we could
> add:
> > "
> > When its contents are considered sensitive, It is RECOMMENDED that the
> > factory default Data is encrypted."
> 
> You propose to invent another layer of encryption???
> 
> /js
> 
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>
> 
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod

v2.23.0 | Report a Bug | By Email