IETF Logo Mail Archive

Re: [netmod] <running> vs <intended>

Robert Wilton <rwilton@cisco.com> Thu, 28 September 2017 09:37 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D7EC1345C3; Thu, 28 Sep 2017 02:37:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UigrDI7aAiBy; Thu, 28 Sep 2017 02:37:23 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E605132351; Thu, 28 Sep 2017 02:37:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=17045; q=dns/txt; s=iport; t=1506591442; x=1507801042; h=subject:to:references:from:message-id:date:mime-version: in-reply-to:content-transfer-encoding; bh=d/4FfvqDNv8kgRUtu2foncBoeiBQWkajUEC9MeNvJdg=; b=Y+jcNq6IKH8kajqVyeYkviksKQYVoOBR6pGQ9XO0jL5P8XooLwqLh2YB L8w6PbYvY4oYTPMZS7mk5FNpgGcL/B+ZnT2fAw1kxcUzdyGRLzoSv4WbN rQP8w8Fk5yZdjzPMf16wmfyLrsvHPpKhwb0PZDBb6/+sxyUPQ2gYQyEF6 o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0COAABdwsxZ/xbLJq1dGQEBAQEBAQEBAQEBBwEBAQEBhS4ng3iKH3SQYHmVMg6CBAqFOwKFJRgBAgEBAQEBAQFrKIUYAQEBAQMjDwEFOhMECQIQAgMBAgICERIDAgJGAw4GAQwGAgEBF4oWiU+dZoIniwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEdgQ6CHYNTgWorgkg1hD8tAgJTglSCYAWhJZRfghOJSCSHB4oPg2SHWYE5HzhCTDIhCB0Vh2c/NoYNAQEFIAeCFQEBAQ
X-IronPort-AV: E=Sophos;i="5.42,449,1500940800"; d="scan'208";a="657883119"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Sep 2017 09:37:20 +0000
Received: from [10.63.23.161] (dhcp-ensft1-uk-vla370-10-63-23-161.cisco.com [10.63.23.161]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v8S9bJAn017511; Thu, 28 Sep 2017 09:37:20 GMT
To: netmod@ietf.org, draft-ietf-netmod-revised-datastores@ietf.org, "j.schoenwaelder@jacobs-university.de" <j.schoenwaelder@jacobs-university.de>
References: <20170918.200734.1805388289423863575.mbj@tail-f.com> <CABCOCHTD_6yQj1QFn0BsPg8hbkuUc9guEB6rhG46W1jnNRh=bA@mail.gmail.com> <99b9a2c6-4bb4-121f-0cba-925cefe09712@cisco.com> <20170919.115559.1080249872764998055.mbj@tail-f.com> <d4c06d52-6b09-692c-7ca2-7f509e1917a0@cisco.com> <5481ac35-c789-0796-36f6-8a02a5ebef8c@cisco.com> <00c501d333c0$9d210280$4001a8c0@gateway.2wire.net> <d198e091-86d1-40ff-6a51-c4c98d2c74a2@cisco.com>
From: Robert Wilton <rwilton@cisco.com>
Message-ID: <3274ba62-d60d-976b-9a22-879089abbbf2@cisco.com>
Date: Thu, 28 Sep 2017 10:37:19 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <d198e091-86d1-40ff-6a51-c4c98d2c74a2@cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/ZtUXCp-324fdX4yMcWChDgxValo>
Subject: Re: [netmod] <running> vs <intended>
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2017 09:37:26 -0000

Hi,

After comment from the other authors, an updated proposed description 
for <running> is as follows:

OLD:

4.3.  The Running Configuration Datastore (<running>)

    The running configuration datastore (<running>) holds the complete
    current configuration on the device.  It may include inactive
    configuration or template-mechanism-oriented configuration that
    require further expansion.

    If a device does not have a distinct <startup> and non-volatile is
    available, the device will typically use that non-volatile storage to
    allow <running> to persist across reboots.

NEW:

4.1.3.  The Running Configuration Datastore (<running>)

    The running configuration datastore (<running>) is aconfiguration
    datastore that holds the complete current configuration
    on the device.  It may include configuration that requires further
    transformation before it can be applied, e.g., inactive
    configuration, or template-mechanism-oriented configuration that
    needs further expansion.  However, <running> MUST always be a 'valid
    configuration data tree' as defined in Section 8.1 of [RFC7950].

    <running> MUST be supported if the device can be configured via
    conventional configuration datastores.

    If a device does not have a distinct <startup> and non-volatile is
    available, the device will typically use that non-volatile storage to
    allow <running> to persist across reboots.


Given that the definition of <running> and <intended> are being updated, 
I think that the definitions should similarly be updated.  Hence I propose:



OLD:
    o  running configuration datastore: A configuration datastore holding
       the current configuration of the device.  It may include inactive
       configuration or template-mechanism-oriented configuration that
       require further expansion.  This datastore is commonly referred to
       as "<running>".

NEW (based on the new description of running above):
    o  running configuration datastore: A configuration datastore holding
       the current configuration of the device. It may include
       configuration that requires furthertransformations before it can
       be applied. This datastore is commonly referred to
       as "<running>".



OLD:

   o  intended configuration: Configuration that is intended to be used
       by the device.  For example, intended configuration excludes any
       inactive configuration and it would include configuration produced
       through the expansion of templates.


NEW (based on the proposed updated description of intended):

   o  intended configuration: Configuration that is intended to be used
      by the device. It represents the configuration after all
      configuration transformations to <running> have been performed and
      is the configuration that the system attempts to apply.



It may also be helpful if we define "configuration transformation", or 
would that be better captured in the introduction text?

A possible definition could be along the lines of:

  configuration transformation: The addition, modification or removal of
  configuration between the <running> and <intended> datastores.
  Examples of configuration transformations include the removal of
  inactive configuration and the configuration produced through the
  expansion of templates.

If I don't hear anything back, I'll take that as a tacit approval of 
these proposed changes.

Thanks,
Rob


On 22/09/2017 18:12, Robert Wilton wrote:
> Hi Tom,
>
>
> On 22/09/2017 17:34, t.petch wrote:
>> Robert
>>
>> I wonder if this says the opposite of what is intended
>>
>> - <running> holds the complete  current configuration on the device.
> I agree.
>
>>
>> - This could include inactiveconfiguration
> I agree.
>
>>
>>   - <running> must always be a  'valid configuration data tree' as
>> defined in Section 8.1 of [RFC7950].
> I agree.
>
>>
>> Ergo, inactiveconfiguration must form part of a valid configuration
>> tree.
>
> Ergo, inactive configuration can form part of a valid configuration
> tree.
>
>>
>> I thought the idea was that inactiveconfiguration was logically removed
>> before validation but this seems to state the opposite..
> I don't think that this is necessarily true.  One choice is inactive 
> configuration is removed before validation, but this isn't quite what 
> I'm proposing.  I'm proposing that the act of validation itself is 
> refined (via an tbd inactive configuration draft) such that it ignores 
> configuration nodes marked as inactive.
>
> Thanks,
> Rob
>
>>
>> Tom Petch
>>
>> ----- Original Message -----
>> From: "Robert Wilton" <rwilton@cisco.com>
>> Sent: Friday, September 22, 2017 10:03 AM
>>
>>> Hi,
>>>
>>> Regarding whether <running> is always valid, the proposed modification
>>> to the draft is to add the following text to section 4.3 that
>> describes
>>> <running>:
>>>
>>> OLD:
>>>
>>> 4.3. The Running Configuration Datastore (<running>)
>>>
>>>    The running configuration datastore (<running>) holds the complete
>>>    current configuration on the device. It may include inactive
>>>    configuration or template-mechanism-oriented configuration that
>>>    require further expansion.
>>>
>>>    If a device does not have a distinct <startup> and non-volatile is
>>>    available, the device will typically use that non-volatile storage
>> to
>>>    allow <running> to persist across reboots.
>>>
>>> NEW:
>>>
>>> 4.3. The Running Configuration Datastore (<running>)
>>>
>>>    The running configuration datastore (<running>) holds the complete
>>>    current configuration on the device. This could, for example,
>> include
>>>    inactiveconfiguration or template-mechanism-oriented configuration
>>>    thatrequires further expansion.However, <running> must always be a
>>>    'valid configuration data tree' as defined in Section 8.1 of
>> [RFC7950].
>>>    If a device does not have a distinct <startup> and non-volatile is
>>>    available, the device will typically use that non-volatile storage
>> to
>>>    allow <running> to persist across reboots.
>>>
>>> END
>>>
>>>
>>> Then the intention is that if inactive or a templating solution is
>>> standardized then those drafts would update the validation rules in
>> RFC
>>> 7950 such that <running> is still valid. E.g. an inactive config draft
>>> would probably indicate that validation excludes all configuration
>> nodes
>>> that are marked as inactive.
>>>
>>> Does anyone have any comments?
>>>
>>> Do we also need to state that <startup> must always be a 'valid
>>> configuration data tree'?
>>>
>>> Thanks,
>>> Rob
>>>
>>>
>>> On 19/09/2017 16:22, Robert Wilton wrote:
>>>>
>>>> On 19/09/2017 10:55, Martin Bjorklund wrote:
>>>>> Robert Wilton <rwilton@cisco.com> wrote:
>>>>>> On 18/09/2017 19:25, Andy Bierman wrote:
>>>>>>> On Mon, Sep 18, 2017 at 11:07 AM, Martin Bjorklund
>> <mbj@tail-f.com
>>>>>>> <mailto:mbj@tail-f.com>> wrote:
>>>>>>>
>>>>>>> Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de
>>>>>>> <mailto:j.schoenwaelder@jacobs-university.de>> wrote:
>>>>>>>> On Mon, Sep 18, 2017 at 05:17:46PM +0100, Robert Wilton wrote:
>>>>>>>>>> No. I do not agree that the MUST in RFC 7950 can be
>>>>>>> removed.
>>>>>>>>>> I do not agree the architecture should update YANG at all.
>>>>>>>>> OK.
>>>>>>>> I am with Andy here. <running> has always had the
>>>>>>> requirement to be
>>>>>>>> valid and we are not supposed to change that. Mechanisms for
>>>>>>> inactive
>>>>>>>> configuration or templating must be designed to be backwards
>>>>>>> compatible
>>>>>>>> I think.
>>>>>>> Ok. If we keep the requirement that <running> in itself must be
>>>>>>> valid, it just restricts the usefulness/expressiveness of
>>>>>>> inactive and
>>>>>>> template mechanisms, but it might be ok.
>>>>>>>
>>>>>>> I think that even w/o this requirement, the observable
>>>>>>> behavior for a
>>>>>>> client can be backwards compatible. For example, suppose we
>>>>>>> have an
>>>>>>> inactive access control rule that refers to a non-existing
>>>>>>> interface in
>>>>>>> <running>. If a client that doesn't know anything about
>>>>>>> inactive asks
>>>>>>> for the contents of <running>, our implementation removes the
>>>>>>> inactive
>>>>>>> nodes from the reply to the client. Only a client that
>>>>>>> opts-in to
>>>>>>> inactive will receive a reply with things that looks invalid
>>>>>>> if you
>>>>>>> don't take the inactive annotation into account.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> There are many ways that validation can fail because inactive
>> nodes
>>>>>>> are present,
>>>>>>> and considered part of the validation.
>>>>>>>
>>>>>>> e,g, min-elements, max-elements, mandatory, unique.
>>>>>>>
>>>>>>> I think we all agree that validation on the enabled nodes is
>> supposed
>>>>>>> to continue to work.
>>>>> Yes.
>>>>>
>>>>>>> Here is an attempt at a backwards-compatible solution:
>>>>>>>
>>>>>>> 1) current <get-config> and <get> responses only include enabled
>>>>>>> nodes.
>>>>>>> 2) old-style <edit-config> operations do not alter inactive nodes
>>>>>>> 3) NMDA clients use <get-data>, not <get-config> or <get>. These
>>>>>>> responses
>>>>>>> include enabled and disabled nodes, so validation does not apply
>>>>>>> for <running>
>>>>>>> 4) new style <edit-config> (i.e. <datastore> parameter used) can
>> alter
>>>>>>> any type of data node
>>>>>> //I think that inactive should always be an optional extension.
>> Not
>>>>>> everything needs the additional complexity.
>>>>>>
>>>>>> Hence rather than tying this function to specific NETCONF
>> operations,
>>>>>> I would suggest that there should be an extra parameter (like for
>>>>>> with-defaults) to allow a client to indicate to the server that a
>> get
>>>>>> or edit request is using the "with-inactive" extension.
>>>>>> 1) The server should also have a capability (or perhaps a leaf
>> defined
>>>>>> in YANG library) to indicate that it supports inactive
>> configuration.
>>>>>> 2) If a client doesn't use the extra "with-inactive" parameter
>> during
>>>>>> a get request then only active nodes are returned.
>>>>>> 3) If a client doesn't use the extra "with-inactive" parameter
>> during
>>>>>> an edit-data request then the request cannot include an extra
>> inactive
>>>>>> meta-data. The request is processed in a way that is equivalent to
>> an
>>>>>> existing NETCONF implementation, but it may unknowingly remove
>> some
>>>>>> inactive configuration (e.g. via a replace or remove operation on
>> an
>>>>>> inactive node). Operations like create, delete, none, replace
>> should
>>>>>> all treat an inactive target node the same way as in the node
>> doesn't
>>>>>> exist (e.g. delete on an inactive node would return a
>> "data-missing"
>>>>>> error), this ensures that the behaviour that an unaware client
>>>>>> observes is the same as the existing behaviour that it would
>> expect
>>>>>> from a regular 6241 compliant NETCONF implementation.
>>>>>> 4) It a client makes a get request including the "with-inactive"
>>>>>> parameter then they also get the inactive nodes as well, marked
>> with a
>>>>>> meta-data annotation.
>>>>>> 5) If a client makes an edit request including the "with-inactive"
>>>>>> parameter, then the inactive meta-data annotation can be used to
>> label
>>>>>> inactive nodes. Inactive nodes are regarded as regular data nodes
>> for
>>>>>> create/delete/replace/none operation error checking.
>>>>>>
>>>>>> I think that this approach is similar (perhaps even the same) as
>>>>>> Martin described.
>>>>> This is indeed how our implementation works (except I think we
>> don't
>>>>> do 5; if the client sends an "inactive" attribute it doesn't have
>> to
>>>>> also send with-inactive).
>>>>>
>>>>>>> Note that the YANG MUST rule still applies, because validation is
>> only
>>>>>>> done on enabled nodes.
>>>>>>> It is only the response message representations that cannot be
>>>>>>> validated, not the contents
>>>>>>> of <running> on a server.
>>>>> So the question is how we can make sure that the text in the NMDA
>>>>> draft covers this yet-to-be-defined feature w/o having to define it
>>>>> now? We thought that the current text was sufficient, but do we
>> have
>>>>> to make any changes to it?
>>>> 1) Do we also need to illustrate a similar proof of concept
>> templating
>>>> implementation to show that templating could work whilst keeping
>>>> running valid? I would prefer that this is just deferred to
>> whichever
>>>> draft defines templating.
>>>>
>>>> 2) I think that we need to reach a decision as to whether the NMDA
>>>> architecture needs to explicitly state that <running> is always
>> valid,
>>>> or if that can be left to the existing statement in 7950. My
>> thinking
>>>> is that if the conclusion is that <running> must always be valid,
>> then
>>>> it would be helpful to explicitly state it the descriptions of both
>>>> <running> and <startup> in the NMDA architecture.
>>>>
>>>> 3) I think that it would be useful to further refine my previous
>>>> proposed text for intended, particularly rewriting the text on
>>>> validation. This should hopefully also address Balazs' concern about
>>>> default values be included in validation.
>>>>
>>>> <Old>
>>>>
>>>> 4.4. The Intended Configuration Datastore (<intended>)
>>>>
>>>> The intended configuration datastore (<intended>) is a read-only
>>>> configuration datastore. It is tightly coupled to <running>. When
>>>> data is written to <running>, the data that is to be validated is
>>>> also conceptually written to <intended>. Validation is performed on
>>>> the contents of <intended>.
>>>>
>>>> For simple implementations, <running> and <intended> are identical.
>>>>
>>>> <intended> does not persist across reboots; its relationship with
>>>> <running> makes that unnecessary.
>>>>
>>>> Currently there are no standard mechanisms defined that affect
>>>> <intended> so that it would have different contents than <running>,
>>>> but this architecture allows for such mechanisms to be defined.
>>>>
>>>> One example of such a mechanism is support for marking nodes as
>>>> inactive in <running>. Inactive nodes are not copied to <intended>,
>>>> and are thus not taken into account when validating the
>>>> configuration.
>>>>
>>>> Another example is support for templates. Templates are expanded
>>>> when copied into <intended>, and the expanded result is validated.
>>>>
>>>> </Old>
>>>> <Proposed>
>>>>
>>>> 4.1.4. The Intended Configuration Datastore (<intended>)
>>>>
>>>> The intended configuration datastore (<intended>) is a read-only
>>>> configuration datastore. It represents the configuration after all
>>>> configuration transformations to <running> are performed (e.g.
>>>> template expansion, removal of inactive configuration), and is the
>>>> configuration that the system attempts to apply.
>>>>
>>>> <intended> is tightly coupled to <running>. Whenever data is written
>>>> to <running>, then <intended> is also immediately updated by
>>>> performing all necessary transformations to the contents of
>> <running>
>>>> and then <intended> is validated.
>>>>
>>>> <intended> may also be updated independently of <running> (e.g., if
>>>> one of the configuration transformations is changed), but <intended>
>>>> must always be a 'valid configuration data tree' as defined in
>>>> Section 8.1 of [RFC7950].
>>>>
>>>> For simple implementations, <running> and <intended> are identical.
>>>>
>>>> The contents of <intended> is also related to the 'config true'
>>>> subset of <operational>, and hence a client can determine to what
>>>> extent the intended configuration is currently in use by checking
>>>> whether the contents of <intended> also appears in <operational>.
>>>>
>>>> <intended> does not persist across reboots; its relationship with
>>>> <running> makes that unnecessary.
>>>>
>>>> Currently there are no standard mechanisms defined that affect
>>>> <intended> so that it would have different contents than <running>,
>>>> but this architecture allows for such mechanisms to be defined.
>>>>
>>>> One example of such a mechanism is support for marking nodes as
>>>> inactive in <running>. Inactive nodes are not copied to <intended>.
>>>> A second example is support for templates, which can perform
>>>> transformations on the configuration from <running> to the
>>>> configuration written to <intended>.
>>>>
>>>> </Proposed>
>>>>
>>>> Thanks,
>>>> Rob
>>>>
>>>>
>>>>>
>>>>> /martin
>>>>> .
>>>>>
>>>> .
>>>>
>> .
>>
>

v2.23.0 | Report a Bug | By Email