Re: [netmod] WGLC - Comparison of NMDA datastores - draft-ietf-netmod-nmda-diff-03

Alexander Clemm <> Wed, 26 February 2020 01:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 442143A07EE; Tue, 25 Feb 2020 17:33:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id B0LD7R4DJdFx; Tue, 25 Feb 2020 17:33:13 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 15CB63A07ED; Tue, 25 Feb 2020 17:33:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=CFxeL3DboeiouwM5z4UslpTFNahL4ck8okylYrAZTqT8RdHrclXV26OP7rRU9uucpteiP/miO3hTBqIh0HNDq12lra8NOR3UTBf88r1P/0gRCh3/Ndm3Y1Vt7BeDUaBOA/kjv+1gMsiUqhVkkHAw7t3CC1NdtU2v+U8LqiG1PVEzqkazcsBzS8R3WeK0su8dE2AAaBIqjg0hWO5FOOtltI0MjRrKeJzsK9qOSTcuY7KbL4JImqTzO2m2a3U+en6u0vJJsYluYbpmuIP8tvXRrrWz5BcC91J+JyISVz002fvu/5mj6qDjCOkbRE8aPZFe4t6+uoNu4K6yt/HEiibi5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dTaQGtMEug+OKWx9rXfv6NOlmoRkfJjXzOtmIXgOHPo=; b=nKatmQ/AbX2B9JR02jCfrcl2XyQXPFjowdGOAtEU6q+hYyvdr+FNr67fRI1PQwpBJMMKYGCr8bjjIaQopHYL2zGbdbHLx6z1lUHw8q/AmfN9l88Y8drVtL7uVBnYC7LBjh7/eM1wLYwc9Orri1dQBM3e3iIbvP1Hgcld72z982F5naboYGOmvdwre6CdFHy8vk+xGxFsna7cj1i/68GlLaZmi4IApLo2+WR3xsrF7jiHdiFY5b0qgAI8dp6Q5ruNmmSZ4lz/lo0S5PZ6SAxIM/0CYOyc7Y0wpEfBoYz4UxTWvJaNcpXINzD6BPTMHP64ipLjQy6kdejcwsxkHZZ7pg==
ARC-Authentication-Results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dTaQGtMEug+OKWx9rXfv6NOlmoRkfJjXzOtmIXgOHPo=; b=SvG727ervNlnVD4hT2UOgnhERoTzYcLz3/LECFJZnKyaskuI0Go/YDUqNKFBJDOuo9NXG9sMfncO1t+BT15I86O2W4KHc+k6+4Ucya1bYoI0i+beW6mB8bLo+NT4jDapxSmwfd4R1it27sl/Qn5RwPTOHE9xvdhbnTJHyG7PGI0=
Received: from (2603:10b6:208:15a::30) by (2603:10b6:208:136::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.5; Wed, 26 Feb 2020 01:33:08 +0000
Received: from ([fe80::e46a:4e64:29bf:8532]) by ([fe80::e46a:4e64:29bf:8532%6]) with mapi id 15.20.2772.012; Wed, 26 Feb 2020 01:33:08 +0000
From: Alexander Clemm <>
To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <>, Joel Jaeggli <>
CC: "" <>, "" <>
Thread-Topic: [netmod] WGLC - Comparison of NMDA datastores - draft-ietf-netmod-nmda-diff-03
Thread-Index: AQHV5cpbkGrB2wq/g0eF4L9huLkRAqgiv8AAgAmmr5A=
Date: Wed, 26 Feb 2020 01:33:08 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 64bc91bf-642c-47bd-cb94-08d7ba5bd571
x-ms-traffictypediagnostic: MN2PR13MB3104:
x-microsoft-antispam-prvs: <>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0325F6C77B
x-forefront-antispam-report: SFV:NSPM; SFS:(10001)(10019020)(4636009)(346002)(366004)(376002)(39850400004)(396003)(136003)(189003)(199004)(6506007)(53546011)(54906003)(52536014)(966005)(81156014)(316002)(9686003)(8936002)(81166006)(55016002)(66476007)(8676002)(64756008)(66446008)(66946007)(45080400002)(4326008)(26005)(110136005)(66556008)(186003)(7696005)(2906002)(5660300002)(86362001)(71200400001)(33656002)(76116006)(478600001)(66574012); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR13MB3104;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8cbmp3+/H7mmkOMNc9f+hhedQq8IIbGGyQpPouZsxXPthlgwOIzFZUmQ2Wuc3X7GG41IgZl+l86+n3eP8MeFYMo2sb4DOCKnei0FQMROpFKEw+ks6YIPpwcrfX3zkVjHcEhY5pl4B6UWoN3m1zbUKry+vhBWfVaGXTwP6gne5ZRcsku6DpL9DDLat3MqWDJeNzCd+CdD3pLj5z5Tnk6vIReooXue1BoasyMNFscEM3qOmUQr/I+bEdBWt0vgBUkjtpf8Wa516bsMCWrIaj77qYObAINgIVLrLoGKVWw5FzD6O0MQxzBswxMXFaBNGabGZOvayTiA5dmpec2Wsuh2xR4XkDTUXIhwFUl59PG84DioomZVS9fhcnhOG/jkQv1IRv26OT1oFH4IS5u6a6VUzBuJCIUaGsp5SGUkXc4oY1M0LnR2CToR2kbcwQ8eIRRzCG+tEtDl+F0dNx01qeaUoQxbqpTIWwVed9BUaqBBmSLu5wtO0DpLq1j7BKiYWQsYTtIVukYxw7D9bb4PtdrAFMx516dt5oD438ExcnbAlYNzx3bMSWxUdMR9a+ajCZety3vZi3xkUeiFJ12oOVntBSJAnxBOC98DQWUyK1QAf0c2CXOZaN/6493/TLz4GRXl
x-ms-exchange-antispam-messagedata: APistoxgqcyweBq64/6uFduR4SKK9UJyCau+WSxmlbXdIARu2MnXdk07YaBCOq33oz3es9bmlP9jR5ZyRWuRucy5eacKsx63CGXzsGLlMvvDsA7FXjkZgAjqXasL/KLJnuiCr8R8uf+GL2LTVADhQg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 64bc91bf-642c-47bd-cb94-08d7ba5bd571
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2020 01:33:08.0600 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Esg6tUAH0fBBVHSRAV0aAEht/J0XikIvZfo3v7vRqlUnmY5CBmyuFxrZqPwjbNEm6Rn/64xFw8zSpAS7yaWpsg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB3104
Archived-At: <>
Subject: Re: [netmod] WGLC - Comparison of NMDA datastores - draft-ietf-netmod-nmda-diff-03
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 26 Feb 2020 01:33:15 -0000

Hi Juergen,

thank you for your comments!  Please find replies inline, <ALEX>

--- Alex

> -----Original Message-----
> From: netmod <> On Behalf Of Schönwälder, Jürgen
> Sent: Wednesday, February 19, 2020 8:57 AM
> To: Joel Jaeggli <>
> Cc:;
> Subject: Re: [netmod] WGLC - Comparison of NMDA datastores - draft-ietf-
> netmod-nmda-diff-03
> Hi,
> this is a good document that deserves to go forward. Some comments...
> - In the introduction, you may want to mention that applied config
>   often differs from config because applied config includes stuff that
>   was learned or generated by the system (e.g., IP addresses obtained
>   via DHCP or generated by the kernel itself). This applies to systems
>   that otherwise implement NC or RC in a synchronous update manner,
>   i.e., a difference between <intended> and <applied> is for many
>   operational systems likely the normal situation and not an
>   exceptional one.

Agreed.  Adding the following text in the Introduction to bring this out clearer: " Likewise, during the course of operation, some data values may be learned or updated by the system itself over time, causing datastores to diverge. "

> - I do not understand this:
>       [...]  (The filter dow not contain expressions that
>       would match values data nodes, as this is not required by most use
>       cases and would complicate the scheme, from implementation to
>       dealing with race conditions.)
>   Despite the wording nits, I fail to understand the race condition
>   argument. It seems the filters are the same as we have them in other
>   places and this is good and a strong argument by itself. Reusing
>   concepts is a good thing. Just state that and remove potentially
>   hand-waving arguments about race conditions created by filtering on
>   values. (And subtree filters can filter out certain interfaces by
>   matching the <name/> element.)

<ALEX>  What this meant to explain is that the filter simply defines which nodes are in and out of scope, independent of their actual value.  In other words, you would not be able to specify something like "have this be in scope, but only if its value is between 5 and 10".  This is to keep things simple; the race condition concerns if there are different speeds at which values propagate.  
In order to simplify this, I suggest we simply remove the text in parantheses (which was meant to provide clarification, but seems to add confusion, hence best to simply strike.)  

> - I think you should import the term 'schema node' (and if necessary
>   also other terms) from RFC 7950. Perhaps merge section 2+3 into a
>   section Terminology that has the RFC2119 blurb and states that this
>   specification uses the terminology defined in RFC 7950 and RFC 8342.

OK, we are merging 2+3 (both are very short anyway).  Putting the following sentence in lieu of the acronyms: This specification uses the terminology defined in [RFC7950] and [RFC8342].  For definitions of terms such as "datastore", "schema node", "<intended>",  or "origin", please refer to those RFCs.  

> - Given that the applied configuration includes learned and system
>   provided data, it may make a lot of sense to filter on origin so
>   that learned or system generated config is not part of the
>   comparison. I think this is really missing. Of course, one can
>   filter the result to get rid of all 'learned' items but the whole
>   point of the compare RPC is to avoid long responses that are not
>   needed. The get-data operation defined in RFC 8526 has an origin
>   filter that may be reused. (Perhaps it makes sense to align the
>   parameters with RFC 8526 get-data even further.)

<ALEX>Hmm, what are you exactly suggesting here?  We could add a parameter to include (or exclude) data of a certain origin.  However, that would raise the possibility that some differences are not found whose cause is precisely that they have a different origin than anticipated (e.g., for which it was not clear that they could be learned, or that they would be preconfigured).  Hence not making changes just yet; could you explain your requirement/suggestion a little more?  
> - Why do we need the 'no-matches' leaf? Why not simply return an empty
>   'differences' container?
I guess this is a design choice.  I guess we could return an empty container as well; the "no-matches" makes it more "explicit", and in terms of response size it does not make a difference.  Unless there is a strong preference, we would like to prefer to keep it.  (Or perhaps Andy wants to jump in?)

> - Nit
>   OLD
>    RPC request to compare <operational< (source of the comparison) with
>    <intended>(target of the comparison):
>   NEW
>    RPC request to compare <operational> (source of the comparison) with
>    <intended> (target of the comparison):

<ALEX> fixed the spacing 

> - I have not validated the examples.
> - Section 7 talks about rejecting frequent requests. It may be useful
>   to specify which error response is returned in this case so that
>   coders implement the same behavior.
<ALEX> We could add that.  Which one would be appropriate to return / what should be returned?  
Should we simply return error-type "rpc", with error-tag "resource-denied"?   
If we do that, should we also include error-info, specifying a time interval after which it would be "safe" to issue the next diff request?  

> - Perhaps the document should spell out how compare interacts with
>   NACM. I kind of assume that NACM rules are applied before the
>   content is compared, i.e., data that is not accessible won't get
>   compared. Well, whatever the correct behavior is, I think this
>   deserves to be spelled out.

<ALEX> Per RFC 8341, the same access control rules apply to all datastores subjected to NACM - presumably also to all datastores that can be subjected to nmda-diff.  From that perspective we didn't think it necessary to spell it out, but perhaps it should be.  
How about adding the following at the end of the first paragraph of Section 4:
"Any access control rules as configured by NACM [RFC 8341] are applied by the server before the comparison is performed, that is, only datastore schema nodes for which the client has read access are included in the comparison."  

> - I would probably have picked in ietf-interfaces example to avoid a
>   reference to a work in progress but this does not really matter
>   much.

<ALEX> That would have been possible as well.  We prefer sticking with this example (it's just an example, so non-normative) if acceptable since it generates less work, however, if there is insistence that we update, we will be happy to do so. 

Thanks (end of my replies here)
--- Alex

> /js
> On Mon, Feb 17, 2020 at 11:42:01AM -0800, Joel Jaeggli wrote:
> > Greetings,
> >
> > This was supposed to get processed shortly after IETF 106, however I lost
> track of it. We are therefore running a 2 week WGLC on draft-ietf-netmod-
> nmda-diff-03.
> >
> >
> diff%2F&amp;
> 7bb208d7b55cd5c9%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C63
> 7177282659984332&amp;sdata=hMaCe8q44NEdcaPy74s29tAkLIJbEBQhjnRp5Y
> mtkB0%3D&amp;reserved=0
> >
> > the 02 - 03 diff is available here:
> >
> >
> 02%26url2%3Ddraft-ietf-netmod-nmda-diff-
> 03&amp;
> 08d7b55cd5c9%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637177
> 282659984332&amp;sdata=jm03o26D0LMjaUfERALelo3RtNG4%2BliglxPWR3Ls
> 99c%3D&amp;reserved=0
> >
> > Please send email to the list indicating your support or concerns.
> >
> > This WGLC will conclude Monday March 2nd.
> >
> >
> > Thank you,
> > NETMOD WG Chairs
> >
> > _______________________________________________
> > netmod mailing list
> >
> >
> c753a1d5591fedc%7C1%7C0%7C637177282659984332&amp;sdata=kMP6EgO
> qJ6N3FkPnCCt%2F25Xt9v4p9XAUGvpCv2Go47Y%3D&amp;reserved=0
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103
> <
> .jacobs-
> 0468c4c5f7bb208d7b55cd5c9%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%
> 7C0%7C637177282659984332&amp;sdata=BlWciwRclsZnEzcugWnkxr7vAWvsS
> E%2BKGodwzUMRS9Q%3D&amp;reserved=0>
> _______________________________________________
> netmod mailing list
> c753a1d5591fedc%7C1%7C0%7C637177282659984332&amp;sdata=kMP6EgO
> qJ6N3FkPnCCt%2F25Xt9v4p9XAUGvpCv2Go47Y%3D&amp;reserved=0