IETF Logo Mail Archive

Re: [netmod] OpsState and Schema-Mount

Robert Wilton <rwilton@cisco.com> Tue, 09 August 2016 13:12 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C44212D825 for <netmod@ietfa.amsl.com>; Tue, 9 Aug 2016 06:12:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.768
X-Spam-Level:
X-Spam-Status: No, score=-15.768 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9gnvLLNrLh1K for <netmod@ietfa.amsl.com>; Tue, 9 Aug 2016 06:12:12 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 315FA12D824 for <netmod@ietf.org>; Tue, 9 Aug 2016 06:12:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25366; q=dns/txt; s=iport; t=1470748331; x=1471957931; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=6M+iPFjbVldcUPBqS/bUbuxQ5gIxWlGRvfQIBUcP6lk=; b=diNk7dLTL1W181B9O4JaNcFktdalJDoJifiz5oUAs0Nz+zJsySAFUYxA /FAc1tlbdQly0TvsbsV+SP5OSpNn5km4Qh/P/NX+oacLbpyZyBsas4OwU vl5JrDDgvT+nBKOzTBZHOFR7HO8mQKnmlYEUvt3geUVk6u2C+EM2ZTbRW 0=;
X-IronPort-AV: E=Sophos;i="5.28,494,1464652800"; d="scan'208,217";a="640561384"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Aug 2016 13:12:09 +0000
Received: from [10.63.23.91] (dhcp-ensft1-uk-vla370-10-63-23-91.cisco.com [10.63.23.91]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u79DC8kM010605; Tue, 9 Aug 2016 13:12:08 GMT
To: Andy Bierman <andy@yumaworks.com>, Kent Watsen <kwatsen@juniper.net>
References: <bed9398c-0e6a-450e-d2ac-b381b6bebf87@cisco.com> <9367f4b1-7814-e175-32e8-d518438b841d@cisco.com> <m24m79c1ja.fsf@birdie.labs.nic.cz> <D3BF8708.72620%acee@cisco.com> <552008CB-F216-4578-A709-AE0613C2EFB9@nic.cz> <12ed1a4d-44c5-9a51-b6d4-95e1620a24ee@cisco.com> <m260roedim.fsf@birdie.labs.nic.cz> <CABCOCHRF98sTa=MA1VTkZovOufL-=yQr9Gzy+ojnncjSfK1y0Q@mail.gmail.com> <e307c2fc-e621-b5c6-4fcc-67bbcdcb87b9@cisco.com> <20160729163220.GA3579@elstar.local> <68421198-703c-bb26-0fcc-f560e6fe108d@ericsson.com> <100B5D71-C23E-4C72-9EA2-2DB6574DEB87@nic.cz> <5153eab1-8d87-6e3c-3b54-441f683695e4@cisco.com> <D3C7B1A4.7482A%acee@cisco.com> <18066971-3353-b13f-04fa-e214a47ab9a7@cisco.com> <D3C8C14F.74A40%acee@cisco.com> <3175490B-E8DA-4819-B294-C64D1A7D8A40@juniper.net> <CABCOCHRuzTTBM-9OU5GaXS_fHmpNSn5Yp-3K6oXF33SeObSonA@mail.gmail.com> <673D4236-7564-4B64-8088-BE6CBA3A790E@juniper.net> <CABCOCHTkUsLfrDZh4a3fGvpcTR0YVjpG2AHUwfLQGSa30JqQcA@mail.gmail.com>
From: Robert Wilton <rwilton@cisco.com>
Message-ID: <4c5eedb9-ce73-3693-1e17-6012755a2fdd@cisco.com>
Date: Tue, 09 Aug 2016 14:12:01 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CABCOCHTkUsLfrDZh4a3fGvpcTR0YVjpG2AHUwfLQGSa30JqQcA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------610778F5FB091720EF9F8233"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/_fnZqFI6yKmCa5vhqJtFQv9qVmk>
Cc: netmod WG <netmod@ietf.org>
Subject: Re: [netmod] OpsState and Schema-Mount
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2016 13:12:14 -0000


On 09/08/2016 00:30, Andy Bierman wrote:
>
>
> On Mon, Aug 8, 2016 at 4:24 PM, Kent Watsen <kwatsen@juniper.net 
> <mailto:kwatsen@juniper.net>> wrote:
>
>     For 1,2,3, realize that placing config false nodes under config
>     true nodes has been with us from the beginning.  All the issues
>     you mentioned (if they’re issues at all) can’t be new.   Having a
>     duplicate -state tree is the wart here, it’s introducing an
>     inconsistency in how models have been written for a long time.  I
>     prefer to remove the wart than celebrate it.
>
>
> No, it actually is not the way we have been doing things all along.
> Historically (even with NETCONF, not just SNMP) we standardize
> read-only monitoring information.  Sometimes configuration is added later.

For me, it seems to have been the opposite.  I.e. all the early pressure 
was to get configuration covered by YANG models, with the operational 
state following afterwards.  We are either being asked for config 
models, or config+state models.  I guess that is because there is an 
existing solution (SNMP) for monitoring devices, but there is no 
workable solution to configure devices without using YANG.

Further, it seems to me that NETCONF is quite config focused, and that 
handling state was more added as an afterthought (e.g. according to the 
NETCONF RFC, config false leaves don't even exist as part of any 
datastore!).  If reporting state was the main driver for NETCONF/YANG 
then I would have thought that the semantics for handling operational 
state would have been formalized earlier on.


>
> Issues 1 - 3 are practical issues that need to be addressed if 
> top-level config=false
> nodes are not allowed anymore.
I don't think that the proposal is to make them 'not allowed', but 'not 
recommended' instead.

In particular, I think that the guideline would be along the lines:
If a given module "foo" only contains state and no configuration, then 
having a single top-level "foo" config false node is fine, but if a 
given module contains both config and state then the recommendation is 
to put that under a config=true "foo" top-level node.  Refining that 
slightly, If the state data is relevant even if "foo" hasn't been 
enabled then make the top level "foo" an NP container.  If "foo" has to 
be enabled on the system for the state data to be relevant then make 
"foo" a P container (or give it a separate foo/enable leaf).  In 
summary, I would suggest that the foo state data should be pushed as far 
down the combined config/state tree as possible.  It should be sited 
below (or adjacent to) whichever config node is required to make that 
state data relevant.

If config and state are in the same tree then it is easy to return all 
the data in one RPC, or have separate RPC operations that just return 
configuration (e.g. <get-config>), or just return "state + containing 
hieararchy" (e.g. a newly defined <get-state>, or equivalent).

Having separate foo vs foo-state trees at the top level is always going 
to make it harder to return and manage a combined view of the config and 
state data.

Thanks,
Rob


>
>
> Andy
>
>     For 4, right, this discussion on s5.23 of 6087bis regards how to
>     handle state for system-generated objects (e.g., interfaces).  It
>     is not directly related to the how to report applied configuration
>     problem.  It is however indirectly related, in that a holistic
>     solution can address both.
>
>     Kent
>
>     *From: *Andy Bierman <andy@yumaworks.com <mailto:andy@yumaworks.com>>
>     *Date: *Monday, August 8, 2016 at 5:51 PM
>     *To: *Kent Watsen <kwatsen@juniper.net <mailto:kwatsen@juniper.net>>
>     *Cc: *"Acee Lindem (acee)" <acee@cisco.com
>     <mailto:acee@cisco.com>>, "Robert Wilton -X (rwilton - ENSOFT
>     LIMITED at Cisco)" <rwilton@cisco.com <mailto:rwilton@cisco.com>>,
>     Ladislav Lhotka <lhotka@nic.cz <mailto:lhotka@nic.cz>>, Balazs
>     Lengyel <balazs.lengyel@ericsson.com
>     <mailto:balazs.lengyel@ericsson.com>>, "netmod@ietf.org
>     <mailto:netmod@ietf.org>" <netmod@ietf.org <mailto:netmod@ietf.org>>
>     *Subject: *Re: [netmod] OpsState and Schema-Mount
>
>     On Mon, Aug 8, 2016 at 1:16 PM, Kent Watsen <kwatsen@juniper.net
>     <mailto:kwatsen@juniper.net>> wrote:
>
>         Acee writes:
>         >    Then I see no YANG language barriers in collapsing config
>         and state trees
>         >    - the model root just needs to be “config true”.
>
>         Great, I think we’re all agreed. Can we now discuss the text I
>         proposed for 6087bis?  - here’s the link to my proposal:
>         https://mailarchive.ietf.org/arch/msg/netmod/-zbXNhw2BJYMyrBT9nnCwoLAJ0s
>         <https://mailarchive.ietf.org/arch/msg/netmod/-zbXNhw2BJYMyrBT9nnCwoLAJ0s>.
>
>     IMO this effort to avoid 2 containers is not well thought out.
>
>     Some concerns:
>
>     1) modularity
>
>         placing the monitoring objects within the configuration means
>     the monitoring
>
>         cannot be used on its own
>
>     2) access control
>
>         placing the monitoring data within configuration means the
>     monitoring-only clients
>
>         need write permission turned on for the nodes they can access
>     for read-only
>
>         This relies on granular and complex NACM rules which require
>     regular maintenance.
>
>     3) YANG conformance
>
>         placing the monitoring data inside the configuration means the
>     configuration
>
>         will be required for conformance; it is not likely to be just
>     1 NP container.
>
>     4) pointless;
>
>        given that new RPC operations are needed to access applied
>     config, the only data not
>
>        affected (and moved under the config container anyway) is stuff
>     that does not share
>
>        the same indexing, or counters which are not part of the
>     opstate problem.
>
>     Andy
>
>         Hint: the first few edits are just nits...skip over the first
>         few paragraphs until you start seeing large blocks of changed
>         lines...
>
>         Kent // as a contributor
>
>
>
>         _______________________________________________
>         netmod mailing list
>         netmod@ietf.org <mailto:netmod@ietf.org>
>         https://www.ietf.org/mailman/listinfo/netmod
>         <https://www.ietf.org/mailman/listinfo/netmod>
>
>

v2.23.0 | Report a Bug | By Email