Re: [netmod] review of draft-ietf-netmod-schema-mount-08
Ladislav Lhotka <lhotka@nic.cz> Fri, 03 November 2017 15:52 UTC
Return-Path: <lhotka@nic.cz>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3B5313FEA2 for <netmod@ietfa.amsl.com>; Fri, 3 Nov 2017 08:52:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPMWjR0x5AsY for <netmod@ietfa.amsl.com>; Fri, 3 Nov 2017 08:52:08 -0700 (PDT)
Received: from trail.lhotka.name (trail.lhotka.name [77.48.224.143]) by ietfa.amsl.com (Postfix) with ESMTP id 5AF9813FE87 for <netmod@ietf.org>; Fri, 3 Nov 2017 08:52:07 -0700 (PDT)
Received: by trail.lhotka.name (Postfix, from userid 109) id 4A3541820F78; Fri, 3 Nov 2017 16:51:59 +0100 (CET)
Received: from localhost (unknown [195.113.220.121]) by trail.lhotka.name (Postfix) with ESMTPSA id F38B518201B0; Fri, 3 Nov 2017 16:51:56 +0100 (CET)
From: Ladislav Lhotka <lhotka@nic.cz>
To: Kent Watsen <kwatsen@juniper.net>, "netmod@ietf.org" <netmod@ietf.org>
In-Reply-To: <F8D5C6D5-1665-43B0-88B6-11381BBFCBB9@juniper.net>
References: <F8D5C6D5-1665-43B0-88B6-11381BBFCBB9@juniper.net>
Mail-Followup-To: Kent Watsen <kwatsen@juniper.net>, "netmod\@ietf.org" <netmod@ietf.org>
Date: Fri, 03 Nov 2017 16:53:06 +0100
Message-ID: <87po8z9x5p.fsf@nic.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/d74rnOrtp2uuEXqkfAyKFDSp-yM>
Subject: Re: [netmod] review of draft-ietf-netmod-schema-mount-08
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 15:52:12 -0000
Hi Kent, thanks for the thorough review, see my responses inline. Kent Watsen <kwatsen@juniper.net> writes: > Hi, > > I have read this document and think that is almost ready for > publication. I have five discuss items and a bunch of nits. > > Kent // contributor > > > 1. From Section 4: > > Routing configuration inside an NI often needs to refer to interfaces (at > least those that are assigned to the NI), which is impossible unless such > a reference can point to a node in the parent schema (interface name). > > This seems overstated. Rather it is a result of an earlier design decision. > An alternate solution might have exported the global interfaces into a > config false list inside the mount jail. Was such a solution > discussed? Do you mean something like having "symlinks" to interfaces inside the mount jail? Yes, this was discussed and rejected. According to Martin, tail-f had made a very bad experience with this approach. > > > 2. Also from Section 4: > > For every schema mounted using the "use-schema" method, it is possible > to specify a leaf-list named "parent-reference" that contains zero or more > XPath 1.0 expressions. Each expression is evaluated with the node in the > parent data tree where the mount point is defined as the context node. > > If you can nested-mounts, can you also have nested parent-references? Yes, but you can only refer to the level directly above. > > > 3. Also from Section 4 (same paragraph): > > For the purposes of > evaluating XPath expressions within the mounted data tree, the union > of all such nodesets is added to the accessible data tree. > > Could this ever result in name collision? Potentially yes, but sibling nodes with the same name are not an issue for XPath evaluation. > > > 4. Regarding Security Considerations, what about > /yangmnt:schema-mounts? You are right, the security considerations should be similar to those in RFC 7895. It is the same type of risk. > Also, should how NACM interacts with mounted instance data be > specified? This is a good question because, in principle, top-level NACM rules can address instances of mounted schemas. On the other hand, ietf-netconf-acm can also be a part of the mounted schema - and if so, can its rules also address instances in the parent schema via the parent-reference mechanism? But I would say it is up to rfc6536bis to deal with these questions. > > > 5. This document does not say anything about how it relates to NMDA. > Clearly all this is targeted to the conventional datastores, but how > is it reflected in e.g., <operational>? Does anything need to be said > here? The "use-schema" case shouldn't pose big problems because it is essentially an externally specified augment. The "inline" case is somewhat disturbing though: could the embedded YANG library instances be different in different datastores? > What if the mounted schema has deviations in <operational>. I don't understand why this could be an issue. > > > Nits (line-break separated): > > Is "other optional choices" being vague on purpose? Should it just > call out features and deviations? Yes, it should. > > "the YANG library data" seems odd. Maybe "the instance of the YANG > Library module"? It is the same but I prefer the former. Note that the term "instance" is not defined in RFC 7950. > > - document, and could be possibly dealt with in a future revision of the YANG data modeling language > + document, as it needs to be dealt with as an update to the YANG data modeling language > I am not sure that it *needs* to be done, because it could have far-reaching consequences. > - Schema mount applies to the data model > + Schema mount regards the data model OK > > - This document allows mounting of complete data models only. > + This document allows mounting of complete modules only. Correct > > - may extend this model by defining > + may extend this solution by defining Or perhaps "approach"? I would leave "solution" to marketing folks. > > In S3, replace "YANG 1.1" with "YANG 1.1 and its continuances"? Not sure. For example, next version of YANG can/should turn "mount-point" into a built-in statement. > > - A "container" or "list" node > + A 'container' or 'list' node Actually, following RFC 7950 conventions, no quotes should be used here. > > - of "container" and "list" statements. > + of the "container" and "list" statements. OK > > - Mounted schemas for all mount points > + The schema for all mount points OK > > - in the "yangmnt:schema-mounts" container. > + in the top-level "yangmnt:schema-mounts" container defined in the > "ietf-yang-schema-mount" module defined in [Section 8]. Section 2.2 defines the relationship between the "yangmnt" prefix and that module. > > The "refers through its key" part is not clear - are you talking > about the mount-point's argument/label? Yes. Would it be more clear to say this? Every entry of this list refers through its key to a mount point label and specifies the schema for all mount points with that label. > > I don't understand "above those that are defined in the parent > schema." - mostly the word "above" is throwing me… Yes, "apart from" is better. > > - If multiple mount points with the same name > + If multiple mount points with the same label (wasn't it called a > "label" before?) Right > > Regarding "Note, that in this case a mount point", beyond the missing > comma, an example would be very helpful. I don't know if I understand > it right. You don't, because that sentence is completely wrong - it is yet another example of mixing up the schema and instance. The idea is that if (for some strange reason) the mounted schema includes the ietf-yang-library module, then all *instances* of this (mounted) YANG library must be identical and have the same content as the "use-schema" data. This is another reason why I would prefer to have only one YANG library at the top - it is not regular state data. > > In the YANG itself, "State data nodes" didn't parse well, "Protocol > accessible nodes" instead? Do you mean the comment? The same or similar comment is in many existing modules - for example, ietf-yang-library has "Operational state data nodes". It is true though that it doesn't make much sense here as long as there are no configuration data. > > Regarding the first paragraph in Appendix A, I took me some time to realize that the rtgwg-device-model included > ietf-network-instance and that those modules define mount-points and > where. Please make this easier for first-time readers. OK, we should try. > > In A1, is ietf-network-instance missing? - might want to double-check > all No, because A1 describes only the top (device) level, ietf-network-instance is a part of the LNE schema in A.2. > > In all the examples, but beginning with A2, it might help to show the > RESTSCONF protocol operation that illustrates the result, so that it's > clear where in the data model the particular instance is located. > Anything that can be done to provide more context would be helpful. It seems to make sense in A.3 - to demonstrate an URI of a resource inside an NI. > > For the 2nd half of A2, what happens if there is an "lne-2", will it > also get "eth0"? I think "ietf-logical-network-element:bind-lne-name" leaf should contain the name of a LNE to to which the interface "eth0" is assigned, so it looks like a mistake. > > - which should include at least > + which should include at least an instance of > ietf-yang-library:modules-state and ietf-interfaces:interfaces-state, > as follows: But the important point is that only interfaces assigned to the LNE need to be included, so it is not just "an instance of ietf-interfaces:interfaces-state". Why do you think the existing text isn't OK? Lada > > > Thanks again, > Kent > > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67
- [netmod] review of draft-ietf-netmod-schema-mount… Kent Watsen
- Re: [netmod] review of draft-ietf-netmod-schema-m… Ladislav Lhotka
- Re: [netmod] review of draft-ietf-netmod-schema-m… Kent Watsen
- Re: [netmod] review of draft-ietf-netmod-schema-m… Martin Bjorklund
- Re: [netmod] review of draft-ietf-netmod-schema-m… Martin Bjorklund
- Re: [netmod] review of draft-ietf-netmod-schema-m… Ladislav Lhotka
- Re: [netmod] review of draft-ietf-netmod-schema-m… Ladislav Lhotka
- Re: [netmod] review of draft-ietf-netmod-schema-m… Lou Berger