IETF Logo Mail Archive

Re: [netmod] netmod-revised-datastores: templates, interactions with RFC6243 'report-all'

Ladislav Lhotka <lhotka@nic.cz> Wed, 22 February 2017 12:45 UTC

Return-Path: <lhotka@nic.cz>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 943661297E7 for <netmod@ietfa.amsl.com>; Wed, 22 Feb 2017 04:45:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nQs1CWFXVBMQ for <netmod@ietfa.amsl.com>; Wed, 22 Feb 2017 04:45:22 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 349D7129795 for <netmod@ietf.org>; Wed, 22 Feb 2017 04:45:22 -0800 (PST)
Received: from [IPv6:2001:718:1a02:1:786d:1c74:a89f:9a80] (unknown [IPv6:2001:718:1a02:1:786d:1c74:a89f:9a80]) by mail.nic.cz (Postfix) with ESMTPSA id CBFD760757; Wed, 22 Feb 2017 13:45:20 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1487767520; bh=+jA/UMXGot1er4GNZzTZdztLHpjD3NaQZqOLcZjf8ic=; h=From:Date:To; b=Ez/9rFYS30DKordm+FZ6gg0fOsejxp9ny9elQv1CP/JBkjPdElz+96UBpKlDqfem4 ZjkC9vuRomtT4JXrNKxX2rtzeM1uU2afzGrgs48sleQLlcf7tslmMEmiCDRXN9+uI0 SMUiCbP7mIX71JhBIsbtOOQ1o5D39gK5tXT0rdAU=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Ladislav Lhotka <lhotka@nic.cz>
In-Reply-To: <20170222103444.GB44439@elstar.local>
Date: Wed, 22 Feb 2017 13:45:20 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <31552DAF-CFFC-4A43-8041-24553AD2F08C@nic.cz>
References: <43B527B5-3C59-452E-9C2D-6A4CF681607E@juniper.net> <m21suthwtk.fsf@birdie.labs.nic.cz> <77633AB4-F300-4036-8255-BCF909FBF0EB@juniper.net> <858A1C84-1A66-4926-B8BD-80B07DDB43DE@nic.cz> <HE1PR07MB0843BAFFC40FEEB6FA9D01059B500@HE1PR07MB0843.eurprd07.prod.outlook.com> <20170222065942.GA43615@elstar.local> <4415860C-AC4B-418B-B1FB-9E14F7E710B2@nic.cz> <20170222083115.GA44118@elstar.local> <9A14C02C-7C00-4F26-8510-7A047D1768B4@nic.cz> <20170222103444.GB44439@elstar.local>
To: Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de>
X-Mailer: Apple Mail (2.3259)
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/h5Dzl7dYJQg8dTzfJN6w-VFLxgc>
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] netmod-revised-datastores: templates, interactions with RFC6243 'report-all'
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 12:45:24 -0000

> On 22 Feb 2017, at 11:34, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> 
> On Wed, Feb 22, 2017 at 11:22:22AM +0100, Ladislav Lhotka wrote:
>> 
>>> On 22 Feb 2017, at 09:31, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
>>> 
>>> On Wed, Feb 22, 2017 at 08:41:55AM +0100, Ladislav Lhotka wrote:
>>>> 
>>>>> 
>>>>> The WG needs to decide what the expectations are for templates and
>>>>> whether validity of templated config means just (a), just (b) or both
>>>>> (a) and (b). I actually think it should be (a) and (b) but there might
>>>>> be implementations that only do (a) or only do (b).
>>>> 
>>>> We now have:
>>>> 
>>>> 1. YANG as a language for specifying schema, datatypes and constraints.
>>> 
>>> YANG also defines when and how constraints are expected to be checked. Are
>> 
>> The semantics of constraints are mostly defined in terms of a data tree, child nodes etc. that are pretty universal. Accessible trees for evaluating XPath have specific definitions, such as state data + running, but the XPath semantics don't really depend on this - the tree just has to be defined somehow. 
>> 
>>> you saying we should remove this, i.e., have a language where I can write
>>> down must constraints but leave it open when and how they are checked?
>> 
>> Yes. Even now, you can write a must constraint referring to a node that may not eventually exist in the data model (because the corresponding module isn't implemented). YANG modules are just building blocks, it is the data model that has to make sense as a whole.
>> 
> 
> YANG says very clearly what it means for a configuration datastore to
> be valid and we have a common understanding that the <running>
> datastore is always kept valid.

Yes, but what we are now discussing are several different configuration datastores - running, intended, maybe other - and validity may mean something different in each, even validity in terms of schema or datatypes.

> 
>>>> 2. YANG library as a means for composing YANG modules into data models.
>>> 
>>> YANG library reports the set of YANG modules implemented. I do not think
>>> it does composition of YANG modules into data models.
>> 
>> So what's your definition of a data model? For me it's exactly what YANG Library says, including supported features etc. Schema mount could be an additional part of this. The point is that implementations and tools that want to do validation have to be able to compose the schema of the entire data tree, and the result is what I call the data model. 
>> 
> 
> OK. Certainly one way to look at things.
> 
>>>> What's IMO needed is
>>>> 
>>>> 3. a formalism for binding data models to specific checkpoints in a network management workflow (such as intended or ephemeral datastore). Different use cases may have different datastores and workflows, and that's why I believe this has to be "parametrised".
>>>> 
>>>> RFC 6020/7950 does #3 in a relatively rigid way that really works only for the NETCONF protocol (which was of course the original aim).
>>> 
>>> I do not agree with the statement that the model used by YANG only
>>> works for the NETCONF protocol. The question is whether
>> 
>> Well, yes, you can use it for any protocol as long as it has certain datastores and operations, or if you selectively ignore/reinterpret parts of RFC 7950. Sample from sec. 8.3.3:
>> 
>> If the datastore is "running" or "startup", these constraints MUST be enforced at the end of the <edit-config> or <copy-config> operation.  If the datastore is "candidate", the constraint enforcement is delayed until a <commit> or <validate> operation takes place.
>> 
>>> 
>>> (a) we can agree on a common datastore model with clearly defined
>>>   semantics such that it simplifies implementations of clients and
>>>   servers since datastore semantics are predictable (this is what
>>>   the datastore design team has been working on)
>> 
>> I doubt that any particular datastore model can work for everybody. What's in the revised-datastore draft is already way too complex for some use cases but, on the other hand, other use cases may need something different or more complicated. 
>> 
> 
> Not every datastore needs to be in every implementation or accessible over
> every protocol. If this is not stated clearly enough, we may need to improve
> the writing.

How can a client learn which datastores are actually implemented? Trial and error, or via capabilities?

> 
>>> (b) or we raise the bar for clients by requiring that clients obtain
>>>   sufficient information about the specific workflow supported by a
>>>   server so that they can reliably map a configuration change
>>>   request to the appropriate datastore the server likes to have
>>>   modified.
>>> 
>>> My fear is that (b) significantly raises the bar and thus many clients
>>> in reality will simply assume certain datastore semantics and then
>>> fail to interoperate with other servers. We may get back to vendor
>>> specific silos.
>> 
>> I don't mean that implementations will necessarily have to dynamically parse and set up such a workflow - a protocol definition could simply specify a particular workflow, or a few related ones. In fact, already NETCONF covers a number of workflows that are used in the wild, including
>> 
>> - persistent and writable running
>> 
>> - persistent startup + writable ephemeral running
>> 
>> - persistent startup + persistent writable candidate + ephemeral read-only running
>> 
>> I also suspect that most troubles I2RS folks have had with YANG were due to the need to retrofit their workflow to that of NETCONF.
>> 
> 
> So you want per protocol datastore models? How do you then deal with
> implementations that have to support multiple protocols, i.e.,
> multiple data store models? How do you ensure that all combinations
> you get can be implemented meaningful together?

Clever clients supporting multiple datastore models could probably be written but I don't think it is a general requirement. Similarly, a NETCONF client can be designed to work only with writable running, or with a very particular data model - does it mean it is non-compliant?

Unlike very generic protocols such as TCP or HTTP, network management tools can mostly be selected specifically for the network at hand - and be more or less flexible. I can accept that tools designed for remote management of IoT devices cannot be used for backbone router configuration.

> 
> But then, you wrote 'different use cases' and not 'differnet
> protocols' so it did sound like you want even different use cases with
> the same protocol to use different datastore semantics and workflows.
> It seems there is a flexibility - complexity tradeoff here.
> 

OK, it depends on how the terms are defined, so yes, maybe I should have written "application" rather than "protocol". And yes, I do think it makes sense to develop applications that, for example, use the syntax and semantics of RESTCONF messages but not the exact structure of resources prescribed in RFC 8040. If RESTCONF is to support the revised datastore model, will it require a new protocol?

Lada

> /js
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

--
Ladislav Lhotka, CZ.NIC Labs
PGP Key ID: 0xB8F92B08A9F76C67

v2.23.0 | Report a Bug | By Email