Re: [netmod] leafref to lists that contain system-controlled entries

Robert Wilton <> Mon, 16 October 2017 10:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3AB80133347 for <>; Mon, 16 Oct 2017 03:39:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zXMgoxqjb7DU for <>; Mon, 16 Oct 2017 03:39:38 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DD61D1270AB for <>; Mon, 16 Oct 2017 03:39:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=16404; q=dns/txt; s=iport; t=1508150377; x=1509359977; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=lz+fSCQPGHfejmmHTLWSd2xF3gjM25v12utwkkC2SP8=; b=ZKDyCYmS2DWhmx3Lwf+AFg1xnOF5nrYZQHWjFUqmF33IAMDED4GqziL2 AGn3zButdwdfDmFZZraAht5WJfi/26U1r3UkklU/ZeuT5TNA891Cb1jB7 F/GS+wbTaXiZWoskm/ZmQPULdiClxXMk8YfhQlPNfEW0iUQmCHNn8AsIS k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DkAADdi+RZ/xbLJq1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgm9CgRJuJ44ZdI4LggUikHCFP4IUChgBDIRHTwKFFRgBAgEBAQE?= =?us-ascii?q?BAQFrKIUdAQEBAwEBAStBEAsLEgYuJyIOBgEMBgIBAReJeggQA6xGJosLAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBGAWDLYNYghULgj81gkWCKoYKBYoflymHX40MAot?= =?us-ascii?q?ihzKOD4dggTkfOIFZNCEIHRVJgmSEYD82iBMsghYBAQE?=
X-IronPort-AV: E=Sophos;i="5.43,386,1503360000"; d="scan'208,217";a="655475244"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Oct 2017 10:39:35 +0000
Received: from [] ( []) by (8.14.5/8.14.5) with ESMTP id v9GAdZgS012958; Mon, 16 Oct 2017 10:39:35 GMT
To: "Sterne, Jason (Nokia - CA/Ottawa)" <>, "" <>
References: <>
From: Robert Wilton <>
Message-ID: <>
Date: Mon, 16 Oct 2017 11:39:35 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------30B16A4F56AE45121781F8F5"
Content-Language: en-US
Archived-At: <>
Subject: Re: [netmod] leafref to lists that contain system-controlled entries
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 16 Oct 2017 10:39:40 -0000

Hi Jason,

On 13/10/2017 19:43, Sterne, Jason (Nokia - CA/Ottawa) wrote:
> Hi all,
> There are a few threads on the mailing list that touch on the concept 
> of system-controlled resources (mostly list entries):
> A few drafts & RFCs also refer to the concept:
> Several vendor implementations have list entries (instance data) that 
> are populated by the server and can be referenced (leafref) from other 
> places in the configuration.  These system entries are useful 
> pre-created policies, interfaces, etc that can then be used (and 
> referred-to) by operators in their explicit configuration.
> If those entries are only expected to exist in the <operational> 
> datastore, then in theory any references to them in user created 
> configuration will cause a validation problem in the candidate/running 
> (missing leafref target).
> One solution discussed in the mailing lists is to change every 
> reference to lists that could contain a system created entry to a 
> “require-instance false” leafref. But then some useful validation is 
> lost.  In many cases the model is more correctly “require-instance 
> true” but the set of targets includes the system create entries.

I agree that this is not a good general solution for system created 
configuration that is always expected to exist on the device because 
some of the useful validation is lost.

But I think that this solution does work well were the system created 
entries are truly dynamic in nature, e.g. it seems to work well for the 
topology YANG module where the topology may be explicitly configured, 
but would more normally be learned dynamically from protocol 
interactions, or perhaps be configured via a dynamic configuration protocol.

> Another solution discussed is to have the system created entries 
> appear in the <intended> datastore (as part of template/expansion).  
> That would make validation pass on the intended datastore, but then 
> the candidate/running/startup datastores would not be valid (would be 
> missing leafref targets if any part of the config refers to system 
> created entries).  THis sounds similar to the problem that has been 
> discussed in the past about the fact that templates (in the running) 
> basically mean the running/candidate aren’t necessarily valid (until 
> after template expansion, which means only the intended would be valid).

I think that this solution is OK, but not necessarily ideal.

As you say, it means that <running>/<candidate>/<startup> may not be 
valid, which I see as quite a big down side.  Longer term, I think that 
it would be a good aim to allow the configuration to be validated off 
the device, if a client desired to do so.

> Another approach could be to actually have those system created 
> entries show up in running/candidate. That would ensure that 
> references to those entries are valid. But if the whole concept of 
> templates just cause the running/candidate to not be valid anyways 
> maybe we wouldn’t worry about the invalid aspect of references to 
> system created list entries ?

I know that quite a few implementations do this today, but I'm generally 
not a fan of the system modifying <running>.  It seems that an overall 
architecture is much cleaner if <running> has a single source of truth 
and hence can be exclusively controlled by the client.

But I also like the approach where the client (rather than the device) 
explicitly writes these default entries into the configuration, if they 
are referenced elsewhere by the configuration, to make the configuration 
"complete".  E.g. if part of the configuration references the loopback0 
interface then also explicitly add the necessary loopback0 configuration 
to instantiate the "loopback0" interface.  When this configuration is 
pushed to the device (i.e. using merge or replace operation semantics) 
then the system should silently accept/ignore the explicit configuration 
to create the loopback0 interface if it already exists on the system.

At the moment, IETF, and other SDOs are busy defining standard YANG 
models, but for those models to end up being truly generic they also 
need to have consistency about which bits of configuration are always 
expected to implicitly exist on the device.  E.g. considering the 
example above of configuration referencing loopback0: if some systems 
automatically create a loopback0 interface and others do not, then a 
generic configuration needs to handle both scenarios.

If IETF standardizes YANG configuration templates, then perhaps it would 
be good to investigate whether some of these "useful default system 
properties" could instead be embodied into one or more standard device 
templates?  These templates could then be explicitly referenced in the 
<running> configuration.  This may allow <running> to be small, but 
still allow it to be "complete" and able to be validated off the box.


> Rgds,
> Jason
> _______________________________________________
> netmod mailing list