Re: [netmod] system configuration sync mechanism

["maqiufang (A)" <maqiufang1@huawei.com>]

Hi, Kent:

From: Kent Watsen [mailto:kent+ietf@watsen.net]
Sent: Wednesday, June 30, 2021 6:51 AM
To: maqiufang (A) <maqiufang1@huawei.com>
Cc: netconf@ietf.org; netmod@ietf.org
Subject: Re: system configuration sync mechanism

[CC-ing NETMOD, as I think this discussion belongs on that list...please consider removing NETCONF in your reply]
[Qiufang Ma] Thanks, accepted.-:)

Hi Qiufang,



Hi, Kent:
Thanks for kicking off some discussion around this draft. Please see my reply inline.

I'm interested in this work, as it seems as if the <system> datastore was left out of the NMDA work.


1) I wish there were more examples, especially for "resource-independent” configuration.  I understand well enough "resource-dependent" (dynamic) configuration, but am unclear about what all "resource-independent” entails.  By example, JUNOS has a concept called “JUNOS defaults”, which is effectively read-only and hidden-by-default configuration that, most times, must be referenced in order to take effect.   For instance, check the examples halfway down this page: https://nextheader.net/2016/06/10/junos-defaults-group.  Is this similar to what you have in mind?
[Qiufang Ma]  Yes. Physical-resource-independent system configuration is generated when the device is powered on and has nothing to do with the physical resource. Loopback interface may be the most common physical-resource-independent system configuration. To my knowledge, many vendors ((e.g., Huawei NE40E and Cisco IOS XR) will provide several predefined user groups and/or task groups which are used for authentication, authorization and accounting (AAA) services. Since these configurations are provided by the device/system, they could  be treated as system configuration. I think your  information about the predefined hidden configuration group which contains preconfigured values should also be treated the same.
More examples about system configurations would be worked on and added in  the next version of the draft.:)

Right, the loopback interface is a common example but, more generally, I think "resource-independent” configuration might fall into exactly two categories:

            1) config that is “applied” immediately
                        - ex: interfaces/lo0/unit 0/family [ inet inet6 ]
                        - ex: system/login/password/minimum-length=6
                        - ex: system/ports/console-type=vt100
                        - ex: system/syslog/archive-size=256k;
                        - ex: chassis/cluster/fabric-monitoring/heartbeat-interval=1000;
                        - ex: security/zones/security-zone/junos-host;
                        - ex: security/alg/sip/inactive-media-timeout=120;

            2) config that is “applied” only after being referenced by other config (e.g., ACLs)
                        - ex: applications/ftp/…
                        - ex: applications/tftp/...
                        - ex: applications/smtp/…
                        - ex: utm/custom-objects/Adult_Material/...
                        - ex: utm/custom-objects/Religion/...
                        - ex: utm/custom-objects/Gambling/…
[Qiufang Ma] I don’t quite understand this kind of configuration, could you please expand? Do you mean that the predefined configurations  for a certain application(e.g., ftp) will not take effect until being referenced/enabled? I am wondering if these configuration will present in the <operational>(which contains all the configuration actually used by the device) before they’re referenced.

It would be good if we could determine if there are any other "resource-independent” configuration categories here.
[Qiufang Ma] Do you think there exists conditional system configuration(if the preceding configurations you mentioned above is not)? For example, if SSH is enabled on a device, SSH-related keys are automatically generated. Such configurations are generated at the moment when a special functionality is enabled.

As for "resource-dependent” configuration, I wonder how this is supposed to work…more specifically, I wonder to what extent the IETF needs to care how if works (perhaps the same could be said for "resource-independent” configuration too).  For instance, in JUNOS, there exists a config-template that is automatically applied to any user-defined interface, such as:

    junos-default-profile {
        interfaces {
            "$junos-interface-ifd-name" {
                unit "$junos-underlying-interface-unit" {
                    family inet;
                    family inet6;
                }
            }
        }
    }
Notably, RFC 8342 mentions templates as something that might be expanded when converting <running> to <intended>.  Actually, knowing that it is <intended> that is subject to validation, it seems that much (if not all) of <system> should be consumed when converting <running> to <intended> - agreed?
[Qiufang Ma] Do you mean that  <intended> should include the system configuration which is generated due to the expansion of templates?  I notice that RFC8342 says in sec.4.1
“One of the observations:
Some implementations have proprietary mechanisms that allow
clients to define configuration templates in <running>.  These
templates are expanded automatically by the system, and the
resulting configuration is applied internally.”
So I am wondering whether the system-predefined config-template would be present in the <running> and updating <intended>  through performed template-expansion.
My understanding is that if the config-template is configured in <running>, the expanded configuration in the <intended> should still be the client configuration.
If the template is preconfigured by the system, the configuration generated through performed template-expansion should be only present in the <operational> if not explicitly re-configured in <running> by the client.


2) Please treat NETCONF and RESTCONF equally.  Currently the draft speaks only to how it impacts NETCONF, but it should equally show how RESTCONF in impacted.
[Qiufang Ma] Thanks for bringing it to my attention, I would take RESTCONF into consideration and see how the proposal works on RESTCONF.

It will work nearly transparently, if not completely so.

What you need to do, mostly, is search/replace “NETCONF” —> “YANG-driven management protocols such as NETCONF and RESTCONF”

…and also “…The following example is provided using NETCONF, but could just as easily be provided using RESTCONF, in XML or JSON.”   Alternately, and perhaps better, have a mix of both kinds of examples throughout your document.
[Qiufang Ma] I am also thinking  the same effective way, thanks.



3) The “basic mode” term sounds too close to the “with-defaults” basic modes...can we please pick another name (e.g., system-datastore-operating-mode)?
[Qiufang Ma] Yes, agree. Actually we don’t really want to cause any confusion or misunderstandings. This term controls whether the device will update <running> with system configuration change or not.
Your proposal looks good to me, other suggestions are also welcome here.

Ack.


 Regarding your question below I don’t feel ready to comment on it yet.  I do understand the JUNOS model and, if it is compatible, would recommend considering, as it is implemented and seems to be working well enough.  That said, it might be the case that every vendor has defined their own way and each needs to be documented in turn...
[Qiufang Ma] The issue we try to resolve here is that in order for system configurations being referenced or to make sure a successful validation when the system configuration is in the when/must statement, the system configuration must be retrieved from <operational> firstly and then copied into <running> manually, which is cumbersome. In this case, we would like to define some kind of mechanism to synchronize system configuration into <running>. Currently two system configuration data handling modes are specified. One will update <running> with any system configuration change automatically, and the other will not, so that the implementer may choose the mode more suitable for them. Hopefully this clarifies what we try to do. Please feel free to comment or suggest.


I’m beginning to think that:
·         auto-copying into <running> is likely never a good idea, because it violates the definition of <running>
[Qiufang Ma] I am quite aware that different datastores in NMDA represents different views of data nodes.  And <running> represents a configuration datastore holding the current configuration of the device.
Should we consider system configuration also be part of current configuration of the device? From my perspective, the difference between system configuration and  client-configuration lies only in who provides it.
·         having in <operational> doesn’t make sense, since the tweaks wouldn’t go thru <running> --> <intended> validation.

I’m wondering if a model like below would work for everyone - thoughts?
[Qiufang Ma] <intended> represents the configuration after all configuration transformations to <running> have been performed, so I think it is only coupled to <running>.
Anyway, the <system> should also interacts with <operational>.  Agreed?

Best Regards,
Qiufang Ma

     +-------------+                 +-----------+
     | <candidate> |                 | <startup> |
     |  (ct, rw)   |<---+       +--->| (ct, rw)  |
     +-------------+    |       |    +-----------+
            |           |       |           |
            |         +-----------+         |
            +-------->| <running> |<--------+
                      | (ct, rw)  |
                      +-----------+
                            |
 +----------+               |        // configuration transformations,
 | <system> |-------------->|        // e.g., removal of nodes marked as
 | (ct, ro) | // underlay   |        // "inactive", expansion of
 +----------+               |        // templates
                            v
                      +------------+
                      | <intended> | // subject to validation
                      | (ct, ro)   |
                      +------------+
                            |        // changes applied, subject to
                            |        // local factors, e.g., missing
                            |        // resources, delays
                            |
       dynamic              |   +-------- learned configuration
       configuration        |   +-------- system configuration
       datastores -----+    |   +-------- default configuration
                       |    |   |
                       v    v   v
                    +---------------+
                    | <operational> | <-- system state
                    | (ct + cf, ro) |
                    +---------------+






Best Regards,
Qiufang Ma

K. // contributor