Re: [netmod] WG adoption poll draft-bjorklund-netmod-rfc7227bis-00

Robert Wilton <> Thu, 21 September 2017 15:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 62EB7132D53 for <>; Thu, 21 Sep 2017 08:59:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id X2sNm0l_fnyK for <>; Thu, 21 Sep 2017 08:59:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F0BF4124F57 for <>; Thu, 21 Sep 2017 08:59:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=11902; q=dns/txt; s=iport; t=1506009553; x=1507219153; h=subject:to:references:from:message-id:date:mime-version: in-reply-to:content-transfer-encoding; bh=wruQJZuWsoGOqjoLqWBfSpmVRRrtpxuAbD9LMpvmNIQ=; b=ARmtdSao5/mxLrCzlmw5GaPU7eyirAB2fl4cJ7Z9+n4+wpBYJwpdI+TN fecayEm/P3H8HZ5uUnoACw24OwfQegsMNau3QSMAF8AEjln/t33EY1pSN cNNcz7mva/96bLrCy97P0sEfOQiIu+Tw39MmAFTgt/ZX9Vi/xhxiReglo 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CSAAC+4MNZ/xbLJq1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBhD5uJ4N2iiB0kFArliqCEgoYDYRHTwKEUxgBAgEBAQEBAQFrKIU?= =?us-ascii?q?YAQEBAQIBAQEhDwEFDycbCQISBgICJgICJyIOBgEMBgIBAReKEAgQiWOdZoIng?= =?us-ascii?q?z+HRAEBAQEBAQEBAgEBAQEBAQEBAQEBGAWBDoIdg1OBZCuCfYRlgymCYAWKFwy?= =?us-ascii?q?HFIFojXSHXYx7ghOFa4NaJIcCjWaHWIE5HziBDTIhCBwVSYcdPzaGfyuCFQEBA?= =?us-ascii?q?Q?=
X-IronPort-AV: E=Sophos;i="5.42,425,1500940800"; d="scan'208";a="697361687"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2017 15:59:10 +0000
Received: from [] ( []) by (8.14.5/8.14.5) with ESMTP id v8LFx9US006002; Thu, 21 Sep 2017 15:59:09 GMT
To: Ladislav Lhotka <>,
References: <> <> <> <> <> <> <> <> <> <>
From: Robert Wilton <>
Message-ID: <>
Date: Thu, 21 Sep 2017 16:59:09 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [netmod] WG adoption poll draft-bjorklund-netmod-rfc7227bis-00
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 21 Sep 2017 15:59:17 -0000

On 21/09/2017 16:10, Ladislav Lhotka wrote:
> Robert Wilton píše v Čt 21. 09. 2017 v 10:38 +0100:
>> On 20/09/2017 15:33, Ladislav Lhotka wrote:
>>> Robert Wilton <> writes:
>>>> On 19/09/2017 15:07, Ladislav Lhotka wrote:
>>>>> Robert Wilton píše v Út 19. 09. 2017 v 14:49 +0100:
>>>>>> Hi Lada,
>>>>>> On 19/09/2017 14:37, Ladislav Lhotka wrote:
>>>>>>> Martin Bjorklund <> writes:
>>>>>>>> Ladislav Lhotka <> wrote:
>>>>>>>>> Hi,
>>>>>>>>> I support the adoption but I propose two conceptual changes:
>>>>>>>>> 1. Introduce a new module name and namespace so that it is not
>>>>>>>>> necessary to carry along the deprecated baggage. If readability
>>>>>>>>> is
>>>>>>>>> the primary concern, this is IMO the way to go. Instead of
>>>>>>>>> "ietf-ip-2", I'd suggest something like "ietf- ip-nmda".
>>>>>>>>> 2. Avoid obsoleting RFC 7277. I believe the old modules may
>>>>>>>>> continue
>>>>>>>>> to be used
>>>>>>>>> in areas where NMDA is an overkill, such as open source home
>>>>>>>>> routers.
>>>>>>>> Why wouldn't NMDA be appropriate in an open source home
>>>>>>>> router?  Note
>>>>>>>> that the new model really just have a single tree instead of two
>>>>>>>> trees, so the data that needs to be instrumented is more or less
>>>>>>>> the
>>>>>>>> same.
>>>>>>> It is quite likely that some parts of the data models will be
>>>>>>> implemented only as configuration but not state data. In the "old
>>>>>>> style"
>>>>>>> modules it is easy to add a deviation for the node(s) under -state
>>>>>>> but
>>>>>>> in NMDA style this is not possible because we only have one node.
>>>>>> The new YANG library allows different sets of modules to be available
>>>>>> for <conventional> datastores vs <operational>.   The operational
>>>>>> datastore can also have different features supported and different
>>>>>> deviations vs the conventional datastores.
>>>>> OK, I missed the 7895bis draft, sorry. Then there could be differences
>>>>> in
>>>>> mandatory/optional (e.g. a node is optional in configuration but
>>>>> mandatory in
>>>>> state data) or the data type of a leaf can differ. How can these be
>>>>> handled?
>>>> If the data type of the leaf can differ, then normally this should be
>>>> modeled as two separate leaves.  Do you have a concrete example of
>>>> this?
>>> So, for example, duplex and duplex-state? And <operational> will
>>> have both as siblings?
>> Here I presume you are thinking that the configurable value for duplex
>> is "full/half/auto", but the operational value is "full/half"?
>> The solution here is really to model auto-negotiation on/off as a
>> separate leaf (which also more closely reflects the actual behaviour of
>> the auto-negotiation protocol).  Then for duplex both the space for both
>> the configured and operational leaves are the same, i.e. both taking
>> "full/half", and hence only a single leaf is required to model both the
>> optional configured value and the operational value.
> Yes, this sounds reasonable. Here also the config value should then be optional
> while the state value mandatory.
I think that this would mean that lots of "config false" leaves should 
be marked mandatory.  But looking at the YANG models going through IETF 
standardization that doesn't seem to be the case.

Perhaps a very simple device doesn't have the capability to report 
duplexity because it is always full duplex, hence mandatory seems less 
useful.  Or a device might be able to report duplexicty but not at that 
instant in time (e.g. perhaps the optics module is missing)?  It seems 
more natural for operational to say that if you don't know something 
then don't return it.

So, I wouldn't support marking this field as being mandatory in 
<operational> regardless of model structure.

>> A concrete example of the Ethernet interface YANG structured this way is @
>> .3/draft/ieee802-ethernet-interface.yang
>>>> If some data is mandatory in config, but not necessarily mandatory in
>>>> <operational> then normally it can be marked as mandatory true, since
>>>> optional is allowed to violate this constraint if necessary, but
>>>> implementations would generally be expected to conform to the constraint
>>>> if possible.
>>>> For the reverse case, we can't express that.  I think that you would
>>>> have to leave out the "mandatory: true" constraint.  Again, can you
>>>> provide a concrete example of this please?  That makes it a bit easier
>>>> to reason about.
>>> This should be quite typical: a config leaf is optional and if it is not
>>> configured, the system sets it to some value (as in the case of
>>> router-id). But in state data it is mandatory so that the client can see
>>> what the system chose.
>> Yes, I agree that this scenario is very likely, but I think that the
>> solution here is just to not mark the leaf as mandatory.
> But this makes the schema weaker, and implementors may think it needn't be
> implemented.
I think that implementations SHOULD implement everything in the schema 
and use deviations if they don't.

>> It is interesting to consider what "mandatory" exactly means in the
>> <operational> datastore.  Given that the mandatory constraint may be
> Yes, the semantics in the context of NM protocols is different from that of
> configuration datastores. But in the context of document (data tree) validation
> it is the same: the instance has to be present for a data tree to be valid.
Yes, the NMDA architecture states that the <operational> tree may not be 
valid.  There are several reasons why <operational> might not be valid, 
a few that I can think of are:
(1) The system is constant changing, and the device isn't able to 
provide a consistent snapshot across the entire device (e.g. on a 
distribute platform the FIBs on the LC may lag behind the RIB on the RP).
(2) The system might be in the middle of a config change at the time 
that <operational> is read meaning that either the device would have to 
prevent <operational> from being read until the config change had 
completed, or alternatively accept that it may provide an inconsistent view.
(3) There may be bugs or errors in the implementation.  They may have 
been a failure to program the hardware that means the state between 
different parts of the system is not consistent.

>> violated in <operational>, then my interpretation is that it means that
>> a correct implementation SHOULD always return a mandatory node (if it is
>> in scope).  But a client has no way to force a device return this data
>> (except perhaps shouting at the vendor :-), and so it seems that a
>> robust client would need to be able to cope with the fact that the
>> device is not behaving nicely and isn't returning the data regardless of
>> any mandatory keyword specified in the schema.
> I don't really share this view, it is IMO not much different from the situation
> when a vendor fails to implement a config node. Either way, the implementation
> doesn't conform to the data model.
The difference is that a device can reject an invalid config.  A client 
cannot reject an inconsistent state tree.  Perhaps it could choose to 
ignore it, but I'm not sure that helps.  I think that the client 
probably just has to cope with what is there.

> One of the benefits of a data model is that an application can offload
> validation to an external tool, such as a generic YANG library, and then can
> rely on data being valid so that the application's code needn't be cluttered
> with all kinds of sanity checks.
Yes, if there is data missing then I think that such a tool might need 
to prune the operational tree provided to the application code, or 
perhaps annotate the tree with additional metadata flags the 

> I can imagine a tool collecting data from a number of devices that fails if a
> mandatory state data are absent.
I think that the tool needs a plan B.  E.g. perhaps if the interface is 
admin-down then it doesn't matter whether or not the duplex setting has 
been provided by the device.

>> To further expand on this, a device is required to ensure that
>> configuration datastores are valid, and hence all mandatory constraints
>> are enforced, or a config change would be rejected, but I don't think
>> that many devices are going to validate operational. They will just
>> return the current state of the system back to the client, and let the
>> client deal with any unexpected inconsistencies.
> I could likewise expect the server to be prepared to deal with unexpected
> inconsistencies in config data. The data model is a contract, so it should be
> binding for both parties.
But the server is allowed to just reject the change with an error. It 
isn't possible to reject the response to a <get> request.

>> Also, what about all the regular config false nodes in the schema that
>> are not marked as mandatory?  Is a device always required to return
>> those leaves (if they are in scope)?  If a device is never going to
> In terms of YANG, no.
So, should a device deviate config false leaves that it will never return?

>> return those leaves then it should use a deviation to remove them, but
>> is that actually required?
>> Is seems that possibly the most useful use of mandatory in the context
>> of operational is for something like an IP address/prefix length
>> pairing, i.e. to indicate that the data really doesn't make any sense
>> unless both address and prefix are provided.
>> When the next version of YANG is specified, perhaps we should consider
>> allowing an extra options to mandatory to that it only applies to the
>> state datastores?  if so, we could add this to the YANG.Next issue tracker?
> I believe the fundamental problem is that YANG was designed basically as a
> document-oriented schema language, and NMDA tries to make the same schema work
> for multiple different data trees. I am concerned this means a lot of complexity
>   and CLRs that will render the next version unusable.

But I'm not convinced that this is really much of an issue in practice.  
I've looked at converting quite a few YANG models either from an OC like 
structure, or IETF split structure to a combined NMDA tree (* list 
below).  In most cases, the models between config and state have been 
very closely aligned such that the config and state nodes are trivially 
identical.  In the cases that they differ (e.g. boolean vs empty), or a 
slight structure change, they have been pretty straight forward to 
resolve.  When the operational structure really differs from the 
configured structure then this can be represented using addition config 
false nodes (when doing the conversion on the models below, I don't 
recall having to add any extra config false leaves).

* By a few YANG modules I mean IETF draft/standard YANG modules for: 
interfaces, ip, routing, vrrp, rip, bgp, network, network-topology, te, 
te-topology, mpls, mpls-ldp, mpls-static, rsvp, rsvp-te, te-device, 
sr-topology, te-mpls, te-path-computation, te-service, transport services.


> Lada
>> So, in conclusion, I think that the NMDA modelling advice for mandatory
>> on config true nodes might be to only use it when the node is mandatory
>> in configuration datastores.
>> If the WG isn't opposed, then I would suggested adding this to the NMDA FAQ.
>> Thanks,
>> Rob
>> _______________________________________________
>> netmod mailing list