IETF Logo Mail Archive

Re: [netmod] <running> vs <intended>

Robert Wilton <rwilton@cisco.com> Fri, 22 September 2017 09:03 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37F1113320C; Fri, 22 Sep 2017 02:03:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ef3s2Fe9m-9n; Fri, 22 Sep 2017 02:03:16 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEA031329B5; Fri, 22 Sep 2017 02:03:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11723; q=dns/txt; s=iport; t=1506070996; x=1507280596; h=subject:from:to:cc:references:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=m0fY1RkjIgbC5xpiSseRuJGMESvg0WA5Z0xZWRZ4Trg=; b=mA21nhoQxjBRBPp9WbGwYwm6jVIvITc1E3ZgsHRvUEKkW0OCZutF+qqb S5+m2SIbC7yYaxeG+c0kqKe2yMaxb/aeipiBr6IqRW25AkXNe/R4Kvew+ +OaBexPsZHX4mOrU/Ps9d8fnDfPBoUFDOHguwvin8o7UEJ2iMi9ySjM1b A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B6AQCK0cRZ/xbLJq1cGQEBAQEBAQEBAQEBBwEBAQEBhSwng3aLFJBQK3mVMA6CBAqFOwKEYBYBAgEBAQEBAQFrKIUZAQUjDwEFOgcQCQIOAgIGAgIREgMCAkYDDgYBDAYCAQEXihiJKp1mgieLAgEBAQEBAQEBAQEBAQEBAQEBAQEfgQ6CHYNTgWQrC4I9NYQ2LQICU4JUgmAFoROUWIITiUUkhwKKBYNhh1iBOSYFLEFMMiEIHBWHZj82iRYBAQUfB4IVAQEB
X-IronPort-AV: E=Sophos;i="5.42,427,1500940800"; d="scan'208";a="657676664"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Sep 2017 09:03:10 +0000
Received: from [10.63.23.66] (dhcp-ensft1-uk-vla370-10-63-23-66.cisco.com [10.63.23.66]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v8M939QG025155; Fri, 22 Sep 2017 09:03:09 GMT
From: Robert Wilton <rwilton@cisco.com>
To: Martin Bjorklund <mbj@tail-f.com>, andy@yumaworks.com, netmod@ietf.org
Cc: j.schoenwaelder@jacobs-university.de, ietfc@btconnect.com, lberger@labn.net, draft-ietf-netmod-revised-datastores@ietf.org
References: <20170918.200734.1805388289423863575.mbj@tail-f.com> <CABCOCHTD_6yQj1QFn0BsPg8hbkuUc9guEB6rhG46W1jnNRh=bA@mail.gmail.com> <99b9a2c6-4bb4-121f-0cba-925cefe09712@cisco.com> <20170919.115559.1080249872764998055.mbj@tail-f.com> <d4c06d52-6b09-692c-7ca2-7f509e1917a0@cisco.com>
Message-ID: <5481ac35-c789-0796-36f6-8a02a5ebef8c@cisco.com>
Date: Fri, 22 Sep 2017 10:03:09 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <d4c06d52-6b09-692c-7ca2-7f509e1917a0@cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/lZHELUd1652-MBcNn7HmczwZwqQ>
Subject: Re: [netmod] <running> vs <intended>
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Sep 2017 09:03:19 -0000

Hi,

Regarding whether <running> is always valid, the proposed modification 
to the draft is to add the following text to section 4.3 that describes 
<running>:

OLD:

4.3.  The Running Configuration Datastore (<running>)

    The running configuration datastore (<running>) holds the complete
    current configuration on the device.  It may include inactive
    configuration or template-mechanism-oriented configuration that
    require further expansion.

    If a device does not have a distinct <startup> and non-volatile is
    available, the device will typically use that non-volatile storage to
    allow <running> to persist across reboots.

NEW:

4.3.  The Running Configuration Datastore (<running>)

    The running configuration datastore (<running>) holds the complete
    current configuration on the device.  This could, for example, include
    inactiveconfiguration or template-mechanism-oriented configuration
    thatrequires further expansion.However, <running> must always be a
    'valid configuration data tree' as defined in Section 8.1 of [RFC7950].

    If a device does not have a distinct <startup> and non-volatile is
    available, the device will typically use that non-volatile storage to
    allow <running> to persist across reboots.

END


Then the intention is that if inactive or a templating solution is 
standardized then those drafts would update the validation rules in RFC 
7950 such that <running> is still valid.  E.g. an inactive config draft 
would probably indicate that validation excludes all configuration nodes 
that are marked as inactive.

Does anyone have any comments?

Do we also need to state that <startup> must always be a 'valid 
configuration data tree'?

Thanks,
Rob


On 19/09/2017 16:22, Robert Wilton wrote:
>
>
> On 19/09/2017 10:55, Martin Bjorklund wrote:
>> Robert Wilton <rwilton@cisco.com> wrote:
>>>
>>> On 18/09/2017 19:25, Andy Bierman wrote:
>>>>
>>>> On Mon, Sep 18, 2017 at 11:07 AM, Martin Bjorklund <mbj@tail-f.com
>>>> <mailto:mbj@tail-f.com>> wrote:
>>>>
>>>>      Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de
>>>>      <mailto:j.schoenwaelder@jacobs-university.de>> wrote:
>>>>      > On Mon, Sep 18, 2017 at 05:17:46PM +0100, Robert Wilton wrote:
>>>>      > >
>>>>      > > > No.  I do not agree that the MUST in RFC 7950 can be 
>>>> removed.
>>>>      > > > I do not agree the architecture should update YANG at all.
>>>>      > > OK.
>>>>      >
>>>>      > I am with Andy here. <running> has always had the 
>>>> requirement to be
>>>>      > valid and we are not supposed to change that. Mechanisms for
>>>>      inactive
>>>>      > configuration or templating must be designed to be backwards
>>>>      compatible
>>>>      > I think.
>>>>
>>>>      Ok.  If we keep the requirement that <running> in itself must be
>>>>      valid, it just restricts the usefulness/expressiveness of 
>>>> inactive and
>>>>      template mechanisms, but it might be ok.
>>>>
>>>>      I think that even w/o this requirement, the observable 
>>>> behavior for a
>>>>      client can be backwards compatible.  For example, suppose we 
>>>> have an
>>>>      inactive access control rule that refers to a non-existing
>>>>      interface in
>>>>      <running>.  If a client that doesn't know anything about 
>>>> inactive asks
>>>>      for the contents of <running>, our implementation removes the 
>>>> inactive
>>>>      nodes from the reply to the client.  Only a client that 
>>>> opts-in to
>>>>      inactive will receive a reply with things that looks invalid 
>>>> if you
>>>>      don't take the inactive annotation into account.
>>>>
>>>>
>>>>
>>>> There are many ways that validation can fail because inactive nodes
>>>> are present,
>>>> and considered part of the validation.
>>>>
>>>> e,g, min-elements, max-elements, mandatory, unique.
>>>>
>>>> I think we all agree that validation on the enabled nodes is supposed
>>>> to continue to work.
>> Yes.
>>
>>>> Here is an attempt at a backwards-compatible solution:
>>>>
>>>> 1) current <get-config> and <get> responses only include enabled
>>>> nodes.
>>>> 2) old-style <edit-config> operations do not alter inactive nodes
>>>> 3) NMDA clients use <get-data>, not <get-config> or <get>.  These
>>>> responses
>>>>      include enabled and disabled nodes, so validation does not apply
>>>> for <running>
>>>> 4) new style <edit-config> (i.e. <datastore> parameter used) can alter
>>>> any type of data node
>>> //I think that inactive should always be an optional extension.  Not
>>> everything needs the additional complexity.
>>>
>>> Hence rather than tying this function to specific NETCONF operations,
>>> I would suggest that there should be an extra parameter (like for
>>> with-defaults) to allow a client to indicate to the server that a get
>>> or edit request is using the "with-inactive" extension.
>>> 1) The server should also have a capability (or perhaps a leaf defined
>>> in YANG library) to indicate that it supports inactive configuration.
>>> 2) If a client doesn't use the extra "with-inactive" parameter during
>>> a get request then only active nodes are returned.
>>> 3) If a client doesn't use the extra "with-inactive" parameter during
>>> an edit-data request then the request cannot include an extra inactive
>>> meta-data.  The request is processed in a way that is equivalent to an
>>> existing NETCONF implementation, but it may unknowingly remove some
>>> inactive configuration (e.g. via a replace or remove operation on an
>>> inactive node).  Operations like create, delete, none, replace should
>>> all treat an inactive target node the same way as in the node doesn't
>>> exist (e.g. delete on an inactive node would return a "data-missing"
>>> error), this ensures that the behaviour that an unaware client
>>> observes is the same as the existing behaviour that it would expect
>>> from a regular 6241 compliant NETCONF implementation.
>>> 4) It a client makes a get request including the "with-inactive"
>>> parameter then they also get the inactive nodes as well, marked with a
>>> meta-data annotation.
>>> 5) If a client makes an edit request including the "with-inactive"
>>> parameter, then the inactive meta-data annotation can be used to label
>>> inactive nodes.  Inactive nodes are regarded as regular data nodes for
>>> create/delete/replace/none operation error checking.
>>>
>>> I think that this approach is similar (perhaps even the same) as
>>> Martin described.
>> This is indeed how our implementation works (except I think we don't
>> do 5; if the client sends an "inactive" attribute it doesn't have to
>> also send with-inactive).
>>
>>>> Note that the YANG MUST rule still applies, because validation is only
>>>> done on enabled nodes.
>>>> It is only the response message representations that cannot be
>>>> validated, not the contents
>>>> of <running> on a server.
>> So the question is how we can make sure that the text in the NMDA
>> draft covers this yet-to-be-defined feature w/o having to define it
>> now?  We thought that the current text was sufficient, but do we have
>> to make any changes to it?
> 1) Do we also need to illustrate a similar proof of concept templating 
> implementation to show that templating could work whilst keeping 
> running valid?  I would prefer that this is just deferred to whichever 
> draft defines templating.
>
> 2) I think that we need to reach a decision as to whether the NMDA 
> architecture needs to explicitly state that <running> is always valid, 
> or if that can be left to the existing statement in 7950.  My thinking 
> is that if the conclusion is that <running> must always be valid, then 
> it would be helpful to explicitly state it the descriptions of both 
> <running> and <startup> in the NMDA architecture.
>
> 3) I think that it would be useful to further refine my previous 
> proposed text for intended, particularly rewriting the text on 
> validation.  This should hopefully also address Balazs' concern about 
> default values be included in validation.
>
> <Old>
>
> 4.4.  The Intended Configuration Datastore (<intended>)
>
>    The intended configuration datastore (<intended>) is a read-only
>    configuration datastore.  It is tightly coupled to <running>.  When
>    data is written to <running>, the data that is to be validated is
>    also conceptually written to <intended>. Validation is performed on
>    the contents of <intended>.
>
>    For simple implementations, <running> and <intended> are identical.
>
>    <intended> does not persist across reboots; its relationship with
>    <running> makes that unnecessary.
>
>    Currently there are no standard mechanisms defined that affect
>    <intended> so that it would have different contents than <running>,
>    but this architecture allows for such mechanisms to be defined.
>
>    One example of such a mechanism is support for marking nodes as
>    inactive in <running>.  Inactive nodes are not copied to <intended>,
>    and are thus not taken into account when validating the
>    configuration.
>
>    Another example is support for templates.  Templates are expanded
>    when copied into <intended>, and the expanded result is validated.
>
> </Old>
> <Proposed>
>
> 4.1.4.  The Intended Configuration Datastore (<intended>)
>
>    The intended configuration datastore (<intended>) is a read-only
>    configuration datastore.  It represents the configuration after all
>    configuration transformations to <running> are performed (e.g.
>    template expansion, removal of inactive configuration), and is the
>    configuration that the system attempts to apply.
>
>    <intended> is tightly coupled to <running>. Whenever data is written
>    to <running>, then <intended> is also immediately updated by
>    performing all necessary transformations to the contents of <running>
>    and then <intended> is validated.
>
>    <intended> may also be updated independently of <running> (e.g., if
>    one of the configuration transformations is changed), but <intended>
>    must always be a 'valid configuration data tree' as defined in
>    Section 8.1 of [RFC7950].
>
>    For simple implementations, <running> and <intended> are identical.
>
>    The contents of <intended> is also related to the 'config true'
>    subset of <operational>, and hence a client can determine to what
>    extent the intended configuration is currently in use by checking
>    whether the contents of <intended> also appears in <operational>.
>
>    <intended> does not persist across reboots; its relationship with
>    <running> makes that unnecessary.
>
>    Currently there are no standard mechanisms defined that affect
>    <intended> so that it would have different contents than <running>,
>    but this architecture allows for such mechanisms to be defined.
>
>    One example of such a mechanism is support for marking nodes as
>    inactive in <running>.  Inactive nodes are not copied to <intended>.
>    A second example is support for templates, which can perform
>    transformations on the configuration from <running> to the
>    configuration written to <intended>.
>
> </Proposed>
>
> Thanks,
> Rob
>
>
>>
>>
>> /martin
>> .
>>
>
> .
>

v2.23.0 | Report a Bug | By Email