Re: [netmod] AD review: draft-ietf-netmod-revised-datastores-08

Robert Wilton <rwilton@cisco.com> Mon, 08 January 2018 13:55 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3D1126C25 for <netmod@ietfa.amsl.com>; Mon, 8 Jan 2018 05:55:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNbOAkxQXoZU for <netmod@ietfa.amsl.com>; Mon, 8 Jan 2018 05:55:27 -0800 (PST)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35F9A126C23 for <netmod@ietf.org>; Mon, 8 Jan 2018 05:55:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=29437; q=dns/txt; s=iport; t=1515419726; x=1516629326; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=osF2WQI3OdS9QAYdgSPcVsp6n15zh+L7g78meQmDuWo=; b=BhnqQ+BBtL7r7oFm4nut20N+DKBiK6rhfKxM8niKA5jb2dILt1jO28/C 9/PRLcwW7Ag6khEFbcWMDGdqe18nz5kNVAp6wBdBbvdIAu611qSZGvRlK IYuL7KZSeHdd6jss67sSKZJI0l6iqZOX0ky4Rr9nGSboUHAqtQI7uSBya k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CZAQAidVNa/xbLJq1aAxkBAQEBAQEBA?= =?us-ascii?q?QEBAQEHAQEBAQGCSoFbdCeEB4sYjz8nlz6CAQoYAQqDOoEPTwKEdRQBAQEBAQE?= =?us-ascii?q?BAQFrKIUjAQEBAQIBAQEhSxkCCQIQCCAHAwICGwwfEQYBDAYCAQEXig4IEJM+n?= =?us-ascii?q?W6CJyaKCQEBAQEBAQEBAQEBAQEBAQEBAQEBAR0FhBt9gm6BaSkMgWuBDoMvAYF?= =?us-ascii?q?HDwI3JoJQgmUFmViKBpU+jB+BYIYKjxCIB4E8NiIlgSsyGggbFT2CKgmCEjkcg?= =?us-ascii?q?WdBN4gdAiUHgh0BAQE?=
X-IronPort-AV: E=Sophos;i="5.46,330,1511827200"; d="scan'208,217";a="1280889"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jan 2018 13:55:23 +0000
Received: from [10.63.23.84] (dhcp-ensft1-uk-vla370-10-63-23-84.cisco.com [10.63.23.84]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id w08DtNL7022957; Mon, 8 Jan 2018 13:55:23 GMT
To: Andy Bierman <andy@yumaworks.com>, NETMOD Working Group <netmod@ietf.org>
References: <e2fd599f-7547-d2f7-d450-f67a3f409ae1@cisco.com> <fe856e5c-5760-9bb9-ace3-cec0cfb39278@cisco.com> <79d1baae-397d-883e-3bc0-e1c5f71fc4f8@transpacket.com> <64f59023-e000-18c4-8830-29ba6e9be7e9@cisco.com> <6e899e21-8931-b61c-3b73-6c8a8a1c912a@transpacket.com> <20171221132030.7zebh2xkhddmql3c@elstar.local> <e268a6b6-9024-be90-0225-3cd191185d97@transpacket.com> <20171221222742.izrmwpbiwgoc7col@elstar.local> <CABCOCHSULx3XjmWK8PjynJ-8Se3+cav9A7d7VeYLs2u5jppf=g@mail.gmail.com>
From: Robert Wilton <rwilton@cisco.com>
Message-ID: <cf27d398-1883-c1ce-a54a-4644bac8a1dc@cisco.com>
Date: Mon, 8 Jan 2018 13:55:23 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CABCOCHSULx3XjmWK8PjynJ-8Se3+cav9A7d7VeYLs2u5jppf=g@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------F91B683334AB18728E793FBA"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/mfPBLS5yq7wFb0peUIg62wyuULg>
Subject: Re: [netmod] AD review: draft-ietf-netmod-revised-datastores-08
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2018 13:55:30 -0000

Hi Andy,

Regarding your comment below, this intent is captured by this text 
describing the operational datastore in section 5.3:

    <operational> SHOULD conform to any constraints specified in the data
    model, but given the principal aim of returning "in use" values, it
    is possible that constraints MAY be violated under some
    circumstances, e.g., an abnormal value is "in use", the structure of
    a list is being modified, or due to remnant configuration (see
    Section 5.3.1).  Note, that deviations SHOULD be used when it is
    known in advance that a device does not fully conform to the
    <operational> schema.

    Only semantic constraints MAY be violated, these are the YANG "when",
    "must", "mandatory", "unique", "min-elements", and "max-elements"
    statements; and the uniqueness of key values.

    Syntactic constraints MUST NOT be violated, including hierarchical
    organization, identifiers, and type-based constraints.  If a node in
    <operational> does not meet the syntactic constraints then it MUST
    NOT be returned, and some other mechanism should be used to flag the
    error.


Do you agree that this is sufficient?

Thanks,
Rob


On 21/12/2017 22:49, Andy Bierman wrote:
> Hi,
>
> It should be clear somehow that server requirements to provide 
> config=false data
> that is valid according to the YANG definitions is not affected by NMDA.
> That is not being taken away.  The ability to validate operational values
> of configuration data has never been provided, and therefore is not 
> being taken away either.
>
> A constraint on config=true nodes only applies to configuration 
> datastores.
> These are the only constraints that should be ignored in <operational>.
> Constraints on config=false nodes still apply in <operational>.
>
>
> Andy
>
>
>
> On Thu, Dec 21, 2017 at 2:27 PM, Juergen Schoenwaelder 
> <j.schoenwaelder@jacobs-university.de 
> <mailto:j.schoenwaelder@jacobs-university.de>> wrote:
>
>     On Thu, Dec 21, 2017 at 07:52:54PM +0100, Vladimir Vassilev wrote:
>     > On 12/21/2017 02:20 PM, Juergen Schoenwaelder wrote:
>     >
>     > > On Thu, Dec 21, 2017 at 02:03:45PM +0100, Vladimir Vassilev wrote:
>     > > > On 12/21/2017 11:34 AM, Robert Wilton wrote:
>     > > >
>     > > > > Hi Vladimir,
>     > > > >
>     > > > > First point of clarification is that this is not about
>     running/intended
>     > > > > at all.  The contents of running/intended do not change in
>     anyway
>     > > > > depending on whether hardware is present or absent.
>     > > > >
>     > > > > The section is only concerned with how the configuration
>     is applied in
>     > > > > operational, and basically says that you cannot apply
>     configuration for
>     > > > > resources that are missing (which seems reasonable).  E.g.
>     I cannot
>     > > > > configure an IP address on a physical interface that isn't
>     there.  Or if
>     > > > > the physical interface gets removed then the configuration
>     associated
>     > > > > with that interface is also removed from operational.
>     > > > >
>     > > > > Operational isn't validated and data model constraints are
>     allowed to be
>     > > > > broken (ideally transiently).
>     > > > I want to focus on this. IMO giving up schema validitiy for
>     any datastore is
>     > > > unacceptable price. Pre-NMDA devices had full model support
>     in operational
>     > > > data (all YANG constrains part of the model without
>     discrimination were
>     > > > enforced).
>     > > There was a long debate about the value of returning the true
>     > > operational state. What do you do if the operational state is
>     invalid?
>     > > A server can reject configuration changes if they lead to invalid
>     > > state, a server can not reject reality.
>     > IMO if the model can represent reality then data conforming to
>     the model
>     > can. If not a better model is needed not a hack that breaks the
>     datastore
>     > conformance to the YANG model. I do not see how
>     > /interfaces/interface/oper-status=not-present was not
>     representing the
>     > reality of a system with removed line card that is configured
>     and ready to
>     > resume operation as soon as the line card is reconnected.
>
>     I assume this is all system and implementation specific. If your
>     system knows about interfaces that are not present (i.e., there is
>     operational state about them), you can report these interfaces.  But
>     'is configured' is confusing here. I am not sure a line card that does
>     not exist should be considered configured. But yes, this may be system
>     specific. Anyway, draft-ietf-netmod-rfc7223bis-01.txt still has
>     oper-status 'not-present' - so this seems to be a mood point.
>
>     > > > If this is about to change it will compromise interoperability
>     > > > and a significant portion of the client implementation
>     workload that can be
>     > > > automated will need to be coded in hand and tested.
>     Unresolved leafrefs,
>     > > > undefined behaviour of different implementations removing
>     different
>     > > > configuration nodes in violation of YANG semantic
>     constraints (which I do
>     > > > not think can be so clearly separated from the syntactic
>     constraints when
>     > > > one considers types like leafref, instance-identifier etc.)
>     and the
>     > > > corresponding side effects based on the server
>     implementators own creativity
>     > > > is eventually going to create more problems.
>     > > >
>     > > > 1. IMO the only acceptable solution is to have YANG valid
>     operational
>     > > > datastore at all times. operational like any other datastore
>     MUST be valid
>     > > > YANG data tree and it has to be a system implementation task
>     to consider all
>     > > > complications resulting from the removal of the resources
>     leading to any
>     > > > data transformations. If this is difficult or impossible
>     other mechanisms to
>     > > > flag missing resources should be used (e.g.
>     > > > /interfaces/interface/oper-status=not-present) This sounds
>     like a useful
>     > > > contract providing the value of a standard the alternative
>     does not.
>     > > As said above, it is impossible to report valid operational
>     state if
>     > > the operational state is not valid according to the models.
>     > >
>     > > > 2. Even with the change in 1. I do not see the removal of
>     intended
>     > > > configuration nodes from operational as a solution worth
>     implementing on our
>     > > > servers. I do not see a real world plug-and-play scenario
>     that can be
>     > > > automatically solved without specific additions to the
>     models e.g.
>     > > > /interfaces/interface/oper-status=not-present is
>     oversimplified solution but
>     > > > it needs to be extended exactly as much as the solution
>     provided by the
>     > > > removal of config true; nodes without the sacrifice of YANG
>     validity of
>     > > > operational.
>     > > Your thinking is likely wrong. <operational> reports the
>     operational
>     > > state. It may have little in common with <intended>. Trying to
>     derive
>     > > operational from intended is likely a not well working approach.
>     > The proposal for this solution ("derive operational from
>     intended" e.g.
>     > merge /interfaces-state in /interfaces) comes from the revised
>     datastores
>     > draft not me.
>     >
>     > By definition config true; data represents intent. Reusing the
>     model of a
>     > config true; data to represent state absent of intent (e.g.
>     > /interfaces/interface with origin="or:system") is a hack. The
>     hack works
>     > fine without compromising the conformance of operational to the
>     YANG model
>     > as long as certain conditions are met. I am pointing out that
>     one of the
>     > conditions is to keep all of the intended configuration data
>     present in
>     > 'operational' and handle missing resources with conventional
>     means e.g.
>     > /interfaces/interface/oper-status=not-present instead of adding
>     the straw
>     > that breaks the camel's back.
>
>     I fail to see why you believe all objects that appear in intended
>     configuration needs to exist in applied configuration. In fact,
>     operators told us very clearly that they care about the distinction
>     between intended and applied config.
>
>     > > > 3. Solutions like /interfaces/interface/admin-state stop
>     working. With the
>     > > > interface removed you can no longer figure if the if-mib has
>     or does not
>     > > > have the interface enabled so an operator has to use SNMP or
>     wait for a
>     > > > replacement line card to be connected to figure this bit of
>     information.
>     > > At least on my boxes, if I remove a line card, the interface also
>     > > disappears in SNMP tables. Stuff that is operationally not
>     present is
>     > > simply operationally not present.
>     > >
>     > > > My
>     > > > interpretation of the MAY as requirement level in sec. 5.3.
>     The Operational
>     > > > State Datastore (<operational>) is that plug-and-play
>     solutions can be
>     > > > implemented without this limited approach that has the same
>     problem as the
>     > > > pre-NMDA only now we have to have /interfaces-state to keep
>     config false;
>     > > > data relevant to hardware that is configured but not present:
>     > > >
>     > > >     configuration data nodes supported in a configuration
>     datastore
>     > > >     MAY be omitted from <operational> if a server is not able to
>     > > >     accurately report them.
>     > > >
>     > > > I realize this discussion comes late. I have stated my
>     objections to this
>     > > > particular part of the NMDA draft earlier.
>     > > I believe there is a conceptual misunderstanding. I think
>     there never
>     > > was a requirement that a server reports the state of hardware
>     that is
>     > > not present.
>     > "Data relevant to hardware that is configured but not present"
>     is different
>     > from "state of hardware that is not present". For example
>     information
>     > indicating when the line card became unavailable, what was the
>     reason, or
>     > other information like how many packets that had this interface
>     as egress
>     > destination are being dropped as a result of the removal.
>
>     I think that systems handle non-existing interfaces differently. It
>     seems that ietf-interfaces is flexible enough to accomodate the
>     differnet styles.
>
>     /js
>
>     --
>     Juergen Schoenwaelder           Jacobs University Bremen gGmbH
>     Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
>     Fax:   +49 421 200 3103         <http://www.jacobs-university.de/
>     <http://www.jacobs-university.de/>>
>
>     _______________________________________________
>     netmod mailing list
>     netmod@ietf.org <mailto:netmod@ietf.org>
>     https://www.ietf.org/mailman/listinfo/netmod
>     <https://www.ietf.org/mailman/listinfo/netmod>
>
>
>
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod