Re: [netmod] AD review: draft-ietf-netmod-snmp-cfg-05
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Sat, 07 June 2014 07:02 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23C2F1A01F5 for <netmod@ietfa.amsl.com>; Sat, 7 Jun 2014 00:02:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.001
X-Spam-Level:
X-Spam-Status: No, score=-1.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, J_CHICKENPOX_15=0.6, J_CHICKENPOX_62=0.6, RP_MATCHES_RCVD=-0.651] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gheQPNztDfw1 for <netmod@ietfa.amsl.com>; Sat, 7 Jun 2014 00:02:28 -0700 (PDT)
Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AACE11A01C1 for <netmod@ietf.org>; Sat, 7 Jun 2014 00:02:27 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id 6AF17F69; Sat, 7 Jun 2014 09:02:18 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas3.jacobs-university.de ([10.70.0.220]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id UwptU-_OQKcv; Sat, 7 Jun 2014 09:01:52 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Sat, 7 Jun 2014 09:02:17 +0200 (CEST)
Received: from localhost (demetrius4.jacobs-university.de [212.201.44.49]) by hermes.jacobs-university.de (Postfix) with ESMTP id B11B52002C; Sat, 7 Jun 2014 09:02:17 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius4.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id BnrF5SwgN4_w; Sat, 7 Jun 2014 09:02:16 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 934FF20017; Sat, 7 Jun 2014 09:02:15 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 8F15B2D5ED15; Sat, 7 Jun 2014 09:02:14 +0200 (CEST)
Date: Sat, 07 Jun 2014 09:02:14 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Benoit Claise <bclaise@cisco.com>
Message-ID: <20140607070213.GA21144@elstar.local>
Mail-Followup-To: Benoit Claise <bclaise@cisco.com>, NETMOD Working Group <netmod@ietf.org>, draft-ietf-netmod-snmp-cfg@tools.ietf.org
References: <538D7EF7.4030202@cisco.com> <538DF48C.6030605@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <538DF48C.6030605@cisco.com>
User-Agent: Mutt/1.4.2.3i
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/mviJaMVG7XD_7jj4cuVZmF5OssQ
Cc: draft-ietf-netmod-snmp-cfg@tools.ietf.org, NETMOD Working Group <netmod@ietf.org>
Subject: Re: [netmod] AD review: draft-ietf-netmod-snmp-cfg-05
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jun 2014 07:02:30 -0000
On Tue, Jun 03, 2014 at 06:15:08PM +0200, Benoit Claise wrote: > Dear all, > > This is my AD review. > Good work on a complete YANG model. It depends heavily on the knowledge > of the different SNMP MIB modules: SNMP-TARGET-MIB, > SNMP-NOTIFICATION-MIB, SNMP-PROXY-MIB, SNMP-COMMUNITY-MIB, etc. This is > good as there is no specification redefinition. And I'm glad to find the > examples in the appendix for the operators wanted "standard" SNMP > configurations. > > My feedback: > - > > The configuration data model in particular_targets_SNMP deployments > where SNMP runs in read-only mode and NETCONF is used to configure > the SNMP agent. Nevertheless, the data model has been_designed_to > allow implementations that support write access both via SNMP and > NETCONF in order to interwork with SNMP-managed management > applications manipulating SNMP agent configuration using SNMP. > > The YANG data model focuses on configuration. > > I don't understand what you mean by "targets" or "designed to" > So you made some tradeoffs in the design? Is this the way we should > understand this? > If which one? I think "in particular targets" should be read as in "will likely be primarily used in". Or to say it in other words: If a deployment uses SNMP to configure SNMP agents, then this data model may be of limited value. Concerning "designed to": The data model has been designed to cover everything that the SNMP configuration models describe. It allows an implementation that supports both configuration via NETCONF and configuration via SNMP. The details are discussed in section 3.2. > - At the beginning of VACM and SNMP, we faced one issue. Someone with a > read-only community string could query the read-write community string. > > > Router#sh run | i snmp > > snmp-server engineID local 000000090200009092827820 > > snmp-server group v1group v1 read includeeverything > > snmp-server view includeeverything internet included > > snmp-server community _claise _RW > > snmp-server user _public _v1group v1 > > ... > > "snmpwalk -v 1 <Router> _public _internet.6.3.16 | grep _claise_"... you > would be surprised > > Basically, the trick is that we need a default view on VACM. > I see http://tools.ietf.org/html/rfc3415#section-7.4 > Do we need something specific in this draft to stress that issue? I do not think that this document is the place to discuss how default VACM rules should look like. This should go into a separate document because this is not specific to the YANG data model but rather specific to VACM. > Editorial: > > - > > One small alignment issue below: see the port line > > +--rw snmp > +--rw engine > +--rw enabled? boolean > +--rw listen* [name] > | +--rw name snmp:identifier > | +--rw (transport) > | +--:(udp) > | +--rw udp > | +--rw ip inet:ip-address > | +--rw port? inet:port-number > +--rw version > | +--rw v1? empty > | +--rw v2c? empty > | +--rw v3? empty > +--rw engine-id? snmp:engine-id > +--rw enable-authen-traps? boolean fixed > - > > The "/snmp/engine/version" container can be used to enable/disable > the different message processing models. > > "message processing models": that's a specific SNMP term, well not well > known to SNMP users. > I would add a reference to RFC 3412 > > - > Similarly to > This submodule defines the feature "tsm". A server implements this > feature if it supports the Transport Security Model (tsm) [RFC5591 > <http://tools.ietf.org/html/rfc5591>]. > OK. Although I think this should be a reference to RFC 3411 since RFC 3411 defines the components (called models in SNMP speak) and RFC 3412 is just one specific instance. > ... > > feature tsm { > description > "A server implements this feature if it supports the > Transport Security Model for SNMP."; > reference > "RFC5591 <http://tools.ietf.org/html/rfc5591>: Transport Security > Model for the > Simple Network Management Protocol (SNMP)"; > } > > It would be great to have references for: > > This submodule defines the feature "notification-filter". A server > implements this feature if it supports SNMP notification filtering. Added reference to RFC 3413. > ... > > feature notification-filter { > description > "A server implements this feature if it supports SNMP > notification filtering."; > } Added reference to RFC 3413. > And for > > This submodule defines the feature "proxy". A server implements this > feature if it can act as an SNMP Proxy. Added reference to RFC 3413. > ... > > feature proxy { > description > "A server implements this feature if it can act as an > SNMP Proxy"; > } > Added reference to RFC 3413. > > augment /snmp:snmp/snmp:target { > when "snmp:v1 or snmp:v2c"; > leaf mms { > type union { > type enumeration { > enum "unknown" { value 0; } > } > type int32 { > range "484..max"; > } > } > default "484"; > reference > "SNMP-COMMUNITY-MIB.snmpTargetAddrMMS"; > } > } > > > mms: I thought it was a mistake: nms versus mms. > I had to lookup snmpTargetAddrMMS to understand "maximum packet size" > Proposal: either add a description or have a better name I prefer to keep the name since the SNMPv3 specifications use this name. I added a description clause (and I surprised that a leaf without a description clause slipped through). Do you want us to post a new revision? /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [netmod] AD review: draft-ietf-netmod-snmp-cfg-05 Benoit Claise
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Juergen Schoenwaelder
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Randy Presuhn
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Benoit Claise
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Benoit Claise
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Juergen Schoenwaelder
- Re: [netmod] AD review: draft-ietf-netmod-snmp-cf… Juergen Schoenwaelder