IETF Logo Mail Archive

Re: [netmod] system configuration sync mechanism

"Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com> Fri, 13 August 2021 21:45 UTC

Return-Path: <jason.sterne@nokia.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED64D3A277F for <netmod@ietfa.amsl.com>; Fri, 13 Aug 2021 14:45:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.352
X-Spam-Level:
X-Spam-Status: No, score=-2.352 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A9M1omXRDm9w for <netmod@ietfa.amsl.com>; Fri, 13 Aug 2021 14:45:21 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2104.outbound.protection.outlook.com [40.107.223.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89C443A277D for <netmod@ietf.org>; Fri, 13 Aug 2021 14:45:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fszS93G9vUTtNuzlciba+BAe5V4X+XjhGYRo0eQBliveIyFisxjsLsgjq2PMCHHCpAFeQh13xUtXx38JkMf4mmJ+eHyd+ubow7nHo4BosunDkgimW9IO1ErdxqIlo26k662jkvSuZ00f8TtyrcRKeeWffb6GWAPh8PyiAFRlHAuI66EQOPegZvckjUaGvdZfXkiojc/CGi7HX2bMNLIk/hsgRnWXl+XXNG45Fg9E/MA+PXBE5N+Ykc1KVgK9Oqe9IWxK28fbc2n24hzE+CtNkSNT8/eu3yZ/Z1hU4UVnmJm01WaWXU/OnC9+1ikz2jUZXFjIbHDXILk1wbkeKvxZdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8kd9/yc+kUddCQLS5o45WbyUuHKVZTHm4fBV+0dszkA=; b=YKmT2hFVblfaemSxFC9fYSjMSrtTEn2nDmrOLlNistDvmQjGGGNm0f8vpUtyJhJiMwo8EZY0iX9mO1azb5C8EvtCg3HX+kR5tyjjrzTnsR3vr9qiescvXly3wrufxeMhPoPc8yWpe5prXuqUOeg4mKWibsdUacljxIqqA0jCousXAd953EQZQ+a+p+jZ9YpdHSOH+Kh5JKwU0mxcrWTAe0+1QaDtX8A5lrFs2HzG4rwpbaa0JdW3LnWn8yno7Cl1k1KXdtM1S21MJ3Kt8aDJS6878B805wawI6i8YOXKeR2+oVO1UMHd54dHm8lfX+I25+a2MHVMtF1BgwHkUfR3DQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8kd9/yc+kUddCQLS5o45WbyUuHKVZTHm4fBV+0dszkA=; b=CUWhi5z7+SU9brcCc9r63w2GCCWr5LGc88rvi7+xTSkxRE7n/ADzb94rNQJPLvca8XpfS0d7/izE41QVw/I2U7ls0mZlz+qSIGiOVstHLYFnyWUB/umvLxSfzvcGZA6aJYPBXmzANVQNp+Xc3WWbDubirA8nv+czdTkHm7hZBW8=
Received: from DM6PR08MB5084.namprd08.prod.outlook.com (2603:10b6:5:41::29) by DM6PR08MB6314.namprd08.prod.outlook.com (2603:10b6:5:1ef::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.17; Fri, 13 Aug 2021 21:45:16 +0000
Received: from DM6PR08MB5084.namprd08.prod.outlook.com ([fe80::1c4f:c615:7111:f171]) by DM6PR08MB5084.namprd08.prod.outlook.com ([fe80::1c4f:c615:7111:f171%5]) with mapi id 15.20.4415.017; Fri, 13 Aug 2021 21:45:16 +0000
From: "Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com>
To: Kent Watsen <kent+ietf@watsen.net>, Andy Bierman <andy@yumaworks.com>
CC: "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] system configuration sync mechanism
Thread-Index: AQHXiTj1ANBqfgbXY0OJQ2APDweat6truCeggAAPsACAADxBgIAF9nvg
Date: Fri, 13 Aug 2021 21:45:16 +0000
Message-ID: <DM6PR08MB508479DC55B4D4A0E5B11AD19BFA9@DM6PR08MB5084.namprd08.prod.outlook.com>
References: <CABCOCHR+E7uh5EOxXaMaFEBb-Oi0U_4G41Z=Jwk3mUAcodnAPg@mail.gmail.com> <0100017b1128b30f-fe4c9258-3392-476a-ae21-604d2a80f523-000000@email.amazonses.com> <20210804133956.p73si5f63t4esmcj@anna.jacobs.jacobs-university.de> <CABCOCHSmHOQnSXwfHVr8p=2Xx8ERThtAtVk8iWgYObqNuqfo4Q@mail.gmail.com> <BN7PR08MB50739BBC55241126003EBC399BF69@BN7PR08MB5073.namprd08.prod.outlook.com> <CABCOCHQQHtSP47HVPu3+KXi1wK0qwfTh-Sw5z=9pF47RjsqByw@mail.gmail.com> <0100017b2dc8b664-c32e2445-9989-4cd2-9d30-83ce1eb4b2b5-000000@email.amazonses.com>
In-Reply-To: <0100017b2dc8b664-c32e2445-9989-4cd2-9d30-83ce1eb4b2b5-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: watsen.net; dkim=none (message not signed) header.d=none;watsen.net; dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fc10108d-bac5-400c-2a53-08d95ea3a35c
x-ms-traffictypediagnostic: DM6PR08MB6314:
x-microsoft-antispam-prvs: <DM6PR08MB63144F9217F64841EB6E62299BFA9@DM6PR08MB6314.namprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: c++1nwW/Or7kYmKAy8kpBGJM3yvOhO0dqZOt/c2fe+wLiId1U/T+DMcfAUoQlOGDTzelKaSoVE9ryjXLnHYcnDhEY9urrz9yr39k90JCF0S3Hz11nAsjNzUTAi0XK1qhlvBH9/wymw1JU+iaW+3y7xOItHeR45VyPnKOMqpgmC1/7ks//NaXQb82ndEsF0eOsy1aYxtM+kH1A8Ae7yVKvElIxifoI0QDsxIH/3wjCWYEcvI3irLCFVnqZPt2rkG+5V7yz7EQEPkvPhvK5Mtd+4WjDKu1+U8Q+6Ko+UJMM/32JAlMLRLsvn0oT7XArTb+jfj6WmhM6hcOQrddiwX/sWzgttAaBOFZX8IbtjbZA/MGE/kpDaR/RvmYDyI/4Vw5X43Y4P3pjd//0p0rLwzz0BxshaBsGP/Ki4pwJswM0orYAa8Lfj+HNPXAoVLrmbq28GBG7Mk91XJMyPSkPH+dniZ/XCnsZlhpMMMWOrDZ2XDho0z7B2w1oD/y80pyen5gie4+yyFwMdbhx5DYb6W5bKbBdYZgYH5xDEq+RucQKjDZwFm7J3y8yM8Hx6dyBlu2tJqXxTKvkdrYavnxFerB8bl0REvmL1sOoxvj4B/V5fa3+qwuZaIACkUIP2n4rqQ9ZwMJ3g/rZraivmRsXrsp3rYsVQpeHs4grT4yM0yQAs/9nBcpMgFx81StbaYp4yvXKvJeP0m6f71QvjVxNqhMOGysAQe98Q5s0i4fiNKZ4KlO1cPUX2Cay3rwOfBRFHAtxNRD9xMxUQ3k+w0V8F7O5yVYLx7Ptgvubbj/AUx/X17I1vW8p3Mq2UQZrTcs9J/pQ6+dDtmSErsLyk+vhH/FXw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR08MB5084.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(346002)(366004)(39860400002)(376002)(7696005)(6506007)(53546011)(5660300002)(64756008)(66556008)(66446008)(38100700002)(26005)(110136005)(4326008)(71200400001)(186003)(83380400001)(166002)(30864003)(2906002)(55016002)(9686003)(8676002)(86362001)(52536014)(478600001)(966005)(122000001)(33656002)(76116006)(66946007)(8936002)(66476007)(38070700005)(316002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: bgsKwpVXjKK1cVdydU53L3o1BhXF5LX9sYGCPd1sV8GzJfRHqMiJ3tFyvHzPThhllT4JwkJeAGQYF9JUbTzFsqKmK25wLLKJFgy4ExFstBHvCjKbdM8+7ZoncVmykAeh0DVbro79MnOmaMYNHWx4P4h8fTMNkSBiYLLVR0Xjqm+/UWd1goLgyQzPAklALzyaOLJQ07jtan7kgLxbZebsxnh1FZomEJ2v4nX0SnBBLtofQFpRJaDVoLanjDVd1Dmd7Ywqp9pf1gOXE/PNtSlik6lVV22NoEozB1oOTpoQwkkHtaAoXOAIqv6I6cnTyHgTVtYCdVWEAXwXouFACKDfCA7faxqSgxaQ7R0nyL2QCJoe+NVlxz+vsJnDWGvUdebyjogPNQPJb7Qv3sG8DBtX7lyaXSsqrJqHCfVFKMn5UOYmcxgcX1CpMiwKW/898VvHu+BUBChBJ/ZdR0Ef9C9dhcNjbC//Lxn68TB/0cfu71arY3kEWoLJDn1VzJqjNTQrt6jmt3xsXKVDQkcrSP5PRsZ6hL40l833yqwEQsWdUH2X3IfQgyqYY369jrrKG0glSeLVaonXwa5/zkzzX7lKG19DlmZc1+7Zq3aCs3wCIrAt04qaYDjsBGF/Mk64kyW/CdjCoEB+gbvxDk/Rd7mrScl9OJXixVnAPKpbcalm+m1/hbpkLi889nkiJiCu3y1+jh6Urnydzv7iQ9oBEhW4uc5GtqPACbvgbnPIrBQhb87KD/UDmuUn1OTc853ELN9bLQ5qc9q+mXjoGa+4j60AVAQ8SvKrbvLp27T6fC+ZLfv679ogZ6Bs8c68dm5bJ4xX8167LZTK6STrrZarKqbLC5RsDGZ/r9NBOrp+3+fmRChFkWM9WuIMxMKeLgN43phMSEaBgZ1y3hRP+F8NRRta7EDWJ0gv5v4x4JtdIeUd5wIuNUHvdaY+raglfveUgw9+d16Vrdpoo9BS8z5URs8SsrD+rJ42gVpbS75YD8CQ3iz2sbToc4iFwPYXV9Te+/1g8F+x7wQMcFn5zu1ErmRzmY3SLrGzQxtDuOo4owS1TjTJJ8cd0eePFyrt+xEKcBzAk6OIfLx02l6Rno4Xj6/ixCdA228GAgbTvPO4W8uoUtWeP59btlNsJ6HKYPIMpRaNPLsYgcGXYW/NoDY+e4HqR0WUMIkiGaDPQTJJb64//zMvhpnaJP5HHBPT4NWpQK9RecC799VLanIdK9YyFka38NqR6nN0OqwnUun4dUun4QD1hqhFdBz0zrveenXCq++RC5Y47YL8C050vdUq4KD8A6nHqiROSLzdSwXzR24xa+O/YkMhP9sI1O0OyCSsngu1
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR08MB508479DC55B4D4A0E5B11AD19BFA9DM6PR08MB5084namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR08MB5084.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fc10108d-bac5-400c-2a53-08d95ea3a35c
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2021 21:45:16.1683 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +HKnS+Jno0MfDFAHvErOVEW0MZmru5hDkeB6+0gjS17jpC4fuud2m/S4zpfm/3MS8q5seZndPC8r946bmjhV3A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR08MB6314
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/pewfbAmwQMg3LlvM8cXP2Lg5838>
Subject: Re: [netmod] system configuration sync mechanism
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2021 21:45:28 -0000

Thx Kent. Please see inline.
Jason

From: Kent Watsen <kent+ietf@watsen.net>
Sent: Monday, August 9, 2021 9:59 PM
To: Andy Bierman <andy@yumaworks.com>
Cc: Sterne, Jason (Nokia - CA/Ottawa) <jason.sterne@nokia.com>; netmod@ietf.org
Subject: Re: [netmod] system configuration sync mechanism


There was a request for concrete use cases.  This email from before was good:

              https://mailarchive.ietf.org/arch/msg/netmod/v5cNLcC2F_OT8t-407F3Zj6Vws4/

[>>JTS: ] I saw the taxonomy of resource-dependant vs resource-independent, and the sub-categories of applied-immediately vs applied-after-reference. And then the concept of "conditional" system config. But I think there may also be two orthogonal concepts that need to be clarified:
1) deletable/removable vs non-removable
2) modifiable vs non-modifiable (i.e. can you modify elements in the list entry)

Let me give you an example use case of deletable+modifiable:
- user "admin"  (list entry)
- exists in <running> when the server boots up with no <startup> DS
- can be deleted by the client (and then a copy-config from <running> to <startup> would create a <startup> with the absence of the user "admin"
- I think this particular example would be "resource-independent", "applied-immediately", and "non-conditional" (but there could also be deletable+modifiable objects that are applied-after-reference or resource-dependant)
- but I also think that deletable entries like this can just be handled as system populated <running> config at boot time when there is no <startup> DS present

An example of non-deletable+modifiable:
- CPU protection policy number 255 (rate limit for extracted control traffic) that can be assigned to an interface (leafref from interface->protection policy)
- not shown in <running> unless the client explicitly modifies parameters of that protection policy
- an option ?: have this show up in <running> if the client simply explicitly creates the list entry

An example of non-deletable+non-modifiable:
- QoS policy 1 that is assigned to every interface by default
- The leafref from interface->qos policy 1 has a default value of "1" in the YANG model
- an option ?: have this show up in <running> if the client simply explicitly creates the list entry


More below:
[>>JTS: ] Please see inline below




On Aug 9, 2021, at 6:23 PM, Andy Bierman <andy@yumaworks.com<mailto:andy@yumaworks.com>> wrote:

On Mon, Aug 9, 2021 at 2:51 PM Sterne, Jason (Nokia - CA/Ottawa) <jason.sterne@nokia.com<mailto:jason.sterne@nokia.com>> wrote:
Hi guys,

I'm late to the game on this thread but I did read through the entire thing (whew - can't promise I absorbed every nuance though). I am familiar with this issue. I've been dealing with it from the server implementation side (some clients *do* complain if there are references to missing "system config" list entries).

One of the pretty fundamental issues IMO is whether we want good ol' standard <running> to always be valid (including for an offline client or tool to be able to validate instance data retrieved from a server against the YANG models). Even without this "system config" topic, we already have a looming problem with config templates & expansion.  Servers with YANG models that document a lot of constraints (e.g. leafrefs, mandatory statements, etc) are more likely to hit this issue of an invalid running config (offline).

I think that it is already the case with JUNOS that <running> by itself cannot be validated by a client unaware of how JUNOS templates work…as the templates may supply mandatory nodes and/or values, or some validations only make sense to evaluate when the config is flattened (e.g., ensuring "max-elements" is not exceeded, ensuring ACLs always end with a terminal rules, etc.).
[>>JTS: ] Clients may not hit this as much with JUNOS. The latest models I looked at didn't have any leafrefs and had very few mandatory statements. So I'm not sure what parts of the templates provide data that is required to validate running against the YANG models ?
But for models with leafrefs and mandatory statements, there is high likelihood that clients won't be able to do offline validation if templates are used.


I'm doubtful that it is easy for a client to know how templates are expanded for all given servers. Unless that expansion is fully standardized (which would be challenging given multiple different shipping implementations in the industry), there can be some subtle corner cases and it can be complex (multiple levels of template application, exclusion rules, etc).
Agreed, not easy but…

Some [smart] clients may never need to grok how device-level templates are expanded.  For instance, the NMS I worked on in a previous life would always onboard a new device by asking the device to provide its config already expanded, and thereafter would never send templated-config to the device (note: the NMS had its own template mechanism).
[>>JTS: ] But that's moving the mastership/ownership (i.e. definitive view of the <running>) down to the server. Or abandoning templates as part of the operator-owned config.

On the other end of the client-spectrum, other [dumb] clients may also not need to grok how device-level templates are expanded, as they mostly push simple updates (e.g., open a port) known to pass validation and/or rely on server-side validation.
[>>JTS: ] If we only want to solve server-side validation then this gets easier. And maybe that is the answer. But some clients today do complain when offline validation fails.

Of course, there MAY be clients in-between that read/write templated-config and, if they wish to perform off-box validation, most likely will need to grok how templates are expanded.[>>JTS: ] Yes - I think this is the issue (and workflow) we're trying to address here.



I agree there can be dynamically added system config (e.g. create a new qos policy, and some queue list entries are automatically created inside that policy).
I'm unsure how this relates.[>>JTS: ] Qiufang was asking if conditional system config exists. It does in some implementations.



Note that config added by the system could be deletable or non-deletable. For deletable items there were some previous discussions a few years ago that those list entries could be simply a default config that is populated if the startup datastore is empty at boot time.
Yes, but I that’s a different use-case, right?  (see the link to concrete use cases provided at top)[>>JTS: ] Not really a different use-case. A different attribute of some of the use cases we're discussing. I think its another dimension we need to consider (along with resource-dependant vs resource-independent, applied-immediately vs applied-after-reference, conditional vs non-conditional).


The system config list entries could also have leafs that are modifiable and leafs that are immutable. For the modifiable objects I think this is basically the system merging the explicit config with the system config (with the explicit taking precedence).

The “modifiable” leafs are in this use-case, assuming “modifiable" is the synonymous as “over-writable".  Some “immutable” leafs are more like those discussed in RFC 8342 Section 5, but others are like what Andy discusses below (note: these immutable nodes are not currently in scope, as I understand it).[>>JTS: ] Yes - I'm thinking of modifiable as over-writable. Maybe this is a separate issue - I'm not sure yet.



Perhaps a lot of this system config is a legacy hold over from human-driven CLIs. For machine interfaces maybe it's reasonable to have clients explicitly define their config *if* they need offline validation of <running> to succeed (i.e. allow clients to explicitly configure any of the system config policies they are actually using & referencing).  In many cases, users want the "master" view of the config to live up in the client/OSS side and just push it down to the server (without having the server touch the contents of the running, i.e. a read-back should return identically what was sent).
Agree that a read-back of <running> should always return identically what was sent, but that doesn’t mean that there isn’t system config in play.[>>JTS: ] Not sure what you mean here. If the client sent config X, and in X there is a leafref to some system list entry, and the system list entry wasn't sent by the client, then I'm doubtful the readback should return the system list entry (in which case the config would be considered invalid by offline validation, e.g. analysis of the instance data against the YANG model with yangLint).


It might be good to set up a virtual interim or call of some sort to discuss this one. It is pretty complex.
Good idea, but I’d hope first to get past the “do we understand the requirements” part of the discussion.  Of course, if people prefer, we could schedule an interim to discuss the use-cases also.


I think Balasz captured the 2 use-cases very well.

The use-cases in his 7/31 message are good, but neither of them are part this work’s scope, as I understand it.  [update: his use-case ‘A’ may be in scope, depending on how we set the scope]
[>>JTS: ] I'm confused about your and Andy's references to Balazs' use cases. Do you mean this email ?
https://mailarchive.ietf.org/arch/msg/netmod/ncgHfMzteHL3cnqCdpDoojw171s/
I see principles. But I'm not sure what you mean by use-case 'A' ?



For implementations that combine the system into <running>, undoing
this behavior would be quite disruptive and therefore not likely to be done.

I do not support merging <system> into <running> (unless appropriately-annotated in a “with-system” <get-config> response).  I do support merging <system> into <intended>.
[>>JTS: ] I'm also doubtful about merging into running (that means magic config appearing in running). Even with annotation, a client that doesn’t understand the annotation would just see this as config being added that they didn't add.
An explicit RPC to cause the addition might be OK, but then a client would have to continually issue that RPC (maybe after every edit-config).



It would help to have some common understanding of the contents of <system>.
Maybe start with the well-known "interface problem".  The system configures almost empty physical interfaces.  The user is allowed to add, modify, and delete all descendants except the "name" and "type" leaf, which are set by the system.

I agree that concrete use-cases are needed.  The link provided at top provides some, but not all, and definitely not the specific one you just mentioned (which regards into Balazs’s use-case ‘A’ and Jason’s “immutable” config).



In this case <running> will have the /interfaces/interface nodes in them (or else the client-accessible nodes could not be represented in NETCONF).  So any config=true XPath can point at name or type leafs in <running> or <operational>.

Ack.



I have heard that <system> is needed because it has nodes in it that do not exist
in <running> or <operational>, but could exist.  The premise is that the server could have created these nodes but it did not for some reason.  And the client can inspect these nodes and somehow force the server to change the nodes it adds to <running>. (So what is the real use-case then?)

This is what the link provided at the top of this message regards.



Retrieving the system-created nodes with origin=system is already supported by NMDA.

True, but this “system config” feels different, or at least parts of it does.  We may need to tease apart the “leafref-able system nodes” from the “resource-independent nodes” from the “resource-dependent nodes”.



K.

v2.23.0 | Report a Bug | By Email