Re: [netmod] 6021 ipv4-prefix

Mikael Abrahamsson <swmike@swm.pp.se> Tue, 30 April 2019 05:24 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E97EC120108 for <netmod@ietfa.amsl.com>; Mon, 29 Apr 2019 22:24:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XzqMpbw7rfLi for <netmod@ietfa.amsl.com>; Mon, 29 Apr 2019 22:24:21 -0700 (PDT)
Received: from uplift.swm.pp.se (swm.pp.se [212.247.200.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E028120098 for <netmod@ietf.org>; Mon, 29 Apr 2019 22:24:21 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id D87F6AF; Tue, 30 Apr 2019 07:24:17 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1556601857; bh=S4515WGg3+Azh2MnpCll2NSsY1brxouGRMvSXUUyh9o=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=SpXO7rR88pNCTy0Uj0IreINjIRiGPAL9HNkobbPyAaLi0NFVRqvzbS9I7FjVP5Jy4 T2ZMvuNOESbt9U+/u0PLzLuUVLNlqMgFC9LJtZ9k4UpC9gLp8oWOi0zn5q1j+LwPUq 5iPM66iOQUqlBGYw7Qh7l5msMzP1LA0n2Ca9p+Wc=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id D66319F; Tue, 30 Apr 2019 07:24:17 +0200 (CEST)
Date: Tue, 30 Apr 2019 07:24:17 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
cc: "Rob Wilton (rwilton)" <rwilton@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
In-Reply-To: <20190429153643.oxfcq7ze6ttdihb4@anna.jacobs.jacobs-university.de>
Message-ID: <alpine.DEB.2.20.1904300713100.3490@uplift.swm.pp.se>
References: <20190426173014.klub4kxbzucgfmyc@anna.jacobs.jacobs-university.de> <f582ccc854ae446291d6020822fae9dd@XCH-RCD-007.cisco.com> <20190429100213.vukmmbdsz5zlw6w5@anna.jacobs.jacobs-university.de> <bbf252aaca86418ca80b3bf04a910aff@XCH-RCD-007.cisco.com> <20190429103451.yink4bdvvmlh7ohe@anna.jacobs.jacobs-university.de> <c03aa9a27ed544c5be88fd0750d782e3@XCH-RCD-007.cisco.com> <20190429134615.f32zkbia6fqwk3to@anna.jacobs.jacobs-university.de> <b404565930694fd8af93326b5e754a2b@XCH-RCD-007.cisco.com> <0c4265d31adbf208a680f76216cc4bc42c766eae.camel@nic.cz> <959ed1a8092f4798ac0b923384962049@XCH-RCD-007.cisco.com> <20190429153643.oxfcq7ze6ttdihb4@anna.jacobs.jacobs-university.de>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/ptDPr4-cSPqTSm4pBz8KdhZnI18>
Subject: Re: [netmod] 6021 ipv4-prefix
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 05:24:24 -0000

On Mon, 29 Apr 2019, Juergen Schoenwaelder wrote:

> I believe we are not in the position to tell clients that they should or 
> should not do. If I push the config value 2001:DB8::/64 (since my 
> database has values stored using uppercase characters) and it comes back 
> as 2001:db8::/64, then so be it; it might be convenient for me to be 
> allowed to push 2001:0DB8:0:0:0:0:0:0/64 and not having to worry about 
> how to produce the RFC 5952 representation in my glue code that ties 
> into my database backend. Why would we say clients should not send 
> values in non-canonical format? Why would we say clients have to take 
> the pain to ensure everything is turned into 2001:db8::/64 (to continue 
> the example) before sending values to the server?
>
> Note that the ipv6-address definition has the same canonicalization
> properties (if we consider the address portion of ipv6-prefix) and
> there is no text saying you should send 2001:db8::1 instead of
> 2001:0DB8::1.

2001:0DB8::1 and 2001:db8::1 represent the same thing in the end. 
2001:db8::/64 and 2001:db8::1/64 is not the same thing in the end.

The fact that the server accepts 2001:db8::1/64 and turns it into 
2001:db8::/64 is something I believe should be explicitly stated. It's not 
obvious from neither the description of what a "canonical format" is in 
the YANG spec whether this also applies to dropping actual representation.

A contrived example is if I specify a canonical format for a string that 
is [a-f] and I sent it "abcdefghij" then the server just accepts this and 
turns it into "abcdef"? That's basically what's happening above. A lot of 
people would be astonished by this behaviour, and I think this should be 
more explicit when this is happening. From what we're seeing now from 
different implementations doing differently, this is not obvious.

> I think our mission instead is to make it clear what the canonical 
> format is and that servers will turn lexical representations they accept 
> into canonical lexical representation. This way people can take informed 
> decisions about what is appropriate for their specific clients.

The ipv6-prefix type doesn't have a lexical definition. An integer has 
lexical definition. Does this mean everything should have both just to 
make sure everything is clear? And should a server disallow input that 
doesn't adhere to the lexical format?

I just want it to be 100% clear from reading about what lexical and 
canonical format is what the server should and shouldn't do in each case.

I still think there is a difference between representation of the 
underlying information being changed or not. For instance, DNS domain 
names are case insensitive. Turning input into lower case (canonical 
format) is fine, this changes nothing operationally. Accepting client 
edit-config and just removing ASCII characters can cause unexpected and 
baffling behavior.

I still believe that if a client does edit-config on a DNS domain and 
include for instance a "%" in the name then the server should throw an 
error. So same thing with the ipv6-prefix, it needs to be defined whether 
the server should accept (and zero) host bits or not.

Do we have other types with this kind of ambiguity?

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se