IETF Logo Mail Archive

Re: [netmod] NMDA System controlled resource

Robert Wilton <rwilton@cisco.com> Thu, 17 May 2018 14:03 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8F6E12EB25 for <netmod@ietfa.amsl.com>; Thu, 17 May 2018 07:03:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hn0G2U_jTRz6 for <netmod@ietfa.amsl.com>; Thu, 17 May 2018 07:03:16 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE6C312EAB3 for <netmod@ietf.org>; Thu, 17 May 2018 07:03:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7118; q=dns/txt; s=iport; t=1526565796; x=1527775396; h=subject:to:references:from:message-id:date:mime-version: in-reply-to:content-transfer-encoding; bh=kZYpXYk//NJznrtKhIjKNKzNwsUWgWu55nxtQwo8rFE=; b=NmBR7h/6U7vRUHvFCnMQQD9sVNZfoZQ1f5KDivdsO95HtyiLrHMycL1h J2SNSzwpOMLoNHINXaxlnN3eff5h+udVX74c0XNLdKzwm/M6p3ijNEsKS eG+oGlb1ujVL8RdCVOvPPw1fK0ISy8+bBorhpXPfWfsvdo/X32pQwXAhi 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DvAQB8g/1a/xbLJq1cGgEBAQEBAgEBAQEIAQEBAYMUgRB9KIN0iGKNcSGBD5NKgWQLGAuEA0YCgjA3FQECAQEBAQEBAmwcDIUoAQEBAQMBASEPAQU2GwsRAQMBAQECAiMDAgInHwMGCAYBDAYCAQEXgwgCgX8PpnqCHIRYg3OCIgWBCYh5P4EPIwyCXYMRAQGBKR+DGIJUAphICY5OBodehRqLRoUsgSUyIoFSMxoIGxU7gkOLEIU/PjCNWwIkB4IZAQE
X-IronPort-AV: E=Sophos;i="5.49,410,1520899200"; d="scan'208";a="3913971"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 May 2018 14:03:13 +0000
Received: from [10.63.23.78] (dhcp-ensft1-uk-vla370-10-63-23-78.cisco.com [10.63.23.78]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id w4HE3Deq010812; Thu, 17 May 2018 14:03:13 GMT
To: Rohit R Ranade <rohitrranade@huawei.com>, "netmod@ietf.org" <netmod@ietf.org>
References: <991B70D8B4112A4699D5C00DDBBF878A6BBAAC22@dggeml510-mbs.china.huawei.com> <4da2b372-d950-80c6-5a8e-9fa58951f6a8@cisco.com> <991B70D8B4112A4699D5C00DDBBF878A6BBAAE98@dggeml510-mbs.china.huawei.com> <f60df575-5e37-6a7a-2267-f1df2d6c0463@cisco.com> <991B70D8B4112A4699D5C00DDBBF878A6BBAB006@dggeml510-mbs.china.huawei.com> <20180517131232.fdda6mkreujwnneq@elstar.local>
From: Robert Wilton <rwilton@cisco.com>
Message-ID: <4ca72aae-8755-21fd-1454-4e681dd4d2ee@cisco.com>
Date: Thu, 17 May 2018 15:03:13 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180517131232.fdda6mkreujwnneq@elstar.local>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/rV2ToogHUtGS_RMicaaShsoqBjM>
Subject: Re: [netmod] NMDA System controlled resource
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2018 14:03:23 -0000

To add to Juergen's comments:

If a system writes to <running> then it can causes a few potential problems:

(1) A client could be surprised to see configuration appear in <running> 
that it hasn't provided.
(2) A client could reasonably expect to be able to delete any/all of the 
configuration in <running>, but that isn't possible if it is a system 
created data node that can't be removed.
(3) If removing a linecard is allowed to remove the associated 
configuration from <running> then that could easily make <running> 
become invalid, breaking one of the invariants of the <running> 
datastore and leaving the system in an inconsistent state.

Hence, I believe that the cleanest solution is to instantiate the system 
created data nodes only in <operational>.  However, this may require 
that customers also explicitly configure those data nodes to ensure that 
all configuration reference constraints are met for the configuration to 
validate.  Generally, I don't see this as a problem, since it is likely 
that you would have at least some configuration on an interface that is 
referenced.  Also having a referentially complete configuration is 
generally a sound principle, e.g. it also opens up a path to being able 
to validate the configuration off the box as well.

Thanks,
Rob


On 17/05/2018 14:12, Juergen Schoenwaelder wrote:
> Deletion of an interface != deletion of explicit configuration of an
> interface. NMDA allows to make this distinction and in a way that a
> client can discover what is going on.
>
> /js
>
> On Thu, May 17, 2018 at 12:02:24PM +0000, Rohit R Ranade wrote:
>> Hi Robert,
>>
>> Thank you for the detailed explanation.
>> On the same lines that you mentioned, maybe some vendors were showing the loopback interface, as part of running. Once they implement NMDA, is it the intention of the authors to mandate that such configurations must be moved to "system" ? Currently they may have limitations on such interfaces and donot support deletion of such interfaces.
>>
>> With Regards,
>> Rohit R Ranade
>>
>>
>> From: Robert Wilton [mailto:rwilton@cisco.com]
>> Sent: 17 May 2018 15:42
>> To: Rohit R Ranade <rohitrranade@huawei.com>; netmod@ietf.org
>> Subject: Re: [netmod] NMDA System controlled resource
>>
>> Hi Rohit,
>> On 17/05/2018 10:30, Rohit R Ranade wrote:
>> Hi Robert,
>>
>> So first , we try to get to know the system configuration.
>> Then for the configuration leaves (based on description), check whether system configuration trumps the intended configuration ? If yes, retain system configuration, Else apply intended configuration.
>> I think that this is probably an implementation choice, so my comments below are subjective.
>>
>> E.g. I think that Junos devices always instantiate a loopback interface (lo0) even if not configured, but IOS XR does not.  This is fine, this is just a difference in architecture.
>>
>> However, for both types of devices, configuring an IP address on the loopback interface should work just fine:
>>
>> In the Junos case the lo0 interface already exists in <operational> with origin "system", along with an IP address underneath it with origin "intended".
>>
>> In the XR case, both the loopback0 interface and IP address are configured, hence when the config is applied both data nodes appear in <operational> with the origin "intended".
>>
>>
>> Hence normally  it is up to the device implementation to decide whether a particular item of system configuration trumps the intended configuration.  Whatever the system decides the appropriate value appears in <operational> and the origin (if supported) of that value in <operational> MUST indicate where it came from.  So in the general case, I wouldn't expect YANG modules to need to refer to system configuration.  However, there are some specific cases where it is useful to do so (e.g. RFC8343 describes system-controlled interfaces).
>>
>>
>>
>> If for some leaf, there is no <intended> configuration , then apply system configuration .
>> For the systems that I work on then I would normally expect an explicitly configured value to trump a system value.   If the device does not allow values other than the system provided value then ideally it should deviate the data node to only allow the system assigned value to be configured.
>>
>> If it is a container/list/etc then you may well need to merge the data coming from <intended>, system and other places as well (e.g. IP addressed learned via DHCP)
>>
>> Thanks,
>> Rob
>>
>>
>>
>>
>> Is my understanding correct ?
>>
>> With Regards,
>> Rohit R Ranade
>>
>> From: Robert Wilton [mailto:rwilton@cisco.com]
>> Sent: 17 May 2018 14:29
>> To: Rohit R Ranade <rohitrranade@huawei.com><mailto:rohitrranade@huawei.com>; netmod@ietf.org<mailto:netmod@ietf.org>
>> Subject: Re: [netmod] NMDA System controlled resource
>>
>>
>> Hi Rohit,
>>
>> Section 5.3.2 states that you allowed to have configuration in <running>/<intended> for resources that could be present on the device but are not currently present.  The canonical example would be interface configuration for an interface on a linecard that isn't operational (either because it isn't present, or hasn't completely initialized).
>>
>> Section 5.3.3 is saying that if the linecard becomes operational, then it may instantiate system controlled entries (in <operational>) for those interfaces.  It also states that if there also happens to be configuration in <running>/<intended> for those interfaces then that configuration will also get applied as those interfaces as instantiated in <operational>.  All of the configuration that has been successfully applied would also appear in <operational>.
>>
>> Thanks,
>> Rob
>>
>> On 17/05/2018 04:57, Rohit R Ranade wrote:
>> Hi All,
>>
>> RFC 8342 has below statement in Section 5.3.3
>> "If a system-controlled resource has
>>     matching configuration in <intended> when it appears, the system will
>>     try to apply the configuration; this causes the configuration to
>>     appear in <operational> eventually (if application of the
>>     configuration was successful).
>> "
>> Why does application of configuration for system-controlled resources depend on whether <intended> has configurations for that resource ? The configuration will still get applied as part of "system" configuration as shown in examples in Section C.1 in the same RFC given below
>>
>> "In addition to filling in the default value for the auto-negotiation
>>     enabled leaf, a loopback interface entry is also automatically
>> instantiated by the system.  All of this is reflected in
>>     <operational>."
>>
>>
>> With Regards,
>> Rohit R Ranade
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> netmod mailing list
>>
>> netmod@ietf.org<mailto:netmod@ietf.org>
>>
>> https://www.ietf.org/mailman/listinfo/netmod
>>
>>
>> _______________________________________________
>> netmod mailing list
>> netmod@ietf.org
>> https://www.ietf.org/mailman/listinfo/netmod
>

v2.23.0 | Report a Bug | By Email