IETF Logo Mail Archive

Re: [netmod] WGLC on node-tags-09

Andy Bierman <andy@yumaworks.com> Wed, 19 April 2023 20:22 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82AE5C151B32 for <netmod@ietfa.amsl.com>; Wed, 19 Apr 2023 13:22:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tJ4Qi5L4_qxA for <netmod@ietfa.amsl.com>; Wed, 19 Apr 2023 13:22:16 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A794FC151B31 for <netmod@ietf.org>; Wed, 19 Apr 2023 13:22:16 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id h4so376475ljb.2 for <netmod@ietf.org>; Wed, 19 Apr 2023 13:22:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks.com; s=google; t=1681935735; x=1684527735; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=UFa6URKJsc0zlnLtL4qne/hCo3NxDKZkhl1ZREJxbW4=; b=MnNcmc+8lz/P2uNa35FQLddagf2q738vMU23h/RgAWeKj6TCsTwDuIW8lQuiGxlnWA n2dWHPE8r2UdIEkLaHJjcQ70N4buKHWS5m4iBQR6DKEdrCwUXaWVdufQFOsXQer8xVAi PGQl29EE95T5k88JbtH7B3PhRScLnSO0LL3d/ueYCqotXQITukbIfcn0BUJ7wSDX9mor +5AKALAwAlu63h6yxIstnRa3Wguew5DFTtBrkVofPqUMtApR90I4uZjB6IgB51SJCFoR l63WaQzFmTx9Z7U97bTp6Gf9jqeV02ONU4G90M4gK06mxLCGWJ3R5aR6L6/g+PL13qhm +Iow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681935735; x=1684527735; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UFa6URKJsc0zlnLtL4qne/hCo3NxDKZkhl1ZREJxbW4=; b=gdmDus2kPWoPekcl4ZfgSTWBqT5Izw82bALGQRWJYl1sLabNbdMm/7bbpQWKYnqKj4 NxEn08zDC8WnPfCxW33jrWNr1oQUBwHVS0ChNUTRiPXYzItmq0Y+jopITFteMs5yqStf SnDBrJW6nepWCjm+XgBK/Zlzfi5voyU+5hfRkIqkoawzF9LMPlmYu+cx1FQ/DFoiPufK 2fVgI16uI4aCQh/5GDQmRBuYZfBIBhORgGl0nNIoTMsLQg4bNKeSzzpFouGh7ngW1lmK +aNTUKnIFWMXYKhTtqAeDlJUGHWG8Vg/I267pYUPTr3VLLFNkPuas34ZeDiGxv3NT2LW G9sQ==
X-Gm-Message-State: AAQBX9ceJcjJIA+CJb3pTpR01N5XrRBLeAUZN0hXSX+XH+r1qf7Ef0R2 M7Y7G9GJLlvj1LWTPzeXWYX2QeXi489SpwloaXoUPA==
X-Google-Smtp-Source: AKy350b1NnL6WFY5nAO1eFhaMwkd4pDOJA8yO8R91SzdqsDySnxnQliGfo9HRoNM/0NJC4ZXAGKwc1dZ0MF4ToYCeeo=
X-Received: by 2002:a2e:88d8:0:b0:2a8:e5b7:71aa with SMTP id a24-20020a2e88d8000000b002a8e5b771aamr1714185ljk.20.1681935734584; Wed, 19 Apr 2023 13:22:14 -0700 (PDT)
MIME-Version: 1.0
References: <01000187973d01c1-3045965f-faf7-4f2d-a7fa-48283d42eeec-000000@email.amazonses.com> <CABCOCHRyNb4ZbFxpr4awKj_m=An188OB0dO86nXLNSfPEfDTJg@mail.gmail.com>
In-Reply-To: <CABCOCHRyNb4ZbFxpr4awKj_m=An188OB0dO86nXLNSfPEfDTJg@mail.gmail.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Wed, 19 Apr 2023 13:22:03 -0700
Message-ID: <CABCOCHTBD86axR8-SQ2CLEwPUW2A6zWh8u8rkhFYwxXNMDo2dg@mail.gmail.com>
To: Kent Watsen <kent+ietf@watsen.net>
Cc: "netmod@ietf.org" <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fed0a905f9b62df6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/s7hDpewEvHGFNYI8PXy8pSmS7ZU>
Subject: Re: [netmod] WGLC on node-tags-09
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2023 20:22:20 -0000

Hi,

Adding a couple missed comments inline...

On Wed, Apr 19, 2023 at 11:38 AM Andy Bierman <andy@yumaworks.com> wrote:

>
>
> On Tue, Apr 18, 2023 at 6:59 PM Kent Watsen <kent+ietf@watsen.net> wrote:
>
>> This email begins a two-week WGLC on:
>>
>>
>> https://datatracker.ietf.org/doc/html/draft-ietf-netmod-node-tags-09
>>
>> Please take time to review this draft and post comments by May 2nd.
>> Favorable comments are especially welcomed.
>>
>>
> I have read the latest draft and IMO it needs more work.
>
> 1) metrics
>
> The identities to represent system tags are quite vague.
> There are no specific guidelines for selecting the correct tag.
> There are no references to other RFCs for the metric definitions.
> I would expect IPPM WG to define the classification system, not NETMOD WG.
>
> 2) System tag procedures
>
> There are no procedures defined for YANG model developers.
> Are they supposed to add a node-tag extension to almost every leaf in the
> module?
> The administration and maintenance of node-tags will be a huge burden.
> That was one reason they were not added to the module-tags module in the
> first place.
>
> The YANG extension itself is under-specified since it offers no guidance on
> which YANG statements are allowed to have this extension as a
> sub-statement.
>
>
There is no way to specify the 'type' property using this extension.
There is no way to report this value in <operational> for system entries.
The "standard" tags (e.g. "ietf:loss" have no formal linkage to the
identity 'loss' in the module.
It is not clear what value the 'type' identityref leaf provides at all.

IMO all the metrics (tag type identities) should be removed from this
> document and moved to separate work
> that is properly defined using IPPM metrics.
>
> 3) YANG module issues
>
> - what module entry is used if the node is from a module that augments
> another one?
>    I would assume the augmented module not the base module.  Specify which
> one
>
> -  nacm:node-instance-identifier as a list key is complex to implement
>    - not sure a canonical representation is possible or required
>    - syntax allows notification and action nodes to be tagged. Are these
> allowed in thislist?
>
>

There is no canonical form possible for an instance-identifier.
Yet this module MUST define the procedures for storing and comparing 2
instances of this key leaf.
The draft says RESTCONF is supported.  It should also say that JSON is not
supported
since the instance-identifier data type is used in a configuration data
node.

IMO the instance-identifier encoding in RFC 7951 is a much better choice.
E.g., make a NACM schema-node-identifier typedef based on 7951, not 7950.

BTW, the same problem also exists if a list key is type identityref.
The encoding in 7951 is a better choice here as well.

Sec 4.3:

    Any tag with the prefix "user:" is a user tag. Furthermore, any tag
that does not contain a colon
    (":", i.e., has no prefix) is also a user tag. Users are not required
to use the "user:" prefix; however,
    doing so is RECOMMENDED.


How does this text impact the key leaf 'tag' in the YANG module?
Do the key leaf values "user:foo" and "foo" match or not?
If yes, there needs to be a canonical format . If no, then not a good
design.


Andy

-  it is possible for multiple 'tags' entries to represent the same data
> node instances.
>    Figuring out precedence and enforcing masked-tag rules seems
> complicated.
>    NACM has ordered by-user semantics.  This module has "all entries at
> once" semantics.
>    Not that easy to implement or deploy.
>
> - What if a tag value appears in the masked-tag leaf-list that has the
> same value as the 'tag' key leaf?
>
> - the indentation in the YANG module is wrong for masked-tag
>
> - the list and key naming (tags/tag) is not consistent with other IETF
> modules .
>   Maybe should be list tag and key leaf id.
>
>
>
> Andy
>
>
>
>> This draft went through a WGLC a year ago.  The authors addressed the
>> comments received and have been were waiting for feedback.   In essence,
>> this draft is presumed to reflect WG consensus and thusly, if no objection
>> is received, the draft will move to the next step in the publication
>> process.
>>
>> Ref:
>> https://mailarchive.ietf.org/arch/msg/netmod/n2P9yohA-X-xSIt6FlMr4wOqmuI/
>>
>> Kent  // co-chair
>>
>> _______________________________________________
>> netmod mailing list
>> netmod@ietf.org
>> https://www.ietf.org/mailman/listinfo/netmod
>>
>

v2.23.0 | Report a Bug | By Email