Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-05.txt
Qin Wu <bill.wu@huawei.com> Mon, 04 November 2019 06:26 UTC
Return-Path: <bill.wu@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 465291201DE; Sun, 3 Nov 2019 22:26:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kFTgc_VI-6MI; Sun, 3 Nov 2019 22:26:54 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B563C1200F1; Sun, 3 Nov 2019 22:26:53 -0800 (PST)
Received: from lhreml708-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 66F799DBE65F3AF0C13C; Mon, 4 Nov 2019 06:26:52 +0000 (GMT)
Received: from DGGEML423-HUB.china.huawei.com (10.1.199.40) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 4 Nov 2019 06:26:51 +0000
Received: from DGGEML531-MBS.china.huawei.com ([169.254.5.209]) by dggeml423-hub.china.huawei.com ([10.1.199.40]) with mapi id 14.03.0439.000; Mon, 4 Nov 2019 14:26:46 +0800
From: Qin Wu <bill.wu@huawei.com>
To: Andy Bierman <andy@yumaworks.com>, Kent Watsen <kent+ietf@watsen.net>
CC: "netmod@ietf.org" <netmod@ietf.org>, "draft-ietf-netmod-factory-default@ietf.org" <draft-ietf-netmod-factory-default@ietf.org>
Thread-Topic: [netmod] I-D Action: draft-ietf-netmod-factory-default-05.txt
Thread-Index: AdWS2Mf9xF1iDcUBTmy/s/dHY1ef7g==
Date: Mon, 04 Nov 2019 06:26:45 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABAA93E5953@dggeml531-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.31.203]
Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAA93E5953dggeml531mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/tVv5Xcm3UUVxtOeVb_ha_Euygwk>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-05.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 06:26:57 -0000
Thanks Andy for valuable review, please see my reply inline below. 发件人: Andy Bierman [mailto:andy@yumaworks.com] 发送时间: 2019年11月2日 6:42 收件人: Kent Watsen <kent+ietf@watsen.net> 抄送: netmod@ietf.org; draft-ietf-netmod-factory-default@ietf.org 主题: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-05.txt Hi, I have read draft-ietf-netmod-factory-default-05 and have the following comments: * sec 2. Specifying factory-reset content This section uses SHALL (equivalent to MUST) to declare the implementation details for the server to load the factory-default content. This is not appropriate for a server implementation detail. What hard to the Internet is caused if the server has some other way to load the factory config? This section should be removed. [Qin]:how about change SHALL into MAY? point 1 is unclear what it means to derive the factory-config from the current config. [Qin]: It means the factory-config content may be specified by <factory-default>datastore if it exists, I will make this clear in the text. point 2 specifies a file format but there is no way to specify the file. What is the value added here? Some servers can use an XML file (and will continue to do so, per point 3). [Qin]: how about change the text as follows: “ 2. by vendors using a file in YANG Instance Data [I-D.ietf-netmod-yang-instance-file-format] format or some other format in vendor's website or other places where similar off-line documents are kept; ” Why would this document specify that a dynamic datastore SHALL be empty upon reset? This is an implementation detail or a standard detail for some future work. [Qin]: Okay, how about just remove this restriction. * Sec. 4: rpc factory-reset This RPC has no NACM protections. There should be a nacm:default-deny-all extension added to restrict access. The client invoking the RPC MUST have permission to write all the existing config that is being replaced with factory-reset contents. [Qin]: Will add nacm:default-deny-all on this RPC. There is no mention of any operational disruption caused by setting the config to factory-reset contents. This will vary greatly depending on the implementation and current config. What if the config includes session and client config? This RPC can prevent any further management of the device. That seems worth mentioning in the security considerations. [Qin]: Good input, will document this in the security section. Overall the draft provides useful functionality so I support its publication. (BTW, my name is also misspelled in the draft) [Qin]: Apologize, will fix this. Andy On Fri, Nov 1, 2019 at 8:22 AM Kent Watsen <kent+ietf@watsen.net<mailto:kent%2Bietf@watsen.net>> wrote: This begins a two-week Working Group Last Call (WGLC) on draft-ietf-netmod-factory-default-05. The WGLC ends on Nov 15 (two days before the NETMOD 106 session). Please send your comments to the working group mailing list. Positive comments, e.g., "I've reviewed this document and believe it is ready for publication", are welcome! This is useful and important, even from authors. Objections, concerns, and suggestions are also welcomed at this time. Thank you, NETMOD Chairs On Nov 1, 2019, at 1:59 AM, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Modeling WG of the IETF. Title : Factory Default Setting Authors : Qin Wu Balazs Lengyel Ye Niu Filename : draft-ietf-netmod-factory-default-05.txt Pages : 11 Date : 2019-10-31 Abstract: This document defines a method to reset a server to its factory- default content. The reset operation may be used e.g. during initial zero-touch configuration or when the existing configuration has major errors, so re-starting the configuration process from scratch is the best option. A new factory-reset RPC is defined. Several methods of documenting the factory-default content are specified. Optionally a new "factory-default" read-only datastore is defined, that contains the data that will be copied over to the running datastore at reset. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netmod-factory-default/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netmod-factory-default-05 https://datatracker.ietf.org/doc/html/draft-ietf-netmod-factory-default-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netmod-factory-default-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ netmod mailing list netmod@ietf.org<mailto:netmod@ietf.org> https://www.ietf.org/mailman/listinfo/netmod _______________________________________________ netmod mailing list netmod@ietf.org<mailto:netmod@ietf.org> https://www.ietf.org/mailman/listinfo/netmod
- [netmod] I-D Action: draft-ietf-netmod-factory-de… internet-drafts
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Joe Clarke (jclarke)
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Andy Bierman
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Qin Wu
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Qin Wu
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Qin Wu
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Rob Wilton (rwilton)
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Joel Jaeggli
- Re: [netmod] I-D Action: draft-ietf-netmod-factor… Qin Wu