Re: [netmod] Adding system configuration to running [was: Re: Comments on NMDA-04]

Robert Wilton <> Thu, 28 September 2017 10:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 01314134668 for <>; Thu, 28 Sep 2017 03:26:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VABra4POAJFm for <>; Thu, 28 Sep 2017 03:26:36 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 267E41321DF for <>; Thu, 28 Sep 2017 03:26:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=10365; q=dns/txt; s=iport; t=1506594396; x=1507803996; h=subject:from:to:references:message-id:date:mime-version: in-reply-to; bh=QRkC6BOWzi6bk6f2TssWofvntbLhgWlGMZXav/OSllg=; b=g5jC2894sFUqA3m1X9093Db/aDUmH0g40SJxN6ua0kjgkqCImNo9CoCh smY1P27RoiGZmnAxmGRAFTsqtOOkTi9AN6v+0WMtCd+X0TPQy8spwgKjn jlXof+9dp9a9vZnuebO6F+TK748jDKYHvlCAvWtdYyXo2F+AqUh/PrbWx I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CsAAA4zcxZ/xbLJq1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBhEBuJ44XdJA+IpBthT4OggQKGAEMhEdPAoUmGAECAQEBAQEBAWs?= =?us-ascii?q?ohRkBAQEDAQFsGwsSBi4nIg4GAQwGAgEBii0QqT8niloBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEYBYMrg1OBaisLgnKEUQESAQmGCQWYT4hWh16NAYtbhyuNc4dZgTk?= =?us-ascii?q?fOEJBCzIhCB0VSYVPgU8/NoYPDRgHghUBAQE?=
X-IronPort-AV: E=Sophos;i="5.42,449,1500940800"; d="scan'208,217";a="656063647"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Sep 2017 10:26:33 +0000
Received: from [] ( []) by (8.14.5/8.14.5) with ESMTP id v8SAQXWn019600; Thu, 28 Sep 2017 10:26:33 GMT
From: Robert Wilton <>
To: Balazs Lengyel <>, Martin Bjorklund <>,
References: <> <> <> <>
Message-ID: <>
Date: Thu, 28 Sep 2017 11:26:33 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------CCB37260CFEBBD5130108C8C"
Content-Language: en-US
Archived-At: <>
Subject: Re: [netmod] Adding system configuration to running [was: Re: Comments on NMDA-04]
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Sep 2017 10:26:39 -0000


This is regarding the question as to whether it should be allowed for a 
system to manipulate <running>:

This issue isn't really specific to the NMDA architecture, and there is 
no consensus on whether this should be allowed.

Hence, the proposal is that the NMDA architecture draft be completely 
silent on this, neither endorsing this behaviour, not restricting it.  
Hence no changes to the NMDA architecture draft are required for this issue.

However, I have added an FAQ entry to clarify that this being is not 
prevented, but pointing out some of the potential downsides to a device 
doing this.  The FAQ entry is

Unless I hear otherwise, I propose closing this issue 
( Comments/review of 
the FAQ text is also welcome.


On 14/09/2017 18:08, Robert Wilton wrote:
> On 14/09/2017 16:35, Balazs Lengyel wrote:
>> See below!
>> On 2017-09-14 16:32, Martin Bjorklund wrote:
>>> Hi Balazs,
>>> Thanks for your review.  Comments inline.
>>> Balazs Lengyel<>  wrote:
>>>> Hello,
>>>> Reading the draft-ietf-netmod-revised-datastores-04 some comments:
>>>> General) The system often adds data to the <running> or <intended>
>>>> datastore already not just to <operational>: e.g.
>>>> UC1: I have a server configured in running. I need to bind it to an
>>>> ip-address. The ip-address might be the local loopback address,
>>>> however if that is only added to <operational>, validation will
>>>> fail indicating that the server is bound to a non-existent
>>>> address. How to handle this?
>>>> UC2: I have a set of capabilities set by the system
>>>> e.g. supported-reporting-intervals. I need to configure a job that
>>>> MUST use one of these intervals. If the supported-reporting-intervals
>>>> are only added to <operational> I can not validate the
>>>> selected-interval in my configured job.
>>>> My proposal is to allow the system to add data to running as
>>>> well. Actually I think that is a more relevant case then adding
>>>> configuration just to <operation>.
>>> I think the consensus is that in general it is a bad idea if servers
>>> (spontaneously) add data to <running>.  However, there is nothing in
>>> the new or old architectures that prohibits this.
>> BALAZS: I strongly disagree.  I know others are also adding stuff to 
>> running as well.
>> IMHO the above use cases are real and used and actually important for 
>> us.
>> I would like to see them included in some way.
> I basically agree with Martin here.
> The architecture is cleaner if <running> is only written by the 
> client.  This avoid requiring clients tracking unexpected changes to 
> running, and opens up the possibility of validating configuration off 
> the box.  Ideally extra stuff should be added into <intended> and then 
> become visible in <operational>.
> I understand that some systems add data to <running>, and this is 
> fine.  But I think that it is better for an architecture document to 
> be silent on this point.
> Thanks,
> Rob
>> regards Balazs
>> -- 
>> Balazs Lengyel                       Ericsson Hungary Ltd.
>> Senior Specialist
>> Mobile: +36-70-330-7909      
>> _______________________________________________
>> netmod mailing list
> _______________________________________________
> netmod mailing list