[netmod] Re: comments on system-config-08 draft

Kent Watsen <kent@watsen.net> Wed, 21 August 2024 16:28 UTC

Return-Path: <0100019175c50c8e-f22d8526-dfbf-49a2-badb-6ad10afd0186-000000@amazonses.watsen.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCBC7C14F75F for <netmod@ietfa.amsl.com>; Wed, 21 Aug 2024 09:28:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bisTWWXwGQMy for <netmod@ietfa.amsl.com>; Wed, 21 Aug 2024 09:28:55 -0700 (PDT)
Received: from a8-31.smtp-out.amazonses.com (a8-31.smtp-out.amazonses.com [54.240.8.31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DE14C14F74A for <netmod@ietf.org>; Wed, 21 Aug 2024 09:28:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1724257733; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=RsUlPaqu+C9J0Iu6B1Pn2ARIqtsUw6vmSOV3Wl4Ubr0=; b=Px1SOTUC0Io0GgWIslj40bggjXJPwsHXm/kAAxWZOo0dYDLXVtLBB9mjSzYC+VYg zAAAkdtq7tr1Wy1Vt/l2uccPV8G9G6lxrcb/bsWLLW+Km3ZKBqAG7oeTbNivBXjOb/b ltiqu5HzhllSRhTMyJ/iX4/fx3cbcLNoagIeAgWs=
From: Kent Watsen <kent@watsen.net>
Message-ID: <0100019175c50c8e-f22d8526-dfbf-49a2-badb-6ad10afd0186-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1170B7FF-1026-45D1-A229-D832A495986E"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Date: Wed, 21 Aug 2024 16:28:53 +0000
In-Reply-To: <CABCOCHRWgBpt1Cx4FJqec=-80_PLvRKK1gz7oWJ06C=+_zjNRA@mail.gmail.com>
To: Andy Bierman <andy@yumaworks.com>
References: <CABCOCHScHJENof+1obOgXUDZZMhhPhs9rvKHw4W0RRfF0R1_Hw@mail.gmail.com> <bf769710572f4b3884d58d128cf58305@huawei.com> <CABCOCHRWgBpt1Cx4FJqec=-80_PLvRKK1gz7oWJ06C=+_zjNRA@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.400.31)
Feedback-ID: ::1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.08.21-54.240.8.31
Message-ID-Hash: NDUA5EQHTFWYZCEFBPN72Q5NTY3ZWAGY
X-Message-ID-Hash: NDUA5EQHTFWYZCEFBPN72Q5NTY3ZWAGY
X-MailFrom: 0100019175c50c8e-f22d8526-dfbf-49a2-badb-6ad10afd0186-000000@amazonses.watsen.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netmod.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "netmod@ietf.org" <netmod@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netmod] Re: comments on system-config-08 draft
List-Id: NETMOD WG list <netmod.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/yuHAxg0akhldT1v3tVM9yQzGalA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Owner: <mailto:netmod-owner@ietf.org>
List-Post: <mailto:netmod@ietf.org>
List-Subscribe: <mailto:netmod-join@ietf.org>
List-Unsubscribe: <mailto:netmod-leave@ietf.org>

Hi Andy,

> The example in the appendix shows a device that would boot without any interfaces in <running>.
> They would only be in <system>.  If this is the case, then all non-NMDA clients and all current NMDA clients need to be rewritten to know about the <system> config.   IMO breaking all existing clients would be a bad idea.

This is why there was so much effort before to copy system-defines nodes (the so called “shared objects”) into <running>, i.e., so legacy clients wouldn’t break.  This is my #1 case in the other thread.

The other approach is to version the protocols with a mandate that clients grok <system> and no longer “running alone must be valid”.

No one is talking about changing the existing NC/1.1 and RC/1.0 contracts.

> I am confused, because I was told the reason <system> is needed is so leafref and XPath in <running>
> can reference the system config (i.e. nodes in <running> require nodes from <system> to be part of the data tree.)

This is not true.  XPaths are only resolved in the datastore that is the context.  E.g., if validating <running>, running is the context.  If validating <intended>, intended is the context.   

I don’t think it is possible to validate <system>.  I also don’t recall the draft saying one way of the other.  It might be good for the draft to say...


> Obviously, an old client is unaware of the new <system> datastore and will never provide the 'resolve-system' leaf.  

I think that the current plan is to remove the ‘resolve-system’ parameter.  Perhaps pending more responses from the WG…


> I do not understand how config can be changed, e.g. an address is assigned to an interface,
> if the parent interface is not in <running>.

It cannot, the parent nodes need to be in <running> as well.   This is my #3 case in the other thread.  


Kent // contributor