IETF Logo Mail Archive

Re: [nvo3] [Last-Call] Yangdoctors last call review of draft-ietf-nvo3-yang-cfg-05

tom petch <daedulus@btconnect.com> Fri, 17 September 2021 10:57 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E013D3A13D2; Fri, 17 Sep 2021 03:57:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m9gAZ0Y99fzy; Fri, 17 Sep 2021 03:57:38 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20095.outbound.protection.outlook.com [40.107.2.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FB1E3A13D1; Fri, 17 Sep 2021 03:57:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nb12TC6Mbi4WOmNI9enEFKXt23jKmUBm2sRM0oMwkPL3yNym/X8iMzPbd039WHOtvVHx1+/9fos6NUzgnRfDKZnJ+UkLI6W/mak5krJLHXt/n9K19sRzubVjEghUKe2ynpOHH0wL5Nclba+4GBJQ1JCVS2ZYsyu4SqeLa+eSoQGglOyCXBWDCrD/H3/lss1ngU9ptL/l0N4dTH8FywUyRzBXKjScnpKn8zjyth6xuwJRphKFURlXHNWROQbZqk9UMFmEef8XtZ0vtOqCR7Hcbb7qjTImZ7FKbVnXrNWwajB9Bk5Mheo6JTv4Xcu4HkW/OT52D7+weet5wwS45Jv50A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VYecpQ4DwJC9PoKIOGvw9/sdHoJKuIDluDv8pLYy8AI=; b=imBCFs4FUH1QVDM9NKnrihrAOJUgpDfYrhJG+y8f75vJBEEkWMKsnd7/peho9NlIPrSLYtini43bhz6dtKyj9rUwL+FmyhTV2OH28h8hqlIf4CPgbvTlJFSg/A4wihmjcgFBIfLHDEzQjuKrCiuVs7sOcEPiPozHochkwl+LS4wYuejWnQzP0hsnMFrPL0pmIeN7/kCxHJpZPj5J0FN0kZSXz6Pj3au543nly7gcPQOWnKaRzZ7z/bNUdYYzXJ7gK90QHV9eWhHJimm071I2GdyW86NuG6I7A5FiBR+jLIIaroRH5G3rII6lU4TUwjNdQYhGGZrd4tfI0KZJWGnpWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VYecpQ4DwJC9PoKIOGvw9/sdHoJKuIDluDv8pLYy8AI=; b=lsfVFrkbRw2+QdVO4y/aCAOQk+shIJTZfR7NjZcCzDP1c4EgLBXgFRIkxkiK39Feihe6XT7Cr+9Xy4oDdqJS42mAX0EhTb/IU1aYytLLt6NQS09UN6pwjr+3g6SrtMKfrw0DCkKtldr/yno8lqOyHFAy4OeF2mab4aFwHCfUQsI=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR0701MB2222.eurprd07.prod.outlook.com (2603:10a6:800:2d::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.9; Fri, 17 Sep 2021 10:57:30 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::da:1b00:ebb3:ffd9]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::da:1b00:ebb3:ffd9%2]) with mapi id 15.20.4544.006; Fri, 17 Sep 2021 10:57:30 +0000
To: "Liubing (Remy)" <remy.liubing@huawei.com>, Jan Lindblad <janl@tail-f.com>
References: <d32aad64cf1b4136a300f53e30ccd8c6@huawei.com>
Cc: "nvo3@ietf.org" <nvo3@ietf.org>, "draft-ietf-nvo3-yang-cfg.all@ietf.org" <draft-ietf-nvo3-yang-cfg.all@ietf.org>
From: tom petch <daedulus@btconnect.com>
Message-ID: <61447491.1040502@btconnect.com>
Date: Fri, 17 Sep 2021 11:57:21 +0100
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <d32aad64cf1b4136a300f53e30ccd8c6@huawei.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: LO4P123CA0082.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:190::15) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
Received: from [192.168.1.65] (86.133.70.78) by LO4P123CA0082.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:190::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4523.14 via Frontend Transport; Fri, 17 Sep 2021 10:57:29 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9b6edc4a-4d2e-4661-caad-08d979c9f16e
X-MS-TrafficTypeDiagnostic: VI1PR0701MB2222:
X-Microsoft-Antispam-PRVS: <VI1PR0701MB2222287728AEF27709A4F396C6DD9@VI1PR0701MB2222.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7691;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: KnLPzRL6v6Gq1qEkoJKEsIUm6x3DQu/3eN1usxHDi72rIWB1K2V2bmI+PQ4erGChT/qBx3YSAoo0sASJG+d72Ndw7yS3wLOqdbgqinnwKTVz7OMj9wcJMrcy2XFLzKknFzu2Pxdepn55TmTuk2ZLw/aziAiyuhDW6WQL1Ur9ELpmQlY8LYbvzZiIVDSN8NEy9qC8t5DXUvhxzCutqC8o4dGLBhIm/GvFOqa0wfRxvEy0pUo3PKOznO0UH9xXgjczqokTnh49R2VyOmk8nk6ce9QihYdzIPsp8xOajK7XZnWdQhvUKW6ewmf7wbo0o5x7xIY3H/LfnOwGGBFBCC2D5ayR9BxzPBbApER61eYz6QZ73zYFfKT5/l0/en9efXsNIYzuh/DGuSjfHOLWnsWFTCQlWWWGubiRoxFUqZR2MKq1ArYuH74WSUFJCjc/bHUSN7x/vu0mLHD0fstz6b80jguW6AdY08UiR0vKjeTjOAKpUWltnyQ0q0lvPwFHiBi8INrTwlp4ie2LvQcjO75xg6f2egBU6Qf52ACweU3A6Atx3YSSN0OdQ8NQehcfJbyrdVwVTQI2ZymCiSSsLtAxf2ml41rE0jPYWcay49KCZ9R9UxZBqc6rGUQbW/DgaiHeHoLNh+GUepowb+aVlAvJMfp1FsAy6yqi5wBh5o9bIuztm65Klw3X/oUwB45R/qGfwZprG0c0F52QG990W7ZngqHo3Ep9Djpy/4VX0o0KBFV2r9cViHbp90kRzXEXLyS7
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(54906003)(87266011)(2616005)(36756003)(26005)(508600001)(186003)(5660300002)(2906002)(8936002)(83380400001)(53546011)(66946007)(4326008)(38100700002)(66556008)(66476007)(16576012)(6666004)(86362001)(316002)(38350700002)(110136005)(6486002)(52116002)(8676002)(956004)(485344003)(62816006); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: dxP3GoUHSY3i3r4fqlNvlg/uXL1hfnoaJR7bO94NKp1mJvvz5uoNUzBAf9lUamh2MsWzs27Iex16mQb5DMxm2X09ETFkK+zzv+wnRVNAeuly0ygrPM4t/4m3s3fI6dUlckKyxrnLvwz7zUaY0vcg00Tfck81dh+2KmjDjM6eriUdvENglIB3KNnUi6Vzz/wkN9DHNX3rTAUhJlNRijiIu6SXS5WA1uOoD75lcJ6sfHJBi0k6duVo+T99eUSqNcFdhD6XC0/GeaeiTdr33QXcpRmtBvV+FOn5ywCkrorNhodg65sOGS5INO2gZLGWOetRc1hi8FyZNXtDQJF6tcguPu7w+VLK0A+7xIxRdQcfCIeVf1WGazEy+bXCvjmgS6QfrxBFAF+YMgly3fYERWk1UNjDjxF7ci2+aB/XNGQEmzoMymYlRSE1yoi4XIQKb2xvPxd8msFyvRO+eRur26ddY1H5Y9iuDOsf7z+cc8mupPD3yJOAzwpt1Phk1hlcKYX+Bm/y52WcF7jWjBT2976qCJ1r60WFlDoOMKcYQt7+yH1ZM6fibuZwZTTRN8FSlm83hqHvp7VGhjXCCvPkQyrRQXEiklPBcXfoQosI1IsHZZbTxuMnkuRykc7zQaT/nTT3dwvH6oeXCYhk1UTlrftDKco7NzS4w812aqwE3bFslwfirTnBazKkKfO0W5Xc5PTuo2ueBOnF3alFWF4LVD/Kaxc0sewWilb8su1Adzi22rCBMsN+i6VfnMw19i/PQrdvd8h/iqFF+wuyrLIQ7Ounx5fvRmpObv5CCTSbaJ/n/uF/b8mlyibxLai1NP92OkozURzkPF0epEsbu+DeXLz4EPYRpMHGlZ4/L4Rb5xK5TvRH0qEXA9T1sIkvZKOy1W0M1ZrGWALTZXrKI5G2vMdT2xq+kDO9aNLTVT5xq3D2SR8K+RpIxVmHwu2Yu8Xxe7f+xB56uQHPmEcw2D6TBVryPZHRVQwYUsckx3ygvWZYUCX32nsgP3lTCIECYtW/CAUXiNfOjC4xgvUY4As2vZWx0bxNG2/hA+f3jhBM3RC6+bmv7bhGhNX9okqvEy/xJDvn4pSt1aB018gdADmM/6RigBtX0crtwYJESBQe2Loa56gzH8RpujExL6aWla0lo37rCvfG/6D5PATB4md/Sxq4I81QU3bnXJrvnaI1tRaRgIcdJY2MY5GeQ5AM28ZG5GCvQO7LvE4Mch7aIbfBfSEQQyIYx3M0SH7aPOMEruwCNZVA/CFBD4VFOdr241yeFrwo03JPNg9482Bsf2GFdqPv6r2y7QzPNiVSLnEm34BMVssDohgqOF6G8CEAL32YPNQ4
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9b6edc4a-4d2e-4661-caad-08d979c9f16e
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Sep 2021 10:57:30.1337 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: dCvvCAyXnIs6r/DnUrh3Zj9d6I4h37YKkXEM6oSelSgmP8rUbRXxYI2Md70jBbXylnBsX3i3JT0ZJ3UO4f/XMg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2222
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/uW68bzzEmHxeYGpkzTkLsik1uVE>
Subject: Re: [nvo3] [Last-Call] Yangdoctors last call review of draft-ietf-nvo3-yang-cfg-05
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2021 10:57:40 -0000

On 16/09/2021 08:18, Liubing (Remy) wrote:
> Hello Jan,
>
> Many thanks for your review. We will make related changes in the next version.

Bing

This e-mail caught my eye as I was looking at the recent revision of 
nvo3-yang.

You might also want to fix

IANA Considerations
Security Considerations
Copyright
Contact
Organisation
etc
none of which conform to YANG Guidelines!

They are admin details which have to be fixed sometime and for me, the 
sooner the better.  I have a mindset that says if the admin is wrong, 
then the technical aspects probably are as well:-)

And whether you use 'action' or 'RPC' I would always add
nacm:default deny-all
as a basic security precaution.

I agree with all Jan's comments.

Tom Petch

> Best regards,
> Bing
>
> -----邮件原件-----
> 发件人: Jan Lindblad via Datatracker [mailto:noreply@ietf.org]
> 发送时间: 2021年9月16日 15:11
>
> Reviewer: Jan Lindblad
> Review result: Not Ready
>
> This is the YANG Doctor review of draft-ietf-nvo3-yang-cfg. In my judgement the draft is not ready for last call. This is not to say that there isn't plenty of good work that has gone into this draft and YANG module, but since I have been unable to compile it, due to unclear dependencies, the fundamental requirements for performing a review aren't met.
>
> As soon as you import another module, you become dependent on that module and inherit any problems it may have. If the modules you depend upon are not stable enough, it may not be viable to perform a last call review. As long as the modules you depend upon are not published, I would think you cannot go through with publication of your own module either.
>
> There's always a bit of guesswork involved when a YANG module imports unpublished modules. By looking in the IETF Git repository, under "standards/ietf/RFC" as well as under "experimental/ietf-extracted-YANG-modules", i.e. the section for automatically extracted YANG modules from drafts, I was able to guess at which modules that are transitively referenced. Based on this, I believe we will need to have stable versions of the following modules before the draft-ietf-nvo3-yang-cfg can proceed. Experimental modules are marked (*).
>
> iana-bfd-types.yang (*)
> iana-if-type.yang
> ietf-bfd-types.yang (*)
> ietf-bgp-common-multiprotocol.yang (*)
> ietf-bgp-common-structure.yang (*)
> ietf-bgp-common.yang (*)
> ietf-bgp-l3vpn.yang (*)
> ietf-bgp-neighbor.yang (*)
> ietf-bgp-peer-group.yang (*)
> ietf-bgp-policy.yang (*)
> ietf-bgp-rib-attributes.yang (*)
> ietf-bgp-rib-tables.yang (*)
> ietf-bgp-rib-types.yang (*)
> ietf-bgp-rib.yang (*)
> ietf-bgp-types.yang (*)
> ietf-bgp.yang (*)
> ietf-inet-types.yang
> ietf-interfaces.yang
> ietf-ip.yang
> ietf-key-chain.yang
> ietf-l2vpn.yang (*)
> ietf-netconf-acm.yang
> ietf-network-instance.yang
> ietf-pseudowires.yang (*)
> ietf-routing-policy.yang (*)
> ietf-routing-types.yang
> ietf-routing.yang
> ietf-tcp-common.yang (*)
> ietf-tcp.yang (*)
> ietf-yang-schema-mount.yang
> ietf-yang-types.yang
>
> Since I already did a first reading and found a few things, I'll list them here for the WG's benefit rather than me holding them to myself.
>
> 1. YANG 1.1
>
> The draft says "YANG [RFC6020] is a data definition language that was introduced to". Since you are using yang-version 1.1, it would be more appropriate with a reference to RFC 7950.
>
> 2. Identity equality tests
>
> There are a couple of places in the YANG that check that an interface is of Nve type. Currently this is done using an equality test. While that can work, a better and more future proof way is to use derived-from-or-self(). So change
>
>   must "(/if:interfaces/if:interface[if:name=current()]/if:type='Nve')";
>
> to
>
>   must
>   "derived-from-or-self(/if:interfaces/if:interface[if:name=current()]/if:type,
>   'Nve')";
>
> 3. Behavioral constraints defined in English text
>
>            list static-peer {
>              key "peer-ip";
> ...
>              leaf out-vni-id {
>                type uint32 {
>                  range "1..16777215";
>                }
>                description
>                  "The ID of VNI for outbound. Do not support separate deletion.";
>              }
>
> I'm not completely clear as to the "Do not support separate deletion" is supposed to mean. If every static-peer must have an out-vni-id, it should be marked mandatory. If this is supposed to mean that an out-vni-id may be added, but not deleted, that violates one of the basic principles in YANG. The validity of a configuration should not depend on anything else than the configuration itself. In particular, the validity of an upcoming configuration should not depend on the prior configuration.
>
> If you don't want out-vni-id to be mandatory, but also don't want people to be able to delete it without deleting the static-peer, I would recommend making out-vni-id part of the key for static-peer, and ensure it can take a value that essentially means none. For example like this:
>
>            list static-peer {
>              key "peer-ip out-vni-id";
> ...
>              leaf out-vni-id {
>                type union {
>                  type enumeration {
>                    enum none;
>                  }
>                  type uint32 {
>                    range "1..16777215";
>                  }
>                }
>                description
>                  "The ID of VNI for outbound. Do not support separate deletion.";
>              }
>
> 4. Repetition of config false
>
> In many places within the module, there are config false statements inside elements that are already config false. While this is perfectly legal, it is superfluous. Once a container or other element is marked config false, everything below that point will always be config false. The IETF convention is to not write config false in more places than necessary.
>
>        container peers {
>          config false;     <--- Everything within/below container peers is now
>          config false description
>            "Operational data of remote NVE address in a VNI.";
>          list peer {
>            key "vni-id source-ip peer-ip";
>            config false;     <--- Superfluous
>
> 5. Weak data format
>
>        leaf up-time {
>          type string {
>            length "1..10";
>          }
>          config false;
>          description
>            "The continuous time as NVO3 tunnel is reachable.";
>        }
>
> YANG strings are great when used for names that the client can choose arbitrarily. They are not so great when they encode information that is not a name, unless there is a detailed description of the encoding. Since the encoding of the up-time leaf is not specified, the contents will not be interoperable. Either remove this leaf, or better, describe the format of the contents so that it can be decoded. Changing the type from string to some time type might be a good option.
>
> 6. Identities conventionally start with lowercase letters
>
> By convention, all identities defined by IETF start with a lower case letter.
> Citing the principle of least surprise, I would recommend changing
>
>    identity Nve {
>
> to
>
>    identity nve {
>
> 7. RPC or Action
>
> In YANG 1.1, rpc:s that pertain to a certain element in the data tree can be modeled as actions instead. This often leads to a more coherent model with less text. In this module, that seems to be the case for the two rpc:s defined.
> Therefore I would suggest changing
>
>    rpc reset-vni-peer-statistic {
>      description
>        "Clear traffic statistics about the VXLAN tunnel.";
>      input {
>        leaf vni-id {
>          type uint32 {
>            range "1..16777215";
>          }
>          mandatory true;
>          description
>            "The ID of the VNI.";
>        }
>        leaf peer-ip {
>          type inet:ip-address-no-zone;
>          mandatory true;
>          description
>            "The address of the remote NVE.";
>        }
>        leaf direction{
>          type direction-type;
>          mandatory true;
>          description
>            "Traffic statistics direction for the tunnel.";
>        }
>      }
>    }
>
> to
>
>          list statistic {
>            key "vni-id peer-ip direction"; ...
>            action reset-vni-peer-statistic {
>              description
>                "Clear traffic statistics about the VXLAN tunnel.";
>            }
>
> Best Regards,
> /jan
>
>
>

v2.23.0 | Report a Bug | By Email