IETF Logo Mail Archive

Re: [yang-doctors] YANG dialects?

Andy Bierman <andy@yumaworks.com> Fri, 20 December 2019 18:27 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62D11120883 for <yang-doctors@ietfa.amsl.com>; Fri, 20 Dec 2019 10:27:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5k5lWuoIQsbn for <yang-doctors@ietfa.amsl.com>; Fri, 20 Dec 2019 10:27:14 -0800 (PST)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72FB312087E for <yang-doctors@ietf.org>; Fri, 20 Dec 2019 10:27:13 -0800 (PST)
Received: by mail-lj1-x22d.google.com with SMTP id j26so10940335ljc.12 for <yang-doctors@ietf.org>; Fri, 20 Dec 2019 10:27:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WF1pWbUeXpTP9yuodvmWLAc2aFoho6lhVlx3Rwy4FwM=; b=sjEHT5U3zRZAM5gz/p96HY2HOxsoBvSRwXda7NjmpgfC/IIfzd/7rXTHFygsuX40yU Fh20sqCvx71clkVx0sHkrdaKmsdjI+xGkT/4QUUVW4ybpVRJa34Q/RZeBDzh5zCD/g9F SB+Soe/SPvDRQpXpv4WNTA/KLi3J5xtT7jN3R7vZwl7z72Q6Dr6JS1BZYt48MAUlcNd/ d6wnyRAynMx9HgjThGvtMPqWQBUSiSIMIMtvJGSDlqkSGwYPSiAt5sTBZCn/KNUOUpxm h8utLQBJv9aYynUbdojhvN1L4PIraAS1mGr5HXqyKgAbaJNoHHO/va7wJGOREJ9tht/o DEMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WF1pWbUeXpTP9yuodvmWLAc2aFoho6lhVlx3Rwy4FwM=; b=UTa1SD5RnZ4hBEWc24qOcAANfrK9DPJ2VDjt8cWxVJgFTMxL1Rriq4H3aUlgo5YxEC U+QcOgsq2IUJAMbvAxWtBKudrauTEY2r5aQE/CxUXaLLXCIYKp81Yfzsk9pVsfnNUV03 vayHk7Jo5MD7SPsAKKViS70G3rgCeLoYKPF8I+iM7sqk6Tn5BQUkXXV7rvzePgE9FS9r 9OnFZTd8XPXrlO1DfaIHDNfV+wotHcy2KdEbrhlnbGqWhJkkGpyGv9Dcadv9vC97E1Lu iMVs2Y+lNpn41qHnFbqwF+4HvpptLvXpN8fjS+pC2sJazdkgah9Ci5aYAPh3aOt3Hxuc zWaQ==
X-Gm-Message-State: APjAAAUmC1T3iZiN4cX5sR5rm2XXbi8aT8+Mo7PrVsa27HD0DJAQlxDZ ucOQZZRwDA3hKpuo7gUAhnDszs41Ipt1vEAhXXiUmA==
X-Google-Smtp-Source: APXvYqwqt7FJ7xDILyU+4qOaMiazSG/MT/8VHCkPudAnDO1nYHixGZsYGI9MX2zPcDuzcJdaRm5SIGNajkabmMAX2JM=
X-Received: by 2002:a2e:7d01:: with SMTP id y1mr10901456ljc.100.1576866431549; Fri, 20 Dec 2019 10:27:11 -0800 (PST)
MIME-Version: 1.0
References: <CABCOCHTB+V6sV8hRcAC+OfseBBN=jUQnHQxzEVB_1drWhaEVXg@mail.gmail.com> <20191218.220130.545256750871048075.mbj@tail-f.com> <CABCOCHRfNrz+cNMA8ciRYGEM-7aR=S2NYJzU-t8JQ620Zs=hvQ@mail.gmail.com> <20191219.090708.1031388562992503497.mbj@tail-f.com> <MN2PR11MB4366F797234C963E23734BA1B5520@MN2PR11MB4366.namprd11.prod.outlook.com> <6684E0F3-DC49-4E94-B4FB-1109662F394D@tail-f.com> <1b398c323c72edc5970e90af06b70226b6eed755.camel@nic.cz> <18F4705E-7ECC-4698-8787-5604CDA8ED79@tail-f.com> <acf7a84b55428a3dd05bd646a518529e412f3da0.camel@nic.cz>
In-Reply-To: <acf7a84b55428a3dd05bd646a518529e412f3da0.camel@nic.cz>
From: Andy Bierman <andy@yumaworks.com>
Date: Fri, 20 Dec 2019 10:27:00 -0800
Message-ID: <CABCOCHTNGtpmHNQxcfS+rCu1+RX97FHkOR1hjVMG6FOR8z_4YQ@mail.gmail.com>
To: Ladislav Lhotka <lhotka@nic.cz>
Cc: Jan Lindblad <janl@tail-f.com>, YANG Doctors <yang-doctors@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000082df5f059a26d3ee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/8eywCAe2pb4Z8E0GHbVP7TNnVhQ>
Subject: Re: [yang-doctors] YANG dialects?
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2019 18:27:16 -0000

On Fri, Dec 20, 2019 at 6:44 AM Ladislav Lhotka <lhotka@nic.cz> wrote:

> On Fri, 2019-12-20 at 11:07 +0100, Jan Lindblad wrote:
> > Lada,
> >
> > > > > > o  extension: An extension attaches non-YANG semantics to
> statements.
> > > > > >
> > > > > > This is not the case here, it is only syntactically compatible.
> If
> > > > > > tool A
> > > > > > says that some instance data is valid, but tool B says it isn't,
> then
> > > > > > the
> > > > > > standard is gone.
> > > > > >
> > > > > > Lada
> > > >
> > > > Of course it would be legal. It's always legal for a NETCONF server
> to
> > > > reject
> > > > an edit-config for no apparent reason (from a YANG perspective), so
> all
> > > > device
> > > > YANG models would still be legal if all pattern statements were
> removed,
> > > > but
> > > > the same string pattern constraints still enforced by the devices.
> The OC
> > > > group could therefore remove their pattern statements and introduce
> a YANG
> > > > extension oc:posix-pattern (or oc:go-pattern, or whatever) that
> gives a
> > > > hint
> > > > to some clients what is expected. The clients that don't understand
> this
> > > > extension would just se a rejection for no apparent reason (from a
> YANG
> > > > perspective).
> > >
> > > I strongly disagree. Why then do we have so much text about
> constraints,
> > > validity etc. in RFC 7950? The benefit of schema validation is that an
> > > implementation can rely on an external validator and needn't clutter
> the
> > > code
> > > with all kinds of input data checks. But if the validation result
> depends on
> > > whether I choose library A or B, this concept simply falls apart.
> > >
> > > Lada
> >
> > I completely agree that the device interface behavior should be exposed
> with
> > much detail in the corresponding YANG.
> >
> > Practically, however, I don't think it is reasonable to expect that every
> > little rule of the implementation is exposed. YANG isn't expressive
> enough to
> > cover everything. And actually, there are sometimes cases where I advise
> not
> > to add as many constraints into the model as technically possible by the
> YANG
> > language. Half-a-page long XPath expressions may detract sharply from
> > readability, performance and universality. Implementation details may
> start to
> > leak into the interface.
>
> I understand this but I guess the problem is opposite: A server developer
> uses a
> YANG library for validating config before applying it. If an implemented
> module
> contained say
>
>     oc:pattern '^x[123]$';
>
> the developer might think that this constraint is checked by the library
> and
> take it for granted. But if the library in fact silently ignores the oc:
> extension, then arbitrary strings will be accepted and can do all kinds of
> nasty
> things.
>
>

But this is not the openconfig solution.
The oc-ext:regext-posix extension is much worse that this oc:pattern (does
it exist?)
It can be ignored by the compiler, which of course is unaware that
pattern-stmt
is not the YANG-defined pattern syntax.  They have already added this
module-level extension to all modules, so problem solved (they think).

I do not agree that the pattern-stmt is somehow "close to the
implementation"
and therefore one cannot expect it to work on all servers the same way.
All YANG constraints are supposed to produce the same client results, even
if they are not implemented the same way on each server.

There is a proper way to use YANG extensions to annotate the model
with implementation details.   Writing YANG modules so they only
work for 1 organization or only work if the server is written in a
particular language
is not the proper way.

There is no way to fix this correctly in YANG 1.1.
A new language version with new statements is needed to force all tools
to support any new pattern syntax.

Andy

>
> > There are also operational aspects to consider, such as a device running
> out
> > of memory at some point. A client therefore has to be prepared that an
> edit-
> > config may be refused for no apparent reason. There is no text in the RFC
> > stating that the YANG constraints in a module must be complete, even if I
> > regard that as a goal. One reason UML models tend to be useless as
> interface
> > descriptions in practice is that they lack these constraints.
> >
> > YANG extensions are a practical way to introduce validation concepts not
> > feasible to express with YANG and XPath. Here are some examples:
> > + Constraints on compatible colors in an optical YANG model (Not
> expressive
> > enough)
> > + Constraints on configured paths being disjunct (Not computationally
> > efficient)
> > + Constraints on an interface being unused by all other services (Not
> > universally reusable [layer violation] if service YANG depends on device
> YANG)
>
> All these constraints are related to a particular use case but oc:pattern
> would
> really affect YANG semantics. For example:
>
> - if oc:pattern is used in a type definition, does it also apply to a
> derived
> type?
>
> - according to sec. 8.1 in RFC 7950, this must be true in all data trees:
> 'All
> leaf data values MUST match the type constraints for the leaf, including
> those
> defined in the ... "pattern" properties.' But does this also apply to
> oc:pattern?
>
> In short: I believe that the notion of validity with respect to a YANG
> schema
> should not depend on extensions as they are defined in RFC 7950. That's
> why I
> proposed the critical/core extensions, because then YANG implementations
> can
> learn that a modified YANG is assumed, and refuse to validate instances or
> at
> least warn the user that things may unexpectedly break.
>
> Lada
>
> >
> > In these cases it may not be possible or desirable to express the
> constraints
> > in YANG/XPath. It may be possible express the constraint using domain
> specific
> > extension keywords, which should be better than not expressing it at all.
> > Clients that do not understand the added keywords would still work as
> long as
> > the configurations generated are valid. Clients with domain
> understanding,
> > possibly including understanding of the extension keywords, have a better
> > chance at generating valid configurations.
> >
> > /jan
> >
> --
> Ladislav Lhotka
> Head, CZ.NIC Labs
> PGP Key ID: 0xB8F92B08A9F76C67
>
> _______________________________________________
> yang-doctors mailing list
> yang-doctors@ietf.org
> https://www.ietf.org/mailman/listinfo/yang-doctors
>

v2.23.0 | Report a Bug | By Email