IETF Logo Mail Archive

Re: [yang-doctors] Yangdoctors early review of draft-ietf-opsawg-nat-yang-06

<mohamed.boucadair@orange.com> Mon, 13 November 2017 07:08 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5E5D12948F; Sun, 12 Nov 2017 23:08:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.398
X-Spam-Level:
X-Spam-Status: No, score=-5.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kozaBWclIePp; Sun, 12 Nov 2017 23:08:01 -0800 (PST)
Received: from orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E7281200C1; Sun, 12 Nov 2017 23:08:00 -0800 (PST)
Received: from opfednr04.francetelecom.fr (unknown [xx.xx.xx.68]) by opfednr24.francetelecom.fr (ESMTP service) with ESMTP id D35BF403C4; Mon, 13 Nov 2017 08:07:58 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.75]) by opfednr04.francetelecom.fr (ESMTP service) with ESMTP id ACA3C40068; Mon, 13 Nov 2017 08:07:58 +0100 (CET)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILMA4.corporate.adroot.infra.ftgroup ([fe80::65de:2f08:41e6:ebbe%18]) with mapi id 14.03.0361.001; Mon, 13 Nov 2017 08:07:58 +0100
From: mohamed.boucadair@orange.com
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "draft-ietf-opsawg-nat-yang.all@ietf.org" <draft-ietf-opsawg-nat-yang.all@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Yangdoctors early review of draft-ietf-opsawg-nat-yang-06
Thread-Index: AQHTT09nb4Xo03k7b0eBVGOEwFdqM6L8ajgAgAAc3gCAARxwQIABnpyAgAgbCICACp8/4A==
Date: Mon, 13 Nov 2017 07:07:57 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93300A07763D@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <150912805550.22087.2939629492652644040@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93300A060DB1@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <20171030162210.ni72dxxmc45o3cak@elstar.local> <787AE7BB302AE849A7480A190F8B93300A063187@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <20171101100409.n6sycvnj5km4jrdk@elstar.local> <787AE7BB302AE849A7480A190F8B93300A07212C@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93300A07212C@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.6]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/HIzM6ok8zi7dttUM6P2rFzSwyBE>
Subject: Re: [yang-doctors] Yangdoctors early review of draft-ietf-opsawg-nat-yang-06
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 07:08:04 -0000

Hi Juergen, all, 

An updated version integrating your comments is available online: 
https://datatracker.ietf.org/doc/draft-ietf-opsawg-nat-yang/ 

Major changes are: 
- use of features
- remove the logging configuration parameters 
- update the security section
- add a section to discuss the relationship with the NAT MIB
 
Cheers,
Med

> -----Message d'origine-----
> De : mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com]
> Envoyé : lundi 6 novembre 2017 15:58
> À : Juergen Schoenwaelder
> Cc : yang-doctors@ietf.org; draft-ietf-opsawg-nat-yang.all@ietf.org;
> opsawg@ietf.org
> Objet : RE: Yangdoctors early review of draft-ietf-opsawg-nat-yang-06
> 
> Hi Juergen,
> 
> Thank you for the follow-up and for the suggestions.
> 
> I made the following changes to address your comments:
> 
> - Revert back to the use of features.
> - Leave out the logging container for a future extension.
> - Remove the "VRF" part from the module, but maintain an extensible design
> to easily support VRF in the future.
> 
> FWIW, the updated version of the module which integrates those comments is
> available at:
> https://github.com/boucadair/draft-ietf-opsawg-nat-yang/blob/master/ietf-
> nat%402017-11-06.yang
> 
> Unless you have any further comment, I'm planning to submit this version
> early next week.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de]
> > Envoyé : mercredi 1 novembre 2017 11:04
> > À : BOUCADAIR Mohamed IMT/OLN
> > Cc : yang-doctors@ietf.org; draft-ietf-opsawg-nat-yang.all@ietf.org;
> > opsawg@ietf.org
> > Objet : Re: Yangdoctors early review of draft-ietf-opsawg-nat-yang-06
> >
> > On Tue, Oct 31, 2017 at 09:55:46AM +0000, mohamed.boucadair@orange.com
> > wrote:
> > > > >  That said, there are a number of details where I doubt
> > > > > > the model is correct and things where I believe things are
> > incomplete.
> > > > > > Given that there are many different NAT functions, I also
> expected
> > to
> > > > > > see usage of YANG features.
> > > > >
> > > > > [Med] We used to make use of "features", but there was a comment
> > during
> > > > the WG call for adoption that requested us to make use of
> identities,
> > > > instead.
> > > >
> > > > But these are not the same thing.
> > >
> > > [Med] You are right. Sorry for not being clear.
> > >
> > > What I meant is that the module used, for example, "if-feature nat64"
> > and so on to refer to NAT flavors. We replaced those with "when"
> > statements that points to the actual capabilities of an implementation.
> > > Another change we made, is that we used to have "Boolean" to indicate
> > the support of a given tarnation scheme (e.g., nat64-support, nat44-
> > support), but we updated those to make use of identities.
> >
> > I do not recall having seen these when expressions. But even if there
> > were when expressions, this does not the same as features. A when
> > expression puts a constraint on a valid configuration, a feature
> > expresses that not all parts of a model may be implemented. This is
> > implementation time partitioning vs. configuration time partitioning.
> >
> > >  If I am not a nat64, then apparently
> > > > several objects to not apply to me.
> > >
> > > [Med] Yes. We tried to cover this by "when" statements.
> > >
> > >  This is what features allow you to
> > > > express. Perhaps someone wanted identities for something different,
> I
> > > > do not know. I think it is reasonable to assume that not all NAT
> > > > implementations will support all types of NATs that the model
> supports
> > > > and hence the model should reflect this.
> > > >
> > >
> > > [Med] The module indicates what a given implementation has to support
> > based on its capabilities. This is handled by means of "when"
> statements.
> >
> > This seems to be a mis-understanding of what when expressions do. See
> > above for the explanation.
> >
> > > > > > - What is the vrf-routing-instance identity good for?
> > > > >
> > > > > [Med] This is used to bind a NAT function to an external VRF
> routing
> > > > instance. Please check https://www.ietf.org/mail-
> > > > archive/web/opsawg/current/msg05117.html
> > > > >
> > > >
> > > > I very much doubt that an identity identifies a VRF instance. I am
> not
> > > > questioning the need to identify a VRF, I am questioning that the
> > > > solution put in place achieves this.
> > >
> > > [Med] Thank you for clarifying. This is actually a good point. The
> > options we considered are as follows:
> > >
> > > (1) Use an Identity to avoid struggling with semantics of how a VRF
> can
> > be defined.
> > > (2) Point to draft-ietf-rtgwg-ni-model, likely (?) as a normative
> > reference.
> > > (3) Remove the VRF thing from the draft; future extensions can be
> > defined.
> > >
> > > Given that "VRFs" are not required for all NATs and some reviewers
> asked
> > to add VRFs in addition to interfaces, we went for option (1). Having a
> > dependency on a YANG module under development is not justified for all
> > implementations.
> > >
> >
> > But (1) is broken as far as I can tell. You either work out with the
> > routing guys how to properly refer to a VRF or you better leave this
> > out.
> >
> > > > If leafs are not configurable, then they should be config false.
> > >
> > > [Med] I will revert config to false as we used to have in previous
> > versions. As I said earlier, pyang will cry. I don't know how to fix
> that

v2.23.0 | Report a Bug | By Email