Re: [yang-doctors] YANG dialects?
Ladislav Lhotka <lhotka@nic.cz> Sat, 21 December 2019 11:46 UTC
Return-Path: <lhotka@nic.cz>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BAA6120A42 for <yang-doctors@ietfa.amsl.com>; Sat, 21 Dec 2019 03:46:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Level:
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R2YM_1IZ1Qz0 for <yang-doctors@ietfa.amsl.com>; Sat, 21 Dec 2019 03:46:05 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B662C120A43 for <yang-doctors@ietf.org>; Sat, 21 Dec 2019 03:46:04 -0800 (PST)
Received: from birdie (unknown [IPv6:2a01:5e0:29:ffff:8592:b8e4:c3d4:5af6]) by mail.nic.cz (Postfix) with ESMTPSA id 7B985140E9B; Sat, 21 Dec 2019 12:46:01 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1576928761; bh=L60vHieZ9mAFXqh7dkne7t6zC0wFSuKP0VGpetEbAcc=; h=From:To:Date; b=EJaglGd2M6Qk5rKHLbw4ZLRlQeBa4a2NCOKEoTO4WG1cu126oBs+X0F8ySD5R8AeB Gum+TvcLWTdLsuJAUIMZRy+T4LJDDpi9xXLl8Z5JK8IYDhAV7Np0LLwYls6sU3jN7D im0LnhXtZULwpYi1liGMsWY/6p9S/mCPAumWETlg=
Message-ID: <8d6a45a1df5d965f772066c802c63325ba8b47c4.camel@nic.cz>
From: Ladislav Lhotka <lhotka@nic.cz>
To: Andy Bierman <andy@yumaworks.com>
Cc: Jan Lindblad <janl@tail-f.com>, YANG Doctors <yang-doctors@ietf.org>
Date: Sat, 21 Dec 2019 12:46:01 +0100
In-Reply-To: <CABCOCHTNGtpmHNQxcfS+rCu1+RX97FHkOR1hjVMG6FOR8z_4YQ@mail.gmail.com>
References: <CABCOCHTB+V6sV8hRcAC+OfseBBN=jUQnHQxzEVB_1drWhaEVXg@mail.gmail.com> <20191218.220130.545256750871048075.mbj@tail-f.com> <CABCOCHRfNrz+cNMA8ciRYGEM-7aR=S2NYJzU-t8JQ620Zs=hvQ@mail.gmail.com> <20191219.090708.1031388562992503497.mbj@tail-f.com> <MN2PR11MB4366F797234C963E23734BA1B5520@MN2PR11MB4366.namprd11.prod.outlook.com> <6684E0F3-DC49-4E94-B4FB-1109662F394D@tail-f.com> <1b398c323c72edc5970e90af06b70226b6eed755.camel@nic.cz> <18F4705E-7ECC-4698-8787-5604CDA8ED79@tail-f.com> <acf7a84b55428a3dd05bd646a518529e412f3da0.camel@nic.cz> <CABCOCHTNGtpmHNQxcfS+rCu1+RX97FHkOR1hjVMG6FOR8z_4YQ@mail.gmail.com>
Organization: CZ.NIC
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.34.2
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.101.4 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/V44u8wLLWewLTY8S7lUl7UrUSz8>
Subject: Re: [yang-doctors] YANG dialects?
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Dec 2019 11:46:07 -0000
On Fri, 2019-12-20 at 10:27 -0800, Andy Bierman wrote: > > > On Fri, Dec 20, 2019 at 6:44 AM Ladislav Lhotka <lhotka@nic.cz> wrote: > > On Fri, 2019-12-20 at 11:07 +0100, Jan Lindblad wrote: > > > Lada, > > > > > > > > > > o extension: An extension attaches non-YANG semantics to > > statements. > > > > > > > > > > > > > > This is not the case here, it is only syntactically compatible. If > > > > > > > tool A > > > > > > > says that some instance data is valid, but tool B says it isn't, > > then > > > > > > > the > > > > > > > standard is gone. > > > > > > > > > > > > > > Lada > > > > > > > > > > Of course it would be legal. It's always legal for a NETCONF server to > > > > > reject > > > > > an edit-config for no apparent reason (from a YANG perspective), so > > all > > > > > device > > > > > YANG models would still be legal if all pattern statements were > > removed, > > > > > but > > > > > the same string pattern constraints still enforced by the devices. The > > OC > > > > > group could therefore remove their pattern statements and introduce a > > YANG > > > > > extension oc:posix-pattern (or oc:go-pattern, or whatever) that gives > > a > > > > > hint > > > > > to some clients what is expected. The clients that don't understand > > this > > > > > extension would just se a rejection for no apparent reason (from a > > YANG > > > > > perspective). > > > > > > > > I strongly disagree. Why then do we have so much text about constraints, > > > > validity etc. in RFC 7950? The benefit of schema validation is that an > > > > implementation can rely on an external validator and needn't clutter the > > > > code > > > > with all kinds of input data checks. But if the validation result > > depends on > > > > whether I choose library A or B, this concept simply falls apart. > > > > > > > > Lada > > > > > > I completely agree that the device interface behavior should be exposed > > with > > > much detail in the corresponding YANG. > > > > > > Practically, however, I don't think it is reasonable to expect that every > > > little rule of the implementation is exposed. YANG isn't expressive enough > > to > > > cover everything. And actually, there are sometimes cases where I advise > > not > > > to add as many constraints into the model as technically possible by the > > YANG > > > language. Half-a-page long XPath expressions may detract sharply from > > > readability, performance and universality. Implementation details may > > start to > > > leak into the interface. > > > > I understand this but I guess the problem is opposite: A server developer > > uses a > > YANG library for validating config before applying it. If an implemented > > module > > contained say > > > > oc:pattern '^x[123]$'; > > > > the developer might think that this constraint is checked by the library and > > take it for granted. But if the library in fact silently ignores the oc: > > extension, then arbitrary strings will be accepted and can do all kinds of > > nasty > > things. > > > > > But this is not the openconfig solution. I know, but if you look back in this thread, Martin stated (and Jan later supported) that the above "oc:pattern" extension would be legal, and I have been arguing with that. Of course, I do agree that it would still be much better than the existing situation. Lada > The oc-ext:regext-posix extension is much worse that this oc:pattern (does it > exist?) > It can be ignored by the compiler, which of course is unaware that pattern- > stmt > is not the YANG-defined pattern syntax. They have already added this > module-level extension to all modules, so problem solved (they think). > > I do not agree that the pattern-stmt is somehow "close to the implementation" > and therefore one cannot expect it to work on all servers the same way. > All YANG constraints are supposed to produce the same client results, even > if they are not implemented the same way on each server. > > There is a proper way to use YANG extensions to annotate the model > with implementation details. Writing YANG modules so they only > work for 1 organization or only work if the server is written in a particular > language > is not the proper way. > > There is no way to fix this correctly in YANG 1.1. > A new language version with new statements is needed to force all tools > to support any new pattern syntax. > > Andy > > > > > > > There are also operational aspects to consider, such as a device running > > out > > > of memory at some point. A client therefore has to be prepared that an > > edit- > > > config may be refused for no apparent reason. There is no text in the RFC > > > stating that the YANG constraints in a module must be complete, even if I > > > regard that as a goal. One reason UML models tend to be useless as > > interface > > > descriptions in practice is that they lack these constraints. > > > > > > YANG extensions are a practical way to introduce validation concepts not > > > feasible to express with YANG and XPath. Here are some examples: > > > + Constraints on compatible colors in an optical YANG model (Not > > expressive > > > enough) > > > + Constraints on configured paths being disjunct (Not computationally > > > efficient) > > > + Constraints on an interface being unused by all other services (Not > > > universally reusable [layer violation] if service YANG depends on device > > YANG) > > > > All these constraints are related to a particular use case but oc:pattern > > would > > really affect YANG semantics. For example: > > > > - if oc:pattern is used in a type definition, does it also apply to a > > derived > > type? > > > > - according to sec. 8.1 in RFC 7950, this must be true in all data trees: > > 'All > > leaf data values MUST match the type constraints for the leaf, including > > those > > defined in the ... "pattern" properties.' But does this also apply to > > oc:pattern? > > > > In short: I believe that the notion of validity with respect to a YANG > > schema > > should not depend on extensions as they are defined in RFC 7950. That's why > > I > > proposed the critical/core extensions, because then YANG implementations can > > learn that a modified YANG is assumed, and refuse to validate instances or > > at > > least warn the user that things may unexpectedly break. > > > > Lada > > > > > > > > In these cases it may not be possible or desirable to express the > > constraints > > > in YANG/XPath. It may be possible express the constraint using domain > > specific > > > extension keywords, which should be better than not expressing it at all. > > > Clients that do not understand the added keywords would still work as long > > as > > > the configurations generated are valid. Clients with domain understanding, > > > possibly including understanding of the extension keywords, have a better > > > chance at generating valid configurations. > > > > > > /jan > > > -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67
- Re: [yang-doctors] YANG dialects? Mahesh Jethanandani
- [yang-doctors] YANG dialects? Andy Bierman
- Re: [yang-doctors] YANG dialects? Martin Bjorklund
- Re: [yang-doctors] YANG dialects? Andy Bierman
- Re: [yang-doctors] YANG dialects? Martin Bjorklund
- Re: [yang-doctors] YANG dialects? Ladislav Lhotka
- Re: [yang-doctors] YANG dialects? Schönwälder
- Re: [yang-doctors] YANG dialects? Rob Wilton (rwilton)
- Re: [yang-doctors] YANG dialects? Ebben Aries
- Re: [yang-doctors] YANG dialects? Jan Lindblad
- Re: [yang-doctors] YANG dialects? Rob Wilton (rwilton)
- Re: [yang-doctors] YANG dialects? Schönwälder
- Re: [yang-doctors] YANG dialects? Ladislav Lhotka
- Re: [yang-doctors] YANG dialects? Jan Lindblad
- Re: [yang-doctors] YANG dialects? Ladislav Lhotka
- Re: [yang-doctors] YANG dialects? Andy Bierman
- Re: [yang-doctors] YANG dialects? Jan Lindblad
- Re: [yang-doctors] YANG dialects? Ladislav Lhotka
- Re: [yang-doctors] YANG dialects? Andy Bierman