IETF Logo Mail Archive

Re: [yang-doctors] Yangdoctors early review of draft-ietf-opsawg-mud-08

Kent Watsen <kwatsen@juniper.net> Fri, 25 August 2017 13:57 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02F8C1326EC; Fri, 25 Aug 2017 06:57:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level:
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vCTP-mCHN_us; Fri, 25 Aug 2017 06:57:23 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0100.outbound.protection.outlook.com [104.47.38.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E40B13238E; Fri, 25 Aug 2017 06:57:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/pT4qFWcSsgTD/2QfPQ098SFe5bT5btbQa9XiBCuOeQ=; b=kBwHSj9VbnaZAq5/l5sLFA4uhJIckF6nyMFIS+6mNIh5lva+pjnmcoDxQ+BH3V1YkImOlwbMZzqgy029MZYh2bbxLZPao12JW5z3rkNmUvnhsG8W+Rgbjbxbp8CcIkX9YZDEK2J1+REIkdLWcQ/IxbZfC1TBWRuiO/Fxt+f+Qok=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1188.namprd05.prod.outlook.com (10.160.113.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.13.2; Fri, 25 Aug 2017 13:57:21 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.20.0013.005; Fri, 25 Aug 2017 13:57:21 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Eliot Lear <lear@cisco.com>, Andy Bierman <andy@yumaworks.com>, Martin Bjorklund <mbj@tail-f.com>
CC: "draft-ietf-opsawg-mud.all@ietf.org" <draft-ietf-opsawg-mud.all@ietf.org>, YANG Doctors <yang-doctors@ietf.org>
Thread-Topic: [yang-doctors] Yangdoctors early review of draft-ietf-opsawg-mud-08
Thread-Index: AQHTG0vqpYVdM6T1UkmxTgNqWPFBt6KRlv6AgACU1wCAArbBgP//9+cA
Date: Fri, 25 Aug 2017 13:57:21 +0000
Message-ID: <9DC534F4-5510-49F3-AA73-752CB1222343@juniper.net>
References: <150340909415.6001.14045177084948571272@ietfa.amsl.com> <20170823.100659.305891042923397070.mbj@tail-f.com> <CABCOCHQznpgCYssekPz+-EjST13tisrdeuv_k6PppW0XpONA0w@mail.gmail.com> <76b23cb9-b174-c561-dee6-ad625e228fe8@cisco.com>
In-Reply-To: <76b23cb9-b174-c561-dee6-ad625e228fe8@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1188; 6:zHmfwv8fPgtpO/z4NR1G9bAWWiImPrEn0I1ebC8QAacgKrQkt5T7RO9TnTc5SpAOiWlk+yBSeLNAZ45J8yHVcJkUyG0zGbQz+agvr77xzxhsXv83B6NMOtfhy4EexvOK16zT13Dp0Egc273rK03sI0KVsm83SbqeZcyIu0MKDxgvqD/xGtJyiQ09aPcWemzYyWnZGVKqAJtT9F4fgoruMzexbkX9I4B36u7HoZsDFvTm4HuQZ6KT9T8YnPYScUuVT/nwjmJo769FqvD223xm7nlYlwJ7hRx93Bk/j5mYeFGlL5o1brlrvkVutpf9tVafrJzjwO2Gd5/qtHncTOXVqg==; 5:1SOeEMAkUqW184wRW+uabnxkF/DQ+1I89HCQRMzYo0nK/tfD52RtBKs/YOCpjQqpW4HTcZ2vocnqMnomIRliEk33iBgQklEE32+adDEoDxPMyLEn/wefLm5mwFcJK6xJ55Gz5SMfDFQ8u9iJLL2f3A==; 24:Uok7QRiWBgH8pqWu6P2Ha8vHFI4af9EyYbnKDvboGtqqNZmZvX+ew3qNOw8Q6pKhBD3KGKtz9gPTddTSXNDq0Ymk4jo3619CswOPadq4qj8=; 7:QkoPay+nRJw9l4DRWtbRr4cZyFDWPTyR/T3Og87fwtbMZ3MSw7JAwopz+gDTTiI+7JWfR888tt4xrJEKmV8v+bHtIzXefCDIGv1fPyk8GckWbtudWX9XYpRc8gbCHH5SkhVRXc4wH+W9pfM7MplUiSAhfV2cc3aDL6k/wddV5jHzcqYxnkuUIyd2fSFchhiGxh5SPe1p1bOyW213WjUX4ne95NutcZ9N87SyC0Xod08=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 797192e9-1705-4044-a997-08d4ebc13504
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(300000503095)(300135400095)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN3PR0501MB1188;
x-ms-traffictypediagnostic: BN3PR0501MB1188:
x-exchange-antispam-report-test: UriScan:(158342451672863)(95692535739014)(21748063052155);
x-microsoft-antispam-prvs: <BN3PR0501MB11880AD84B6EFCE3859B5F9FA59B0@BN3PR0501MB1188.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1188; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1188;
x-forefront-prvs: 041032FF37
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(189002)(199003)(24454002)(377454003)(25786009)(106356001)(2900100001)(82746002)(105586002)(8936002)(4001350100001)(33656002)(2950100002)(5660300001)(478600001)(102836003)(3846002)(77096006)(6486002)(6506006)(68736007)(101416001)(6116002)(6436002)(14454004)(4326008)(3280700002)(230783001)(236005)(3660700001)(6512007)(54896002)(6306002)(53936002)(81166006)(81156014)(229853002)(54906002)(99286003)(36756003)(6246003)(2906002)(8676002)(83716003)(97736004)(86362001)(66066001)(189998001)(54356999)(50986999)(76176999)(93886005)(83506001)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1188; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kwatsen@juniper.net;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_9DC534F4551049F3AA73752CB1222343junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Aug 2017 13:57:21.5858 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1188
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/dB6tOoSI6_cIW-KLDXTTZVkEfkI>
Subject: Re: [yang-doctors] Yangdoctors early review of draft-ietf-opsawg-mud-08
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Aug 2017 13:57:26 -0000

1. can they? yes.  is it a valid instance document? no.

2. you mean the "mud" *container*, right?  Is it legal? maybe. RFC 8040 doesn't preclude it and, obviously, if it doesn't exist, then no one's going to generate a yang-data file for it.

K.


On 8/25/17, 6:26 AM, "yang-doctors on behalf of Eliot Lear" <yang-doctors-bounces@ietf.org<mailto:yang-doctors-bounces@ietf.org> on behalf of lear@cisco.com<mailto:lear@cisco.com>> wrote:


Hi Andy and other doctors,

Following up on your note, I have been discussing with a few people how exactly to encode stuff.  Below please find something of a strawman.  As currently structured, in a MUD file there would be two root level objects: a mud-artifact and a list of access-lists.  I have a few questions:

  1.  Can both of these two objects, one of them being defined within rc:yang-data and another not, be represented in the same JSON file as two root level objects?
  2.  In anticipation that someone might someday want to have this information expressed by a NETCONF server, I ponder still making the "mud" module below a presence container.  Is that legal/advisable within the context of rc:yang-data?
Thanks much,

Eliot

pyang --strict --lint --ietf --tree-print-yang-data -f tree ietf-mud.yang

module: ietf-mud

  augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches:

    +--rw mud-acl

       +--rw manufacturer?        inet:host

       +--rw same-manufacturer?   empty

       +--rw model?               string

       +--rw local-networks?      empty

       +--rw controller?          inet:uri

       +--rw my-controller?       empty

  augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:tcp-acl:

    +--rw direction-initiated?   direction

  yang-data:

  mud-artifact

      +---- mud

         +---- mud-url               inet:uri

         +---- last-update           yang:date-and-time

         +---- cache-validity?       uint8

         +---- masa-server?          inet:uri

         +---- is-supported?         boolean

         +---- systeminfo?           inet:uri

         +---- extensions*           string

         +---- from-device-policy

         |  +---- access-lists

         |     +---- access-list* [acl-name acl-type]

         |        +---- acl-name    -> /acl:access-lists/acl/acl-name

         |        +---- acl-type    identityref

         +---- to-device-policy

            +---- access-lists

               +---- access-list* [acl-name acl-type]

                  +---- acl-name    -> /acl:access-lists/acl/acl-name

                  +---- acl-type    identityref

v2.23.0 | Report a Bug | By Email