On Sat, May 3, 2014 at 2:23 AM, Juergen Schoenwaelder < [email protected]> wrote:
> On Fri, May 02, 2014 at 10:33:37AM -0700, Andy Bierman wrote: > > > > I imagine I2RS will be completely separate from NETCONF and it > > > should have its own datastore -- so "i2rs-config" is appropriate > > > because I2RS is the only protocol using that datastore. The > > > combined "operational state" is not editable. > > Separate datastore, yes. Is it a config datastore? I thought no. The > name "i2rs-config" seems to imply that so I am confused. Perhaps you > should simply call it "i2rs" datastore. > > > That copy-to-local-config feature would be extra, outside the scope of > the > > i2rs-config. > > IMO, the i2rs-config datastore has these properties: > > - editable with I2RS using the I2RS owner-priority access control > model > > - only field validation; YANG datastore validation is ignored, > > except for mandatory=true|false and min/max-elements > > - data is never saved across a reboot; never saved to NV-storage like > > NETCONF config > > - data does not time out; The system or external I2RS client must > remove > > any data > > to cleanup > > - the system uses the priority values to determine if local-config or > > i2rs-config > > wins wrt/ operational values; the system must install the correct > > config if > > priorities change > > With all this, I am not sure how copy to local config will work. You > will then likely get all the validation errors and there may be > interesting access control issues with it. I also do not know what the > "I2RS owner-priority access control model" really is. Where are the > priority values that control whether the running configuration > datastore or the i2rs datastore value is taken? May I presume that > this is configured in the configuration datastore (e.g. there is going > to be a YANG data model to configure the priority rules)? > > I was not defining something out of scope for I2RS. That is up to the vendor implementing this extension. Obviously the YANG validation rules are not ignored for config=true nodes. I2RS uses its own access control, not NACM. You ask about minor details of a protocol that has not been written yet. The priorities are set somehow. (I am not convinced the trivial I2RS priority scheme will actually work -- using 1 numeric value for all of local-config. It seems like the priority could be data-dependent.) /js > > Andy
_______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
