Robert Wilton <rwil...@cisco.com> writes: > Hi Lada, > > I think that requirement 1D is fairly key to what is being asked for > here to allow both the user and system to easily relate between what the > operator desires and what configuration the system is actually using,
In a way, system-controlled interfaces are default entries in the interface list - and the system can certainly be using interfaces with no configuration installed by NETCONF/RESTCONF clients. > so I wouldn't be particularly keen on loosening this requirement. OK, but then IMO this intended-applied dualism is of limited utility. For many systems or services, asynchronicity is not an option, or isn't important. > > For the ACL example: > Would it be feasible to change the ACL module to use a leafref to the > interface name, with the added constraint that you have to at least > configure the existence of an interface before you can have any > configuration referring to it? Well, yes, that's how it is supposed to be done now - also, for example, for stacking interfaces as in Appendix B of RFC 7223. It is not only extra work: the interface list can be locked, so it may not be possible to immediately create a dummy interface entry and, consequently, an ACL rule with that interface cannot be configured. In this sense, using a string rather than a leafref looks like a reasonable choice. As Martin pointed out, with YANG 1.1 it would be possible to refer to an interface entry in state data from configuration. On the other hand, with "require-instance false" validation won't detect errors in ACL configuration such as referring to a non-existent interface. Lada > > Thanks, > Rob > > > On 07/01/2016 10:20, Ladislav Lhotka wrote: >> Hi, >> >> a good use of applied configuration could be to formalize the concept of >> system-controlled entries as defined in RFC 7223, routing-cfg, and probably >> elsewhere, too. >> >> My idea is that system-controlled interfaces or other entries would appear >> in applied configuration, but not in intended configuration until something >> needs to be really configured. We could then permit leafrefs from intended >> configuration to refer to leafs in applied configuration. One case where >> this would be useful is the ACL module, where match conditions refering to >> interfaces currently have to use plain strings as references to interface >> names. >> >> However, the above idea seems to be at odds with requirement 1D in >> opstate-reqs-02. I wonder: could that requirement be relaxed or removed so >> that the above use case can be supported? >> >> Thanks, Lada >> >> -- >> Ladislav Lhotka, CZ.NIC Labs >> PGP Key ID: E74E8C0C >> >> >> >> >> _______________________________________________ >> netmod mailing list >> netmod@ietf.org >> https://www.ietf.org/mailman/listinfo/netmod >> . >> > -- Ladislav Lhotka, CZ.NIC Labs PGP Key ID: E74E8C0C _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
