[CC-ing NETMOD, as I think this discussion belongs on that list...please consider removing NETCONF in your reply]
Hi Qiufang, > Hi, Kent: > Thanks for kicking off some discussion around this draft. Please see my reply > inline. I'm interested in this work, as it seems as if the <system> datastore was left out of the NMDA work. > 1) I wish there were more examples, especially for "resource-independent” > configuration. I understand well enough "resource-dependent" (dynamic) > configuration, but am unclear about what all "resource-independent” entails. > By example, JUNOS has a concept called “JUNOS defaults”, which is effectively > read-only and hidden-by-default configuration that, most times, must be > referenced in order to take effect. For instance, check the examples > halfway down this page: > https://nextheader.net/2016/06/10/junos-defaults-group > <https://nextheader.net/2016/06/10/junos-defaults-group>. Is this similar to > what you have in mind? > [Qiufang Ma] Yes. Physical-resource-independent system configuration is > generated when the device is powered on and has nothing to do with the > physical resource. Loopback interface may be the most common > physical-resource-independent system configuration. To my knowledge, many > vendors ((e.g., Huawei NE40E and Cisco IOS XR) will provide several > predefined user groups and/or task groups which are used for authentication, > authorization and accounting (AAA) services. Since these configurations are > provided by the device/system, they could be treated as system > configuration. I think your information about the predefined hidden > configuration group which contains preconfigured values should also be > treated the same. > More examples about system configurations would be worked on and added in > the next version of the draft.:) Right, the loopback interface is a common example but, more generally, I think "resource-independent” configuration might fall into exactly two categories: 1) config that is “applied” immediately - ex: interfaces/lo0/unit 0/family [ inet inet6 ] - ex: system/login/password/minimum-length=6 - ex: system/ports/console-type=vt100 - ex: system/syslog/archive-size=256k; - ex: chassis/cluster/fabric-monitoring/heartbeat-interval=1000; - ex: security/zones/security-zone/junos-host; - ex: security/alg/sip/inactive-media-timeout=120; 2) config that is “applied” only after being referenced by other config (e.g., ACLs) - ex: applications/ftp/… - ex: applications/tftp/... - ex: applications/smtp/… - ex: utm/custom-objects/Adult_Material/... - ex: utm/custom-objects/Religion/... - ex: utm/custom-objects/Gambling/… It would be good if we could determine if there are any other "resource-independent” configuration categories here. As for "resource-dependent” configuration, I wonder how this is supposed to work…more specifically, I wonder to what extent the IETF needs to care how if works (perhaps the same could be said for "resource-independent” configuration too). For instance, in JUNOS, there exists a config-template that is automatically applied to any user-defined interface, such as: junos-default-profile { interfaces { "$junos-interface-ifd-name" { unit "$junos-underlying-interface-unit" { family inet; family inet6; } } } } Notably, RFC 8342 mentions templates as something that might be expanded when converting <running> to <intended>. Actually, knowing that it is <intended> that is subject to validation, it seems that much (if not all) of <system> should be consumed when converting <running> to <intended> - agreed? > 2) Please treat NETCONF and RESTCONF equally. Currently the draft speaks > only to how it impacts NETCONF, but it should equally show how RESTCONF in > impacted. > [Qiufang Ma] Thanks for bringing it to my attention, I would take RESTCONF > into consideration and see how the proposal works on RESTCONF. It will work nearly transparently, if not completely so. What you need to do, mostly, is search/replace “NETCONF” —> “YANG-driven management protocols such as NETCONF and RESTCONF” …and also “…The following example is provided using NETCONF, but could just as easily be provided using RESTCONF, in XML or JSON.” Alternately, and perhaps better, have a mix of both kinds of examples throughout your document. > 3) The “basic mode” term sounds too close to the “with-defaults” basic > modes...can we please pick another name (e.g., > system-datastore-operating-mode)? > [Qiufang Ma] Yes, agree. Actually we don’t really want to cause any confusion > or misunderstandings. This term controls whether the device will update > <running> with system configuration change or not. > Your proposal looks good to me, other suggestions are also welcome here. Ack. > Regarding your question below I don’t feel ready to comment on it yet. I do > understand the JUNOS model and, if it is compatible, would recommend > considering, as it is implemented and seems to be working well enough. That > said, it might be the case that every vendor has defined their own way and > each needs to be documented in turn... > [Qiufang Ma] The issue we try to resolve here is that in order for system > configurations being referenced or to make sure a successful validation when > the system configuration is in the when/must statement, the system > configuration must be retrieved from <operational> firstly and then copied > into <running> manually, which is cumbersome. In this case, we would like to > define some kind of mechanism to synchronize system configuration into > <running>. Currently two system configuration data handling modes are > specified. One will update <running> with any system configuration change > automatically, and the other will not, so that the implementer may choose the > mode more suitable for them. Hopefully this clarifies what we try to do. > Please feel free to comment or suggest. I’m beginning to think that: auto-copying into <running> is likely never a good idea, because it violates the definition of <running> having in <operational> doesn’t make sense, since the tweaks wouldn’t go thru <running> --> <intended> validation. I’m wondering if a model like below would work for everyone - thoughts? +-------------+ +-----------+ | <candidate> | | <startup> | | (ct, rw) |<---+ +--->| (ct, rw) | +-------------+ | | +-----------+ | | | | | +-----------+ | +-------->| <running> |<--------+ | (ct, rw) | +-----------+ | +----------+ | // configuration transformations, | <system> |-------------->| // e.g., removal of nodes marked as | (ct, ro) | // underlay | // "inactive", expansion of +----------+ | // templates v +------------+ | <intended> | // subject to validation | (ct, ro) | +------------+ | // changes applied, subject to | // local factors, e.g., missing | // resources, delays | dynamic | +-------- learned configuration configuration | +-------- system configuration datastores -----+ | +-------- default configuration | | | v v v +---------------+ | <operational> | <-- system state | (ct + cf, ro) | +---------------+ > Best Regards, > Qiufang Ma K. // contributor
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
