> Barbara
>
> Top posting a slightly different question.
>
> Belatedly doing my homework, I see that not all the NULL are uint16. One,
> next-hop, is ip-address. We have the options discussed for uint16 but could
> also
> use zero (or some other value) to mean NULL. Zero is of course the way the
> default is commonly represented.
>
> How is this handled in TR-181? How would you like it handled in YANG?
>
> Tom Petch
Hi Tom,
In discussion with Mahesh, he has indicated preference for union with a "null"
enumeration to handle the uint16 cases. He's also indicated he would prefer to
do that for the ip-address.
I see the YANG ip-address type is a union of ipv4-address and ipv6-address
types, both of which are strings.
In BBF, there is the IPAddress datatype which is a string(45) with IPv4 and
IPv6 formats allowed. There are also IPv4Address and IPv6Address datatypes that
are defined as derivatives of the IPAddress datatype. An empty string is used
for "unspecified or inapplicable addresses". Strings, unlike ints, have the
luxury of being empty.
I'm perfectly fine with Mahesh's choice to use the union with a "null" enum in
all cases. It seems like a good solution.
Thx,
Barbara
> From: netmod <netmod-boun...@ietf.org> on behalf of tom petch
> <ie...@btconnect.com>
> Sent: 15 September 2021 10:04
>
> From: netmod <netmod-boun...@ietf.org> on behalf of Jürgen Schönwälder
> <j.schoenwael...@jacobs-university.de>
> Sent: 15 September 2021 00:53
>
> On Wed, Sep 15, 2021 at 01:01:11AM +0200, Carsten Bormann wrote:
> > > If BBF already
> > > defined to use -1, so be it.
> >
> > That works for me and is consistent with the information model in 9046.
> >
> > What I find not so great is the side effect of going from uint16 to int32.
> >
> > I don't see a big difference between
> > Optional-uint16 = uint16 / -1
> > and
> > Optional-uint16 = uint16 / empty
> >
> > I do not like
> >
> > Optional-uint16 = int32
>
> YANG leaves the bits business to the encodings. In YANG, you can of
> course use
>
> type int32 { range -1 | 0..65535 }
>
> and then its left to the encodings. Im XML/JSON, -1 is 16 bits and
> 65535 is 40 bits - and the name of the leaf is likely worse. I am too
> lazy to lookup what the CBOR encoding would do with the range...
>
> <tp>
>
> I am with Juergen here, and in a previous post, that if that is the way it is
> done in
> BBF, then that is a compelling reason to do the same.
>
> Also, you can create a typedef for it, in one place in the model with a
> description, both in the YANG and in the body of the I-D, and then use that
> type
> in all the places that it applies, which, for me, makes for a clearer, easier
> to
> understand model.
>
> I suggested boolean but agree that it is clumsy, not quite right (although I
> have
> seen it somewhere). I suggested choice/case because that is what others do
> but
> as before, following BBF is a more compelling argument.
>
> It also addresses the problem of access control making it a challenge to know
> what is going on. The one leaf, the one object, you get it or you do not.
> Simple!
>
> And if you want to save bits, then YANG is not for you; the design aim was
> text
> that anyone could read anywhere; if you want to save bits, then you need a
> compact binary representation:-)
>
> Tom Petch
> (who is on European time)
>
> > > The alternative is to not
>
> instantiate the leaf if there is no value
> > > and to accept that a client can't tell the difference between 'there
> > > is no value' and 'the value has been suppressed by authorization'.
> >
> > Interesting. I wasn't aware that this cannot be distinguished in YANG.
>
> I have to correct what I wrote. Its the leaf that is suppressed, not
> the value.
>
> In XML, if <foo/> does not exist, the client gets nothing. If <foo/>
> does exist (and it's value is empty in this example) and authorization
> rules say 'don't tell the client', the client gets nothing. A client
> not getting <foo/> can't decide whether there is no <foo/> because
> <foo/> does not exist or authorization prevented access to <foo/>.
>
> Authorization is not part of YANG. NACM started as an extension to
> NETCONF in order to control access to data. Initially the acronym NACM
> expanded to the 'NETCONF Access Control Model', RFC 6536. The revised
> NACM also works with RESTCONF (and likely other protocols) and hence
> the acronym now expands to the 'Network Configuration Access Control
> Model', RFC 8341.
>
> > But an "empty" would be present if it is chosen, no?
>
> You grant or restrict access to <foo/> and it does not matter what
> type <foo/> has or which value <foo/> has (if it is a leaf) or whether
> <foo/> is the root of a deeply nested tree (if it is a container). If
> a client has no permissions to read <foo/>, then <foo/> is silently
> omitted.
>
> Things are different if a client attempts to create/write/delete
> <foo/>, in this case the client will get an explicit authorization
> failure error. For the details, see RFC 8341.
>
> /js
>
> --
> Juergen Schoenwaelder Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
> Fax: +49 421 200 3103
> <https://urldefense.com/v3/__https://www.jacobs-
> university.de/__;!!BhdT!0lzj-
> SsD4F_BXA2xA1cZKG6UywIiSir64JMs2nHWe4NhV6ltLH2pt1EFLdoxAw$ >
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/netmod__;
> !!BhdT!0lzj-
> SsD4F_BXA2xA1cZKG6UywIiSir64JMs2nHWe4NhV6ltLH2pt1Ew7T22Pw$
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/netmod__;
> !!BhdT!0lzj-
> SsD4F_BXA2xA1cZKG6UywIiSir64JMs2nHWe4NhV6ltLH2pt1Ew7T22Pw$
_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
