Re: [Anima] how to process RFC8791 examples

[mohamed.boucadair]

Hi Michael, 

You should run it with "--tree-print-structures".

Cheers,
Med

> -Message d'origine-
> De : Anima  De la part de Michael
> Richardson
> Envoyé : jeudi 24 novembre 2022 00:31
> À : net...@ietf.org
> Cc : anima@ietf.org; mbj+i...@4668.se; a...@yumaworks.com
> Objet : [Anima] how to process RFC8791 examples
> 
> 
> Hi, I've been looking at how to move RFC8366 from YANG-
> DATA/RFC8040 to RFC8791.
> I think that maybe we can solve the multiple inclusion/derivation
> problem in
> 8791 space rather than 8040 space.
> 
> I extracted the A.1. "structure" Example to a file and ran:
>pyang
>--path=.../yang/modules/ietf
>-f tree --tree-print-groupings example-module.yang
> 
> and I get nothing out, because that example module doesn't
> actually express something, just defines a structure.
> At least, that's what I think. Maybe I'm doing it wrong.
> 
> I look back at what I did with draft-ietf-core-sid, and actually I
> don't see any clear difference.  So how do I get the tree
> structure printed from the examples in RFC8791?
> 
> --
> Michael Richardson. o O ( IPv6 IøT
> consulting )
>Sandelman Software Works Inc, Ottawa and Worldwide
> 
> 
> 


_

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.

___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

[Anima] sids not allocated for sx_structure/RFC8791.

[Michael Richardson]

Hi, if you haven't seen my thread on how ANIMA can do extensions for YANG
modules, then please go read:
  https://mailarchive.ietf.org/arch/msg/netmod/1z7qo_6kZ0aTZmXeU4ELuwt-Rxo/

Maybe I've found a solution at the YANG level, but at the SID level, it's
worse.
a) No SID values get allocated to any leaves.
b) A module SID value for B,C,D are created, and the old ones removed, which
is wrong.
c) New SID files are being created, despite having specified the 
--sid-update-file.

This is probably not a bug in the ietf-core-sid specification, or in the
RFC9254 that we published, but in the PYANG tool.

However: https://github.com/mbj4668/pyang/issues/716 there was some
confusion, but it seems that SIDs were generated for groupings.
I don't know if I need to re-introduce deeper groupings, I don't think so.

I have opened:
https://github.com/mbj4668/pyang/issues/835








--
Michael Richardson. o O ( IPv6 IøT consulting )
   Sandelman Software Works Inc, Ottawa and Worldwide






signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] [netmod] mcr's YANG question raised during the ANIMA WG session

[Michael Richardson]

I have taken a third pass at getting the extension of yang modules done.
This time, I am using RFC8791 (Structure), rather than YANG-DATA.
I do not use Augment (or structure-augment).  Not sure how I would.

My module D, which wants to inherit from A, B and C, even though B and C also
inherit from A, looks like this:

  sx:structure module-D-things {
uses module-D;
  }

  grouping module-D {
description "A module D structure";
container module-D {
  description "A wrapper container for the module-D things";
  uses vA3:module-A-contents;
  uses vB3:module-B-contents;
  uses vC3:module-C-contents;
  uses module-D-contents;
}
  }

  grouping module-D-contents {
leaf attribute-D-Delta {
  type binary;
  description "DeltaThree";
}
  }

This produces a tree printout of:

module: module-D3

  grouping module-D:
+-- module-D
   +-- attribute-A-Alpha?   binary
   +-- attribute-B-Beta?binary
   +-- attribute-C-Gamma?   binary
   +-- attribute-D-Delta?   binary
  grouping module-D-contents:
+-- attribute-D-Delta?   binary

This is not great, but better than before.
The results are still at:

https://github.com/mcr/yang-augment-test
look at module-?3.yang and practice3.sh.

Please tell me/us (ANIMA WG) if we can do better.
We have revisions to RFC8366 that we'd like to go forward with, but we need
to make sure that we accomodate the extensions that are planned.
Probably converting to RFC8791 is also a good thing.

--
Michael Richardson. o O ( IPv6 IøT consulting )
   Sandelman Software Works Inc, Ottawa and Worldwide






signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

[Anima] how to process RFC8791 examples

[Michael Richardson]

Hi, I've been looking at how to move RFC8366 from YANG-DATA/RFC8040 to RFC8791.
I think that maybe we can solve the multiple inclusion/derivation problem in
8791 space rather than 8040 space.

I extracted the A.1. "structure" Example to a file and ran:
   pyang
   --path=.../yang/modules/ietf
   -f tree --tree-print-groupings example-module.yang

and I get nothing out, because that example module doesn't actually express
something, just defines a structure.
At least, that's what I think. Maybe I'm doing it wrong.

I look back at what I did with draft-ietf-core-sid, and actually I don't see
any clear difference.  So how do I get the tree structure printed from the
examples in RFC8791?

--
Michael Richardson. o O ( IPv6 IøT consulting )
   Sandelman Software Works Inc, Ottawa and Worldwide






signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Re: [Anima] DNS-SD in GRASP - draft-eckert-anima-grasp-dnssd-04

[Brian E Carpenter]

On 23-Nov-22 23:09, Esko Dijk wrote:

Hello Brian,


GRASP is a CBOR-based protocol and the values of GRASP objectives MUST be in 
CBOR.

Yes, I was also thinking about such a solution. You could define an objective 
'service announcement' and include a CBOR byte string there that encodes one or 
more advertised services in today's DNS(-SD) format. And a pure-GRASP element 
such as distance/range to all these services can be additionally encoded in 
CBOR. Similarly an objective 'service query' is defined, with same CBOR byte 
string encoding the Question(s).


... That's a substantial reduction in complexity.

True, for the GRASP node that doesn't have to include the DNS parser. And for 
the programmers of it :)   But another kind of complexity comes in return, that 
is, documents and format definitions in the IETF (specifically now here in the 
ANIMA WG). It creates a mapping of DNS onto CBOR format that is not 100% 
complete. And the documents hint at future extensions to include features of 
DNS to make it more complete, which means more documents, while the basic DNS 
format already has all these things. Both formats may diverge in subtle ways 
that will only emerge later. But I do understand the desire to 'modernize' the 
DNS format; a similar effort is done in CoRE to encode a URI as a CBOR 
structure which avoids a node having to do URI parsing. (It's 'preparsed' so to 
speak.) But it did lead to a lot of discussions, iterations, and unexpected 
semantic problems in that case.


... they had no choice, but do we seriously want to force that complexity onto 
constrained nodes?

Some constrained nodes do include DNS-SD; e.g. in OpenThread the optional DNS 
client has all this and looks like ~10KB compiled on an embedded platform. It's 
still an impressive amount of source code though.
So I'm trying to establish what is the constraint on an ACP-node here, probably 
not flash size, but rather wanting to avoid DNS code complexity which might 
open up opportunities for error and (therefore) potential attacks?


What the draft does is *centralize* the lookups and the complexity. It gives 
the distributed clients a central place to do lookups for them.

The draft says "Future work can also define DNS-SD <-> GRASP gateway 
functions.", so a centralized gateway seems not in scope? (Gateway like GetDNSSD2.py is 
implementing ...? )


Yes. I don't think it's possible to implement what Toerless proposes *without* 
such a gateway, in fact.


It also says "Also, the document allows for automatically discovering DNS-SD 
servers." which to me reads as the ACP-node uses GRASP to find a DNS(-SD) server and 
then it can use that server in the classic way. Similar to how you discover an NTP time 
server and then use that server in the classic way.


You could, but (IMHO) the only purpose of the proposal is to off-load the 
DNS-SD details from the client system. In fact I find it strange that the IOT 
world is not aggressively doing this (and not only for DNS-SD; for almost every 
protocol that was originally designed for 1980's mini-computers and mainframes).


My strong impression of the draft is that it defines an mDNS-like lookup of 
services, which services can then be used in the way they're supposed to. Any 
node on the ACP could offer a particular service, like NTP, DNS, Radius, etc 
and the distributed discovery then helps to find one or more (nearby) instances 
of a wanted service. That doesn't look centralized to me, but maybe other 
authors could chime in.


Toerless needs to answer, but do remember that the original target for ANIMA 
was *not* IOT devices, but network elements in an enterprise or ISP network


Flooding is a bad idea at that scale. It's a weakness in the GRASP model and is 
the motivation for work like draft-ietf-anima-grasp-distribution, but we aren't 
done with that yet.

Indeed this was one of the motivations for the dnssd WG "SRP" protocol, e.g. in 
context of constrained mesh networks with potentially 100s of nodes, to avoid the 
all-to-all communication model of mDNS.
So the draft may emphasize some scalability recommendations, like only 
advertising a few key services needed to bootstrap the system (NTP, logging, 
Radius, central DNS server, ... ) and not that every ACP-node starts 
advertising a bunch of services. (As that wouldn't scale.)


Agreed.

Brian



Regards
Esko

-Original Message-
From: Brian E Carpenter 
Sent: Tuesday, November 22, 2022 21:14
To: Esko Dijk ; anima@ietf.org
Cc: Toerless Eckert 
Subject: Re: [Anima] DNS-SD in GRASP - draft-eckert-anima-grasp-dnssd-04

On 22-Nov-22 23:57, Esko Dijk wrote:

Hi all,

  From a DNS/DNS-SD background and interest I started looking into 
draft-eckert-anima-grasp-dnssd-04.  Also saw some earlier list discussion on 
this topic (GRASP + DNS-SD).

It looks like the draft mainly aims to provide a “multi-hop mDNS like 
functionality over an ACP by using GRASP” with unsolicited (flooded) service 
announcements, plus service 

Re: [Anima] DNS-SD in GRASP - draft-eckert-anima-grasp-dnssd-04

[Esko Dijk]

Hello Brian,

> GRASP is a CBOR-based protocol and the values of GRASP objectives MUST be in 
> CBOR.
Yes, I was also thinking about such a solution. You could define an objective 
'service announcement' and include a CBOR byte string there that encodes one or 
more advertised services in today's DNS(-SD) format. And a pure-GRASP element 
such as distance/range to all these services can be additionally encoded in 
CBOR. Similarly an objective 'service query' is defined, with same CBOR byte 
string encoding the Question(s).

> ... That's a substantial reduction in complexity.
True, for the GRASP node that doesn't have to include the DNS parser. And for 
the programmers of it :)   But another kind of complexity comes in return, that 
is, documents and format definitions in the IETF (specifically now here in the 
ANIMA WG). It creates a mapping of DNS onto CBOR format that is not 100% 
complete. And the documents hint at future extensions to include features of 
DNS to make it more complete, which means more documents, while the basic DNS 
format already has all these things. Both formats may diverge in subtle ways 
that will only emerge later. But I do understand the desire to 'modernize' the 
DNS format; a similar effort is done in CoRE to encode a URI as a CBOR 
structure which avoids a node having to do URI parsing. (It's 'preparsed' so to 
speak.) But it did lead to a lot of discussions, iterations, and unexpected 
semantic problems in that case.

> ... they had no choice, but do we seriously want to force that complexity 
> onto constrained nodes?
Some constrained nodes do include DNS-SD; e.g. in OpenThread the optional DNS 
client has all this and looks like ~10KB compiled on an embedded platform. It's 
still an impressive amount of source code though.
So I'm trying to establish what is the constraint on an ACP-node here, probably 
not flash size, but rather wanting to avoid DNS code complexity which might 
open up opportunities for error and (therefore) potential attacks?

> What the draft does is *centralize* the lookups and the complexity. It gives 
> the distributed clients a central place to do lookups for them.
The draft says "Future work can also define DNS-SD <-> GRASP gateway 
functions.", so a centralized gateway seems not in scope? (Gateway like 
GetDNSSD2.py is implementing ...? )
It also says "Also, the document allows for automatically discovering DNS-SD 
servers." which to me reads as the ACP-node uses GRASP to find a DNS(-SD) 
server and then it can use that server in the classic way. Similar to how you 
discover an NTP time server and then use that server in the classic way.
My strong impression of the draft is that it defines an mDNS-like lookup of 
services, which services can then be used in the way they're supposed to. Any 
node on the ACP could offer a particular service, like NTP, DNS, Radius, etc 
and the distributed discovery then helps to find one or more (nearby) instances 
of a wanted service. That doesn't look centralized to me, but maybe other 
authors could chime in.

> Flooding is a bad idea at that scale. It's a weakness in the GRASP model and 
> is the motivation for work like draft-ietf-anima-grasp-distribution, but we 
> aren't done with that yet.
Indeed this was one of the motivations for the dnssd WG "SRP" protocol, e.g. in 
context of constrained mesh networks with potentially 100s of nodes, to avoid 
the all-to-all communication model of mDNS.
So the draft may emphasize some scalability recommendations, like only 
advertising a few key services needed to bootstrap the system (NTP, logging, 
Radius, central DNS server, ... ) and not that every ACP-node starts 
advertising a bunch of services. (As that wouldn't scale.)

Regards
Esko

-Original Message-
From: Brian E Carpenter  
Sent: Tuesday, November 22, 2022 21:14
To: Esko Dijk ; anima@ietf.org
Cc: Toerless Eckert 
Subject: Re: [Anima] DNS-SD in GRASP - draft-eckert-anima-grasp-dnssd-04

On 22-Nov-22 23:57, Esko Dijk wrote:
> Hi all,
> 
>  From a DNS/DNS-SD background and interest I started looking into 
> draft-eckert-anima-grasp-dnssd-04.  Also saw some earlier list discussion on 
> this topic (GRASP + DNS-SD).
> 
> It looks like the draft mainly aims to provide a “multi-hop mDNS like 
> functionality over an ACP by using GRASP” with unsolicited (flooded) service 
> announcements, plus service queries. That looks quite useful to have (looking 
> at draft-eckert-anima-services-dns-autoconfig-02 for the motivation for this.)
> 
> First question is, why do we want to define a separate GRASP i.e. CBOR format 
> for the DNS(-SD) information? 

That's an easy one. GRASP is a CBOR-based protocol and the values of GRASP 
objectives
MUST be in CBOR. Of course, exactly how the DNS information is respresented in 
CBOR is a matter of design choice. I'll leave Toerless to explain the choice 
that he proposes.

I'll just say that it wasn't too hard to implement it in Python, which is of 
course a very natural