Skip to main content

Early Review of draft-ietf-ipsecme-yang-iptfs-01
review-ietf-ipsecme-yang-iptfs-01-yangdoctors-early-schoenwaelder-2021-10-06-00

Request Review of draft-ietf-ipsecme-yang-iptfs-01
Requested revision 01 (document currently at 11)
Type Early Review
Team YANG Doctors (yangdoctors)
Deadline 2021-11-15
Requested 2021-10-04
Requested by Yoav Nir
Authors Don Fedyk , Christian Hopps
I-D last updated 2021-10-06
Completed reviews Yangdoctors Early review of -01 by Jürgen Schönwälder (diff)
Genart Last Call review of -06 by Joel M. Halpern (diff)
Opsdir Last Call review of -06 by Sarah Banks (diff)
Comments
No real deadline, but it would be nice to have this by the next IETF meeting so that any comments can be addressed at the meeting
Assignment Reviewer Jürgen Schönwälder
State Completed
Request Early review on draft-ietf-ipsecme-yang-iptfs by YANG Doctors Assigned
Posted at https://mailarchive.ietf.org/arch/msg/yang-doctors/80mH4nZjW6ju5PImeo6Sy7WKD6o
Reviewed revision 01 (document currently at 11)
Result On the right track
Completed 2021-10-06
review-ietf-ipsecme-yang-iptfs-01-yangdoctors-early-schoenwaelder-2021-10-06-00
I have reviewed draft-ietf-ipsecme-yang-iptfs-01.txt.

- Looking at [1], following the most popular naming scheme would
  suggest the title "A YANG Data Model for IP Traffic Flow Security"
  instead of the current title.

- Never data models usually state in the abstract whether the model
  conforms to the Network Management Datastore Architecture (NMDA).

- The document is generally well written and easy to read. Thanks for
  that.

- Not sure what "actively published YANG modules" are. In the YANG
  world, we usually consider YANG modules under development not really
  as published. (See how 'published' is used in RFC 7950.) What you
  are referring to here are modules actively being worked on I think.

- You import RFC 2119 terms but then I am not sure they are actually
  used anywhere. If you do not need RFC 2119 terms, there is also no
  need to import them.

- It seems that [I-D.ietf-i2nsf-sdn-ipsec-flow-protection] has been
  published as RFC 9061, so please update your document.

- "IP-TFS YANG augments IPsec YANG model from" - why not use the
  actual YANG module names to avoid any confusion?

- I did not understand what the purpose of this is:

   The data model uses following constructs for configuration and
   management:

   o Configuration

   o Operational State

  The text following this is useful, but the value of the quoted text
  was unclear to me.

- I did not understand what this text means:

   IP-TFS YANG augments:

   *  Yang catalog entry for ietf-i2nsf-ike@2021-07-14.yang

   *  Yang catalog entry for ietf-i2nsf-ikeless@20202-07-14.yang

  What is a Yang catalog entry for xxx and how can you augment it?

- The YANG module names you are augmenting include the WG name, which
  is a rather weird construction and generally not recommended. I
  wonder how this went through. You seem to follow this and you put
  ipsecme into the name. Ideally, module names would be tied to a
  technology but not to RFCs or WGs (all of which come and go).

- Copyright needs some updating... and in less than 3 months again.

- You use type uint64 for counters instead of the yang:counter64
  type. Is there a special reason? How would an overflow be handled?
  Can there be any counter discontinuities during their lifetime?

- I found this:

         // config true; want this so we can refine?

  Can you elaborate what the question is here?

- The congestion control leaf is an enable/disable knob. Is there
  exactly one and only one way to do congestion control or is there /
  will there be a need to be more detailed, i.e., does this have to be
  extensible instead of just a simple boolean?

- What happens if I set use-path-mtu-discovery to true and
  outer-packet-size to 1234? Which takes precedence? Is it desirable
  to allow both to be configured?

- Consider adding a units clause to l2-fixed-rate and l3-fixed-rate.

- I did not extract the YANG to do syntax checking etc, I assume that
  the authors have a proper build automation in place (or any errors
  will have to be dealt with when the ID has passed WG last call).

- I did not verify the xml and json examples in the appendix. However,
  I suggest to use documentation addresses for prefixes in the
  examples instead of 1.1.1.1/32 and 2.2.2.2/32 (and some may even
  want to see some IPv6 prefixes there as well).

- Editorial

  fll out -> fill out

  Congestion Control With the -> With the

[1] https://en.wikipedia.org/wiki/YANG#Standards-track_data_models