# Agenda/Materials for the NETMOD 115 WG Session {#agendamaterials-for-the-netmod-115-wg-session} https://datatracker.ietf.org/meeting/115/materials/agenda-115-netmod https://datatracker.ietf.org/meeting/115/session/netmod ## Session: {#session} Tuesday, November 8, 2022 09:30-11:30 Tuesday Session I Room: Richmond 2 (West Wing, 1st floor) ## WG Chairs: {#wg-chairs} Lou Berger (lberger at labs dot net) Kent Watsen (kent plus ietf at watsen dot net) ## WG Secretary {#wg-secretary} Jason Sterne (jason dot sterne at nokia dot com) ## Available During Session: {#available-during-session} MeetEcho: https://meetings.conf.meetecho.com/ietf115/?group=netmod&short=netmod&item=1 Onsite tool: https://meetings.conf.meetecho.com/onsite115/?group=netmod&short=netmod&item=1 Audio Only: https://mp3.conf.meetecho.com/ietf115/netmod/1.m3u Zulip: https://zulip.ietf.org/#narrow/stream/netmod ## Available During and After Session: {#available-during-and-after-session} Notes: https://notes.ietf.org/notes-ietf-115-netmod#both Slides: https://datatracker.ietf.org/meeting/115/session/netmod Drafts (TGZ): https://datatracker.ietf.org/meeting/115/agenda/netmod-drafts.tgz Drafts (PDF): https://datatracker.ietf.org/meeting/115/agenda/netmod-drafts.pdf Datatracker: https://datatracker.ietf.org/group/netmod/about/ ICS: https://datatracker.ietf.org/meeting/115/session/29913.ics ## Available After Session: {#available-after-session} Recording: http://www.meetecho.com/ietf115/recordings#NETMOD Recording and transcript: https://www.youtube.com/watch?v=102Qs4Kd5TY Jabber Logs: https://www.ietf.org/jabber/logs/netmod # 1) Session Intro & WG Status {#1-session-intro--wg-status} ### Chairs (10 minutes) {#chairs-10-minutes} Start: 9:30 Rob Wilton: The plan for interface extension drafts is to deal with both of them (thanks to Don and Scott) but one at a time. Joe Clark: WRT syslog - ready for new LC. Kent Watsen (as Shepherd): Reshad had a comment on feasbility of solution. Any thoughts on what to do with that comment? Joe Clarke: We were talking about bringing in more of the overall TCP structure, things like proxy. But authors thought that might be overkill for syslog. Something to bring up as part of last call. We weren't planning to make that change yet. Just have a destination and a port. Qin Wu: For Node tags, we already had WG LC. Authors think there is nothing left to do, looking for any additional feedback from Jurgen and WG. Ready to move forward. Lou Berger: Open issue on 6991 bis. Kent sent mail on it (maybe in Sept?). Plan is to deprecate ip-address and create a new more explicit ip-address-with-zone. Similarly date-with-zone and time-with-zone. Plan to move ahead with this soon unless there are objections. \[invitation to join queue if any objections. Nobody raised objections\] Jason Sterne re O-RAN liaison: YANG versioning weekly call group is discussing an estimated date for getting Module Versioning and YANG Semver to RFC # Chartered items: {#chartered-items} ## 2) Common Interface Extension YANG Data Models (10 min) {#2-common-interface-extension-yang-data-models-10-min} ### Presenters: Scott Mansfield (remote) {#presenters-scott-mansfield-remote} ### Draft: https://datatracker.ietf.org/doc/html/draft-ietf-netmod-intf-ext-yang-10 {#draft-httpsdatatrackerietforgdochtmldraft-ietf-netmod-intf-ext-yang-10} Start: 9:44 # Non-Chartered items: ## 4) YANG Extension and Metadata Annotation for Immutable Flag (15 minutes) ### Presenter: Qiufang Ma ### Draft: https://datatracker.ietf.org/doc/html/draft-ma-netmod-immutable-flag-04 Start: 9:48 Jason Sterne: When a list entry is immutable, and the data is read, is the annotation just at the top list element or is it returned against all descendant nodes? Qiufang Ma: Just at the top list element Jan Lindblad: ALways nice to describe these behaviors, but I'm concerned with all these exceptions and rules and tricks - too much like old SNMP. If something can be created it can always be deleted *somehow*. Maybe there are other hoops (i.e. delete entire list, reboot, factory reset, etc). I want the interface to be clear in all cases how to get to desired configuration. Jan Lindblad: Is replace of the entire datastore, including those immutable items, allowed? Qiufang Ma: Yes. Jan Lindblad: So if the value is the same, then replacing it is allowed? Qiufang Ma: Yes. Balazs Lengyel: I think by documenting this existing behavior, we allow existing systems to use this model driven approach. This is existing behavior for the past 20 years and that won't be changed. Do we want to document this in a standard way or should 3GPP just do it in their own way? There are strong use cases for this already. Balazs Lengyel: The draft already says if an immutable leaf is set to 5, you can always set it again to 5. Rob Wilton (as participant): Same concern as Jan. Worried this is fundamentally changing the contract with a device. At the same time I see how there is existing behavior so pretending it isn't happening isn't good either. I'm conflicted on this. Andy Bierman: I don't think we should adopt. This is just a special case of a deviation. Also could be done with NACM. Has uses I can see, but also has issues as raised by others. Kent Watsen on chat: agree w/ Balazs regarding that documenting the behavior helps to reduce special cases Balazs Lengyel: NACM is not the place for this because it can be switched off. Rob Wilton: Does this risk creating a separate/split version of YANG (like OpenConfig is proposing with not validating the existence of leafref targets)? [Question for group: is it time to adopt?] QUESTION FOR GROUP: IS IT TIME TO ADOPT? YES = YES; HANDS DOWN = NO; NO RESPONSE = NO OPINION Lou Berger: Group is split about adoption (slightly more in favor, about half the room participated): authors to detail what is not possible with current YANG mechanisms (i.e. nacm, deviation) and explain why they are not suffficient. ## 6) A Policy-based Network Access Control (10 minutes) ### Presenters: Qin Wu/Qiufang Ma ### Draft: https://datatracker.ietf.org/doc/html/draft-ma-opsawg-ucl-acl-00 Start: 10:06 Joe Clarke: How does this user group resolve to something that the network understands? Qin Wu: There is a mapping of user group to a set of IP addresses Joe Clarke: But shouldn't there be more structure around this? It is just an arbitrary string. I'm not clear how I would implement this. Qin Wu: One of the requirements from the ACL extension draft was to not tie it to a specific interface, but apply to a set of the device. I have the next slides to explain how this works. Joe Clarke: I'll need to dig deeper. So I'd log in and at the time the device would resolve my user id to AAA group id, but then where does my IP come from? I can't imagine that every packet I generate is going to do that whole dance. Is it at flow establishment? Qin Wu: The enterprise may have a policy server, and you have already done some planning, you have the financial dept, the R&D dept, and you need to set specific rules. You can store these in the policy server. Maybe for the BYOD user you can have this type of pre-config, control the user, restrict the access. Joe Clarke: I'll have to read more. Bill Fenner: Suggest the authors look at the work the calendering group has done on repeated time based rules, e.g., https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html Lou Berger: Note this work is happening in the OPSAWG. This presentation is just to make NETMOD aware. Benoit Claise on chat: Bill, regarding time/date in YANG , should be generic, or within this ACL YANG module? The former, I guess, no? ## 5) Extensions to the Access Control Lists (ACLs) YANG Model (10 minutes) ### Presenter: Oscar Gonzalez de Dios ### Draft: https://datatracker.ietf.org/doc/html/draft-dbb-netmod-acl-03 Start: 10:19 Jason Sterne: I think maybe prefix lists should be at the root of the ACL model. i.e. in the 'acls' container (not in the acl list) Oscar Gonzalez de Dios: It is meant to be shared across all ACLs. Jason Sterne: OK - then I think they should be in the acls container (not inside the acl list). Mahesh Jethanandani: I agree the defined sets should be in the acls container. Lou Berger: This seems like the right WG to handle this work since ACLs were done in NETMOD and this is extension to it. Kent Watsen (in chat): I do not disagree - this WG is okay Lou Berger: For bis vs augmentation it depends on common usage. If the common use is to use the full set, then my preference is bis. If common usage is either, then go for the augmentation. Just my thoughts for others to consider. Mahesh Jethanandani: Glad to see continued work on this module to fill gaps. WG can decide on augmentation vs bis. Suggest to look at QoS model for rate limiting actions. This ACL model may not be the right place for it. Joe Clarke: It would be nice in a standalone container (i.e. groupings that could be imported). I see some other use cases for these defined groupings besides just ACLs. Mahesh Jethanandani: I like the groupings. But note they can also be used in the model they are defined (as well as imported and used by other modules). QUESTION FOR GROUP: IS IT TIME TO ADOPT? YES = YES; HANDS DOWN = NO; NO RESPONSE = NO OPINION [about 1/4 of those in the room participated in poll - all said yes] Lou Berger: will discuss with Kent on next steps, will likely poll for adoption or wait one more cycle to let more participants review the work. ## 3) YANG Versioning Update and Discussion (45 min) ### Presenters: Jason Sterne & Joe Clarke ### Draft: https://datatracker.ietf.org/doc/html/draft-ietf-netmod-yang-module-versioning-07 Start: 10:34 ### Draft: https://datatracker.ietf.org/doc/html/draft-ietf-netmod-yang-semver-08 Start: 10:55 Lots of discussion on good vs bad trees. General feeling that there are a number of cases that are legal but not recommended, but we shouldn't add too much normative text to block them. Rob Wilton: Tree A4 is allowed but is sort of against the spirit of what SemVer tries to achieve, which is always updating teh head of the main branch and that's where you update the number. We don't need to disallow this but I'd suggest people shouldn't do it (but we don't need to have text in the draft for that). Rob Wilton: I have more concerns with A3. I don't think this should be allowed because 2.3.20 should be compatible with 2.3.6. Maybe if it is a patch change then maybe it doesn't matter. Jason Sterne: For A3 I'm on the fence but I think it probably is OK. Don't forget the minor digit hasn't changed here so it is compatible. Rob Wilton: I'm thinking about the level of complexity that we have, and maybe we should disallow some of these cases. Joe Clarke: Agree. But wondering if you want text added? Rob Wilton: I need to check the doc again. I think there is enough text. Jason Sterne: More clarity might be required. If we don't support A4 the alternative may be worse. We need to look at that. Ahmed Elhassany: I'm not sure why the history is important. Don't I just need to diff between two versions of interest to see what has changed? Joe Clarke: The reason is to give the consumer a hint that there may be an impact. If I was using version 10 and now 20, then I probably have more work. Ahmed Elhassany: trying to codify the history is hard Kent Watsen: I think some of these types of trees (e.g. X1ll) are technically allowed. They may be bad form but should be technically allowed. Kent Watsen: I think X2 should not be allowed. S/W will want to do less-than / greater-than comparisons. I think we should use imcreasing numbers. Rob Wilton: I agree. We don't need text to block it. But it isn't a good idea. Rob Wilton: About X3, same as before. Don't do this, but we don't need to add text. Jan Lindblad: Maybe the word 'compatible' is a confusing word. Maybe we should look for a different word? Branched? Joe Clarke: Maybe something to discuss. Not sure we really want to change this now? Lou Berger: We just went over 2 documents saying we want to bring them to LC together. Jason Sterne: We want to bring them together. Lou Berger: When they are ready, bring them to the list. Thanks for all the hard work in this area.l In the chat: (Carsten Bormann) If there is a "don't do this", I want a tool to support this. (Robert Wilton) @Carsten, as you mean you want the tool to reject this as valid? (Robert Wilton) Sorry, do you mean that you want the tool to reject this? (Jason Sterne) Not sure how easily a tool can find & reject/accept these trees. That requires having access to all (or a large set) of the revisions of a module and analyze the relationship amongst them all. We were more thinking of the tool as working on 2 revisions of a module to compare them. (Robert Wilton) @Jason, I think that for "sensible" semver versions, it should just be possible to check against the previous version in the file. (Jason Sterne) Maybe - but I'm not sure that analysis can differentiate/identify any of these good vs bad trees. To be analyzed... ## 7) Modelling Boundaries (10 minutes) ### Presenter: Nigel Davis ### Draft: https://datatracker.ietf.org/doc/html/draft-davis-netmod-modelling-boundaries-00 Start time: 11:19 Rob Wilton: Thanks for bringing this work here. I'm not sure I find the example use case that compelling. Nigel David: It was a simply case just to illustrate the concept. But real examples are a lot more challenging. Another example is temperature and humidity - the acceptable humidity depends on temperature. Rob Wilton: You can tie things together in YANG using groupings. I think if you can explain the exact problems you're trying to solve, it would be helpful for the WG to understand if this is too complex or in scope. Benoit Claise: I see these problems from multiple angles: intent, config, personal data. No perfect answer but we need to continue working on this. Lou Berger: Thanks all