Agenda for the NETCONF WG Session in IETF 99 -------------------------------------------- IETF 99, Prague, July 17-21, 2017 THURSDAY, July 20, 2017 15:50-17:50 Thursday Afternoon Session II Room: Congress Hall III WG Chairs: Mehmet Ersue Mahesh Jethanandani Jabber Scribe (??) Minute takers (??) Please volunteer for minute taking on Etherpad. Mahesh: meeting about to start. Mehmet: Meeting start. Logistics, jabber, minutes. Lada taking care of jabber. Note Well applies. please be aware of the new IPR policy in RFC 8179. Agenda bashing (5 minutes) WG status review (10 minutes) Mehmet: Status update. Rechartered after Chicago, approved now. Kent starting as a new co-chair after IETF99. Agenda bashing, Tim careyL question on status. Those draft that are in wglc - is there any chance whether thiose drafts will be published this year? Mehmet: the aim is to publish if wglc is successful. If there are issues it may get delayed. Tim: Thiose 4 that we are talking about - is it accurate to expect them this yer? Mehmet: Yes is fffues are solved in time after this meeting? Mahesh: Is there a appartcular set of drafts that you need to get published? Tim: Yes, client/server especially. Mehmet: tere is still one week of time for wglc remaining., Please raise issues and provide way forward., Tim: fiugured that much., Benoit: Tim, this is BBF question. My personal opinio if we do not publish in 6 month it will be concern. I would like to know about your deadlines. Tim: I do not remember BBF ones, this is for Nokia. [Mehmet continuing on agenda slides] Chartered items in WGLC (10 min): 1. Zero Touch Provisioning for NETCONF Call Home - K. Watsen https://tools.ietf.org/html/draft-ietf-netconf-zerotouch-14 Kent presenting. [presentation] Kent: No real changes, The choice on top issue is still open on the list. Mehmet: How close is this draft, does it need another WG LC? Kent: It depends on the outcome of the first issue. If that requires a separate module then that would need another WGLC, otherwise the 3 remaining issues are relatively minor and no separate WG LC should be needed. [discussion] 2. Keystore Model https://tools.ietf.org/html/draft-ietf-netconf-keystore-02 [presentation] WGLC had 4 potential changes. [discussion] Mehmet: just to understand the next steps for the two drafts - zerotouch is mostly done, verify on the list and it can go to the next step, Keystore needs an update as I understood? You suggested to have another WGLC? Kent: depending on whether we decide to keep identifiers in the current draft - those are technical changes but not dramatic. Mehmet: but if you have dramatic changes to the model? Kent: yes then. 3. SSH/TLS Client Server Models https://tools.ietf.org/html/draft-ietf-netconf-ssh-client-server-03 https://tools.ietf.org/html/draft-ietf-netconf-tls-client-server-03 Kent presenting. [presentation] 0 comments received [discussion] 4. NETCONF/RESTCONF Client Server Models https://tools.ietf.org/html/draft-ietf-netconf-netconf-client-server-04 https://tools.ietf.org/html/draft-ietf-netconf-restconf-client-server-04 Kent presenting. [presentation] [discussion] Mehmet: the last 4 are in wglc, we need to wait until that time and prepare an update if necessary. Benoit: you ask for concerns, what concerns me is that there are no comments. We have got a set of documenta in lc and will have a set that will be in lc next - can we stop thinking about the document and ask for comments to be provided. This is a discrepancy - we want to move fast but there are no comments, Mahesh: show of hands who has read any of those documents? Fairly many. It would be good that you indicated to the list that you have read and have no concerss. You have no opinion or some opinion -= please state that. Chartered items to go to WGLC - Alex Clemm (10 min): 1. Subscribing to YANG datastore push updates https://tools.ietf.org/html/draft-ietf-netconf-yang-push-07 Alex presneting., [presentation] Yang push was demonstrated during this weeks hackathon. Links in materials. [discussion] Balazs: I am speaking about replay - we have been very similar solution used for configuration mirriring with replay. I am upset. It does not make much sense. Alex: Thank you, Jaseon Sterne: I have a comment on stream names - i like the string idea that defines a standard name. Reserve some names for well defined semantics. Alex: That would require a bunch of cefined names. Eric via meetecho: [has left] Mehmet: Ar there any other comments? Mehmet: is this eteh only issie remainihg? Alex: Ye. Zheng/huawi: the issue that we discussed - should we resolve it before the lc? 1.How to specify reciever parameters like call home should clearfy Alex: you define the transport that will use the callhome to establish the connection. Zheng/huawei: the second is: How to declare which path support "on-change"? Current draft defined all path not support "on-change" as default, if all "configure" leaf support "on-change" how I should do? whether can you use metadata ? we need clearfy. NOTE: not clear what editorial updates are needed. Alex will clarify with Walker Mahesh: Lada/relaying jabber: otherwise you will acceptt and release the floor at the same time - press the button only once, Mahesh: eric, can you try connecting again, or send the question on jabber. Benoit: I was trying to check = is this nmda compliant? Alex: no it is not NMDA compliant. the question whether nmda compliance will be needed here, We have state which defined which descriptions are configured. To follow nmda guidelines that would require changes, Mehmet: nmda compliace is always needed., Alex: the guidelines that the model should be collapsed and to optimize the model - to save some objects that are not needed. NOTE: to clarify, the model can be used as-is also with NMDA. Only effect if used with NMDA, some objects will be redundant. Mehmet: yang doctors will review and take care of nmda complance, Rob: container may have config true, just rename it, [missed] Lada relaying Eric Voit: I am replying to this question - relay should have notification id that is not lost when application replays. My oppinion is that rpc should be added., Balasz: we used not application base don time. I do not know when we say rpc - will that go to a new draft or this one> There is a draft that will be presented later that has the facilities discussed here. This vcan be addressed but it is not in this draft. Alex: replay can be do ne on time stamps, not only the message id. We need a solution where you can replay change notification?? NOTE: What was said was that the other draft does allow detection whether the receiver missed any updates (as there is a reference to the previous notification). Mehmet: after the update is available after the memeigtn chairs will decide whether it can got o wglc. 2. Subscribing for Notifications https://tools.ietf.org/html/draft-ietf-netconf-subscribed-notifications-03 Alex presenting, [presentation] Mehmet: there was an update for slides where this last bullet was removed. Mehmet: depends whether grpc is in the push draft? We could like to hear more on this issue whether it is relevant for us. I ma not aware on such a dependency on grpc and restonf. Pleasxe bring discussion to the mailing list. Please provide the updates for the drafts you are mentioning, [discussion] 3. NETCONF Support for Event Notifications https://tools.ietf.org/html/draft-ietf-netconf-netconf-event-notifications-04 Alex presenting. [presentation] [discussion] 4. RESTCONF & HTTP Transport for Event Notifications https://tools.ietf.org/html/draft-ietf-netconf-restconf-notif-02 [presentation] [discussion] Drafts fitting the charter subject to adopt: 1. Notification Message Headers and Bundles - Alex Clemm (10 min) https://tools.ietf.org/id/draft-voit-netconf-notification-messages-01 Mahesh: you believe that the document is ready for adioption? Alex: yes. Mahesh: please a show of hands whether you believe this wg shoud take the document? A fairly decent show of hands. We will isseu a call on the mailing list, 2. The bridge between NMDA and Netconf drafts - Rob Wilton (10 min.) Rob presenting. [presentation] Rob: This is a quick intro to the 3 drafts to be rpesented later. The key points of nmda. This is what operators are asking. Questions are best directed to Kent and Phil. [discussion] 3. YANG library, Kent Watsen (15 min) https://tools.ietf.org/html/draft-nmdsdt-netconf-rfc7895bis-01 Kent presenting. [presentation] Mehmet: question to draft author and netmod cochair - is it allowed that YANG drat changes or updates the YANG language? Should that be decided in netmod wg? Kent: I am not certain how to do this. it is not really to the yang language itself, it is on the server compliance. It is a netmod document, yes. Andy: we have candidate and startup. If i advetise candidate am I allowed to say that config true nod is not suppoorted? Is there a value in listing that only se the conventional data stores? Kent: one issue may be that you connect to a server and it says that it support the datastore, but yang library says otherwise. Dan Romascanu: my personal view is that there is no rule that say that one rfc by one wg cannot be updated by the rfc from different wg,. Copy netmod dutrign lc. Balasz: it is strange that some datastores will be advertised as capabilities. What does it mean if i support intended? Please make some statement what does it mean to support such a datastore. Kent: each datastore has a list of properties and those propertires are closly aligned to capablities. For restconf it is more complex. The definition of is defined in the revised datasotores draft. [discussion] Lada: I am not sure that this change of yang model library to yang libray is useful - the semantics is a bit different. The library is something like software library that we use. I personally do not like the term library. Can we come up with something similar? Unfortunately catalog is already used. I am not in favor of doing this change. Kent: it is not the best name but everyone refers to it as "yang library" (and the module's name is ietf-yang-library). Phil: Everyone calls it yang library, not yang module library. I understand your confusion, it is just common use. Lada: my experience that any person new to yang gets confused, especially software developers. Kent: this is easy to resolve on the list. Andy: the originam module state says nothing about datastores, your additional data structurers say something about datasotores. make your leafrefs point there instead of copy paste. Kent: we thought that teh easiest would be to use existing groupnigs??? to be nmda compliant we may take this aooportunity. Rob Wilton/Cisco: we wanted connect the two trees that there is one request from the client. [discussion] Andy: are you saying that the foo node is int32 in running, is type string in operational? Do you want to put deviatoions per datastore, to have a different data type per datastore? Kent: I will let Phil to answer. Phil: I am breaking the rules, I am doing somethign wrong. Deviation is a way to express in a programmatic way that I am breaking some rules. And that allows to understand which rules I have broken. Andy; Wow. Lada: that can be an opportunity to integrate schema mount into this. Whether the schema mount is supposerd to be applied to all datastores or not. Second point 0 this yang library informations is not only machine readable data. This is a kind of metatadata that we may use for other purposes. We discussed earliuer how to validate instance data. Before yang library was a collection of modules, now we have datastores and we have schema mount. We need to come up with something that peeople can understand and use. Tim Carey: by changing this and adding datastores in libraruies you claim that you can provide a migration path. Can you expand on that? Kent: this draft says that a server implements nmda if operational datastore has resources available or if this module is present. Does it mean that all modules are present. That does not mean so. The backend code logic has to be modified to look into the sources to collect the applied state and that will take time. For servers that implement many models it would not be immediate. This is what allows for ability to present some applied state and not all of it at once. balasz: If you get data for operational, you copy it from running, and if you really notice doifferences then you modify. Is that compliant? Kent: Maybe. Balasz: clarifications is neede.d Kent: I am ok to consider alternatives, Benoit: what Andy mentioned that yang library does not mentioned datastore. Do we need to augment it? Kent: my repsonese to Andy - imagine you have a server that does support nmda, you can have mmda-aware plus legacy clients. Legacy clients would go to the models supported (the /modules-state tree), but server could support new models too (e.g., in a dynamic datastore). If new models showed up in /modules-state, a legecy client would assume that they are also configurable in , which would be wrong.. Benoit: why assumed? Kent [missed] Kent: legacy client would do that, can do that today either. Phil: Benoit, are you saying deprecate in place? Without explicitly deprecating the moule hierarchy? Kent: Module adds a new top level container, so /modules-state semantics don't change. Andy: I agree. Legacy client sees the new model and says config = true and that is in fact i2rs. Unlikely scenarion, but it is safer not to use the leganct client. Mehmet: Please continue tthe discusison on the list, It was covered by the charter. Do you want to add something before adoption? Kent: I think it is ready to adopt. Mehmet: there is nothing substantial missing? Kent: No. Mahes: Show of hands whether this needs to be adopted? Sizable size. Will make a call on the list. 4. NETCONF Update to support the NMDA, Phil Shafer (15 min) https://tools.ietf.org/html/draft-dsdt-nmda-netconf-00 Phil presenting. [presentation] [discussion] Jason Sterne: should taht be a source for aget operation? Phil: maybe it is source,. Mahesh: in the last meeting in chicago the question of what happens to came up. Is it going to be deprecated, augmented, replaced? Phil: my feeling it shold be deprecated. If people in the room are in favor of deprecating it is fine, people in favor of keeping need to speak up. Andy: No problems with thi s draft, one clarification o n nmda architecture. I do not need to support operational datastore, and wanr to be sure that for conformance ti may support other but needs to support opoperational. The real operationals and teh real intended, the idemtoityref allows ... you may add uyour own, byt cannot replace the standard one for conformance purposes. Phil: yang library can tell what is suppoorted. I would rather have a flexibility and [] yang library request would return operationa datasotore and what modules are supported. Andy: we have 3 datasores and server implementation is not allowed to add new ones. Phil: I see rhis as limitation. Andy: I want to have interoperability value. Sue: the lock, unlock and is per datastore? Phil: it has a specific set of datastores on which it is valid. Mahesh: Is validate for all or for intended only? Phil: you cannot have invalid intended. Sue: I am focused on dynamic. On the specifics on what you do if you do nto have to validate - where it is defined? Fir i2rs ephemeral there are some additional validations. You cannot have something go from config to ephemeral, that iis part of our requirements. How you envision it? Phil: Validation ooperation is dfone for a particular datasoore. The operation will inform you about the specific datastore. Balasz: Will we be able to filter that alloes to get only config = false data? Phil: we do not have that now, we can add it in. Origin is a feature. Kent: That would be a separate rfc on how we do filetering on metadata, Doe shat mean that you do not want to filter on condig flase? Kent: restconf allows to do that today. That is filtering on origin tnan metada though. Phil: if you are doing false, all your config identifier will be config true. We can add filtering on config=false Balazs: Filtering on config=false is the important need. Filtering on origin is just a nice to have. Jason: Validation - what it means. datastoresd daft talks about template expansion agaist running and intended. Template expansion can change whether something is valid or not. Jason: What is in intended it has to be valid. With templates template expansion sometimes may not be valid. Phil: fill in the complete intended. This draft is the one to have language around template expansion. Phil: imagine a template mechanism taht fills in a mandatory foeld that all the time fill sin as false. Jason: tjat si ot the concept that [] Phil: Junos behaves like this, If teh clien fetches the candidate configuration and the mandatory field will be missing. For validated configuration it will be filed from template. mehmet: please take to the list. Jason: not certain ewhether this need to be put into the datasottores draft. Lada: I want to second Jason. We have to be careful here. What validate means - yang spec says that some properties need to be satisfied in all trees. I can imagine template mechanisms that can break this, Thsi needs to be clarified what template is. In terms of what the schema means, wheter it really can be broken in candiadte and runing. Phil: I do nto want to specify what a templating mechanism is. You cannot break keys, cannot break hierarchy. Balasz runnign muys always be valid. p: this is not true for many implementations. BALAZS: This needs updates ! Mehmet: is theera nything substantialto be added before adoption?. Phil: filering config = fasle. Mehmet: I will be in favor of having those things in drafst before adoption,. Mahesh: I would second mehmet, please put in before we make a call for adoption., 5. RESTCONF Update to support the NMDA, Kent Watsen (10 min) https://tools.ietf.org/html/draft-dsdt-netconf-restconf-nmda-00 Kent presenting. [presentation] [discussion] Lada: what is the meaning of the unified datastrore in restconf? Is it more like a candidate so I can edit the unified datasotre? Does it mean that it will be immediately in applied? Kent: The unified DS is the /data resource, and then we have more traditional semantics and they are not unified. We were concerned that you can have nmda that presents legacy behavior without presenting /data. One of the properties is autocommit, it is intended to be used for running. regardless whether server implements startup, the server will commint to running. Lada: could this be used for implementing candidate datastore in restconf? Kent: yes. this draft does not preclude for that identity to appear. But this draft does not define copy or commint operations this time, although we could. Lada: we have an implementation that has per user candidate. We would like to have a standard mechanism. Sue: I asked i2rs about identity??? Kent: I did not look at that yet. Sue: client identity split ... for i2rs. (this regards using Etag to also store a client identity) Andy: need to double-check with http people. Sue: sec 3.5.4 is that where you are defining rollback? Kent: No, this section regards the behaviour when a leaf is returned. The client does not know whether it was configured if it is returned every time. Sue: Do we need to add that we do not need to repeat every time? Kent: What do you mean by rollback? With restconf pessimistic locking is all or nothing. Rollback on error is addresed in yang library, one of the properties is rollback on error. Sue: It is restconf based functionality. Restconf does rollback all or nothing, if someone wanted to use a part they need to put it library. Jason: Rollback on error in netconf has different meaning depending on which datastore you are working., With unified or running it applies to the config. Kent: [] It is a flag on the commit operation. Jason: The other question - we had modules and now we have DS information. Are those properties will be different for restconf vs netconf? Kent: No. the protocol needs to support the same properties. Jason: suport of different types of properties on different interfaces? Kent: you should support the same. Jason: not sure whether we advertise we need to advertise all protocols that access DSes. Kent: we can take to the list. Jason: i2rs implementation - it could be only one interface. Kent: i2rs defines a new DS. Each new DS defines its own semantics from scratch. Jason: you describe DS in a state tree. it is the same library tree read through restconf or netconfg. Kent: yang library draft says the response depends on the protocol over which it comes. Mahesh: we need more clarifications beofore we ask for wg adoption. Kent: I think I handled all questions. Sue: how do you know what is valid in the library for dynamic DSes? Kent: this is in yang library draft. i2rs entry will have a pointer to modules supported. Mahesh: are you asking for adoption? Kent: I believe wg should adopt. Mahesh show of hands who think the document is ready? A fair number. Phil, may I ask AI - what to do with get operation in restconf (was this suppose to be the /data resource?) Non-Chartered items: Mehmet: a slot for nmda summary Mahesh:Does anyone want Robert to go through guidelines once again? No hands, 1. Network Management Datastore Architecture and Guidelines, Robert Wilton (10 min) https://tools.ietf.org/html/draft-ietf-netmod-revised-datastores-03 https://tools.ietf.org/html/draft-dsdt-nmda-guidelines-01 Not presented, 2. Accounting in NETCONF and RESTCONF - Mahesh Jethanandani (5 min) https://tools.ietf.org/html/draft-mahesh-netconf-accounting-02 Mahesh presenting. [presentation] [discussion] Mehmet: any comments, questions? Whi has read the draft? 1 hand. It has been presented twice, this is the third presentation. I remeber from last meeting some poelle saying in favor. I remember Kent stating that netconf wh should start this work later, After getting comments from Jason I need to know the same answer on who is in favor for working on this topic, Jason Sterne: this is a format only, as a container to represent the format of teh message going on the wire towards AAA server? Mahesh: that format is nor formalized; Jasdon:L there is tacacs, radius, Mahesh: I ti sto standardize what is to be seen in that record. J: What us useful - defining the instance identifier and a value. I am nore concerned whether this format will work with thrird party serverrs, That seems ro eb a part of RADIUS accountign message, M: RADIUS required fragmentation to fit large messages. Mehmet: we are out of time. Kent: Is this teh right WG for this work? M: AAA perspective bacause of NACM. Mehmet: who thinks this work need to be cone in netconf? 0 hands. netconf chairs need to decide. J: Can we have more discussion on the list. Mehmet: yes. 3. Network Configuration Protocol (NETCONF) Proxy, Zitao Wang (5 min) https://tools.ietf.org/html/draft-wangzheng-netconf-proxy-01 Michael Wang prsenting. [presentation] Mehmet: I need to ask necessary question. You can say one or two sentences, we are out of time. Show of hands has read this draft? Who things netconf should work on this toipic? 5 hands. This sems to be not in focus of the charter. Please update, get more comments, raise discussion on the mailing list. This is important before coming to the next netxonf session, [discussion] 4. UDP based Publication Channel for Streaming Telemetry, Tianran Zhou (5 min) https://tools.ietf.org/html/draft-zheng-netconf-udp-pub-channel-00 Mehmet: this may be in charter. as it is related to yangpush Tianran presenting, [presentation] [discussion] Mehmet: This can be seen in the current focus of the charter. Phil: I support this work. Junos does this. Standardizing in this space is important. Mehmet: WHoi has read the draft? 10. Who think that UDP based streaming channel is important and we should work on this : more than 10, plus a supporter on jabber, I was not in favor for asking the question on adoption. Kent: we can take to the list. Mehmet: it will be done soon somewhre. Phil: the other option is to do a DT. Mehmet: You are saying that it should be done in a so called design team to get a new yang push draft? Benoit: netconf to IPFIX, it is a lot to be learned there. End of meeting, AOB