Markdown Version | Session Recording

Session Date/Time: 11 Nov 2021 14:30

netmod

Summary

The netmod session at IETF 112 covered administrative updates, including document status and the importance of using the mailing list for consensus. Key technical discussions included the status of the YANG versioning drafts, with ietf-yang-module-versioning and ietf-yang-semantic-versioning declared ready for Working Group Last Call. The ietf-yang-packages draft presented progress on addressing open issues, particularly around schema mount functionality and resolving duplication with existing module list mechanisms. A new individual draft on system-defined configuration introduced concepts for managing system-level configuration, leading to significant discussion on backward compatibility, running configuration validity, and origin tracking. Finally, a presentation on extending ACLs (RFC 8519) highlighted functional gaps and sought working group guidance on the approach to enhancements (augmentation vs. revision) and the scope of network-wide ACL management.

Key Discussion Points

• Administrative & Document Status:

  • The c-camp document on the agenda is expected to remain within the C-CAMP WG.
  • Several post-last call documents require author updates, including one returned to the WG for reference alignment.
  • The no-tags draft requires an update from authors.
  • The enum-bits draft is nearing Working Group Last Call, pending any immediate additions identified by the WG by December.
  • versioning-requirements is awaiting progress on other versioning work.
  • Emphasis was placed on using the mailing list for consensus building for WG documents, even if authors agree to changes offline.

• YANG Versioning (ietf-yang-module-versioning, ietf-yang-semantic-versioning):

  • Weekly meetings are ongoing and open to all.
  • ietf-yang-module-versioning (draft-ietf-netmod-module-versioning-05) received editorial updates and minor corrections; no major functional changes.
  • ietf-yang-semantic-versioning (draft-ietf-netmod-yang-semver-05) includes full author reviews, defines usability for submodules (submodule version change requires module version change, similar to revision dates), and has a shortened/unique YANG module prefix.
  • Authors believe both drafts are ready for Working Group Last Call.

• YANG Packages (ietf-yang-packages):

  • Checksum definitions were removed for consistency with module-versioning.
  • Open Issues: 20 open issues, with owners assigned.
  • Refining Text (Issue 65): Needs alignment with stable YANG versioning drafts, especially regarding semantic version labels.
  • Schema Mount Functions: The draft currently lacks schema mount definitions. Authors propose packages could contain modules with mount points and define constraints (e.g., ietf-basic-package restricting to L2/L3 VPNs). Initial rules were proposed for constraints, overriding, and including allowable packages.
  • Module List Duplication: A key concern was duplication of module list functionality with existing mechanisms (e.g., NETCONF hello, NETCONF monitoring, yang-library RFC 7950/8834). Discussion is ongoing on how to remove this duplication.

• System Defined Configuration (system-defined-configuration):

  • This individual draft, based on prior discussions, aims to improve visibility, convenience, configurability, and client control of system configuration.
  • Proposed Solution:
    • A mandatory with-system parameter for get/get-config to retrieve combined running and system configuration.
    • An optional system datastore, read-only for clients, with dynamic content.
    • intended configuration would be created by system being overwritten/extended by running.
  • Key Open Issues:
    • running configuration validity: A fundamental question of whether running must always be a valid configuration tree (as per RFC 7950/8342). Concerns about backward compatibility for offline validation vs. proposed online/offline validation approaches.
    • Immutable flag: Discussion on defining a flag to indicate read-only system configuration.
    • with-origin for intended: Whether to expose origin information (system or running) to clients when retrieving from intended.
    • origin=system for copied configuration: If system configuration is explicitly copied into running, should its origin remain system or be treated as client-configured? This relates to the behavior of with-defaults in explicit mode.
  • Concern was raised about potential incompatible redefinition of RFC 7950/8342, suggesting an alternative without-system flag approach for normal operation. The issue of backward compatibility for clients unaware of system information was highlighted.

• Extensions of ACLs (RFC 8519):

  • The draft proposes enhancements to the ietf-acl YANG model (RFC 8519) based on operational experience.
  • Limitations of RFC 8519: Design makes some extensions via augmentation complicated, potentially requiring redefinition.
  • Functional Gaps Identified:
    • Lack of manipulating lists of prefixes (currently one prefix per entry), leading to sub-optimal configuration for many-to-many rules.
    • Inability to define aliases or sets (e.g., prefix sets, protocol sets, port sets, ICMP sets) for reuse across ACLs.
    • Sub-optimal handling of IPv4 fragments and TCP flags (e.g., no bitmasking for multiple flags).
    • Limited actions (accept/discard); desire for rate-limited or payload-based filtering.
    • RFC 8519 is a device model, but there's a need for network-level ACL management (e.g., central management, reusing templates across multiple devices).
  • Guidance Sought: Working Group guidance was requested on the best approach for enhancements: a new version of the ACL model (minimizing breaking changes) or augmenting the existing model. Also, how to handle a separate module for network-wide ACLs/sets (in netmod or elsewhere).
  • The proposed functionality is stateless.

Decisions and Action Items

• YANG Versioning Drafts:
  • Decision: The chairs will initiate a Working Group Last Call for ietf-yang-module-versioning and ietf-yang-semantic-versioning.
  • Decision: These drafts will be held within the working group until all five versioning-related drafts are ready for IESG processing.
• Post-Last Call Document: Authors of the document returned to the WG are expected to align it with reference documents. Others wishing to help should contact authors and cc the netmod chairs.
• enum-bits Draft:
  • Action Item: Working Group members are requested to review enum-bits by December and propose any immediate additions to the mailing list. If no significant issues or additions are identified, the chairs will move it to Working Group Last Call.

Next Steps

• ietf-yang-packages: Authors to continue working on the 20 open issues, including proposals for schema mount functionality and addressing module list duplication.
• ietf-yang-packages (Chairs Request): Authors are requested to post weekly meeting topics to the mailing list to facilitate broader participation.
• System Defined Configuration: Authors to update the draft with more concrete technical proposals regarding running configuration validity, origin tracking, and backward compatibility. Continued discussion on the mailing list is encouraged, with potential for another interim meeting if interest remains high.
• ACL Extensions: Authors to update the draft with detailed proposals on how to implement the identified enhancements, including specific proposals for augmenting or revising RFC 8519, and a more concrete design for the network-level ACL module. Discussion will continue on the mailing list.