On 15/12/2021 19:34, Yevgeny Shakhnovich wrote:
Hi Robert, We allow our customers to use Restconf directly. Using Restconf, they can create multiple netconf mount points for the same device. Unfortunately, they consider it not as an option but as a defect. This is a problem.
Right, but given the deployment flexibility where (for example) the same device can be mounted with different credentials, we cannot really make a blanket restriction on a TCP N-tuple here.
This is a use-case/deployment-specific restriction. There are a number of ways to place a policy enforcement point here, and if we are to provide a default here, we really need a complete use case description.
Can you supply it, please?Once we have it, we can play a number of deployment-level tricks and make sure things work the way you expect them to.
Alternatively, contributions containing proper reasoning/mitigation are always welcome.
Regards, Robert
Thanks, Yevgeny -----Original Message----- From: Robert Varga <n...@hq.sk> Sent: Wednesday, December 15, 2021 7:58 AM To: Yevgeny Shakhnovich <yevgeny.shakhnov...@ipinfusion.com>; Miroslav Mikluš <miroslav.mik...@pantheon.tech> Cc: Discuss@lists.opendaylight.org Subject: Re: [ODL Discuss] Multiple mount points for the same device On 13/12/2021 16:05, Yevgeny Shakhnovich wrote:Hi Miroslav, Thank you for your prompt response but I am slightly disappointed by it. I hoped that I overlooked something. A user can create a mount point using Restconf and can modify this mount point using the same Restconf. Our application cannot control it. Do you provide any interceptor that we can use to enforce the uniqueness? I am not aware of it.I am not sure what exactly is the use case you are asking for. You certainly do not have to use the stock netconf-topology component, or can filter access to the network topology through usual API gw methods. As for uniqueness -- we are giving people flexibility to do what they need -- and that includes having netconf topology nodes which connect to the same device. Regards, RobertThanks, Yevgeny *From:* Miroslav Mikluš <miroslav.mik...@pantheon.tech> *Sent:* Monday, December 13, 2021 12:46 AM *To:* Yevgeny Shakhnovich <yevgeny.shakhnov...@ipinfusion.com <mailto:yevgeny.shakhnov...@ipinfusion.com>> *Cc:* Discuss@lists.opendaylight.org <mailto:Discuss@lists.opendaylight.org> *Subject:* RE: [ODL Discuss] Multiple mount points for the same device Dear Yevgeny, You can implement uniqueness of host, port or credentials in your own controller application, but I think that OpenDaylight should not assume that any of those mount-point attributes are fixed and user / client application should be able to change them. Cheers, Miroslav *From:* Discuss@lists.opendaylight.org <mailto:Discuss@lists.opendaylight.org> <Discuss@lists.opendaylight.org <mailto:Discuss@lists.opendaylight.org>> *On Behalf Of *Yevgeny Shakhnovich *Sent:* Thursday, December 9, 2021 5:47 PM *To:* Discuss@lists.opendaylight.org <mailto:Discuss@lists.opendaylight.org> *Subject:* [ODL Discuss] Multiple mount points for the same device Hi ODL, We found that we can create a few Netconf mount points for the same device by using different node-ids. So, the host, the port, the credentials are the same. Only the node-id is different for each mount point. ODL does not check for uniqueness of the host/port combination. Is it intentional? I cannot imagine a use case justifying it. Is it possible to exclude such duplication? We use Silicon release of ODL. Thanks, Yevgeny .
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8860): https://lists.opendaylight.org/g/Discuss/message/8860 Mute This Topic: https://lists.opendaylight.org/mt/87615798/21656 Group Owner: discuss+ow...@lists.opendaylight.org Unsubscribe: https://lists.opendaylight.org/g/Discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
OpenPGP_signature
Description: OpenPGP digital signature
