Re: [OPSAWG] Yangdoctors early review of draft-ietf-opsawg-teas-attachment-circuit-03
Thx Med - one comment inline... On 2024-01-15 06:59:58, mohamed.boucad...@orange.com wrote: > [External Email. Be cautious of content] > > > Hi Ebben, > > Thank you for the review. > > A new version that takes into account the review can be seen at: > https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-opsawg-teas-attachment-circuit-04__;!!NEt6yMaO-gk!HXVDToOssxIY9VMDmKqkKUPCGGv49M5Ey707NIlh9DgCqdza_Lc--Ls96qov_kNmayL2_P2Jx6ScROMTM-o0w6Hh$ > > Please see inline for more context. > > Cheers, > Med > > > -Message d'origine- > > De : Ebben Aries via Datatracker > > Envoyé : mercredi 10 janvier 2024 23:58 > > À : yang-doct...@ietf.org > > Cc : draft-ietf-opsawg-teas-attachment-circuit@ietf.org; > > opsawg@ietf.org > > Objet : Yangdoctors early review of draft-ietf-opsawg-teas- > > attachment-circuit-03 > > > > Reviewer: Ebben Aries > > Review result: On the Right Track > > > > 2 modules in this draft: > > - ietf-ac-...@2023-11-13.yang > > - ietf-bearer-...@2023-11-13.yang > > > > YANG compiler errors or warnings (pyang 2.6.0, yanglint 2.1.128, > > yangson 1.4.19) > > - No compiler errors or warnings for tree outputs > > > > NOTE: These modules were reviewed and validated (stub instance- > > data) in conjunction with draft-ietf-opsawg-teas-common-ac-02 and > > I did my best to separate comments out to each even though > > validation crosses the 2 reviews > > > > General comments on the draft: > > - Section 5.1/5.2: Move the "file" declaration in > > up to align > > and quote the filename otherwise published IETF tooling will > > fail to parse > > correctly > > [Med] Fixed. > > > > > General comments on the modules: > > - Similar comment to that in the `ietf-ac-common` review in that > > if there is > > intention for other modules to import and use then ensure any > > must/when > > statements are fully qualified. L#272-273 in `ietf-bearer-svc` > > are one such > > example. > > [Med] ACK. > > > - For `status/admin-status/last-change`, this leaf is `r/w` and > > while I > > realize this is reuse from `ietf-vpn-common`, it seems that > > this is > > incorrect and should be reflected as pure `r/o` state. > > [Med] Actually, no. Unlike the operational status, the client can control > that for administrative status as well. Think about scheduled operations for > example. I'm conflicted why this would reside in modeling for the use-case you describe as this would entail a pattern that would need to be considered across _all_ modeling. I'm not sure I've seen this pattern arise before. RFC7758 is one such example of how scheduled operations would be handled at the protocol messaging layer and not scattered among the data-content. `last-change` also seems like a misnomer here for the administrative client induced use-case which I don't see mention of intent within RFC9181. > A > > client is not > > going to "write" this value to a server however this is an > > inheritance/reuse > > issue if you agree > > > > Example Validated Instance Data (post qualification fixes): > > [Med] Thank you. I put this example at > https://urldefense.com/v3/__https://github.com/boucadair/attachment-circuit-model/blob/main/xml-examples/svc-full-instance.xml__;!!NEt6yMaO-gk!HXVDToOssxIY9VMDmKqkKUPCGGv49M5Ey707NIlh9DgCqdza_Lc--Ls96qov_kNmayL2_P2Jx6ScROMTM7M963ko$ > and cited it in the draft with an acknowledgement :-) > > > > > > > > > KC1 > > KC1 Description > > > > 131001 > > > > > > > > > > > > hmac-sha-512 > > > > > > > > > > > > AGP1 > > SPP1 > > SPP2 > > > > > > > xmlns:vpn-common="urn:ietf:params:xml:ns:yang:ietf-vpn- > > common">vpn-common:ethernet-type > > > > > > > > > > AGP2 > > SPP1 > > > > > > 1.1.1.1 > > 2.2.2.2 > > 31 > > > xmlns:ac-common="urn:ietf:params:xml:ns:yang:ietf-ac- > > common">ac-common:static-address > > > > ID1 > > 10.1.1.1 > > > > > > > > 2001:db8:1000::1 > > 2001:db8::: > > 127 > > > xmlns:
Re: [OPSAWG] Yangdoctors early review of draft-ietf-opsawg-teas-common-ac-02
Thx Med for addressing my comments. The updates look good to me. /ebben On 2024-01-11 14:30:09, mohamed.boucad...@orange.com wrote: > [External Email. Be cautious of content] > > > Hi Ebben, > > Thank you for the review. > > Updated the spec to take into account your comments as you can see at: > https://urldefense.com/v3/__https://author-tools.ietf.org/api/iddiff?doc_1=draft-ietf-opsawg-teas-common-ac_2=https:**Aboucadair.github.io*attachment-circuit-model*draft-ietf-opsawg-teas-common-ac.txt__;Ly8vLw!!NEt6yMaO-gk!DFSr2_ATQcCtt5PSDds7C4uS-HfuciT-F6O_lx3_dBJOFrX_WcRuzQ9NokZvhNBpfw0WB1Xwbh2xNcK3YEwuwywW$ > > Please see inline for more context. > > Cheers, > Med > > > -Message d'origine- > > De : Ebben Aries via Datatracker > > Envoyé : mercredi 10 janvier 2024 23:57 > > À : yang-doct...@ietf.org > > Cc : draft-ietf-opsawg-teas-common-ac@ietf.org; > > opsawg@ietf.org > > Objet : Yangdoctors early review of draft-ietf-opsawg-teas- > > common-ac-02 > > > > Reviewer: Ebben Aries > > Review result: On the Right Track > > > > 1 module in this draft: > > - ietf-ac-com...@2023-11-13.yang > > > > YANG compiler errors or warnings (pyang 2.6.0, yanglint 2.1.128, > > yangson 1.4.19) > > - No compiler errors or warnings > > > > NOTE: This module was reviewed and validated (stub instance-data) > > in conjunction with draft-ietf-opsawg-teas-attachment-circuit-03 > > and I did my best to separate comments out to each even though > > validation crosses the 2 reviews > > > > [Med] Thank you. > > > General comments on the draft: > > - Section 3: There is reference to the tree and the tree being > > too long but > > this module is solely groupings, identities and typedefs thus > > there is no > > implementation of a standalone data tree in this common module. > > Is this > > moreso in reference to a tree output that might include > > `--tree-print-groupings` as seen in a subsequent section? > > [Med] Yes because we were assuming that the reader is familiar with > rfc8340#section-3.2. Added a note to make this explicit. > > > - Section 4: Move the "file" declaration in up to > > align and > > quote "ietf-ac-com...@2023-11-13.yang" otherwise published IETF > > tooling will > > fail to parse correctly > > [Med] Fixed. > > > > > General comments on the module: > > - Suggestion: Insert appropriate line breaks throughout module > > statements for > > readability > > [Med] I think that we are already following the practices for published > modules in that matter: no line breaks inside the groupings/containers. > > > - L#509: must statement needs to qualify identities as 'ac- > > common:slaac' and > > 'ac-common:provider-dhcp-slaac' otherwise the imports/uses will > > assume > > localization (Suggest auditing all 'when' and 'must' statements > > that > > reference identities to ensure full qualification for any > > future imports) > > [Med] Fixed. > > > - L#1329: Address/remove comment > > [Med] Fixed. > > > - L#1404: s/type\{/type \{/ > > [Med] Fixed. > > > - Minor nit: s/Indciates/Indicates/ -> "Indciates the actual date > > and time > > when the service" > > [Med] Fixed. > > > - For "vlan-id" related leaves, should these be scoped in the > > uint16 space? > > [Med] Yes, they should. Thanks for catching this. Fixed. > > > - For the `pseudowire` and `vpls` groupings, there is a > > duplication of nodes. > > Does it make sense to consolidate as much as possible and only > > diverge where > > necessary? > > > > [Med] I don't think there is value to do that here as we only have one common > leaf. Thanks. > > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu > ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete > this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
[OPSAWG] Yangdoctors early review of draft-ietf-opsawg-teas-attachment-circuit-03
Reviewer: Ebben Aries Review result: On the Right Track 2 modules in this draft: - ietf-ac-...@2023-11-13.yang - ietf-bearer-...@2023-11-13.yang YANG compiler errors or warnings (pyang 2.6.0, yanglint 2.1.128, yangson 1.4.19) - No compiler errors or warnings for tree outputs NOTE: These modules were reviewed and validated (stub instance-data) in conjunction with draft-ietf-opsawg-teas-common-ac-02 and I did my best to separate comments out to each even though validation crosses the 2 reviews General comments on the draft: - Section 5.1/5.2: Move the "file" declaration in up to align and quote the filename otherwise published IETF tooling will fail to parse correctly General comments on the modules: - Similar comment to that in the `ietf-ac-common` review in that if there is intention for other modules to import and use then ensure any must/when statements are fully qualified. L#272-273 in `ietf-bearer-svc` are one such example. - For `status/admin-status/last-change`, this leaf is `r/w` and while I realize this is reuse from `ietf-vpn-common`, it seems that this is incorrect and should be reflected as pure `r/o` state. A client is not going to "write" this value to a server however this is an inheritance/reuse issue if you agree Example Validated Instance Data (post qualification fixes): KC1 KC1 Description 131001 hmac-sha-512 AGP1 SPP1 SPP2 vpn-common:ethernet-type AGP2 SPP1 1.1.1.1 2.2.2.2 31 ac-common:static-address ID1 10.1.1.1 2001:db8:1000::1 2001:db8::: 127 ac-common:static-address ID1 2001:db8:dead::beef RP1 vpn-common:bgp-routing EPI5 vpn-common:import-export PG1 65000 65001 vpn-common:ipv4 10.1.1.1 true true KC1 N1 10.2.2.2 10.1.1.1 PG1 vpn-common:admin-up 2023-12-30T15:02:11.353Z vpn-common:op-up 2023-12-30T15:02:11.353Z EPI3 180 vpn-common:admin-up 2023-12-30T15:02:11.353Z vpn-common:op-up 2023-12-30T15:02:11.353Z true layer3 KC1 vpn-common:bw-per-service 1 1 1 1 1 1 vpn-common:pop-diverse GID1 AC1 CUSTOMER1 Attachment Circuit #1 2023-12-30T14:52:51.353Z 2025-12-30T00:00:00.000Z 2023-12-30T15:02:10.003Z PSID1 AGP2 AC2 GID1 ac-common:primary vpn-common:l3vpn SID1 SPP1 2001:db8::1 2001:db8::2 128 ac-common:static-address EPI2 vpn-common:both EPI4 AC2 EPI1 EPI2 EPI3 EPI4 EPI5 SPP1 SPP2 network-termination-hint G1 vpn-common:pop-diverse vpn-common:pe-diverse B1 Description for B1 G1 Op comment site-and-device-id devid1 SJC01 555 Anystreet 95123 CA San Jose US ethernet AC1 2023-12-30T14:52:51.353Z 2025-12-30T00:00:00.000Z 2023-12-30T15:02:10.003Z vpn-common:admin-up 2023-12-30T15:02:11.353Z vpn-common:op-up 2023-12-30T15:02:11.353Z ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
[OPSAWG] Yangdoctors early review of draft-ietf-opsawg-teas-common-ac-02
Reviewer: Ebben Aries Review result: On the Right Track 1 module in this draft: - ietf-ac-com...@2023-11-13.yang YANG compiler errors or warnings (pyang 2.6.0, yanglint 2.1.128, yangson 1.4.19) - No compiler errors or warnings NOTE: This module was reviewed and validated (stub instance-data) in conjunction with draft-ietf-opsawg-teas-attachment-circuit-03 and I did my best to separate comments out to each even though validation crosses the 2 reviews General comments on the draft: - Section 3: There is reference to the tree and the tree being too long but this module is solely groupings, identities and typedefs thus there is no implementation of a standalone data tree in this common module. Is this moreso in reference to a tree output that might include `--tree-print-groupings` as seen in a subsequent section? - Section 4: Move the "file" declaration in up to align and quote "ietf-ac-com...@2023-11-13.yang" otherwise published IETF tooling will fail to parse correctly General comments on the module: - Suggestion: Insert appropriate line breaks throughout module statements for readability - L#509: must statement needs to qualify identities as 'ac-common:slaac' and 'ac-common:provider-dhcp-slaac' otherwise the imports/uses will assume localization (Suggest auditing all 'when' and 'must' statements that reference identities to ensure full qualification for any future imports) - L#1329: Address/remove comment - L#1404: s/type\{/type \{/ - Minor nit: s/Indciates/Indicates/ -> "Indciates the actual date and time when the service" - For "vlan-id" related leaves, should these be scoped in the uint16 space? - For the `pseudowire` and `vpls` groupings, there is a duplication of nodes. Does it make sense to consolidate as much as possible and only diverge where necessary? ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
[OPSAWG] Yangdoctors early review of draft-ietf-opsawg-sbom-access-02
Reviewer: Ebben Aries Review result: Almost Ready Apologies for not turning this around sooner. Structure wise, the model is fairly sound. Most of the comments below are either nits/wording, slight adjustments and questions/clarifications. 1 module in this draft: - ietf-mud-transpare...@2021-07-06.yang No YANG compiler errors or warnings (pyang 2.5.0, yanglint 2.0.88, confdc 7.2.3.4) - L#364: CODE BEGINS : filename must be defined on same line for tools such as rfcstrip to correctly parse the module contents Module ietf-mud-transpare...@2021-07-06.yang: - import `ietf-inet-types` should reference RFC 6991 per https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-15#section-4.7 - import `ietf-mud` should reference RFC 8520 per https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-15#section-4.7 - L#016 - Minor nit: looks like L#17 should be moved up here - L#018-020 - Minor nit: adjust email address formatting per https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-15#appendix-C - The type and enum members are identically defined for `sbom-local-well-known` and `vuln-local-well-known`. Is this something you can leverage by using a typedef or a grouping or is there intention to keep these separately defined? - When retrieving say an 'sbom' from the device, is it assumed that it be via `sbom-local-well-known`? What if it is necessary to host this on an alternate port for one of the communication protocols chosen? Would this scenario then best use `sbom-url` to define a static URI? (Same question applies to vuln as well) - Independent of the answer to the above question, is `cloud` the best choice or wording for the other case statement under the retrieval method choices? It seems to be that we have 3 cases for sbom/vuln retrieval methods which correspond to the draft wording at L#176-180 which seems to not pair identically. * on devices themselves: Could be /.well-known/ or a static URI could it not? * on a website: Static URI only * out-of-band: Static URI only - should this leaf be named something closer to that vs. 'contact'? General comments on the draft/modules: - L#0021: s/provide access this/provide access to this/ - L#0117: s/bills of material/bill of materials/ - L#0627: JSON example needs correct prefix for the augment `ietf-mud-transparency:transparency` - L#0941: s/not be/not been/ - L#0961: s/authoration/authorization/ - Since `ietf-mud-transparency` imports `ietf-inet-types`, a normative reference must be added per https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-15#section-3.9 ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
Re: [OPSAWG] New Version Notification for draft-zheng-opsawg-tacacs-yang-02.txt
A few quick observations on the model - The model defines the client configuration and state parameters only but to be functional for operator use w/ AAA needs a few other things, otherwise this by itself is incomplete - There should likely be an identity of 'tacacsplus' that is base off ietf-system:authentication-method - The 'user-authentication-order' must restrictions in ietf-system would need to be accounted for as is done for radius - Is there intention to add an equivalent 'tacacsplus-authentication' feature much like there is for radius? Thx /ebben On Jun 20 13:04 PM, Wubo (lana) wrote: > Dear WG, > > We update the 02 version of draft-zheng-opsawg-tacacs-yang-02 to address the > comments from 104 meeting. > https://tools.ietf.org/html/draft-zheng-opsawg-tacacs-yang-02 > > Here are some major changes in this version: > - This draft is focused on TACACS+ Client only YANG. > - Change the module name to ietf-system-tacacsplus. > - Group the all the rw objects together by changing timeout to server > specific. > - Change "network-instance" to "vrf-instance" to make it specific and add > text to describe it. > - Add "source-interface" as a choice to accommodate one more implementation. > > Please help to review the document, comments and suggestions are welcome! > > Thanks, > Bo > > > -邮件原件- > 发件人: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org] > 发送时间: 2019年6月20日 20:38 > 收件人: wangzitao ; Wubo (lana) ; > Zhengguangying (Walker) ; Wubo (lana) > ; wangzitao > 主题: New Version Notification for draft-zheng-opsawg-tacacs-yang-02.txt > > > A new version of I-D, draft-zheng-opsawg-tacacs-yang-02.txt > has been successfully submitted by Bo Wu and posted to the IETF repository. > > Name: draft-zheng-opsawg-tacacs-yang > Revision: 02 > Title:Yang data model for TACACS+ > Document date:2019-06-20 > Group:Individual Submission > Pages:14 > URL: > https://www.ietf.org/internet-drafts/draft-zheng-opsawg-tacacs-yang-02.txt > Status: > https://datatracker.ietf.org/doc/draft-zheng-opsawg-tacacs-yang/ > Htmlized: https://tools.ietf.org/html/draft-zheng-opsawg-tacacs-yang-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-zheng-opsawg-tacacs-yang > Diff: > https://www.ietf.org/rfcdiff?url2=draft-zheng-opsawg-tacacs-yang-02 > > Abstract: >This document defines a YANG modules that augment the System data >model defined in the RFC 7317 with TACACS+ client model. The data >model of Terminal Access Controller Access Control System Plus >(TACACS+) client allows the configuration of TACACS+ servers for >centralized Authentication, Authorization and Accounting. > >The YANG modules in this document conforms to the Network Management >Datastore Architecture (NMDA) defined in RFC 8342. > > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > ___ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg