Re: [netmod] operational knobs

To: "NETMOD Working Group" <netmod at ietf.org>
Subject: Re: [netmod] operational knobs
From: "Randy Presuhn" <randy_presuhn at mindspring.com>
Date: Sun, 1 Nov 2009 09:02:03 -0700
Delivered-to: netmod at core3.amsl.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=WFauFYFz3CQ/qp731sOj4fkEu1p8q/baD1Lc0HSDiTUr4ceWOJDbyiClkAkBol3z; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
List-archive: <http://www.ietf.org/mail-archive/web/netmod>
List-help: <mailto:netmod-request@ietf.org?subject=help>
List-id: NETMOD WG list <netmod.ietf.org>
List-post: <mailto:netmod@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
References: <200911011601.nA1G12oL015680 at idle.juniper.net>

Hi -

> From: "Phil Shafer" <phil at juniper.net>
> To: "Joel M. Halpern" <jmh at joelhalpern.com>
> Cc: "NETMOD Working Group" <netmod at ietf.org>
> Sent: Sunday, November 01, 2009 9:01 AM
> Subject: Re: [netmod] operational knobs
...
> I've always been curious why new verbs weren't added to SNMP
> instead of this kludge.  Poking bytes into control registers
> clearly wasn't the example to follow and the distaste for it
> seems universal, but I've never grok'd why verbs like CREATE,
> DELETE, LOCK, CHANGE, PRE-CREATE, DISABLE, &etc weren't made.
...

Adding them would have been a change to the protocol's grammar,
which would have been a non-starter for several reasons:

   -  re-starting the clock at "Proposed Standard" each time one of
      these was added would have been politically unpalatable (CMIP
      was a full IS, and, since it already had verbs for Create, Delete, etc.,
      adding these to SNMP would also have been seen as an admission
      of inadequacy)

   - changing the grammar would have adversely affected the deployed base
      of management systems and agents, as well as the various vendors'
      development tools, and would have invalidated the interoperability suites,
      bake-offs, and test events.  The ability to work with generic "dumb" MIB
      browsers was demanded by users.

    - by the time SMP, Secure SNMP, SNMPv2, SNMPv2*, etc, started appearing,
      access control models were being formulated in terms of object identifiers.
      If an "Action" facility were to be added, we'd have had to formulate the policies
      in ways similar to how VACM processes notifications, which would severly
      constrain how people could formulate actions.  (Not that that would have been
      a bad thing)

FWIW the CMIP experience, while it did establish that having distinct verbs for
Create and Delete was a Good Thing, and had provisions for synchronization
built into the object model and the protocol, also demonstrated that a generic
Action facility, while useful, needed to be used *Very* carefully.  Like netconf RPCs,
it provided the ability to shovel around rather arbitrary syntax.  Mating this with
fine-grained access control expressed in terms of the object model is
hard.  Later discussions of "we wish we had" in CMIP-land supported limiting
the payload to things that would look like variable bindings, rather than arbitrary
ASN.1, to ease matching up the bits and pieces of actions with the objects'
data models.

Randy

Follow-Ups:
- Re: [netmod] operational knobs
  - From: Phil Shafer
- Re: [netmod] operational knobs
  - From: Jon Saperia

References:
- Re: [netmod] operational knobs
  - From: Phil Shafer

Prev by Date: Re: [netmod] operational knobs
Next by Date: Re: [netmod] operational knobs
Previous by thread: Re: [netmod] operational knobs
Next by thread: Re: [netmod] operational knobs
Index(es):
- Date
- Thread

Re: [netmod] operational knobs

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.