IETF Logo Mail Archive

[yang-doctors] YANG doctor comments on draft-ietf-l3sm-l3vpn-service-model-16

"Giles Heron (giheron)" <giheron@cisco.com> Tue, 27 September 2016 23:33 UTC

Return-Path: <giheron@cisco.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A02512B097; Tue, 27 Sep 2016 16:33:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.837
X-Spam-Level:
X-Spam-Status: No, score=-16.837 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eahj41B3FWcD; Tue, 27 Sep 2016 16:33:38 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BA7812B03C; Tue, 27 Sep 2016 16:33:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6076; q=dns/txt; s=iport; t=1475019218; x=1476228818; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=gNgpAYEhDQpOT1C0lAd1bVcbWdMXR+LR9khE3UPaQKg=; b=ipEBYGMV6A/kGOAaGA5t5AP/PtavWJHHVkMrFysr2AdACSkHz0728O2i ZvjM5V3TYDKHMvYxp5KIWmswXFz+p6MLZBDHB+LWK6GWKDbgyhyq29gOi lDHFxxFTYtJqW1eOppElkT9QebCE+yRACelTkX5x9cfDxcAHdWEaT3Fzr o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CxAQAEAetX/4QNJK1dGwEBAQMBAQEJAQEBgz8BAQEBAR6BWo0rqQqCD4IGhh4egUQ4FAECAQEBAQEBAV4cC4RoIxE3DhIBIgImAgQwFRIEDohSswiNBQEBAQEBAQEBAQEBAQEBAQEBAQEBARyBBoUxgXwIihgrghIdBYgth0GKCAGPaY9skGcBHjaDHxeBUIcKfwEBAQ
X-IronPort-AV: E=Sophos;i="5.30,407,1470700800"; d="scan'208";a="327059923"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2016 23:33:37 +0000
Received: from XCH-RTP-016.cisco.com (xch-rtp-016.cisco.com [64.101.220.156]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u8RNXbLp026636 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 27 Sep 2016 23:33:37 GMT
Received: from xch-rtp-019.cisco.com (64.101.220.159) by XCH-RTP-016.cisco.com (64.101.220.156) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 27 Sep 2016 19:33:36 -0400
Received: from xch-rtp-019.cisco.com ([64.101.220.159]) by XCH-RTP-019.cisco.com ([64.101.220.159]) with mapi id 15.00.1210.000; Tue, 27 Sep 2016 19:33:36 -0400
From: "Giles Heron (giheron)" <giheron@cisco.com>
To: "draft-ietf-l3sm-l3vpn-service-model@ietf.org" <draft-ietf-l3sm-l3vpn-service-model@ietf.org>
Thread-Topic: YANG doctor comments on draft-ietf-l3sm-l3vpn-service-model-16
Thread-Index: AQHSGReRLLGC8svmbE2a1bSGzWezVg==
Date: Tue, 27 Sep 2016 23:33:36 +0000
Message-ID: <347D3F57-0619-4635-97CD-F647D8C473DB@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.61.247.16]
Content-Type: text/plain; charset="utf-8"
Content-ID: <66BEF32B22D2D84D81632014C8F6721C@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/HLZ03r9rxxJTZETFIXg4WUpo3Ag>
Cc: YANG Doctors <yang-doctors@ietf.org>
Subject: [yang-doctors] YANG doctor comments on draft-ietf-l3sm-l3vpn-service-model-16
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2016 23:33:40 -0000

Some comments from a YANG-doctor perspective

a couple of meta-issues first - these are perhaps things the YANG Doctors need to discuss amongst themselves.

1) I tend to the view that service models should be augments of the I2RS network and topology model rather than being standalone models. 

2) I wonder if the IETF should really be focussing on the interface between the “service component” and the “config component” in your draft.  at that layer we can look at e.g. route targets and route distinguishers so we can focus on IETF technologies, but still take a network and service-centric view rather than a device-centric one.    The true technology-neutral “service” layer is being worked on in e.g. MEF - certainly for L2 and I think for L3 also.   Sure, in the L3 case we could probably argue it’s more IETF’s expertise than MEF’s, but I think there’s still value in having both layers, and I think we do need to make sure IETF and MEF don’t tread on each others’ toes too much.

In terms of more specific comments on the model:

3) the address-families could possibly use an enum rather than identities (as hopefully v4 and v6 is all we’ll ever have!)

4) again if you think the site-vpn-flavors, transport constraints, management types, address allocation types, vpn-topologies, multicast tree types, multicast rp discovery types etc. are definitive lists you could use enums for them.

5) re the site-roles we only really need hub and spoke if we have any-to-any as a default.

6) for the cloud-access perhaps the if-feature should be at the cloud-accesses container level.  given the indentation I suspect you added the container later?

7) for the authorized/denied sites there might be a better way to do that (using a choice - so you have either one list or the other).

8) nat-enabled could maybe be a presence container with customer-nat-address as an optional leaf inside it (since the customer nat address only applies if nat is enabled)

9) again the multicast container inside the vpn-service-multicast could be a presence container indicating that multicast is enabled and then have other various containers as sub-containers within that.

10) tree-flavor could be a leaf-list (it only has one leaf in it).

11) again provider-managed could be a presence container instead of having an enabled leaf.  that also avoids the when statements for the other leaves.

12) bsr-candidate could be a leaf-list (only one leaf in the list).

13) you could use an empty presence container rather than a leaf for carrrierscarrier.

14) the customer location info feels like it may be at too high a level for a service model.

15) do you need two levels of container in the site-diversity grouping?

16) the groups container is used in both site-diversity and access-diversity.  So you could use a grouping for it.   In fact you could probably just have the group list and constraint list - there’s less need for an enclosing container for a list when the list is already embedded in a container.

17) it might be possible to pull in the flow matching definitions from another model - they seem fairly generic.

18) the fast-reroute stuff could again use a presence container.

19) site-security-authentication looks kind of empty.

20) site-security-encryption could again use a presence container instead of an enabled leaf.

21) I’m guessing the layer should be a mandatory leaf for encryption and have a default?

22) I’m guessing the mask for the static address case ought to be in the range 0..31 for IPv4 and 0..127 for IPv6 (as you can’t have a /32 with 2 addresses in it).

23) again for BFD you could use a presence container

24) the container "vpn-policy-list" should perhaps be called “vpn-policies”.

25) the list “entries” should probably be called “entry”.

26) ipv4-lan-prefixes and ipv6-lan-prefixes should probably be leaf-lists and should probably have singular names.

27) the site-role for a VPN site could be made optional if the default was any-to-any (so you’d only need a role for hubs and spokes).

28) shouldn’t the multicast traffic constraints have a leaf-list for the dst-site rather than just a leaf? (you’d most likely want the same constraint for multiple destinations).

29) vpn-svc should probably be called vpn-service for consistency with the enclosing container.

Giles

v2.23.0 | Report a Bug | By Email