-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwhiteboard.txt
155 lines (134 loc) · 4.77 KB
/
whiteboard.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
This represents the lifecycle of data within a device, and I've
drawn "====" boxes as "data" with "----" boxes as the operations
that are performed on that data to move it to the next step in the
lifecycle. Hopefully that's clear. Notes follow.
We wanted meaningless names for the phases, so we're using phonetic
alphabet names/codes. For example, "zulu" and "yankee" are the last
two phases.
-------------------
+==[india]==+
| |
+===========+
\
+--[juliette-delta]----------------------------
| + NETCONF/RESTCONF operations (<edit-config>)
| - (Syntactic validation) [2]
| + System-defined data rewrites [13]
+------------------------------
/
+=[juliette]+
| |
+===========+
\
+--[kilo-delta]----------------------------
| "commit" operation [4]
| - "best effort" option might result in removal of invalid config
+------------------------------
/
+==[kilo]===+
| |
+===========+
\
+--[lima-delta]---------------------------
| - remove inactive
| + expand any template/group mechanism [3]
| + add system-controlled implicit data
+------------------------------
/
+==[lima]===+
| |
+===========+
\
+--[mike-delta]----------------------------
| Semantic validation
| + commit-time system-controlled data
| - remove invalid data
+------------------------------
/
+==[mike]===+
| post validation [5] [6]
+===========+
\
+--[november-delta----------------
| - remove data for missing hardware ("ephemeral interfaces" [7])
+------------------------------
/
+==[november]=+
| system adjusted [8]
+=============+
\
+--[oscar-delta]----------------------------
| merge ephemeral database
+------------------------------
/
+==[oscar]==+
| [9] |
+===========+
\
+--[papa-delta]----------------------------
| add data learned from other sources (DHCP, RADIUS, 802.1x, etc)
+------------------------------
/
+==[papa]===+
| "complete instructions" [10]
+===========+
\
+--[yankee-delta]----------------------------
| replace config=true nodes with "current" values [11]
+------------------------------
/
+==[yankee]=+
| |
+===========+
\
+--[zulu-delta]---------------------------
| add config=false" nodes
+------------------------------
/
+==[zulu]===+
| aka "opstate"
+===========+
------------------------------------------------------------
Notes:
[1] [unused]
[2] Edit-config payloads are syntactically checked during processing.
Anything that fails validation is discarded.
[3] Such mechanisms are completely outside the spec of NETCONF, but we
in dealing with the "real world", we must admit their existence and
fit them into our world view.
[4] The commit operation may be either the <commit-config> operation
if #candidate is supported, or the implicit operation at the end of
each <edit-config> operation on the running datastore.
[5] Originally labeled "intended configuration", that term remains a
bit of a "Rorschach" term, but folks seem to stick with it regardless.
[6] The "post validation" datastore represents the product of a
successful validation, where any invalid configuration has been
removed.
[7] "ephemeral interfaces" is the term we've used for these sort of
"pre-provisioned" interface configurations in the past, thought this
term becomes overloaded with the introduction of "ephemeral
datastores".
[8] This was originally labeled "applied", but again, the "applied
configuration" term is a bit fuzzy, but seems too sticky to remove.
"system adjusted" has less fuzz, but also less curb appeal.
[9] There was no real consensus on the need to distinguish data gained
from the ephemeral database from that gained from mechanisms like
DHCP, etc. But IMHO the fact that ephemeral databases are "our's" and
the rest are not means that we need to call them out specifically.
[10] New term meant to represent that outcome of all the mechanisms
that gives "instructions" to the device.
[11] This description, while accurate, is not completely clear. As we
write all this up, it might be better to view this as a completely
distinct datastore rather than a set of operations performed on a
single stream of data.
[13] Data may be rewritten on input, for example converting any
plaintext password values into encrypted values, discarding the
original values.
----------------------
So we need to perform the following tasks:
(a) converge on a world view
(b) agree on terminology
(c) decide which data phases need to be externally visible
(d) create a mechanism to allow devices to describe which of those
can be accessed on this particular device
(e) write it up