Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commit confirmed gNMI extension #198

Closed
wants to merge 1 commit into from
Closed

Commit confirmed gNMI extension #198

wants to merge 1 commit into from

Conversation

hellt
Copy link
Contributor

@hellt hellt commented Oct 11, 2023
edited
Loading

Hi @robshakir, @kidiyoor

This is a proposal for gNMI Commit Confirmed extension as a response to #196 #197

It comes with the proposed extension proto spec in the accompanying PR openconfig/gnmi#154

This was referenced Oct 11, 2023
Merged
Closed
@hellt
commit confirmed design doc
7a0e254 
link fix

entails->contains

fixed typos
ncorran
ncorran reviewed Nov 2, 2023
View reviewed changes
rpc/gnmi/gnmi-commit-confirmed.md

#### 3.1 Initiating Commit Confirmed operation

To initiate a Commit Confirmed operation, the client MUST include the `CommitConfirmed` extension in the `SetRequest` message. The `CommitConfirmed` message MUST include the `COMMIT_CONFIRMED_ACTION_START` action to indicate that the network device MUST apply the configuration changes and start the commit rollback timeout waiting for a confirmation action.
Copy link

@ncorran ncorran Nov 2, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to specify the locking here - i.e. the period from commit through to commit confirm (or abort or timeout) is a window in which the server is locked from the perspective of other sessions. I would prefer this to be explicit in the ACTION naming such as START_W_LOCK/CONFIRM_W_UNLOCK/REJECT_W_UNLOCK or a better suggestion may be:
ACTION_LOCK (instead of start)
ACTION_UNLOCK_REJECT
ACTION_UNLOCK_CONFIRM.

Failing this change, it should be very clear in this description and in the proto etc. that there is exclusive locking taking place across this 'confirmation exchange', as this is the first time gnmi has added a multi-step operation (i.e. all updates are single messages, with no lock, edit, edit, commit, unlock type flows like netconf).

ncorran
ncorran reviewed Nov 2, 2023
View reviewed changes
rpc/gnmi/gnmi-commit-confirmed.md

The commit identifier returned by the network device in the `SetResponse` message with `COMMIT_CONFIRMED_ACTION_START` action enables controlled session management and prevents erroneous actions to be taken by the network device due to race conditions.

For example, when commit_id is not used it is theoretically possible that the commit confirmed action will be processed by the network device after the timeout has expired, causing erroneous action to be taken. Or multiple actors will attempt to perform different actions on the same commit.
Copy link

@ncorran ncorran Nov 2, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add some comment about security here - is the commit-id sufficient to really identify the initial commit owner and are we happy with that? (vs constraining this to within a session so we can check some session params on the server as well as the id? or e.g. specify that you expect the server to store and check the AAA credentials of the confirm sender == the initiator??)

@hellt
Copy link
Contributor Author

hellt commented Nov 15, 2023

replaced by #196

@hellt hellt closed this Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncorran ncorran ncorran left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hellt @ncorran