Last Call Review of draft-ietf-pim-igmp-mld-yang-07

Request Review of draft-ietf-pim-igmp-mld-yang
Requested rev. no specific revision (document currently at 12)
Type Last Call Review
Team YANG Doctors (yangdoctors)
Deadline 2018-08-31
Requested 2018-08-09
Requested by Alvaro Retana
Draft last updated 2018-08-13
Completed reviews Yangdoctors Early review of -02 by Jan Lindblad (diff)
Yangdoctors Last Call review of -07 by Jan Lindblad (diff)
Rtgdir Last Call review of -10 by He Jia (diff)
Yangdoctors Telechat review of -10 by Jan Lindblad (diff)
Secdir Last Call review of -10 by Rifaat Shekh-Yusef (diff)
Genart Last Call review of -10 by Dale Worley (diff)
Secdir Telechat review of -12 by Rifaat Shekh-Yusef
I'm asking for a review ahead of starting the IETF LC because there is just one outstanding nit to be fixed (a Downref [1]).  When the LC is issued, it will at least go through the deadline above.




This is my YANG-doctor review of draft-ietf-pim-igmp-mld-yang-07. In the spring, I did an early review of the -02 version.

Most of the comments from the earlier review are still valid. In some ways the document has progressed since -02, in many it has not, and in a few it has deteriorated. In my judgement, the document is not ready for last call. Many fundamentally important questions are still unresolved. Here are my review comments in rough falling order of importance.

#1 Improper augment of /rt:routing/rt:control-plane-protocols

Quoted from section 3.1: 
   This model augments the core routing data model "ietf-routing"
   specified in [RFC8349].  The IGMP model augments "/rt:routing/
   rt:control-plane-protocols" as opposed to augmenting "/rt:routing/
   rt:control-plane-protocols/rt:control-plane-protocol", as the latter
   would allow multiple protocol instances, while the IGMP protocol is
   designed to be enabled or disabled as a single protocol instance on
   a network instance or a logical network element.

The description above, and the actual augment statements in the YANG module violate the principles described in RFC 8349, the ietf-routing.yang module it augments. In RFC 8349, section 5.3.  Control-Plane Protocol, the proper way of augmenting the routing module is described. The fact that this is a singleton protocol instance doesn't change this. Section 5.3 describes singleton cases as well.

#2 Incorrect vendor refinement model

Quoted from section 2.2: 
   For the same reason, wide constant ranges (for example, timer
   maximum and minimum) will be used in the model.  It is expected that
   vendors will augment the model with any specific restrictions that
   might be required. Vendors may also extend the features list with
   proprietary extensions.

This is not acceptable. The principle suggested does not foster interoperability and useful standards. It is also not possible to do what the paragraph suggests in YANG. This was pointed out in the -02 review, and a suggestion was given there on how to address the problem.

#3 Top level structures not optional

Quoted from section 2.3:
   The current document contains IGMP and MLD as separate schema
   branches in the structure. The reason for this is to make it easier
   for implementations which may optionally choose to support specific
   address families. And the names of objects may be different between
   the IPv4 (IGMP) and IPv6 (MLD) address families.

This problem was also pointed out in the -02 review. The author suggests that implementing igmp and/or mld is optional. This is not reflected in the YANG module, however. As currently modeled, both are currently mandatory to implement. If-feature is used liberally in the module, and could be used here as well. 

#4 Unclear meaning of optional leaves

Quoted from section 3.1:
   Where fields are not genuinely essential to protocol operation, they
   are marked as optional. Some fields will be essential but have a
   default specified, so that they need not be configured explicitly.

In fact, in the current version of the module, every leaf is optional (except keys, which cannot be optional). It is good to see the addition of defaults in many cases, but many unclear cases remain. E.g. leaf /igmp/global/enable is of type boolean. I understand what true and false implies for this leaf. But what does it mean if it is not set at all? Either add a default or describe the meaning in the description. Similarly, if the leaf version is not set on an igmp or mld interface, or on the interface-global level, what does that mean? Add default. require-router-alert? explicit-tracking? exclude-lite? Many of these are used in NP-containers inheriting all the from the root, which makes the use of mandatory highly discouraged in the current form. If the RFC 8349 augmentation principles are followed, the concern around mandatory falls, and some leafs with no sensible default could be marked mandatory instead.

#5 All optional state

All state data is optional, which means a conforming server could very well decide not to implement it. E.g. discontinuity-time is optional. Should a manager count on this being available? A situation where every leaf is optional is as nice and flexible for server implementors as it is frustrating and complicated for manager implementors to consume. A YANG model is an API contract and should consider the needs of both sides. The way this has been designed reveals that no representation for the consumer side of this model has been involved in the design. I would suggest thinking through what is the most essential state data for a manager, and make some leafs mandatory.

#6 Abundant copy-paste

There is abundant repetition in the YANG module. leaf version is defined 2 times for igmp with identical definitions, and two more for mld with identical definitions. leaf enable is defined once for the interface global-level, and with identical definition on the interface local level. leaf last-member-query-interval, query-interval and half a dozen other leaves are defined twice with identical definitions.

#7 Leaf interface in the rpc clear*groups on line 1124, 1094 has type string. Should be a leafref? Describe what values are valid.
#8 Leaf group-policy, source-policy on line 486, 527, 624, 689: type string. Should be leafref? Describe what values are valid.
#9 Leaf group on line 705, 1101, 1131: Is any ipv4/6 address ok, or only a multicast address? Model accordingly.