Re: [Dots] Yangdoctors early review of draft-ietf-dots-telemetry-09
mohamed.boucadair@orange.com Mon, 06 July 2020 12:59 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3AA73A1469; Mon, 6 Jul 2020 05:59:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-E6KRruGlJS; Mon, 6 Jul 2020 05:59:34 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA7113A1467; Mon, 6 Jul 2020 05:59:33 -0700 (PDT)
Received: from opfedar05.francetelecom.fr (unknown [xx.xx.xx.7]) by opfedar22.francetelecom.fr (ESMTP service) with ESMTP id 4B0lyX1K9sz2xg6; Mon, 6 Jul 2020 14:59:32 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1594040372; bh=R4fVkwprGdwARBOnQl1xFdL80PgXsjmwPWSqK+VjtQI=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=SjHoHSENeYIZjIiW5lca1kKpN2+4WlmzwDSQzlRwJI6rTcPjoQ52sIxFe64D6ACXg uWKR4qM1vxFEbNrjiUpB5jUrmlMAH0bdFy0HXy6lAuRL4E8KwmRcrRq/BQtwH/9ZIE uyAwrJamOIYrgZXQqbE0cC+25EzhXf5+llTocDr/fdj6G0eaV0DmFJSxiMZWgL17op fCN/oKRt6OmPaKyQOioqy9RoB4mnI2a/kOTbpib191uUyUKU2ceNA/pXmuJGB5LZJt gBGjMyW7MGysBXlm+yrIBqXWJI2QFYpgY1K8xrPR7YgkaUQf7mD7LQHggPAqOL0DWM DwV4JcuWKPdSA==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.95]) by opfedar05.francetelecom.fr (ESMTP service) with ESMTP id 4B0lyX068xz2xCF; Mon, 6 Jul 2020 14:59:32 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Jan Lindblad <janl@tail-f.com>
CC: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "dots@ietf.org" <dots@ietf.org>, "draft-ietf-dots-telemetry.all@ietf.org" <draft-ietf-dots-telemetry.all@ietf.org>
Thread-Topic: Yangdoctors early review of draft-ietf-dots-telemetry-09
Thread-Index: AQHWU2mN4imJeeKPL0qKrvo1wc5kiqj6fe8A
Date: Mon, 06 Jul 2020 12:59:31 +0000
Message-ID: <10654_1594040372_5F032034_10654_248_1_787AE7BB302AE849A7480A190F8B9330314F0712@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <159353177839.29172.8254735147639701580@ietfa.amsl.com> <5252_1593761623_5EFEDF57_5252_57_9_787AE7BB302AE849A7480A190F8B9330314EE318@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <4B4D2FC8-68E0-4C59-96AF-17E0D77F325D@tail-f.com>
In-Reply-To: <4B4D2FC8-68E0-4C59-96AF-17E0D77F325D@tail-f.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/A9ypy8MdsEk1KFahoG_WQDs8n4w>
Subject: Re: [Dots] Yangdoctors early review of draft-ietf-dots-telemetry-09
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2020 12:59:36 -0000
Hi Jan,
Great. Thanks.
Focusing now on #2. We are adhering to the base spec defined in RFC7252 with specifics defined in the DOTS documents.
If we consider error handling for example, the general rule is:
DOTS agents MUST support GET, PUT, and DELETE CoAP methods. The
payload included in CoAP responses with 2.xx Response Codes MUST be
of content type "application/dots+cbor". CoAP responses with 4.xx
and 5.xx error Response Codes MUST include a diagnostic payload
(Section 5.5.2 of [RFC7252]). The diagnostic payload may contain
additional information to aid troubleshooting.
We do have specific things such as the following in the telemetry draft:
==
The DOTS server indicates the result of processing the PUT request
using the following response codes:
o If the request is missing a mandatory attribute, does not include
'cuid' or 'tsid' Uri-Path parameters, or contains one or more
invalid or unknown parameters, 4.00 (Bad Request) MUST be returned
in the response.
o If the DOTS server does not find the 'tsid' parameter value
conveyed in the PUT request in its configuration data and if the
DOTS server has accepted the configuration parameters, then a
response code 2.01 (Created) MUST be returned in the response.
o If the DOTS server finds the 'tsid' parameter value conveyed in
the PUT request in its configuration data and if the DOTS server
has accepted the updated configuration parameters, 2.04 (Changed)
MUST be returned in the response.
o If any of the enclosed configurable attribute values are not
acceptable to the DOTS server (Section 6.1.1), 4.22 (Unprocessable
Entity) MUST be returned in the response.
The DOTS client may re-try and send the PUT request with updated
attribute values acceptable to the DOTS server.
==
Isn't this part of error handling? Or you are thinking about something else?
Thank you.
Cheers
Med
> -----Message d'origine-----
> De : Jan Lindblad [mailto:janl@tail-f.com]
> Envoyé : lundi 6 juillet 2020 09:46
> À : BOUCADAIR Mohamed TGI/OLN
> Cc : yang-doctors@ietf.org; dots@ietf.org; draft-ietf-dots-
> telemetry.all@ietf.org
> Objet : Re: Yangdoctors early review of draft-ietf-dots-telemetry-09
>
> Med,
>
> > Staring with #1 and #3.
> >
> > I made changes to draft-ietf-dots-telemetry to comply with RFC8791. There
> are few changes as it can be seen in this diff:
> > https://github.com/boucadair/draft-dots-telemetry/blob/master/diff-
> module-8791.pdf
>
> [Janl] Very good, I think this approach will work well.
>
> > The changes to the tree structure can be seen at:
> https://github.com/boucadair/draft-dots-telemetry/blob/master/diff-tree-
> 8791.pdf
> >
> > Please note that these changes are made with the assumption that the YANG
> module in RFC8782 is updated also to use sx:structure. We are working on an
> update which can be seen at (https://github.com/boucadair/rfc8782-yang-
> update)
> >
> > Can you please let me know if these changes are in the good direction?
> Any other comment on the updated draft-ietf-dots-telemetry module is
> appreciated.
>
> [Janl] Yes, this is definitely going a long way in the right direction.
> Well done.
>
> From a protocol definition pov, there are still undefined areas that need
> to be filled in (#2), e.g. around operation semantics and error handling.
>
> Best Regards,
> /jan
>
>
>
> >> -----Message d'origine-----
> >> De : Jan Lindblad via Datatracker [mailto:noreply@ietf.org]
> >> Envoyé : mardi 30 juin 2020 17:43
> >> À : yang-doctors@ietf.org
> >> Cc : dots@ietf.org; draft-ietf-dots-telemetry.all@ietf.org
> >> Objet : Yangdoctors early review of draft-ietf-dots-telemetry-09
> >>
> >> Reviewer: Jan Lindblad
> >> Review result: Not Ready
> >>
> >> This is the YD early review of draft-ietf-dots-telemetry as requested by
> >> the
> >> DOTS WG.
> >>
> >> The ietf-dots-telemetry YANG module is not like other YANG modules. It
> >> specifically states that it does not pertain to NETCONF/RESTCONF
> >> management,
> >> but is only meant to be mapped to a specific CoAP based protocol
> >> "dots-signal-channel" created by the DOTS WG. The draft-ietf-dots-
> telemetry
> >> says in section 4.7:
> >>
> >> The DOTS telemetry module (Section 9.1) is not intended to be used
> >> via NETCONF/RESTCONF for DOTS server management purposes. It serves
> >> only to provide a data model and encoding, but not a management data
> >> model. DOTS servers are allowed to update the non-configurable 'ro'
> >> entities in the responses of DOTS telemetry messages.
> >>
> >> While this approach is highly uncommon, after giving it some thought, I
> >> believe
> >> this approach could be useful to client and server implementors.
> However, I
> >> find two fundamental problems in the particular way this has been done
> in
> >> this
> >> case. I believe the problems are fixable, but may involve updating
> existing
> >> DOTS RFCs.
> >>
> >> #1) YANG data declarations used as message bodies
> >>
> >> You can define your own message types with whatever content you desire
> in
> >> YANG.
> >> Just use rpc/action and notification statements. This draft does not do
> >> that,
> >> but instead defines message bodies as if they were top level YANG config
> >> elements. This obviously violates the aras of YANG that speak about data
> >> stores, accessible data trees, and what not. Apart from confusing
> >> experienced
> >> YANG users, the meaning of statements like "config false" is suddenly
> most
> >> unclear when the foundations of YANG are disregarded.
> >>
> >> In my opinion the top level of the module needs to be rewritten to use
> >> proper
> >> YANG rpc/action and notification statements. The existing message
> bodies,
> >> and
> >> the way they are augmented, could all work very well. It's just the
> >> framework
> >> around them that isn't sound.
> >>
> >> Unfortunately the problematic top level structures of draft-ietf-dots-
> >> telemetry
> >> are based on structures imported from ietf-dots-signal-channel.yang,
> which
> >> is
> >> already published in DOTS RFC 8782. I have not been able to find any YD
> >> review
> >> of this module, so I would suspect none were ever performed. To make the
> >> DOTS
> >> signal-channel framework usable, I would suggest obsoleting RFC8782 and
> >> write a
> >> bis with an improved YANG action/notification based foundation. The
> number
> >> of
> >> changed lines in the YANG can probably be kept rather small.
> >>
> >> #2) Missing pieces in YANG to dots-signal-channel protocol mapping
> >>
> >> The draft-ietf-dots-telemetry references CoAP RFC 7959, which defines a
> >> number
> >> of basic management operations (GET, PUT, POST, ...), and CBOR RFC 7049
> >> content
> >> encoding, with the draft-ietf-core-yang-cbor-12 addendum for how YANG
> data
> >> is
> >> to be encoded in CBOR. Unfortunately, a protocol specification that
> >> consists of
> >> these three references is not quite complete. Since this is an early
> >> review, it
> >> may be that the draft authors are already planning to pull the protocol
> >> specification up a notch, or I may have missed some piece(s) of the
> puzzle.
> >> In
> >> any case, a protocol specification on par with what is available for
> >> RESTCONF
> >> or NETCONF would be required.
> >>
> >> The dots-signal-channel specification in RFC 8782 makes an Informative
> >> Reference to draft specification for a protocol called CoMI
> >> (draft-ietf-core-comi-09), which attempts to take on the YANG to CoAP
> >> mapping.
> >> One way of filling in the blanks for dots-signal-channel might be to
> >> leverage
> >> the CoMI work. Fixing #1 would be required to leverage CoMI.
> >>
> >> Currently, dots-signal-channel protocol specification (taken as the sum
> of
> >> CoAP, CBOR and draft-ietf-core-yang-cbor-12) is missing information
> about
> >> operation semantics, operation encoding, error handling, for example.
> RFC
> >> 8040
> >> sections 5, 6, 7 or RFC 6241 sections 4, 7, 8 contain the sort of
> >> information
> >> I'm looking for.
> >>
> >> #3) Other than that, probably good
> >>
> >> Other than issues #1 and #2 above, the module seems to be in pretty good
> >> shape.
> >> Some content is hard to judge since the intended meaning of config
> >> true/false
> >> for example is unclear, so a new review will be required after the
> >> fundamentals
> >> have been resolved. The module is both easy to read and conforms with
> IETF
> >> standards except as noted above, staying on the clean and simple side.
> >>
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
- [Dots] Yangdoctors early review of draft-ietf-dot… Jan Lindblad via Datatracker
- Re: [Dots] [yang-doctors] Yangdoctors early revie… mohamed.boucadair
- Re: [Dots] [yang-doctors] Yangdoctors early revie… Jan Lindblad
- Re: [Dots] [yang-doctors] Yangdoctors early revie… mohamed.boucadair
- Re: [Dots] Yangdoctors early review of draft-ietf… mohamed.boucadair
- Re: [Dots] Yangdoctors early review of draft-ietf… Jan Lindblad
- Re: [Dots] Yangdoctors early review of draft-ietf… mohamed.boucadair
- Re: [Dots] Yangdoctors early review of draft-ietf… Jan Lindblad
- Re: [Dots] Yangdoctors early review of draft-ietf… mohamed.boucadair
- Re: [Dots] Yangdoctors early review of draft-ietf… mohamed.boucadair
- Re: [Dots] Yangdoctors early review of draft-ietf… supjps-ietf