Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04
Andy Bierman <andy@yumaworks.com> Tue, 15 August 2017 02:02 UTC
Return-Path: <andy@yumaworks.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D7CB13249E for <netconf@ietfa.amsl.com>; Mon, 14 Aug 2017 19:02:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RINeDPPeB4bQ for <netconf@ietfa.amsl.com>; Mon, 14 Aug 2017 19:02:56 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81DF013249C for <netconf@ietf.org>; Mon, 14 Aug 2017 19:02:55 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id i66so98489wmg.0 for <netconf@ietf.org>; Mon, 14 Aug 2017 19:02:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=z2nyGdf35l6sIUWsVJYTzwOjo2fgVlEU3hmM9EbAcVw=; b=xZ+nbTDaTvjT0zM38c1TnGDk70q+4wOEdElyilihvmxh56tXej0bVYndu6g4dPA09g sepidMeyXcSiJt8eeHqNEdME5PHKMNzRECG/CPcdCNYuxJGYzZM+VFY9E1P3Qc5XLxWT piqmf7tz4NeZRBZ/4EgHZXZqdwmuGkDeMtvA9Tq6by721GQOO+DM1VMk0onqVSRO5ua+ Tn52txUS3x2MV9b8Dm6ibZgHW3W3UYTnozS10g7vMJ0qq1i1xhK4nK23nVjCJbAG16wi V3ibFsJH2kfkzHSOxQH3dFyfeyIqqmHByUNDmqR9KQ+IvyOAY0PR/h+xIgZPrby0RwI2 lbYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=z2nyGdf35l6sIUWsVJYTzwOjo2fgVlEU3hmM9EbAcVw=; b=FlR7OxSA7O4L6KExE0qJmJdroG0rY5ZgVVRP9kFHKFvbJbRT0LISJNYiUN+RoN/scl MB9CDANoUfwajU0fdGXwYusLB0KeQIU25As6rfFlJQDiwtgf+B77m7goTyu9m2586sqo ZCLudWRAgHAf5XOwFu1JYxZqqkDXnoiK0blAsuVttA26SP+qejBiL1OimwZMI9LVlWI0 eGgDF3kTTTSsrCEkYbUWIinzD2b7SeT2BPgXXcIz6YOILtDrSWaDY/kdpYysqeqUmTw5 sDv/StVilEO4S6rlPu/CEPaKKw0Ykvexab45qUgMh5SBmSMi2dXFLxB2pRn21HvJFw72 6v5Q==
X-Gm-Message-State: AHYfb5hrW1GKiL6rlQpKusL6rJwTEubrYIy/OF4noC0c4yerhVk8SyZ9 ogpiD0ghv7V/mZVPDw1rI6s7zFY+/S2k
X-Received: by 10.28.203.78 with SMTP id b75mr402432wmg.50.1502762573935; Mon, 14 Aug 2017 19:02:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.182.160 with HTTP; Mon, 14 Aug 2017 19:02:53 -0700 (PDT)
In-Reply-To: <C8D279C6-B735-453D-92BF-09886CAFF403@juniper.net>
References: <150128020275.20726.13027423171798327745@ietfa.amsl.com> <A9F2ED3F-6AC5-4AEF-8EBF-1C4F89A6F0F7@juniper.net> <CABCOCHTmNdi7ZGPL_R8vyZTOKeVwJgtrqsT0ZNBCbMUT4Qo9tA@mail.gmail.com> <30CD19F8-6441-4EA3-A340-8CEDD6D4FD6A@juniper.net> <CABCOCHQrgYOUGXo1g3LGn9t8rL3-MoJwNmSG2amgAkxMp_Prhw@mail.gmail.com> <C8D279C6-B735-453D-92BF-09886CAFF403@juniper.net>
From: Andy Bierman <andy@yumaworks.com>
Date: Mon, 14 Aug 2017 19:02:53 -0700
Message-ID: <CABCOCHTr_jd8FsfHBbOrCfQfoi-TZyPW2NxRNWjyFRG691_VaQ@mail.gmail.com>
To: Kent Watsen <kwatsen@juniper.net>
Cc: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "draft-ietf-netconf-restconf-client-server.all@ietf.org" <draft-ietf-netconf-restconf-client-server.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c1308fe66cf070556c12de7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/0FA5jjAEpKiUPFfBlLvR0dDOEKQ>
Subject: Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 02:02:58 -0000
On Mon, Aug 14, 2017 at 6:39 PM, Kent Watsen <kwatsen@juniper.net> wrote: > Hi Andy, > > >>>> C2: > >>>> > >>>> (M1) feature tls-initiate > >>>> (M1) feature tls-listen > >>>> (M2) feature tls-listen > >>>> (M2) feature tls-call-home > >>>> > >>>> Are these features really needed since a RESTCONF server MUST support > >>>> the TLS transport? > >>> > >>> <KENT> the features themselves are needed, as we don't know what > >>> clients/servers may support. > >>> > >> OK -- These features are nested within other features (initiate, > listen). > >> You should add a comment somewhere that TLS is optional-to-support, > >> but mandatory to support if the TLS transport is implemented. > >> Currently RESTCONF requires TLS be supported, but future > >> versions could be different. > > > > I added this to the description statement of the 'tls-listen' and > > 'tls-initiate' features: > > > > Currently TLS is the only transport supported by RESTCONF, > > this feature helps support possible future transports."; > > > > > > If you are trying to say that TLS might not be the mandatory-to-implement > > transport, this sentence is not quite right. > > Fine, now it says "This feature exists as TLS might not be a > mandatory-to-implement transport in the future." > > > > You know I am not a big fan of YANG conformance. > > We have nothing in between "always mandatory" and "purely optional, > > server developer's choice". We have nothing like conditionally > > mandatory "If the RESTCONF server supports listening on TLS , then > > the listen-tls feature MUST be supported." > > This seems unnecessary. Already the 'if-feature' statements will > force the server to advertise the features - or else they're not > configurable! > > > Nothing forces the server to developer to implement a particular object, because features are purely optional. The description-stmt in the feature can make this conditional requirement. But not a big deal because the IETF is too server-centric to care about the client POV of YANG conformance. > > The when-stmt can be used to provide this conditionally-mandatory > > conformance, but it has to be customized for each data subtree. It > > is more expensive than if-feature on many levels. > > No thank-you. Let's stick with just the feature statements. > > agreed > > > >>> Also, recent YANG 1.1 discussions concluded (wrongly IMO) that nested > >>> nodes do not inherit the if-feature-stmts of ancestors. It is not > clear > >>> how one would access /foo/bar if /foo was not supported. > >> > >> Wait, seriously? I didn't see that. I don't understand how else nested > >> if-feature statements can be interpreted. Can you point to the thread > >> where this was discussed? > > > > I cannot find it now. > > Essentially, features are not coupled to objects: > > > > container foo { > > if-feature A; > > container foo2 { > > if-feature AA; > > } > > } > > > > container bar { > > if-feature AA; > > } > > > > The designer has to decide: > > Does feature AA depend on A, or just container foo2 depends > > on container foo? Does an external subtree (like /bar) depend > > on both features or can they be used independently? > > I don't think the designer has any choice in this. The features > themselves have no inherent dependency (in your example, we can't > see if the feature definitions actually define a dependency), but > the containers certainly do (e.g., foo2 depends on foo). External > sub-trees (e.g., bar) can have just if-feature AA, without also > having an if-feature A (assuming that dependency doesn't exist). > > > > In this case I think the intent is to support feature listen if > > any transport is supported, and feature listen-<transport> is > > a specific transport is supported, so the if-feature inside the > > 2nd feature is correct. > > Yes. > > > > >> So perhaps you should add if-feature-stmts: > >> > >> feature tls-listen { > >> if-feature listen; > >> ... > >> } > >> > >> feature tls-listen { > >> if-feature listen; > >> ... > >> } > > > > I went ahead and made this change, it seems better. > > Nothing to add here, but I'm leaving it for now since it adds > to the above discussion. > > > > > > >>>> C5: > >>> > >>> It should be clear that the client would have to issue a GET > >>> or maybe POST to initiate the sending of stored data like logs > >> > >> Okay, how about this? > >> > >> "Periodically connect to the RESTCONF server, so that, > >> e.g., the RESTCONF client can collect data (logs) > >> from the RESTCONF server. The RESTCONF client must > >> close the connection when it is ready to release it. > >> Once the connection is closed, the RESTCONF client > >> restarts its timer until the next connection."; > > > > Not sure this is needed. > > RESTCONF does not define any interactions that are not initiated > > by the client, but if that changes, then no reason to constrain > > this text. I would change 'must' to 'SHOULD' in the 2nd sentence. > > Oh, now I see your concern, how about this? (I removed the sentence > altogether): > > "Periodically connect to the RESTCONF client, so that > the RESTCONF client may deliver messages pending for > the RESTCONF server. Once the connection has been > closed, for whatever reason, the server will restart > its timer until the next connection."; > > I would change messages to requests > ...and by "for whatever reason", I mean, either due to the > client closing the connection, or due to reasons such as > an idle or keep-alive timeout. > > > >>>>C6: > >>>> > >>>> (M1) /restconf-client/initiate/restconf-server/periodic/ > >>>> (M2) /restconf-server/call-home/restconf-client/connection- > type/periodic/ > >>>> > >>>> The RESTCONF notifications via SSE should be exempt from timeouts. > >>>> The RESTCONF client should terminate an SSE request. The server should > >>>> not timeout an SSE response connection > >>> > >>> <KENT> Agreed, and the description statement for the 'idle-timeout' > leaf > >>> says "Sessions that have a notification subscription active are never > >>> dropped. But here, under 'periodic', the whole point is to shed idle > >>> connections. For instance, imagine a client that wants to collect logs > >>> from a low-powered server once a day. What do you think? > >> > >> Notification replay has a mode where it is terminated (i.e,., > >> end-time >provided) I think this would have to be used by the > >> client. This tells the server to drop the connection when the > >> replay is complete. > > > > Sure, but keep in mind that logs are just an example, there could > > be other data-collection mechanisms. Still, note that when end-time > > provided is reached, the line would become idle, if it didn't drop. > > This seems like a more generic mechanism. > > I have nothing to add here, but I'm keeping it here since it's > connected to the below comment. > > > >>> This is 1 exception -- another is close-session. > >>> > >>> POST /restconf/operations/ietf-netconf:close-session > >>> > >>> Is this supposed to do anything in RESTCONF? > >> > >> First, I don't view the above as an exception. With regards to > >> 'close-session', does it even have a meaning in RESTCONF? - and > >> is this actually an issue for RFC 8040? > > > > RESTCONF does not specify any behavior for specific operation > > resources. It is left as an implementation detail. Our server > > treats each RESTCONF request as a new management session, so a > > NETCONF operation like <lock> is granted and then released right > > afterwards by the server because the session is terminated. I > > think any standard behavior for application layer sessions would > > need to be defined in a new versions of RESTCONF. > > Okay, but can you connect this to the draft? Are you asking for > a change, or are you actually thinking about a clarification > needed for RFC 8040? > > not asking for a change. It is currently up to the implementation. For example CGI will call the server once for each request but Fast-CGI will call the thin-client once for each HTTP session and call the server over and over for each request on that session. > > > > Andy > > Kent > > > > > Andy
- [Netconf] Yangdoctors last call review of draft-i… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman