Re: [Netconf] configuration models status and timeline

Kent Watsen <kwatsen@juniper.net> Wed, 18 July 2018 14:25 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60962130E14 for <netconf@ietfa.amsl.com>; Wed, 18 Jul 2018 07:25:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMwgzuk0cAFv for <netconf@ietfa.amsl.com>; Wed, 18 Jul 2018 07:25:11 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5FC212F1A2 for <netconf@ietf.org>; Wed, 18 Jul 2018 07:25:10 -0700 (PDT)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w6IEOZeK028988; Wed, 18 Jul 2018 07:25:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=O3Up4GTjgqoL4CsK6s/i6zfmFxCYhrToL7I64amC074=; b=CaCridhB43/zOLOignZsWI2jLFrU7rmw4J1JCKlXU+delp4UhncPDTFyESj3GGsAcfPk Nx5LzLUcO87MAthwjyd3Iar5hw29mhoRXBplla+1f6ayGdeFWNkO4lkte0MZGgdRGnMP Ngl7LPd5oV7ZftJSPCpf6MYdvDijZkP/DenfRtZBbEzU8J+kPyGep/K4LqWX2sE40kEV 1X4y2ihFGa8yv4Nq+1uaGG882NQEJGdVLCiNH8lRO9aAf09IxJu199zTSJqCp5xUZiLx Q/WUVjAz3mS1XoGy5uMm/xolNfn7W9GgMjO+ajA+rXS5Hv+MTi8kpwU4SJb3J3nN5wfV XA==
Received: from nam03-dm3-obe.outbound.protection.outlook.com (mail-dm3nam03lp0021.outbound.protection.outlook.com [207.46.163.21]) by mx0b-00273201.pphosted.com with ESMTP id 2k9yjrrxp9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 18 Jul 2018 07:25:09 -0700
Received: from BYAPR05MB4230.namprd05.prod.outlook.com (52.135.200.153) by BYAPR05MB4278.namprd05.prod.outlook.com (52.135.202.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.973.14; Wed, 18 Jul 2018 14:25:06 +0000
Received: from BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::9006:fad3:993d:25fe]) by BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::9006:fad3:993d:25fe%2]) with mapi id 15.20.0973.016; Wed, 18 Jul 2018 14:25:06 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: configuration models status and timeline
Thread-Index: AQHUHolx8ay+RTXnk0auBzfm89jRPKSUxh4A
Date: Wed, 18 Jul 2018 14:25:06 +0000
Message-ID: <AD20F795-CBD3-4054-BD09-4F7DD45CFACB@juniper.net>
References: <20180718112108.hqgetzfebhqpdpsk@anna.jacobs.jacobs-university.de>
In-Reply-To: <20180718112108.hqgetzfebhqpdpsk@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.13]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR05MB4278; 6:WJnfHyDkEyB2O7CID2BEyylJBphe2rtmpd2DkFNADagaxsce16My/jRyTPnC2kXOvSrl70JU0K7Rjq+Olp7LeP1ZoSmCyeON/8gEXrnal/2jgyW+nVi4cCiKQ4KQgiQToDYmY2yywSGtey4gqA8OW4t9bc541Esk+IAPGuqS11La0uYnRxRlQdeBhJniMikA7e3QXg15veNGLcWq+sn289x75X00TWCwI6ccMHnu4g4t8dOynLdBb8ke7h6x1TO+fTRlHqDaGQ3gdZ4U7fuxxxo64fldhXp0lOKN9u45/JvqUiRAzkk/eTGLLYQ1U7r7LueYoRoxb+tzT3mgG0nD3LXx6/1/PNaQ8f2AsiDNMRuo8a7gY2GDDObefZEWTKcdPIrBIgOxoaB+wsMa3KG3UzyrVWsA7DWaXYt9+s59sil5KRJibxWmk8YGfVYTQON8isWQCeEm7v1Lg+nNHAxiPw==; 5:ZFZUQ/n7APHcDpYqcPnWcb7R3zb1WnipN39+mWfCpfimbxNA3LpB4Mn3iYIXzEDO7G5RTMt7gt4Xmfr3RcJllX5Sart4QLUFX0XPmO6Iu818PJlfAL/RC4Gz6/6+hGaJ1FdVjUc2siTDEHpESpxgfMQVhU2egB2dYxHiSqudDfQ=; 7:VXnvtwrsFRHOVd6Jk31X0nL89/uGt5g05j01GRChenBS2B1gQZRMbQKFR1amK+y6Eherbo1ik95BOXaWGwmtiMGHEakWjs2bxhmcZKLW7ruiAw9dm/F+tyoGJaZIsAov96uGf1pbHgSMf9/gq7PaogFRzojKj0MLja+cKUCa6lWojHg9T8YbJrZokN3Sg9OtMDZtxDduqrkfjcULnFSo1o2x+syZHDAQ5R0HIRm9ovXHHk8xZuae9/Tk/XNWVkNO
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 7f8be1d6-b425-4857-9302-08d5ecba429c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(48565401081)(2017052603328)(7153060)(7193020); SRVR:BYAPR05MB4278;
x-ms-traffictypediagnostic: BYAPR05MB4278:
x-microsoft-antispam-prvs: <BYAPR05MB42789E253591A78C46019370A5530@BYAPR05MB4278.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(10436049006162)(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231311)(944501410)(52105095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(6072148)(201708071742011)(7699016); SRVR:BYAPR05MB4278; BCL:0; PCL:0; RULEID:; SRVR:BYAPR05MB4278;
x-forefront-prvs: 0737B96801
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(39860400002)(376002)(136003)(346002)(396003)(199004)(189003)(51914003)(14454004)(8676002)(305945005)(7736002)(6916009)(102836004)(446003)(81166006)(81156014)(14444005)(97736004)(8936002)(2616005)(478600001)(68736007)(486006)(6246003)(58126008)(5250100002)(11346002)(6306002)(476003)(53936002)(6512007)(66066001)(6436002)(83716003)(82746002)(2900100001)(105586002)(6486002)(2906002)(3846002)(86362001)(33656002)(6116002)(76176011)(36756003)(6506007)(186003)(4326008)(25786009)(5660300001)(256004)(229853002)(316002)(99286004)(561944003)(551934003)(106356001)(26005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4278; H:BYAPR05MB4230.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: vxc6NikhC52lwRxKgNZh04r+ALK3kG0RnpfDnptCGtLrx5+8Y7SP3oH5209/nbB9kSQEH7MZ8/HVlQCEXahQM03NesRL0VgXAvqD+bC472kZ36F/evgbDfc/FyzL4lNNUNAIrxbgmKMJYXoQ57I0AC7oCj0cfSXJ22rojaDPHxW9YIx6eIUiJNBkILwO3DJ6IBS+ZiNte3cAdqSRWkVrlT+6bVLrA33ckrdMHpb7T5RcOQf8RiU3NQs41n3X4oZCWweT14vBj9UnPZ8OQLv5t+xZjBDxX5bDrb+Jun5PS0iGStQbsgA22deVxsJE/4ykSOD/zoP4LrwShMHuPk4nfw5YNvJJJirSHqDKHm955ks=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <46CDEE31ED00884A989FFC2EB386F60C@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 7f8be1d6-b425-4857-9302-08d5ecba429c
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jul 2018 14:25:06.7485 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4278
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-18_03:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807180162
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/0RBrUBzpAvXtfUeb0li1MRoTfZs>
Subject: Re: [Netconf] configuration models status and timeline
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 14:25:15 -0000

Hi Juergen,

Thanks for the analysis.  I was also thinking that it seems that just a couple issues were left, and then we could go to last call, potentially well within the timeframe needed for the YANG-push set of drafts.

Regarding #4: I met with two Security+YANG folks from Huawei yesterday, who have agreed to help me with this issue.  We also plan to try to loop back in Gary Wu, who created the identities in the ietf-ssh/tls-common modules in the first place.  Our tentative plan is a meet in a couple weeks.

Regarding #6: my understanding (from Tim C. and Balazs L.) is to use some combination of a notification and an RPC to stimulate traffic.  Presumably:

  For when the NC/RC-client is the transport-initiator (normal):

    - if there is a lull, the client could send a bogus RPC of 
      some sort (e.g., an <edit-config> that selects nothing) 
      and wait for the server sends an RPC-reply.

  For when the NC/RC-server is the transport-initiator (call-home):

    - if there is a lull, the server could send a notification
      and wait for the client to send an RPC of some sort, which
      the server would, presumably, send a reply for, to complete
      the protocol transaction.  The downside to this approach
      is that it is wholly dependent on the client processing the
      notification correctly (i.e., it's not baked into the NC/RC
      protocols themselves).

  As for removing keepalives altogether, please note the SHOULD 
  in RFC 8071, S7.  Another idea is to keep them, but add an 
  enumeration called something like "protocol-layer" (which 
  protocol layer should the keepalives occur) with a single 
  built-in option ("crypto-layer"?) and then let some future 
  module augment-in an additional enum like "app-layer".


Kent // contributor



===== original message =====

Kent,

I liked your presentation since it was trying to close issues. I went
through the recording and here is my short summary of where we are:

1. trust anchors / keystore -> option #1 (resolved)

2. local-or-keystore keys -> keep + feature statement (resolved)

3. move groupings to crypt-types -> ? (unresolved)

4. move algorithm identities -> ? (discussion with security people)

5. periodic connections -> periodic feature (resolved)

6. tcp keepalives -> ? (protocol layer keep alives with a feature?)

So the sticky ones are #4 and #6.

- Concerning #4, will you manage to talk to the security people this
  week and can we expect a proposal soon after?

- Concerning #6, I am not really sure what protocol layer keep alives
  are (the client sending an "empty" rpc? - this would not need any
  server configuration just a definition how empty rpcs are handled;
  we would needs something similar than for RESTCONF). If this takes
  time to work out, perhaps another option is to remove keep alives
  from the models and to keep them on the TODO list for a future
  extension?

So given this, what is your (realistic) estimation when we can have
drafts that have all issues resolved and that go to WG last call?

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.jacobs-2Duniversity.de_&d=DwIBAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=4E8Nhsy9GmGFI5Ky0KlbUCLjhhhqAas03fitQxUUO8E&s=ldYx8j4esE4bY5MjA-MAzlDNR4_Y_HP44z0xO-pLafI&e=>