Re: [netconf] ?==?utf-8?q? ietf-netconf-server and ietf-netconf-client keepalives
Michal Vaško <mvasko@cesnet.cz> Wed, 06 May 2020 06:34 UTC
Return-Path: <mvasko@cesnet.cz>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77A3E3A05E2 for <netconf@ietfa.amsl.com>; Tue, 5 May 2020 23:34:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cesnet.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmnAo8yareQf for <netconf@ietfa.amsl.com>; Tue, 5 May 2020 23:33:57 -0700 (PDT)
Received: from kalendar.cesnet.cz (kalendar.cesnet.cz [78.128.211.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 927EB3A05AA for <netconf@ietf.org>; Tue, 5 May 2020 23:33:57 -0700 (PDT)
Received: by kalendar.cesnet.cz (Postfix, from userid 999) id 2E4F660195; Wed, 6 May 2020 08:33:55 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cesnet.cz; s=kalendar; t=1588746835; bh=XGktx5eRcwrF+Eyq0hwQV6Y4YBXLjp+RmtpsT52oUz4=; h=In-Reply-To:From:Date:Cc:To:Subject; b=T27e+MzwWB9SLEU0ZoOnFWdWbI8wNa/2QuuFahpywbZbQlj6PA+zwj8dM5QwhT5Gh OA4FHUUbeTHCDYc87zixIUV0LYPdekeFcPAyRt1hgQUe7lcHEH4sl7a+kX6fZ9Lg1m ZXKHonQkOYtlrNtGguGqsN9yA7GRybnou7g+tZN0=
Content-Type: text/plain; charset="utf-8"
In-Reply-To: <01000171e72582c2-2f87f408-9cd4-4970-af66-d309f57a49df-000000@email.amazonses.com>
From: Michal Vaško <mvasko@cesnet.cz>
X-Forward: 84.42.161.20
Date: Wed, 06 May 2020 08:33:55 +0200
Cc: "netconf@ietf.org" <netconf@ietf.org>
To: Kent Watsen <kent@watsen.net>
MIME-Version: 1.0
Message-ID: <17c7-5eb25a80-25-3fe0c5c0@97757408>
User-Agent: SOGoMail 2.3.23
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/4EX2OVP7WnskqtSgzT3cQsEaljs>
Subject: Re: [netconf] ?==?utf-8?q? ietf-netconf-server and ietf-netconf-client keepalives
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2020 06:34:01 -0000
Hi Kent, thanks for the response and as long as you add the definition of SSH/TLS keepalive I will have no more comments, as it seems the rest was discussed and intentionally specified the way it is. Regards, Michal On Wednesday, May 6, 2020 01:22 CEST, Kent Watsen <kent@watsen.net> wrote: > Hi Michal, > > > > On May 4, 2020, at 12:26 PM, Michal Vaško <mvasko@cesnet.cz> wrote: > > > > Hi, > > in the current YANG modules in the drafts, there are 3 types of keepalives defined for both a server and a client. They are SSH, TLS, and TCP keepalives and can be configured separately for each connection (endpoint). > > > > While I understand what TCP keepalive is as it is a feature with exact definition, I am not that positive for SSH nor TLS. I can only assume the keepalive mechanisms from a Call Home [1] server are used. I would appreciate if the modules define the specifics of all these keepalives because otherwise interoperability cannot be guaranteed. > > Good suggestion. Indeed, they would be the same as in RFC 8071 > > > > Also, the relation to the Call Home RFC itself should probably be mentioned somewhere. > > draft-ietf-netconf-netconf-client-server currently has 11 references to RFC 8071...not enough, or do you mean that the keepalive description should say something like "consistent with RFC 8071, ..."? > > > > Meaning the answers to questions such as whether SHOULD each RESTCONF/NETCONF server use SSH/TLS keepalive even when a TCP keepalive is enabled. I am also not sure about the need for all 3 types of keepalives, needing to specify them for each connection , or allowing to support 2 kinds simultaneously, but that is just my opinion. > > Keepalives were heavily discussed with the TSV Area a couple years ago. The general takeaway was that keepalives SHOULD be defined for every protocol, and that applications SHOULD use as many as makes sense, as each tests a different thing and with varying levels of security. > > > > Thanks for any feedback. It is also possible I may have missed something/am wrong and I am sorry in that case. > > > > Regards, > > Michal > > > > [1] https://tools.ietf.org/html/rfc8071#page-8 > > > > > Kent // contributor > > >
- [netconf] ietf-netconf-server and ietf-netconf-cl… Michal Vaško
- Re: [netconf] ietf-netconf-server and ietf-netcon… Kent Watsen
- Re: [netconf] ?==?utf-8?q? ietf-netconf-server an… Michal Vaško