Re: [netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-yang-push-23: (with DISCUSS and COMMENT)

"Alexander Clemm" <> Wed, 15 May 2019 02:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 55383120127; Tue, 14 May 2019 19:54:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pMNTKxRAS5nR; Tue, 14 May 2019 19:54:01 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1400A12003E; Tue, 14 May 2019 19:54:00 -0700 (PDT)
Received: from LAPTOPR7T053C2 ([]) by (mreueus004 []) with ESMTPSA (Nemesis) id 1MDyDQ-1habQH2nh6-009w5p; Wed, 15 May 2019 04:53:57 +0200
From: Alexander Clemm <>
To: 'Benjamin Kaduk' <>, 'The IESG' <>
References: <>
In-Reply-To: <>
Date: Tue, 14 May 2019 19:53:52 -0700
Message-ID: <043c01d50ac9$7099a780$51ccf680$>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJ3PF2dFB47j2Iq/ZH31Feu7eo0t6UmyTCA
Content-Language: en-us
X-Provags-ID: V03:K1:FYiw6WV1bArY7fqK39sG7fv6BJUBJp5u7bYJDEq4GA8qO+HDQ4c jniVlTAogG/FjLfnzw4koqwM6e51rq07qvhT699GdfgYh6wUzMQ1/+HR+ImtWRWWTvLG6q1 q5HdOaZIc8pwmNwNTtaHKpfh69iCW9CXi+awKQ+0wd20BchMUlbvojzQ9b6xXRRX8Njt9eL P5HgyflXh8jpId901pAjQ==
X-UI-Out-Filterresults: notjunk:1;V03:K0:DWii6VaFEME=:iIVgLtTfeuVqRQukdst+mL RcJdFUK2DGdWZiXkSAb8Nlnz6QavwARYlToA74Fd/p/tOVqphyGJpWBT5nI1PWFL2yI/7MyIr 61gw4oONlp/xcasYzeTcxjq+/2XvvHS0aBG4hcWboFXCCP/6y09fwqNvsJwm19lnbUupw/0V8 9MoC8pnmztbs3ZSvj8WivnxZnkdihC3sbYdh7nPZnXyJ0bYBK7aBtzDHDMtbmTPq+DtAEve3a TvUBIDbFz0AKfFEttS6OzcJGuMdDFD6lfu4FBgGuApFP3J9OuyF9x0F9ZlG3s2F2BC6w0PLhj KbtErAsSLT9oMBgUsmqFdx14nooKP287wxmtZXc/hz6/LF/cJwPuoq0WMTqAyYe9d1CvWysRz aTf9bGkw/CAZ/rszkKIhHdd8JEfGx/QkdnZiFPQmX/luSgVhLbmM6lg76A7N4cQ39j+fxeHbM crHkirSUSfJ/AINq5VeLtiZIbx4bh3STekiLoZVjuk3ByCe1ZKBREqTJtc6ojdhMfG6G9XFVR Bz3i+Sg+ncNasE4jjeiM82oh79sOqezoRiZxLPHGkmwsrStzgNOJbZAdmpIBiegC1SXuQzTtt r06DYjxiKAkPlAvsJDxBQCAZRd17oGpoAmtqKwEWYmsTly8RKirDAYKJMYGBr7T0hP2NvhKE6 7Khre+2KvnbaA6NqnD5Dxwb+ZpETKTPjERQgjLJ12KDxb7IcjEipMRuoUFxrFmIpTkWnUalhf OOd3OPi8F6Jv0B8eb1KxRY8R3Wa8LB8v1srSS7vq3uP3hYe2k0JEQSH0Zy8=
Archived-At: <>
Subject: Re: [netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-yang-push-23: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 15 May 2019 02:54:04 -0000

Hi Benjamin,

Thank you for your review!  Replies inline, <ALEX>.  Update will be
reflected in -24, to be posted shortly.  

--- Alex

-----Original Message-----
From: netconf <> On Behalf Of Benjamin Kaduk via
Sent: Wednesday, May 1, 2019 12:08 PM
To: The IESG <>
Subject: [netconf] Benjamin Kaduk's Discuss on
draft-ietf-netconf-yang-push-23: (with DISCUSS and COMMENT)

Benjamin Kaduk has entered the following ballot position for
draft-ietf-netconf-yang-push-23: Discuss

When responding, please keep the subject line intact and reply to all email
addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Note that I reviewed the -22 and the current version is -23.  Briefly
skimming the diff, it seems that some changes touch on points I make in my
review, but there is probably still discussion to have on them.

(pro-forma) I see the GenArt reviewer noted the author count (seven)
already, but I couldn't find a response or note in the ballot or shephert
writeup acknowledging this.  So failing that, I'll put up a discuss point
until the responsible AD says it's fine.

[See also discussion on draft-ietf-netconf-subscribed notifications about
the pre-RFC5378 boilerplate and whether or not it can be removed from this

<ALEX> Several of the authors have graciously agreed to step down and be
listed as contributors. </ALEX>

Section 3.3 states:

            In order for a subscriber to determine whether objects
   support on-change subscriptions, objects are marked accordingly on a
   publisher.  Accordingly, when subscribing, it is the responsibility
   of the subscriber to ensure it is aware of which objects support on-
   change and which do not.  For more on how objects are so marked, see
   Section 3.10.

Chasing the reference, we see that this marking is left for future work or
implementation-specific usage.  I'm not very comfortable with the way we are
describing this situation, as it seems pretty fragile in the face of
different implementations trying to interoperate.

<ALEX> The working group decided to pull this item out of this draft.  It is
being addressed in draft-ietf-netconf-notification-capabilities
es/) </ALEX>


Thank you for the very thoughtful document!  I've lost track of the number
of places where I started writing a comment only to note that my concern had
already been addressed in the following text.  In general the writing style
is great, though I did find some grammar and clarity nits (noted inline).


               Providing such visibility into updates enables new
   capabilities based on the remote mirroring and monitoring of
   configuration and operational state.

This phrasing ("new capabilities based on") is hard for me to follow,
particularly about whether these are protocol-level capabilities and what
actors are granted the new capabilities.

<ALEX> The capabilities are clearly not related to protocol-level
capabilities, but capabilities for applications that have uses for
information obtained from YANG datastores.  If it's okay, at this point we
would like to keep it as-is. </ALEX>

Section 1

   Traditional approaches to providing visibility into managed entities
   from remote have been built on polling.  [...]

nit: "remote" is an adjective and needs a noun to bind to; "from remote
systems", "from remote vantages", or "from afar" would all be fine wordings

<ALEX> changed to  "from a remote system".  </ALEX> 

   o  Polling incurs significant latency.  This latency prohibits many
      application types.

nit: I'd suggest wording as "types of application", since on my first
reading I thought this was referring to some sort of codepoint.

<ALEX> changed </ALEX>

   o  Polling cycles may be missed, requests may be delayed or get lost,
      often when the network is under stress and the need for the data
      is the greatest.

nit: the grammar is a bit weird, here, as if a comma splice.  I think
replacing the first comma with a colon or em dash would suffice.

<ALEX> replaced first comma with "and", to read: "Polling cycles may be
missed and requests may be delayed or get lost, often when the network is
under stress and the need for the data is the greatest." </ALEX>

   o  Datastore node update: A data item containing the current value of
      a datastore node at the time the datastore node update was
      created, as well as the path to the datastore node.

Is this storing the "new" or the "old" value as the "current value"?

<ALEX> I don't understand the question.  I think the statement is

Section 3.1

         +  Dampening period: In an on-change subscription, detected
            is included.  The dampening period goes into effect every
            time an update record completes assembly.

Just to double-check: this means that after a long hiatus, the first change
to the monitored subtree(s) triggers an immediate push with just the single
update, and only then does the dampening period kick in and defer delivery
of potential subsequent updates?

<ALEX> Yes, this is correct </ALEX>

Section 3.5.2

This bit about the "create" and "delete" errors from RFC 8072 Section
2.5 not being errors in our usage is a little interesting, process-wise.
In one sense, we are changing the semantics of an already published RFC, and
would need to apply an "Updates:" relationship to indicate that, but in the
other sense we are building a new custom thing that reuses a lot of the
syntax/semantics of YANG patch but is fundamentally a new
(different) thing.  The phrasing we use to talk about it can affect which
case the reader perceives us to be in...

The discussion on the "change-type" enumeration seems to pretty clearly
place us in the latter case, which is good.

<ALEX> Keeping this as is. </ALEX>

Section 3.6

Thank you for the note about the power of XPath expressions and the duty of
the receiver to understand what it's asking for -- that sort of statement
would potentially even be appropriate in the Security Considerations (but is
fine where it is)!

<ALEX> Keeping this as is.  </ALEX>

Section 3.7

   Of note in the above example is the 'patch-id' with a value of '0'.
   Per [RFC8072], the 'patch-id' is an arbitrary string.  With YANG
   Push, the publisher SHOULD put into the 'patch-id' a counter starting
   at '0' which increments with every 'push-change-update' generated for
   a subscription.  If used as a counter, this counter MUST be reset to
   '0' anytime a resynchronization occurs (i.e., with the sending of a
   'push-update').  Also if used as a counter, the counter MUST be reset
   to '0' after passing a maximum value of '4294967295' (i.e. maximum
   value that can be represented using uint32 data type).  Such a
   mechanism allows easy identification of lost or out-of-sequence
   update records.

It's not really clear to me how much value there is in this counter
mechanism if the client' can't rely on the server's behavior actually being
to use a counter (the requirement is only "SHOULD").  Can this be a "MUST"
(or maybe "MUST excpet when [...]") instead?

<ALEX> Would prefer to not introduce no MUST requirements at this point and
keep this as a SHOULD.  </ALEX>

Section 3.9

                                                          Empty "push-
   change-update" messages (in case of an on-change subscription) MUST
   NOT be sent.  This is required to ensure that clients cannot
   surreptitiously monitor objects that they do not have access to via
   carefully crafted selection filters.  By the same token, changes to
   objects that are filtered MUST NOT affect any dampening intervals.

I appreciate this attention to security-relevant detail; thank you!

<ALEX> thanks! </ALEX>

Section 3.11.1

Do we want to give any guidance for the "incomplete-update" case about
whether a subscriber should wait and give the publisher a chance to provide
a full "push-update" for resynchronization (per Section 4.3.2) versus
perform a normal query for the datastore contents and effectuating its own

<ALEX> This should be up to the subscriber to decide, and what to do may
differ for different applications.  In some instances, it can afford to
simply wait; in other cases or when specifically interested in one
particular closely-monitored item it may decide not to and sync immediately.
Section 4

   o  For on-change subscriptions, assuming any dampening period has
      completed, triggering occurs whenever a change in the subscribed
      information is detected.  On-change subscriptions have more
      complex semantics that is guided by its own set of parameters:

nit: singular/plural mismatch "semantics"/"is"

<ALEX> changed to "On-change subscriptions have more complex semantics that
are guided by their own set of parameters" </ALEX>

Section 4.3.2

   A "time-of-update" which represents the time an update record
   snapshot was generated.  A receiver MAY assume that at this point in
   time a publisher's objects have the values that were pushed.

nit: I think "had the values" (past tense) is more appropriate.

<ALEX> changed </ALEX>

Section 4.4.1

   a publisher that cannot serve on-change updates but periodic updates
   might return the following NETCONF response:

nit: "but can serve periodic updates"

<ALEX> changed </ALEX>

Section 4.4.2

   The specific parameters to be returned in as part of the RPC error
   response depend on the specific transport that is used to manage the
   subscription.  For NETCONF, those parameters are specified in

nit: "in" and "as part of" are redundant.

<ALEX> removed "in" </ALEX>

Section 5

It is slightly interesting to note that (apparently) the
update-policy-modifiable grouping allows for a subscription to switch
between periodic and triggered at runtime (by virtue of wanting a single
grouping to cover all the cases and needing to be able to modify the
parameters for each case).  I would mostly expect implementations to deny
such modification requests due to the needed complexity, but I'm also not
sure that there's a need to mention this explicitly in the document.

<ALEX>  I think it is implied that a modification request can always be
denied if not supported by a server.  At the same time, clearly in general
you would not change between on-change and periodic.  Keeping as is. </ALEX>

            leaf period {
              type centiseconds;
              mandatory true;
                "Duration of time which should occur between periodic
                 push updates, in one hundredths of a second.";

It would probably be okay to skip "in one hundredths of a second" given the
usage of the centiseconds typedef.

<ALEX> doesn't hurt to be explicit; keeping as is </ALEX>

    rc:yang-data resync-subscription-error {
      container resync-subscription-error {
          "If a 'resync-subscription' RPC fails, the subscription is
           not resynced and the RPC error response MUST indicate the
           reason for this failure.  This yang-data MAY be inserted as
           structured data within a subscription's RPC error response
           to indicate the failure reason.";

It's a little weird to have the normative language here constraining the RPC
error response that must be returned for a specific RPC, since this is not
the description of that RPC.  (It's probably also duplicating langauge
elsewhere but I didn't double-check.)

<ALEX> Keeping as is since it is clear what is happening.  Note that there
are limitations to the RPC semantics you can formally define in YANG, hence
the description. </ALEX>

    rc:yang-data establish-subscription-datastore-error-info {
      container establish-subscription-datastore-error-info {
          "If any 'establish-subscription' RPC parameters are
           unsupportable against the datastore, a subscription is not
           created and the RPC error response MUST indicate the reason
           why the subscription failed to be created.  This yang-data
           MAY be inserted as structured data within a subscription's
           RPC error response to indicate the failure reason.  This
           yang-data MUST be inserted if hints are to be provided back
           to the subscriber.";


Contrast to modify-subscription-datastore-error-info, which only has
normative language about the yang-data being described and not the RPCs that
(might) use it.

<ALEX> Would keep as is.  I think the semantics are clear.  </ALEX>

nit: push-update and push-change-update use different langauge about "does
not constitute a general-purpose notification" and I'm not sure there's a
reason to diverge.
Their "incomplete-update" leaves also have divergent descriptions, but I
think that latter divergence is more reasonable.

<ALEX> Updated the description of push-change-update to align this part of
the description of the notifications.  </ALEX>
    augment "/sn:subscription-modified/sn:target" {
      case datastore {
        uses datastore-criteria {
          refine "selection-filter/within-subscription" {
              "Specifies where the selection filter, and where it came
               from within the subscription and then populated within
               this notification.  If the 'selection-filter-ref' is

nit: "where the selection filter" seems like an incomplete clause.

<ALEX> Updating this to  "Specifies the selection filter and where it
originated  from.  If the 'selection-filter-ref' is ...".  This way, the
description also aligns better with the augment to
sn:subscription-started/sn:target. </ALEX>
netconf mailing list