IETF Logo Mail Archive

Re: [netconf] draft-ietf-netconf-udp-notif :: transport source IP/interface/VRF

Alex Huang Feng <alex.huang-feng@insa-lyon.fr> Wed, 20 March 2024 08:12 UTC

Return-Path: <alex.huang-feng@insa-lyon.fr>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B933FC1D6219 for <netconf@ietfa.amsl.com>; Wed, 20 Mar 2024 01:12:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.738
X-Spam-Level:
X-Spam-Status: No, score=-4.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_HELO_IP_MISMATCH=2.368, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=insa-lyon.fr
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gLbfY2pQcbM6 for <netconf@ietfa.amsl.com>; Wed, 20 Mar 2024 01:12:48 -0700 (PDT)
Received: from smtpout01-ext2.partage.renater.fr (smtpout01-ext2.partage.renater.fr [194.254.240.33]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD5F5C1519AB for <netconf@ietf.org>; Wed, 20 Mar 2024 01:12:45 -0700 (PDT)
Received: from zmtaauth03.partage.renater.fr (zmtaauth03.partage.renater.fr [194.254.240.26]) by smtpout10.partage.renater.fr (Postfix) with ESMTP id 769F6629C7; Wed, 20 Mar 2024 09:12:40 +0100 (CET)
Received: from zmtaauth03.partage.renater.fr (localhost [127.0.0.1]) by zmtaauth03.partage.renater.fr (Postfix) with ESMTPS id 612AC80021; Wed, 20 Mar 2024 09:12:40 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by zmtaauth03.partage.renater.fr (Postfix) with ESMTP id 4E91B8000A; Wed, 20 Mar 2024 09:12:40 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.10.3 zmtaauth03.partage.renater.fr 4E91B8000A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=insa-lyon.fr; s=CB289C06-95B8-49FE-9C4B-D197C6D2E7CB; t=1710922360; bh=bXZ6siBEaexUGovZIyLrBZ3houoL5ycD2c2uPdAV2OI=; h=From:Message-Id:Mime-Version:Date:To; b=gyyRFHv/tITGrPZGNinOhtObHqYYrUwc0HpxNUJLG5P08/EhWRaiDEMjTQf8FAge+ 6+0X2uUFkgWawpEYTpfwKPy6gkZI29wOWgcIY/j9BR/hIBz993E6nhCkwl1AY/fx2/ uqH8pnupJUrdu8ntdk/whNKmucPva5egRdyhn410rcyI8eNcAkfhYGdsDhZuatnm7n BjIFWctOguY2qlP1P37cQ/uCF9URxz5YK5b/p3JC7Evo64oOzcieJSpCbUOe3ZkDDZ EhrOLbPMmxoZL+3M+gMAwgdBSOIWfuoKhyM9XKN6O1xs+1KvyEHEqFkcllnfIs06zS QPGzGsQsmpFIA==
Received: from zmtaauth03.partage.renater.fr ([127.0.0.1]) by localhost (zmtaauth03.partage.renater.fr [127.0.0.1]) (amavis, port 10026) with ESMTP id Jpxw1NPxqNJW; Wed, 20 Mar 2024 09:12:40 +0100 (CET)
Received: from 150.246.26.49 (unknown [194.254.241.250]) by zmtaauth03.partage.renater.fr (Postfix) with ESMTPA id C05438010E; Wed, 20 Mar 2024 09:12:38 +0100 (CET)
From: Alex Huang Feng <alex.huang-feng@insa-lyon.fr>
Message-Id: <5EAF5F88-2AE5-4E46-88FE-E027B015A414@insa-lyon.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1930E7F4-3B72-44EC-8920-DC8E154563DD"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Wed, 20 Mar 2024 17:12:25 +0900
In-Reply-To: <ZfpNun0BW4RvparH@localhost>
Cc: netconf@ietf.org
To: Ebben Aries <exa@juniper.net>
References: <ZfkXx8YMJkQre37n@localhost> <DCFB8C61-00E8-4C5C-952D-9DDBA4A1293F@insa-lyon.fr> <ZfpNun0BW4RvparH@localhost>
X-Mailer: Apple Mail (2.3731.700.6)
X-Virus-Scanned: clamav-milter 0.103.8 at clamav04
X-Virus-Status: Clean
X-Renater-Ptge-SpamState: clean
X-Renater-Ptge-SpamScore: 0
X-Renater-Ptge-SpamCause: gggruggvucftvghtrhhoucdtuddrgedvledrleefgdeigecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucftgffptefvgfftnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffktgggufffjgevvfhfofesrgdtmherhhdtjeenucfhrhhomheptehlvgigucfjuhgrnhhgucfhvghnghcuoegrlhgvgidrhhhurghnghdqfhgvnhhgsehinhhsrgdqlhihohhnrdhfrheqnecuggftrfgrthhtvghrnhepffduueelieevfedujeejhfeuveeikeekueehfeetleehfefhhefhtdduueeluddunecuffhomhgrihhnpehrfhgtqdgvughithhorhdrohhrghdpuhhrlhguvghfvghnshgvrdgtohhmpdhivghtfhdrohhrghenucfkphepudelgedrvdehgedrvdeguddrvdehtdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduleegrddvheegrddvgedurddvhedtpdhhvghlohepudehtddrvdegiedrvdeirdegledpmhgrihhlfhhrohhmpegrlhgvgidrhhhurghnghdqfhgvnhhgsehinhhsrgdqlhihohhnrdhfrhdpnhgspghrtghpthhtohepvddprhgtphhtthhopegvgigrsehjuhhnihhpvghrrdhnvghtpdhrtghpthhtohepnhgvthgtohhnfhesihgvthhfrdhorhhg
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/4uMFatPdCS5WhD8O5l-dq2wN0hI>
Subject: Re: [netconf] draft-ietf-netconf-udp-notif :: transport source IP/interface/VRF
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 08:12:53 -0000

Hi Ebben,

Yes, I was talking about UDP because I was co-authoring the UDP ones.

In the TCP groupings, VRFs were decided to be out of scope of the documents (for simplicity) and during the NETCONF WG meeting, we had the same feedback for the UDP groupings.

Regarding configuring the transport for YANG-Push (UDP-notif and HTTPS-notif), both transports don’t support VRFs at the transport level, however, both transports augment the subscribed-notifications YANG module which supports VRFs on a subscription basis (https://www.rfc-editor.org/rfc/rfc8639#section-3.3):

     +--rw subscriptions
        +--rw subscription* [id]
           +--rw id
           |       subscription-id
	   ...
           +--rw (notification-message-origin)? {configured}?
           |  +--:(interface-originated)
           |  |  +--rw source-interface?
           |  |          if:interface-ref {interface-designation}?
           |  +--:(address-originated)
           |     +--rw source-vrf?
           |     |       -> /ni:network-instances/network-instance/name
           |     |       {supports-vrf}?
           |     +--rw source-address?
           |             inet:ip-address-no-zone

From this, I understand that we can set the VRF from which the Notification is generated on a subscription level.

Regards,
Alex


> On 20 Mar 2024, at 11:45, Ebben Aries <exa@juniper.net> wrote:
> 
> Thx Alex
> 
> Note, this is not unique to UDP but on a system w/ many interfaces and
> potential VRF mappings, the ability to "pin" a source becomes more
> important.
> 
> Unless such a construct/grouping is already nested underneath a
> VRF/network-instance, an IP address by itself is insufficient for both
> source + destination
> 
> default: eth0/10.1.1.1
> default: lo0/192.168.1.1
> network-instance (1): eth1/10.1.1.1
> network-instance (1): lo1/192.168.1.1
> network-instance (2): eth2/10.1.1.1
> network-instance (2): lo2/192.168.1.1
> 
> Could have any source/destination combination/overlap inter/intra-NI
> that needs to be distinguished
> 
> On 2024-03-20 11:24:26, Alex Huang Feng wrote:
>> [External Email. Be cautious of content]
>> 
>> 
>> Hi Ebben,
>> 
>> Thanks for reaching out.
>> That’s a good point.
>> We can add the local-address (and local-port) in the UDP-notif model so that the operator can configure it optionally.
>> 
>> I will also add this local-address and local-port in the generic udp-client-grouping (draft-ietf-netconf-udp-client-server).
>> 
>> Regards,
>> Alex
>> 
>>> On 19 Mar 2024, at 13:42, Ebben Aries <exa=40juniper.net@dmarc.ietf.org> wrote:
>>> 
>>> Section 3.2 states
>>> 
>>> ---
>>> If Message Publisher ID unicity is not preserved through the
>>> collection domain, the source IP address of the UDP datagram SHOULD be
>>> used in addition to the Message Publisher ID to identify the
>>> information source.
>>> ---
>>> 
>>> It seems for configured "dial-out" transports, we are missing a
>>> definition of the source IP or interface (the latter of which would need
>>> a selection mechanism, prior a VRF reference) which is crucial for
>>> receivers to distinguish (generally an identity that is stable - e.g.
>>> loopback) sources.
>>> 
>>> I've only briefed through this draft and not other transports so this
>>> may very well apply to others as well
>>> 
>>> _______________________________________________
>>> netconf mailing list
>>> netconf@ietf.org
>>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/netconf__;!!NEt6yMaO-gk!Fd_LCibn6pzPiClNoiJ7Sc-VkEdRqQLMWKguMOMhOxdlp7IMLxGVbBN3XKj3aICsuokIOXnHZt9e8XMnBCie-aDmJCHu$

v2.23.0 | Report a Bug | By Email