Re: [Netconf] HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Wed, 11 July 2018 05:44 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82948130E02 for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 22:44:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8dGOwBzVIw0 for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 22:43:59 -0700 (PDT)
Received: from anna.localdomain (anna.eecs.jacobs-university.de [IPv6:2001:638:709:5::7]) by ietfa.amsl.com (Postfix) with ESMTP id CCFFD126F72 for <netconf@ietf.org>; Tue, 10 Jul 2018 22:43:58 -0700 (PDT)
Received: by anna.localdomain (Postfix, from userid 501) id ED239230015E; Wed, 11 Jul 2018 07:43:56 +0200 (CEST)
Date: Wed, 11 Jul 2018 07:43:56 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Eric Voit (evoit)" <evoit@cisco.com>
Cc: Kent Watsen <kwatsen@juniper.net>, Lou Berger <lberger@labn.net>, Netconf <netconf@ietf.org>
Message-ID: <20180711054356.qcqrxgmbkfrjq5dz@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: "Eric Voit (evoit)" <evoit@cisco.com>, Kent Watsen <kwatsen@juniper.net>, Lou Berger <lberger@labn.net>, Netconf <netconf@ietf.org>
References: <97940484f3cb4ea8bbd2cd76bc46f764@XCH-RTP-013.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <97940484f3cb4ea8bbd2cd76bc46f764@XCH-RTP-013.cisco.com>
User-Agent: NeoMutt/20180622
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/5YMntW5KDAg6iQbM36gU0Fm9lmw>
Subject: Re: [Netconf] HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 05:44:02 -0000
Why is this discussion HTTP/2 specific? What you are proposing in draft-ietf-netconf-restconf-notif-06.txt is that you have a RC client using RPCs to push notification data to an RC server. LMAP is doing something like this to send measurement results to a collector. The point is that you do not need call home for this but instead: - you embed a RC client into the server on the device - you embed a RC server into the client on the managing system - you need to provision client config so that the device knows how and when to contact the server - you define RPCs in a YANG model implemented by the RC server on the managing system do ship notification content towards the RC server on the managing system This is what LMAP has done. In contrast, a call home solution does not require additional clients and servers and instead you call home and let the client start the notification stream, which is sent using SSE as defined in RFC 8040. /js On Tue, Jul 10, 2018 at 11:52:54PM +0000, Eric Voit (evoit) wrote: > Changing the thread title, as we have moved off the original topic... > > > From: Kent Watsen, July 10, 2018 6:36 PM > > > > Adding back in Lou's comment before mine to provide the context needed to understand my answer... > > >>> (Lou) or an an error when an unsolicited notification is received by a client that doesn't support it. (optimizing for what I think suspect will be the common case in the long term...) > > > > Effectively this is what draft-ietf-netconf-restconf-notif, section > > > 4.2 defines now. A successful POST of a "subscription-started" > > > notification must occur before events are sent. Failure to receiver > > > an OK for the POST means an error to the publisher. > > > > But if we use RESTCONF Call Home, the receiver is the HTTP-client, can an HTTP > > client process a POST? > > Considering Lou's comment, my response points out that a receiver must "OK" a "subscription-started" before the publisher can send events. In this case the publisher is the HTTP2 client. Otherwise there is an error. > > Since there is no RESTCONF is needed at all for configured subscriptions, the function draft-ietf-netconf-restconf-notif needs to include is the safe establishment of a secure tunnel between Publisher (HTTP2 client) and Receiver (HTTP2 server). Perhaps Call Home is not necessary at all here, and perhaps it is always safe for the publisher to initiate the encrypted tunnel. We can debate the pros/cons of each scenario for sure. Perhaps Call Home simply isn't needed here. And that would be excellent. My understanding is that Call Home does provide some protections here, so I left RESTCONF call-home in to spur this debate. > > Assuming that someone does want call-home for configured subscription encrypted tunnel establishment, steps C1-C7 of RFC8071 remain the same. It is just step C8 which changes so that a receiver starts to listening for the POST of notifications to its HTTP server rather than starting RESTCONF. Likewise Steps S1-S5 and S7 of RFC8071 remain the same. The only difference would be that step S6 initiates an HTTP2 client connection towards the receiver, and then POSTs a "subscription-started" notification. These specifics absolutely do need to be in draft-ietf-netconf-restconf-notif. They are not yet as I was awaiting this discussion first. > > > > Some form of RESTCONF Call Home with capability advertisement could > > > also occur before the "subscription-started" POST. However, this > > > advertisement of client capabilities might not be needed for all > > implementations. > > > > I don't know how. RESTCONF Call Home just starts the RESTCONF protocol, > > and there is no capability-exchange in RESTCONF. > > I could have worded this better. What I meant is that outside the current scope of draft-ietf-netconf-restconf-notif, some TBD exchange of receiver capabilities could be defined. This would let the publisher know that sending a "subscription-started" is supported. I don't believe this necessary/essential here, as you won't start pushing events until the receiver says "OK". > > Eric > > > Kent // contributor > > > -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/>
- [Netconf] HTTP2 configured subscriptions, is REST… Eric Voit (evoit)
- Re: [Netconf] HTTP2 configured subscriptions, is … Andy Bierman
- Re: [Netconf] HTTP2 configured subscriptions, is … Eric Voit (evoit)
- Re: [Netconf] HTTP2 configured subscriptions, is … Juergen Schoenwaelder