Re: [netconf] [yang-doctors] Yangdoctors last call review of draft-ietf-netconf-subscribed-notifications-21

["Eric Voit (evoit)" <evoit@cisco.com>]

> From: Martin Bjorklund, January 25, 2019 3:40 AM
> 
> "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> > > "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> > > > > "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> > > > > > > From: Martin Bjorklund, January 24, 2019 9:40 AM
> > > > > > >
> > > > > > > "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> > > > > > > > > From: Martin Bjorklund, January 24, 2019 8:17 AM
> 
> [...]
> 
> > > > > > > > > Thinking some more, what is supposed to happen if the
> > > > > > > > > client on the same session sends first an
> > > > > > > > > establish-subscription with dscp 42, and then another establish-
> subscription with dscp 10?
> > > > > > > >
> > > > > > > > This would be allowed.
> > > > > > >
> > > > > > > On linux at least this is a sockopt, i.e., the option
> > > > > > > applies to the socket, which means all packets on the
> > > > > > > session.  So how is this supposed to be implemented if
> > > > > > > different messages on the session should have different dscp values?
> > > > > > > Or is the
> > > > > > > idea that you send the msg, flush all data from ssh/tls to
> > > > > > > tcp, then flush the tcp buffers (not that easy...)?
> > > > > > >
> > > > > > > Even if there's just one establish-subscription with a dscp
> > > > > > > value, since it applies to the session it means that all
> > > > > > > normal rpcs on this session will get the same dscp value.
> > > > > > > It is not clear that this is the intention?
> > >
> > > Did you miss these questions?
> >
> > With NETCONF, one DSCP will apply to single TCP session.  So there is no
> issue.
> 
> The problem is if a client sends two establish-subscriptions with different
> values for dscp on the same session.  Or even if the client sends one establish-
> subscription with som dscp value, then the dscp will be applied to all packets
> from other rpcs as well.
> 
> ... and even worse, with SSH channels you can have multiple NETCONF session
> on the same TCP session, which means that the dscp value applies to all
> packets in all NETCONF sessions sharing the same TCP session.
> 
> I don't know what the right thing to do is.  Probably first agree that this is in
> fact a problem, then maybe simply document this somehow.

I hadn't thought about multiple NETCONF SSH channels.  I agree something to guide developers is needed here.  The easiest fix is to recommend not supporting feature "dscp" with NETCONF.  (It shouldn't be absolutely prohibited as DSCP related RFC's such as RFC7657 embed text like "a single DSCP should be used for all packets in a TCP connection".)

Here is the text I suggest is put into draft-ietf-netconf-netconf-event-notifications, Section 5:

"The feature "dscp" SHOULD NOT be supported over NETCONF.  This will avoid the potential for out-of-order packet delivery of the set of all traffic within the TCP session."

With this text, a RESTCONF publisher can support the feature dscp.  And if someone attempts to use dscp with a NETCONF subscription to the same publisher, the error "dscp-unavailable" can be sent.

Eric 


...
> /martin