Re: [netconf] Configured receiver capability exchange

"Eric Voit (evoit)" <evoit@cisco.com> Tue, 28 January 2020 15:14 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEE7E120124 for <netconf@ietfa.amsl.com>; Tue, 28 Jan 2020 07:14:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=fRUnaz67; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=TcqBT9E1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dcbLwwoQQN0a for <netconf@ietfa.amsl.com>; Tue, 28 Jan 2020 07:14:49 -0800 (PST)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E80DB120178 for <netconf@ietf.org>; Tue, 28 Jan 2020 07:14:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12167; q=dns/txt; s=iport; t=1580224487; x=1581434087; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=EcCtlpy3nG1JSDRD1qaz65S2aS9gvmKHrigQbublzDw=; b=fRUnaz67gkDgm1GlqhCzEx4LqGjgUk6v+wQwU5GLMJAzk6aD8eXRwbAW R4gaS4jYRS/5L7HuaA49ofvNsVb+h5LRGaEmiqjotVbSpj1RN6jdMtBXo aK8VzUcUGHmMecB4fMvqz4FTa9AT5UA2SZDvs4+ekOGNfHdmq3UdpuIqS A=;
X-Files: smime.p7s : 3975
IronPort-PHdr: =?us-ascii?q?9a23=3AzMYU/RPDiW6QtVs1/Jwl6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEuKU/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBj2MvnrcwQxHd9JUxlu+HToeUU=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CgBQCsTzBe/4MNJK1lHAEBAQEBBwE?= =?us-ascii?q?BEQEEBAEBgXuBVFAFbCstIAQLKgqECoNGA4sWgl+JYY4uglIDVAIHAQEBCQM?= =?us-ascii?q?BASMKAgEBhEACgiYkOBMCAw0BAQQBAQECAQUEbYU3DIVeAQEBAQIBEhEdAQE?= =?us-ascii?q?3AQQLAgEIDgoNHQICAh8RJQEBBAENBQgGDQeDBYF9TQMOEQ8BAgyiNAKBOYh?= =?us-ascii?q?idYEygn8BAQWBMwIOQYMSDQuCBQcDBoE4gVOKSxqBQT+BWIIXNT6CG0kBAQI?= =?us-ascii?q?BAYFJGIMOMoIsjVyhPEQKgjmDaII4gSKKTIREmnyOYIhkgiSQBQIEAgQFAg4?= =?us-ascii?q?BAQWBaSKBWHAVgydQGA2OHYNzhRSFPgF0gSmLdwGBDwEB?=
X-IronPort-AV: E=Sophos;i="5.70,374,1574121600"; d="p7s'?scan'208";a="416094886"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Jan 2020 15:14:39 +0000
Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 00SFEdHV028634 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 28 Jan 2020 15:14:39 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 28 Jan 2020 09:14:38 -0600
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 28 Jan 2020 10:14:36 -0500
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 28 Jan 2020 09:14:36 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D237YWbPFk7kGEPKQxQGwY7qVRlttkz6WU7sy1WQJmO4fPmU9ifO9FDI/1yUTQadViLon6tDX+pWnDzlESx2UbioeS3Z3BRKWPsKOONU1AegAwSMMfo1jR2yrrjCbQN5gl7KrUcs95GgdL1JKBjBrGturbt+m3Qxmc42p4aAo4pxz1fRVmm54BwdCFcbbK+49vIOxYZEY6PDgpaltF8kmp+wQu3MLIt7EuFI1SPPel3qjG3tv7AZoVyWmWNXqR/0HDJt1shtgPM7UKJVv2d3w0DsKq7WwLS6/wLOJ78FHFTWOIRd7lZOW0g/x1cdTZ0y2vHgRzLx0m4WgaxNkWa7ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J9sB9gmw8t2A9BKX7sDqisf/pL6O4uZcCB9K6n7n7aE=; b=K65r2jUSt+bQnj9ehTzX1oU9iQgAtBrnKwRPZCdz49b07pp1GkLH8OFyw/ffcNtJrdkjka5ekBKzmEQwFpghjanZT2b8TVXsGZas+vrGl7mjBRurgS5XfXZZt//KFI9mf0qe0Wl9Ejv4e/LbPmHCIb9xgrqoKbu8RVKNlJxOABkq+V4Y8VFquU485FdGb9tHYZ417337Fq0n1+hhOu6U+3XJxalY4WdBrhyp7JO4prA2QDQjyhKcmQBHtr5mjmq+6aJ/mPXY5fMXDlKthx1wxRTga02c1gY3TEodtTo9U3nlP4AZTXCU6fY3/XPXFiRBfHpjNvVJwf1LHSgnfn4EuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J9sB9gmw8t2A9BKX7sDqisf/pL6O4uZcCB9K6n7n7aE=; b=TcqBT9E1er21gnccMWntA6wqe8EETIlQuS4GxTJ4Vb2hFmz/wVAmO+ipD994dCdv4GCHZlZpQ+f6khTKhLgzVW5osKctuGYl2oPSHx2WEjVELKal8NbhutEaC9nqIleGizcy3TVS2JKKvx7QztVy5gs+5A6Bp2aZfGSBCLKzYpA=
Received: from BYAPR11MB2536.namprd11.prod.outlook.com (52.135.226.32) by BYAPR11MB3047.namprd11.prod.outlook.com (20.177.226.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.22; Tue, 28 Jan 2020 15:14:35 +0000
Received: from BYAPR11MB2536.namprd11.prod.outlook.com ([fe80::20d1:96f3:bde9:17e5]) by BYAPR11MB2536.namprd11.prod.outlook.com ([fe80::20d1:96f3:bde9:17e5%5]) with mapi id 15.20.2665.026; Tue, 28 Jan 2020 15:14:35 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Martin Bjorklund <mbj@tail-f.com>, "mjethanandani@gmail.com" <mjethanandani@gmail.com>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] Configured receiver capability exchange
Thread-Index: AdXL4TILBTPP/wetTxqO44ff1VxXqQJkujEAAAy/zYAAEOPWUA==
Date: Tue, 28 Jan 2020 15:14:35 +0000
Message-ID: <BYAPR11MB2536E16646834EBB9BFF8E3DA10A0@BYAPR11MB2536.namprd11.prod.outlook.com>
References: <BYAPR11MB25368EF3AFE9E2CBF396B8D0A1370@BYAPR11MB2536.namprd11.prod.outlook.com> <9E429FFB-23F2-4005-9153-A35B4231E965@gmail.com> <20200128.074935.2293026921027473843.mbj@tail-f.com>
In-Reply-To: <20200128.074935.2293026921027473843.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com;
x-originating-ip: [173.38.117.79]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 124e2e73-e39a-450e-ad1d-08d7a404c90d
x-ms-traffictypediagnostic: BYAPR11MB3047:
x-microsoft-antispam-prvs: <BYAPR11MB304706BC3258A01E3DD87F93A10A0@BYAPR11MB3047.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 029651C7A1
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(366004)(136003)(376002)(396003)(199004)(189003)(81166006)(81156014)(316002)(8676002)(110136005)(52536014)(7696005)(9686003)(26005)(76116006)(66946007)(478600001)(66476007)(66556008)(64756008)(66446008)(66616009)(86362001)(4326008)(33656002)(2906002)(53546011)(186003)(8936002)(71200400001)(6506007)(55016002)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3047; H:BYAPR11MB2536.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QnpacZxMWzItXqgmYb6D0HYo7qPzr/YzuTCvx8jNFlNVpoac7A3qKjDTF586MEg/KAM4GmeiCoeACdc74adGtHTwbR/N1f0I7e+rya2qgX4lQz98WttPyWkynfHP4czxAScOynpfL2LDfP+Bql9NpCgZvXOBuaYkHZfB3d+CRFUn/7YTv7d0+jJ35kFVGjwWndyDjyFZK/FrZqy9FEmgph7qvOMLl2htSN38dUDDDHnsL9iRlfI+3G0dNUItirwiaweA1jMrPKQhmHlmrvF1eNiNBEs0GgTS7Vaw+JBvRSyPH/WKjYdt6FQp+W8Cn+zV9lLJ+s4V5HQ9jIHGp24lhnY57RPv6SEhQu98DfDfdylQvXzuVPJxyM2ENpoGZ/SdBQl0QQyC0z/mciEk8vqffX8zmCqZR2DNlTsfH6VRFkWYQEAN8FQURNlafTVGoYHtJ6p/Ug/u2d2Z32qarukw4e1c4/7tVbp/J9NxJA0Y8yJdToASrwP57u9KBACI30DmFbRBEFS/VTduYX8US5Xd9Q==
x-ms-exchange-antispam-messagedata: uUWoLCTZyaGlrLsMX73EovH5tcNFSzJ3wLiGaJblICyiXYvR8c3X07qDZSBr+Cx1jDXAohN1LTTV4rz9UQmIdhJ6HgPQlWJNFRuHrGCqJW3AIX7B2XazDbQhHGAuk2RNUqwk6KxAj+qPjUS2zOJEkA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_054B_01D5D5C3.BBCEF820"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 124e2e73-e39a-450e-ad1d-08d7a404c90d
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2020 15:14:35.4476 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MgY5FKNHTP9jCBV3tZUSi9NiateWkY/bgXY6mbE8K6wu3TLJc4CyoRGD/JA9bqmI
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3047
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.19, xch-rcd-009.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/AsxxaOAztlWDQwL4UNz8zmozLoU>
Subject: Re: [netconf] Configured receiver capability exchange
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2020 15:14:52 -0000

> Hi,
> 
> Mahesh Jethanandani <mjethanandani@gmail.com> wrote:
> > Hi Eric,
> >
> > Specifically to your suggestion towards
> > draft-ietf-netconf-https-notif, and its ability to learn the receiver
> > capabilities …
> >
> > As you might have seen, we had suggested a rather simple mechanism to
> > learn the capabilities of the receiver that involved a GET with a
> > specific Content-Type to invoke a response that returns the metadata
> > we desire. All the method requires is a HTTP(S) server at the other
> > end. If the Content-Type is not supported by the server, the server
> > will return an error. We like it for its simplicity.
> 
> I prefer this over the proposal to (mis?)use <subscription-started>.
> 
> First of all, one thing you want to discover is the encoding for notifications.
> <subscription-started> is a notification.  So which encoding should be used
> to send it?

<subscription-started> is just for configured subscriptions.  The encoding is set as part of the publisher configuration.
 
> Second, there is no "reply" defined for <subscription-started> since it is a
> one-way notification, so adding that seems a bit out of place.

With configured subscriptions, there is a need the receiver to confirm acceptance of the subscription.  Otherwise, configured subscriptions becomes a denial-of-service risk.  As a result of this need, there is the following text in the Security Considerations of RFC-8639:

  With configured subscriptions, one or more publishers could be used
   to overwhelm a receiver.  To counter this, notification messages
   SHOULD NOT be sent to any receiver that does not support this
   specification.  Receivers that do not want notification messages need
   only terminate or refuse any transport sessions from the publisher.

This is one reason we already need to do an "ok" is in reply to the HTTP, even without capability exchange.   I am just thinking we can use the already needed "OK" message for additional information on receiver capabilities.

Eric

> /martin
> 
> 
> 
> >
> > Your suggestion is of using <subscription-started>. Does that not
> > involve having a RESTCONF/NETCONF server support on the receiver? If
> > <subscription-started> is supported, does it mean
> > <subscription-modified> or <subscription-terminated> also needs to be
> > supported? If we do not/cannot support modification of subscription,
> > and instead require establishment of a new subscription to learn of
> > modifications, what would we be missing out with the GET method? Could
> > subscription be terminated simply by terminating the session?
> >
> > Thanks.
> >
> > > On Jan 15, 2020, at 12:23 PM, Eric Voit (evoit) <evoit@cisco.com>
> > > wrote:
> > >
> > > Hi Mahesh,
> > >
> > > During the IETF 106 session, there was discussion on how both a
> > > publisher might know if there is receiver support for
> > > draft-ietf-netconf-notification-messages
> > > <https://datatracker.ietf.org/doc/draft-ietf-netconf-notification-
> messages/?include_text=1>.
> > > Section 6 highlights several of the considerations.  Relevant are
> > > the
> > > following:
> > >
> > > (a) Remote device capability discovery from the point of view of the
> > > Publisher needs to be enhanced to know if the far end can interpret
> > > notification messages type beyond RFC-5277, Section 4.
> > >
> > > (b) This capability discovery question is relevant for both
> > > configured subscription receivers and dynamic subscribers.
> > >
> > > (c) The capability discovery question can be generalized beyond
> > > subscriptions, as there are many reasons to know the available
> > > capabilities of the far end.
> > >
> > > (d) Capability discovery advertisement has traditionally been
> > > discussed within transport documents (e.g. RFC-6241 Section 8.1).
> > >
> > >
> > > Based on (a)-(d), coming up with a transport independent
> > > point-solution within draft-ietf-netconf-notification-messages
> > > <https://datatracker.ietf.org/doc/draft-ietf-netconf-notification-me
> > > ssages/?include_text=1>
> > > *just* to discover this single element of client functionality seems
> > > overkill/heavyweight.
> > >
> > > I was fine with letting this remote capabilities discovery question
> > > sit for a while.  However draft-ietf-netconf-https-notif
> > > <https://tools.ietf.org/html/draft-ietf-netconf-https-notif-01>
> > > shows that we now must address this question.  Specifically should
> > > the diagram section 1.4.1 show this capability exchange?
> > >
> > > It turns out that independent of
> > > draft-ietf-netconf-notification-messages, there several questions in
> > > draft-ietf-netconf-https-notif which need to be answered prior to
> > > the section 1.4.1 arrow: "Send HTTPS POST message with YANG defined
> > > notification #1" anyway.  These questions are:
> > >   (1) Does the targeted HTTPS receiver support configured subscriptions?
> > >   (2) Can the targeted HTTP@ receiver accept a new subscription as
> > >   described in a <subscription-started>?
> > > Only if these questions are "yes", should the <subscription-started>
> > > be responded to with an "OK".
> > >
> > > Add to this a third question driven from (a)-(d):
> > >   (3) Does the receiver support the message type within
> > >   "draft-ietf-netconf-notification-messages"?
> > >
> > > A strawman way to handle the all three questions within
> > > draft-ietf-netconf-https-notif would be to respond to a
> > > <subscription-started> notification with an HTTP Status 202
> > > (Accepted)" acknowledgement.  This 202 would include body elements
> > > listing supported receiver resources.  Maybe something YANG encoded
> > > via ietf-yang-structure-ext containing:
> > >
> > >       <foo xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
> > >         <capabilities>
> > >           <capability>
> > >             urn:ietf:params:xml:ns:yang:ietf-notification-messages:1.0
> > >           </capability>
> > >         </capabilities>
> > >       </foo>
> > >
> > > What do you think of this approach?
> > >
> > > Eric
> >
> > Mahesh Jethanandani
> > mjethanandani@gmail.com
> >
> >
> >