Re: [netconf] Capability-fetching mechanisms

Mahesh Jethanandani <> Thu, 13 May 2021 00:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 328573A1C15 for <>; Wed, 12 May 2021 17:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Bhe_gIOK4QdC for <>; Wed, 12 May 2021 17:13:21 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CD5B13A1C0A for <>; Wed, 12 May 2021 17:13:21 -0700 (PDT)
Received: by with SMTP id b21so12942684pft.10 for <>; Wed, 12 May 2021 17:13:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=41feCcovjbvqi/T2Rk6JBRCk+15asPz74KrYim6mRKc=; b=ZVHkjz04yrV6ord3JvSkT2azXpCZ5KHj/rnVrJloCtaD3Vt7crXC5Y2DMfyAK+2G22 yg7nCBvKlgV7l3+WsbQXyb+cxj8HVMKbStnx2OVE3u9hUX24pCBsxslO+/R9IX+uV5CP w2+4LAzlHgt0cL42fd3CDfjtIpN14qJ8yWwlYIODSkaZel9Yz+zAkaDHBeik75zoPcSR 0ADGLQ34xF/p5OaaUsaOYbXdfvSoYDoW/cGH/Z8hEjN8A1QRMlirgIn/KIg3EhIlP9si /g32yW4Vd3ZTOoP9OHWkBhKW0TDfaKgG2VpzLsicWwK8cxQNnUGtsaihTVgzKwb0xr3Z UVmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=41feCcovjbvqi/T2Rk6JBRCk+15asPz74KrYim6mRKc=; b=RdHloj2RWUi66XIEavB/8oe6Q9InMCoq467127QGCwgIuq3oaSMTqndq7wB7TvLMEn fGWPF6lTz6MTPCoQoUtLlE7N7ovOyvGL0PfoTFd5F2HxuuCdwOA+urWa8CtbpMdFloV3 dpOR6BxbevjMv8RHzSv7nsGUTgcAHb+K+ooVm7K6sQjVSOcez/PfWcZ10HWla0RMlzUx QnHGolGnJSXkKwTEwvCHRw6GW5RM9XlduiEyiHjGTL/H3JdQr7xIJclGYWpWzBIBs2nt Bt/RctOzoWBqlz1akguzKYwJo1RF9mHsNVyzOh7vkjBKvOqW0kmF84MCqpn0hgQsrMdT rS8w==
X-Gm-Message-State: AOAM532yvrcegpgUQgTBX3VoMSM5sRxXj1RV2WvdDJijrX/Gm9sn0YlD rsd5H2EnsyM7XmK/Xz6o1ItKR0mpdoAs9Q==
X-Google-Smtp-Source: ABdhPJwkbWIT4HFPQ6+Gc6FhUTOuMbYJRyD64LWDD5SLOcKIck4MTXk2w6D/Mhajc+XK1Acq+QDaVQ==
X-Received: by 2002:a65:52c7:: with SMTP id z7mr17042987pgp.60.1620864800696; Wed, 12 May 2021 17:13:20 -0700 (PDT)
Received: from ?IPv6:2601:647:5600:5020:81ba:e539:277c:7f6? ([2601:647:5600:5020:81ba:e539:277c:7f6]) by with ESMTPSA id n30sm756889pgd.8.2021. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 May 2021 17:13:20 -0700 (PDT)
From: Mahesh Jethanandani <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_680B7118-9C6E-43B8-99EA-36B49AED0807"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Date: Wed, 12 May 2021 17:13:18 -0700
In-Reply-To: <>
Cc: Kent Watsen <>, "" <>
To: Qin Wu <>
References: <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [netconf] Capability-fetching mechanisms
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 May 2021 00:13:27 -0000

Hi Qin,

When Kent and I started working on the HTTPs notif draft we wanted to make sure that it was lightweight as it relates to setting it up. That means that if the publisher and receiver are HTTPS capable, that in most cases that is all that isneeded to establish the notification channel. To quite an extent that is still true. With default values (JSON encoding), one can setup a HTTPS notification channel by configuring the *publisher* where the receiver resides (its IP address) and any credentials that are needed to setup the channel. The receiver does not need to be configured, and as such does not need to be a NETCONF/RESTCONF server (or a client for that matter).


> On May 11, 2021, at 6:51 PM, Qin Wu <> wrote:
> Hi, Kent:
> Sorry for late follow up.
> On Apr 19, 2021, at 5:39 PM, Kent Watsen < <>> wrote:
> Dear WG,
> One of the outcomes from “https-notif” presentation during the NETCONF 110 session was to what extent all the notif (e.g., https, udp, etc.) drafts should define their own capability-fetching mechanism, or use the mechanism defined by the "data-export-capabilities” draft.
> As authors, Mahesh and I discussed some of the PROs and CONs of the approaches as follows:
> [Qin]:I am under impression that shared-mechanism has a lot of benefit.:-)
> PROs (for having a shared-mechanism):
> Enables a common mechanism spanning multiple notif transports to exist 
> CONs (against having a shared mechanism):
> Entails each receiver also needing to be a NETCONF and/or RESTCONF server
>                                 [Qin]:Is receiver in this context NETCONF/RESTCONF server or client? 
>                                   I think we mix two things,
> a.       one is the server advertise its capability to the client , (i.e., server capability advertisement)
> b.       the other is server send the capability query request the client and get capability response from the client. (client capability fetching)
>                                 I think data-export-capabilities right now focuses on (a), the question you ask here is whether (b) can be defined as shared mechanism which can be part of
>                                 the "data-export-capabilities” draft. If my understanding is correct, I think it will be nice to have (b) such shared mechanism, i.e., Defining (a) and (b) in a single place.
> Whereas a notif-specific solution can be optimized on a per-protocol basis.
> FWIW, if RC, the receiver COULD minimally support *just* the single GET request (i.e., not a complete RC server)
> Still, networking/firewall would have to support the outbound NC/RC flow, in addition to the base notification flow
>                    [Qin]: "data-export-capabilities " draft uses draft-ietf-netconf-notification-capabilities-16 as basis or foundation. If my understanding is correct, draft-ietf-netconf- notification-capabilities-16 doesn’t
> require receiver to support NETCONF or   RESTCONF.
> Potentially extends the number of capabilities to be more than minimally necessary
> e.g., the current "data-export-capabilities” modules define dozens of capabilities supporting RFC 8639 and RFC 8641 that are not needed for https-notif,
>                                      [Qin] Dozens of capabilities defined by the current "data-export-capabilities” modules are all optional capability. It doesn’t require all the capabilities to be supported.
> when RFC 8639 is not in use.
> HTTPS-Notif seems to need only three capabilities:
> What encodings are supported (json, xml, binary)
> If the RFC 8639 state machine is supported.
> If bundled messages is supported.
>                                   [Qin]: So HTTPs-notif can pick those three capabilities and ignore other capabilities.  I believe HTTP has mechanism to deal with these unhandled capabilities advertised by the network device.  One of such example is unhandled
> Namespace defined in ( <>)
> Presumably, UDP-Notif would similarly have a small set of capacities.
> In fact, it may be less, as UDP may be unable to support RFC 8639
>              [Qin]: See clarification above. For UDP notif, it doesn’t require all the capability to be supported.
> Thoughts?
> Kent and Mahesh  // as authors
> _______________________________________________
> netconf mailing list
> <>
> <>
> _______________________________________________
> netconf mailing list
> <>
> <>

Mahesh Jethanandani