IETF Logo Mail Archive

Re: [Netconf] Subscription Use Cases

Andy Bierman <andy@yumaworks.com> Thu, 08 December 2016 17:46 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD2FD12951C for <netconf@ietfa.amsl.com>; Thu, 8 Dec 2016 09:46:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BLwrtK9sevdq for <netconf@ietfa.amsl.com>; Thu, 8 Dec 2016 09:46:43 -0800 (PST)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F6231294EF for <netconf@ietf.org>; Thu, 8 Dec 2016 09:46:43 -0800 (PST)
Received: by mail-qk0-x235.google.com with SMTP id q130so269194684qke.1 for <netconf@ietf.org>; Thu, 08 Dec 2016 09:46:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fZTGqgrMMLV5bsKdPbhkS90b8d8kYiaB2EUWnQPLJZ4=; b=GQQb8tCerLJp7h0cYzzPp9JQhFXpTq3XJUFWg+9XH+PCnbmgwOZk/XPnX/A307Fp0U riHG11PHA3dUHyhlFRC33CIkR+c370ZHjCgIcQoyojP0R/PEoJ6yRjR7ZkvHjoNkb87m g9dYXZj8OkscsxG+3T/6zPEJBO9sFXGS2eBa64k04QPjel3AGLxHwe0bPFXI7S8K9hME 0gZidW885UOmxbkuzXQHI90uQruoaqZlkc7afL6G9S8N0mZTAxBiUX94I7W0o2Ti1fCQ AJLqsJF2BGJgv2JxBxV+5jxoSxVuj0vx3eYKGzDUEzqlotylwg6znHcZjbXieD0fXz5v 3ltQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fZTGqgrMMLV5bsKdPbhkS90b8d8kYiaB2EUWnQPLJZ4=; b=LeRM8NuW1+edW14bVGNdY3Zbz5+rIWYvyQRKb7J6CrPWIP5ZUnf1kJVI6W5cCJJN8J JrEAQ68mkuXR5KRqYBDPsl6/OllgqUXlxZE2ECoVMlYNTgAjWvvKKuQiWByv4UlhiQ4D qzdukpeC6lQtx4E4BWKQwR4fwKz2mzuytyjzM+nwtWwNFewH1PxXh9JwGpqsIgxERpWR 2dj8mwgnTdGI6SUCsWwlncA5XlfT1ujNRp4Kzp5p9nwYvAZ258JwfMBuon3M9zG+iAHE s3lIHmaMVzh/deqc77t+CJklST+Nzo1kI1NVvPmwrTnZlGlAA5e09Tc/mym4YTA2NdQg PmDA==
X-Gm-Message-State: AKaTC03n5Udylo8osXdIueLNPD3/IVwBh3t+1Jb33Ibbof7SV+E+Cc9Sg2f6dw2kQpBuag598MmW0Ax2GbnKiw==
X-Received: by 10.55.76.150 with SMTP id z144mr62759518qka.194.1481219202338; Thu, 08 Dec 2016 09:46:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.101.180 with HTTP; Thu, 8 Dec 2016 09:46:41 -0800 (PST)
In-Reply-To: <a2b682ef436c4b67881c26c04ad3d0b5@XCH-RTP-013.cisco.com>
References: <e9128f79b8bc4923815e40510678c026@XCH-RTP-013.cisco.com> <20161208.100745.1423954834248283961.mbj@tail-f.com> <a2b682ef436c4b67881c26c04ad3d0b5@XCH-RTP-013.cisco.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Thu, 08 Dec 2016 09:46:41 -0800
Message-ID: <CABCOCHS2C8+wpkc-4VW0CdzF2pW0dar_48xNWcbr+1teZKr9+A@mail.gmail.com>
To: "Eric Voit (evoit)" <evoit@cisco.com>
Content-Type: multipart/alternative; boundary="001a114a886864894c05432938e7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/BvQBJGR7YHWxh0iqCaAL8QNx1Ps>
Cc: "netconf@ietf.org" <netconf@ietf.org>
Subject: Re: [Netconf] Subscription Use Cases
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2016 17:46:46 -0000

On Thu, Dec 8, 2016 at 6:52 AM, Eric Voit (evoit) <evoit@cisco.com> wrote:

> Hi Martin,
>
> > From: Martin Bjorklund, December 8, 2016 4:08 AM
> >
> > I think your requirements below are more like driving forces for YANG
> push,
> > right?  Is there any of these that affects the solution in RFC 5277?
>
> The majority of these cases need yang-push.   But yang push is only
> possible when the information is yang modeled.  And in some of these cases,
> not all the information is yang modeled on a platform.  (As much as I wish
> it were.)  I have indicated a few places where this is the case in-line.
>
> Beyond the original cases I sent, there are other use cases where there
> are notifications will not be YANG modeled.
>
> (Category 4) Control Plane Notifications
>
> (4a) First-sign-of-life on new CPE.   In this case you need to figure out
> what to do when a new CPE appears on an access link.  For example, a policy
> determination needs to be made on what security treatment it needs.  This
> notification could be done via NETCONF.  And the request could come from
> the same controller subscribing to traditional NETCONF notifications.
>
> In the end, more and more stuff will be yang modeled on the device.  That
> is one reason I like your alarm-yang-module.  Approaches like the alarm
> will allow more robust yang-push mechanisms to be used over event
> notifications.  But we won't be there for a while.
>
>


What is the control plane protocol?
Seems to me you are confusing implementation details with control plane
notifications.
In this context, only a notification that is defined to be consumed by the
notification delivery system and never needs to be seen by the subscriber
would qualify.

The "5277 layer" provides the subscription control.
It also interfaces to the transport layer.
IMO we need to support a small number (2) of standard transports
  1) NETCONF <notification> elements
  2) RESTCONF SSE data stream

Lots of optional components make the solution worse.
It's like the JSON vs. XML issue in RESTCONF.
It's nice for the server developer to pick 1 of N options, but that means
the client developer has to implement all options to work with all servers.

I agree with Martin that create-subscription and establish-subscription
are not both needed.  Pick 1.

IMO there is no need for configured subscriptions because Call-home can be
used instead.

Configurable filters (in the current drafts) are not very reusable so I
don't see much
value in the ability to specify 1 filter (either inline or pre-configured).

IMO there is significant customer interest in YANG Push but not for
anything else in this document set.  The WG needs to focus on the
requirements for YANG Push and only change the lower layers if they are
really broken.


Andy



> > (Category 1) Streaming Telemetry
> > >
> > > High volume set of objects pushed on a predictable schedule.
> > >
> > > (1a) Telemetry: Fast replication of YANG operational/config data
> > > off-box for traffic or configuration analysis
> > >
> > > (1b) Multi operations reporting: Send a targeted subset
> > > operational/config data to an Operations group not directly managing
> > > device
> > >
> > > (Category 2) Distributed Eventing
> > >
> > > No need to repeatedly poll to see if targeted subsets of Network
> > > Element config have changed. The latest is pushed as it happens.
> > >
> > > (2a) Integrity Verification: Push discovered changes in keys, config,
> > > software hash as they happen.  Application validates that change is
> > > authorized.
>
> Not all the needed info here is yang modeled.
>
> > > (2b) Eliminate Polling: NMS/controllers pushed config changes as they
> > > occur in Network Elements (enabling real-time state synchronization).
> > >
> > > (2c) IWAN: Changes in Operational Data drive network rebalancing for
> > > optimized enterprise facilities usage
> > >
> > > (2d) Domain Policer: provide a single policed data rate across
> > > multiple data centers or branch offices
> > >
> > > (2e) DDoS Protection: send suspect spikes of traffic across a set
> > > devices to a scrubber
>
> Not all the needed info here is yang modeled.
>
> > >
> > > (Category 3) Network as the Subscriber
> > >
> > > Distributed CPE, VMs, routers can subscribe to a fast changing
> > > centralized configuration repository
> > >
> > > (3a) Perimeter & Internal Blocking: When vulnerabilities are detected,
> > > ephemeral remediation policies are temporarily installed across a
> > > domain of devices.
> > >
> > > (3b) Tunnel Endpoint Synch: Filtered subsets of centrally managed
> > > tunnel Ethernet endpoints can be downloaded and coordinated across
> > > edge devices to minimize effort in maintaining dynamic mesh
>
> Not all the needed info here is yang modeled.
>
> Eric
>
> > > (3c) Policy mirroring: Enables trusted or partially-trusted edge
> > > devices to mirror the state of a central configuration repository
> >
> >
> > /martin
>

v2.23.0 | Report a Bug | By Email