IETF Logo Mail Archive

Re: [Netconf] YangPush now

"Eric Voit (evoit)" <evoit@cisco.com> Fri, 20 July 2018 18:47 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0209F1310A0 for <netconf@ietfa.amsl.com>; Fri, 20 Jul 2018 11:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id exfHhJLbzVFD for <netconf@ietfa.amsl.com>; Fri, 20 Jul 2018 11:47:51 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1EBC130DF1 for <netconf@ietf.org>; Fri, 20 Jul 2018 11:47:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8790; q=dns/txt; s=iport; t=1532112470; x=1533322070; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Ir1e6mXcAW2SjLGkNXPEU/6OatTWNdJj6eQFxKwWIXg=; b=TsXF1hD7ZcHeJyg6ezARo23l+Hl9OvL4VO9Mre0qBldOEdyywMtu387u JMXtvdVBELYBrZZLcEOXTH5UPSvRlpTtp2A9sfy5jCjF8b1gCtcvEnkGz Av9fWW+WxvDri+sw5Vk40IvGzm5B27n2KK5HvuXjbBLuZvYnLoYeP/nYa M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CwAQAWLVJb/4UNJK1TBgMZAQEBAQEBAQEBAQEBBwEBAQEBgyMqY38ymCqCDJU8gXoLH4RNAoMMITUXAQIBAQIBAQJtHAyFNgEBAQECAScTNAsFCQICAQgOAgUDDREQGxclAgQODRNMgW5MgXcIrGczik8FBYh9gVc/gRGDEYRRFDcmhQ8Ch2KEeoEri2UJAo8mgU2EEogbkXoCERSBJB8CNIFScBU7gmqCJBeDeIoeAYx3gRsBAQ
X-IronPort-AV: E=Sophos;i="5.51,380,1526342400"; d="scan'208";a="426573403"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Jul 2018 18:47:49 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id w6KIlnvh017551 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 20 Jul 2018 18:47:49 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 20 Jul 2018 14:47:48 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1320.000; Fri, 20 Jul 2018 14:47:48 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: Andy Bierman <andy@yumaworks.com>, "Tim Jenkins (timjenki)" <timjenki@cisco.com>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] YangPush now
Thread-Index: AQHUHhHrAK87NKpG2E+Ouz7jjC6MRKSUNnVAgAEH3gCAAPvOkIAB8aCA///Xl8A=
Date: Fri, 20 Jul 2018 18:47:48 +0000
Message-ID: <3b194cc7276b4e888c4e8b808d1c356a@XCH-RTP-013.cisco.com>
References: <2E1BAD12-EFF2-4E35-B232-57A4C4490989@cisco.com> <20180717055030.7bmzlychtznf3mso@anna.jacobs.jacobs-university.de> <18622ABD-DB9F-406C-836F-64649F3D8FF6@cisco.com> <20180717172036.hhuoq6fzs7ctblpf@anna.jacobs.jacobs-university.de> <CABCOCHS8cfqKLaQe9M4tu-2zkZ5=6-a2FEv+idJwZiW_btx_Zw@mail.gmail.com> <a54850668bfb4483b89f4c2b15bf5f44@XCH-RTP-013.cisco.com> <20180718133200.u7fpsv3xanb2nosr@anna.jacobs.jacobs-university.de> <6707abca9924442083ef165ce1345b7e@XCH-RTP-013.cisco.com> <20180720101419.7chri56rzgyidxmw@anna.jacobs.jacobs-university.de>
In-Reply-To: <20180720101419.7chri56rzgyidxmw@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.56.234]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.153, xch-rtp-013.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/HIPyF1xJFreoY9Gjh0Rj6yuvu-M>
Subject: Re: [Netconf] YangPush now
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 18:47:54 -0000

Hi Juergen,

> From: Juergen Schoenwaelder, July 20, 2018 6:14 AM
> 
> On Thu, Jul 19, 2018 at 09:41:00AM +0000, Eric Voit (evoit) wrote:
> 
> > That is what I was hoping would be accomplished with the text:
> >
> >    The method of identifying the targeted receiver IP address, port, and
> >    security credentials are left up to implementers of this
> >    specification.  For implementation guidance and a YANG model for this
> >    function, please look to
> >    [I-D.draft-ietf-netconf-netconf-client-server].
> 
> I said this is to vague for me to understand. Repeating the pointer does not
> help me to understand. If this I-D has a clear solution, why not put it in
> place?

The recommended solution is for vendors to augment in their own leafrefs into existing vendor specific call home configurations.   Alternatively, solutions can be integrated within non-YANG based configuration structures.  This is how our configured subscription implementation works.  

To clarify the recommended solution, I have updated the reference above to:

The method of identifying the targeted receiver IP address, port, and security credentials are left up to implementers of this specification.  For implementation guidance on how a leafref might constructed to accomplish this function, consider the following augmentation which would need to be made if the necessary connection parameters are maintained with ietf-netconf-client.yang as specified by [I-D.draft-ietf-netconf-netconf-client-server].

  import ietf-netconf-client { prefix ncc; }
  import ietf-subscribed-notifications { prefix sn; }
  import ietf-netconf-subscribed-notifications { prefix nsn; }

  augment "/sn:subscriptions/sn:subscription/sn:receivers/sn:receiver" {
   when 'derived-from(../../../transport, "nsn:netconf")';   
   leaf netconf-endpoint {
      type leafref {
        path "/ncc:netconf-client/ncc:initiate/ncc:netconf-server/ncc:endpoints/ncc:endpoint/ncc:name";
      }
      description
        "Points to a remote NETCONF client intended to support a particular configured subscription.";
    }
  }
  
> > To cover this, there is the following text in Section 5 of draft-ietf-netconf-
> netconf-event-notifications:
> >
> >    publisher SHOULD place the receiver into the
> >    "timeout" state after a predetermined number of either failed call
> >    home attempts or NETCONF sessions remotely terminated by the
> >    receiver.
> >
> >    Until NETCONF transport with a receiver has been established, and a
> >    "subscription-started" state change notification has been
> >    successfully sent for a configured subscription, that subscription's
> >    receiver MUST remain in either the "connecting" or the "timeout"
> >    state.
> 
>     <-- call home -->
>  C: <hello>
>  S: <hello>
>  S: <notification>
>     <-- session terminated -->
> 
> The server believes 'notification has been successfully sent'.  The other
> alternative would be a client that throws away notification messages not
> expected:
> 
>     <-- call home -->
>  C: <hello>
>  S: <hello>
>  S: <notification> // -> discarded
>  S: <notification> // -> discarded
>  S: <notification> // -> discarded
>     [...]
> 
> Both scenarioes are problematic. 

Agree that there are these two scenarios.  

The first scenario isn't elegant, but I don't see it as problematic.  Per SN, transport loss places all receivers back into their connecting state.   And the NETCONF-Notif text quoted above shows that multiple session terminations places the subscription into "timeout" so that something can figure out what is wrong.

The second scenario requires that NETCONF Call home is successfully configured with the right credentials on both sides of the connection, and that the receiver's NETCONF client implementation is unable to terminate a session receiving unwanted notification traffic.  This is a concern, but an implementer at least has some protections by controlling the call home connectivity parameters tied to a specific receiver.   (See continue reasoning below)

> This is why I suggested that there needs to
> be some mechanism that tells the server that the client is willing to receive
> configured subscriptions before the server throws <notification> messages
> at the client. You will find differnet ideas in the mailing list archive.

In talking about this issue in the past, suggestions were made that the NETCONF client could advertise its capabilities for supporting configured subscriptions as part of the hello exchange.  And that can be a partial(*) solution to the problem.  However there was pushback to this based on NETCONF client to server implementations not typically exchanging and interpreting the results of NETCONF client asserted capabilities.  

(*) the reason it is partial is that even if the client advertises support for NETCONF configured subscriptions, there is still the possibility that something goes wrong with the receiver's receiving process with the second scenario above.  In which case you still need to have a way to terminate the incoming notification stream by pulling down the NETCONF session.  Still, there are obviously benefits of client capability signaling as an extra layer of misconfiguration protections included.

Looking at what is in the v10 draft, there are some protections for both your scenarios above.  But certainly it is not robust.   And certainly having the client advertise configured receiver support would be nice, but this would require more development.   As based on the amount of development,  we used the design philosophy of "it is better to start with an 80% solution than a 120% solution :-)."  

I agree that the current protection could have an improved description.  So I have placed the following text into the NETCONF-Notif security considerations section:

" For a configured subscription, if NETCONF call home has been configured with the working credentials, yet that the receiver's NETCONF client implementation is both unable to process inbound notifications and unable to terminate a session receiving unwanted traffic, then the receiver may receive unwanted event records.  To minimize this risk, a publisher implementation should use dedicated call home connectivity port numbers and credentials specific to configured subscriptions.  This will minimize the chance that an unplanned NETCONF receiver will receive configured subscription notifications unexpectedly."
 
> > > I do not buy the IoT argument. What is wrong with requiring that a
> > > NETCONF server must support at least the NETCONF transport and that
> > > a RESTCONF server must support at the RESTCONF transport?
> >
> > Ahh.  I thought you meant that there should be a default transport for SN
> alone.    SN in section 1.0 & the end of 5.3 points to transport documents
> for such guidance.
> >
> > Then looking at Section 1.0 in draft-ietf-netconf-netconf-event-
> notification:
> >
> >    This document provides a binding for events streamed over the
> NETCONF
> >    protocol [RFC6241] as per
> >    [I-D.draft-ietf-netconf-subscribed-notifications].  In addition, as
> >    [I-D.ietf-netconf-yang-push] is itself built upon
> >    [I-D.draft-ietf-netconf-subscribed-notifications], this document
> >    enables a NETCONF client to request and receive updates from a YANG
> >    datastore located on a NETCONF server.
> >
> 
> Yes. But this text does not say that 'if a NETCONF server supports
> configured subscriptions, then it MUST implement the notification
> transport as defined in section 5.2 (or whatever the section will be).
> This way, a NETCONF client using configured subscriptions would know one
> transport that actually works (if the details are fully worked out). 

Added the text to the top of configured subscriptions section:

"To allow the configuration of NETCONF for configured subscription transport, a publisher MUST support the YANG module defined in Section 8.  Advertisement of this module will indicate support the "netconf" transport identity, and therefore the ability to use NETCONF as the selected transport.".

> Perhaps
> this is not what people really want, so I will start another thread to figure
> this out.

See the thread.  Wil reply to it.

Eric

 > /js
> 
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email