IETF Logo Mail Archive

Re: [Netconf] Anyone want just Configured Subscriptions?

"Eric Voit (evoit)" <evoit@cisco.com> Tue, 10 July 2018 15:57 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E948130FF5 for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 08:57:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.509
X-Spam-Level:
X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnb9ciLqqWTl for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 08:57:39 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58595130FAC for <netconf@ietf.org>; Tue, 10 Jul 2018 08:57:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20062; q=dns/txt; s=iport; t=1531238259; x=1532447859; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=X0mULWz06iGCePWUDuD5HeS62/+YRoGC8n2Y4JftXXY=; b=Q9+9LkKJbkx+DYqfDRmKmvIulGZTNZiw15/Te+gPDLOwCpTC1NhrNvSe FGKpS3lFQ2GZDc18adhKYQxXdjbDFN2VskhN+MbsUCqly8fQtzHM4lDi3 vS0vGJdV3xSpEz20MCW/RRf+CQSUUYEetOdCTl/epF1s5GJ1gh5ALuZYZ Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DIAABI1kRb/4kNJK1TCRkBAQEBAQEBAQEBAQEHAQEBAQGCU3ZjfygKg3CIBIw2ggqQJIUOgXoLI4RJAheCEyE0GAECAQECAQECbRwMhTYBAQEBAyMKTBACAQgQBQMNGgMCAgIwFBECBA4FCIMZgRtkD6p5gS6ITIEzBYh5gVc/g3MugxkBAQIBgTMUJCiCS4JVApFsh2YJAoYHgmSGMY1oijiHMwIREwGBJB04gVJwFYMkixWFPQFvAYsNBYEpgRoBAQ
X-IronPort-AV: E=Sophos;i="5.51,335,1526342400"; d="scan'208,217";a="424953700"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Jul 2018 15:57:38 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id w6AFvbbC012416 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 10 Jul 2018 15:57:37 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 10 Jul 2018 11:57:37 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1320.000; Tue, 10 Jul 2018 11:57:37 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Andy Bierman <andy@yumaworks.com>
CC: Martin Bjorklund <mbj@tail-f.com>, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Netconf <netconf@ietf.org>
Thread-Topic: [Netconf] Anyone want just Configured Subscriptions?
Thread-Index: AQHUFdzoQxUMgGR6+EyEsUfGkX4eo6SD/RKAgABHKwCAAA3RgIAA6BaAgAAi8ACAAGVWAIAABZ+AgABuS9CAAdcZAIAAkeGw
Date: Tue, 10 Jul 2018 15:57:37 +0000
Message-ID: <273f987e3a224411a01a599afb42f25f@XCH-RTP-013.cisco.com>
References: <CABCOCHSfzpj3Kca2RRtNFV6wLLt_6r4p3vfS_j4Hzfai-0Y2gA@mail.gmail.com> <20180708.095807.918450792556408986.mbj@tail-f.com> <20180708100310.gn3xaol66f7c7lo5@anna.jacobs.jacobs-university.de> <20180708.180552.1582913595227099806.mbj@tail-f.com> <CABCOCHQfirYPAVJwLELnqw0VJ=js7aFNX9wB7Xcs6Tkw06w1hw@mail.gmail.com> <9c3799f19cf84b22a3659c04a548ba67@XCH-RTP-013.cisco.com> <CABCOCHT=7-dPzTPYLvVN1J12uwGWh9GoA7r5nu=zYYD1nnFwTQ@mail.gmail.com>
In-Reply-To: <CABCOCHT=7-dPzTPYLvVN1J12uwGWh9GoA7r5nu=zYYD1nnFwTQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.35.164.39]
Content-Type: multipart/alternative; boundary="_000_273f987e3a224411a01a599afb42f25fXCHRTP013ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/Hka-hPI5SA3evaP8z3kXZ1Xa_Rs>
Subject: Re: [Netconf] Anyone want just Configured Subscriptions?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 15:57:43 -0000


From: Andy Bierman, July 9, 2018 11:07 PM
...

On Sun, Jul 8, 2018 at 8:05 PM, Eric Voit (evoit) <evoit@cisco.com<mailto:evoit@cisco.com>> wrote:
Hi Andy,

From: Andy Bierman, July 8, 2018 12:26 PM
On Sun, Jul 8, 2018 at 9:05 AM, Martin Bjorklund <mbj@tail-f.com<mailto:mbj@tail-f.com>> wrote:
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de<mailto:j.schoenwaelder@jacobs-university.de>> wrote:
> On Sun, Jul 08, 2018 at 09:58:07AM +0200, Martin Bjorklund wrote:
> > Andy Bierman <andy@yumaworks.com<mailto:andy@yumaworks.com>> wrote:
> > >
> > > You mean <start-all-configured-subscriptions> I think.
> >
> > Yes.
> >
>
> If you do this, why does the client, after receiving a call home, not
> simply create dynamic subscriptions? ;-)

Well, the configured subscription is needed anyway in order for the
device to call home, so having the client create all configured
subscriptions as dynamic subscriptions as well doesn't seem quite
right.

It is quite possible that multiple RPC operations are needed to get the session
started, such as reading the YANG library, and that the client
is not ready to receive notifications as soon as the session is started.
So an <activate-configured-sessions> operation may help.


But if the WG agrees that it is ok to send <notification> directly,
this issue goes away.

Sitting idle is definitely OK.
Accepting notifications right away is OK as an implementation feature
outside the standard.

<Eric> If the NETCONF-Notif says that the NETCONF client for a configured subscription must be able to handle accepting notifications right away, do you see any standardization issue with this behavior in this context?


Actually, I think there are issues with configured subscriptions wrt/ CallHome because
of the text in RFC 8071, 1.3:

https://tools.ietf.org/html/rfc8071#section-1.3

The transport and encoding leafs are identityrefs, which means the possible values
are unknown and unbounded.

Do all possible values (including vendor values, which are valid for the YANG leaf)
change the protocol enough so separate security analysis are required?
I think a SecDir review may raise concerns wrt/ this issue.

<Eric> For any IETF defined transport, a “Transport-Notif” draft definitely needs to address any issues with Call Home or other such mechanism.  At next IETF, perhaps we will see if this can await concurrent resolution with the NETCONF client/server work.

For configured subscriptions with a vendor specified transport identity, it would be great to see SecDir sees any issues.  I don’t see anything off hand (as it is a vendor transport), but I certainly don’t claim all their perspectives.

Eric

Eric

/martin

Andy


Andy

v2.23.0 | Report a Bug | By Email