IETF Logo Mail Archive

[Netconf] zerotouch issues found while preparing -20

Kent Watsen <kwatsen@juniper.net> Fri, 19 January 2018 17:17 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9622D12E050 for <netconf@ietfa.amsl.com>; Fri, 19 Jan 2018 09:17:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rOFP_IqtAX9e for <netconf@ietfa.amsl.com>; Fri, 19 Jan 2018 09:17:08 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BF3912E04F for <netconf@ietf.org>; Fri, 19 Jan 2018 09:17:08 -0800 (PST)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0JHE2uA015241 for <netconf@ietf.org>; Fri, 19 Jan 2018 09:17:06 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=KqoWFBETq6axHewnZcKjkXGH4ewUlhr8HTOAzwcSl+E=; b=gx6sz5/Xfr54Al7lt3LQYx9NAPsd0jPPi4pUeQ+Nz27DxuTWnB/9B/LeeQ1LyMTJtNla gotXfQd8y5jSqvv3GShU/2Pi+15KlHbfXswCqYbADQYdw3Xfxk4HqHZmvLocBLv4xeA8 PWx9KLa0aYondSGSw80XUZI/Fsy+Y42DnON6mOM0iDTV67//8LkLjuB9C3MwuIAr4AD8 g5l0UuVLD8UrCQ8g+rq4U95sPHWeGDfM8jQscIm2z+OlM7fZvKZ+iej2LPQg57Vv3cFp hN8zwjsD4wS8p17gNvfHxzQaCE1CcSx4V29g/i9Irn+STpRU62NUa2K0ni2BIDqgyHh9 YA==
Received: from nam03-by2-obe.outbound.protection.outlook.com (mail-by2nam03lp0054.outbound.protection.outlook.com [216.32.180.54]) by mx0b-00273201.pphosted.com with ESMTP id 2fkm4dg33k-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <netconf@ietf.org>; Fri, 19 Jan 2018 09:17:06 -0800
Received: from DM5PR05MB3484.namprd05.prod.outlook.com (10.174.240.147) by DM5PR05MB3018.namprd05.prod.outlook.com (10.168.177.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.428.9; Fri, 19 Jan 2018 17:17:04 +0000
Received: from DM5PR05MB3484.namprd05.prod.outlook.com ([10.174.240.147]) by DM5PR05MB3484.namprd05.prod.outlook.com ([10.174.240.147]) with mapi id 15.20.0444.004; Fri, 19 Jan 2018 17:17:04 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: zerotouch issues found while preparing -20
Thread-Index: AQHTkUlT3opJw5zWrUSYzpkv8bYhbQ==
Date: Fri, 19 Jan 2018 17:17:04 +0000
Message-ID: <CFD07FE5-82AF-4C81-BDB4-D31A7243A0A2@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR05MB3018; 7:Xzf7paEm58d74fXZy19RlUfjGs8Ry7nRLgtm0uFhtSPUzKXpEAn060548NmzrxjqjYVRISRkXk/4x5JVbpkj709okYLXmgSc1/RrvZnhA2aC7Z2hGv3cKUnONC1n3YcneDgsMb4CrAikkMPLiLL0R8Og0Gl7emNskX4yZXkCuUtd5/afpaMyXOq6TCOePDdF30tt5b6389oOT0BbI0qyJkSHVkWnQX+MV9A6L2a8ALyGg+/dsw4ory80v3+vGmq9
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: b4e76073-182c-4cf6-2a35-08d55f60761b
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534125)(4602075)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:DM5PR05MB3018;
x-ms-traffictypediagnostic: DM5PR05MB3018:
x-microsoft-antispam-prvs: <DM5PR05MB3018C014DF6BCAF3F86447DCA5EF0@DM5PR05MB3018.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040495)(2401047)(5005006)(8121501046)(10201501046)(3231046)(2400080)(944501161)(3002001)(93006095)(93001095)(6055026)(6041282)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM5PR05MB3018; BCL:0; PCL:0; RULEID:(100000803126)(100110400120); SRVR:DM5PR05MB3018;
x-forefront-prvs: 0557CBAD84
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(346002)(396003)(366004)(39380400002)(189003)(199004)(6306002)(36756003)(6916009)(25786009)(7736002)(53936002)(6512007)(97736004)(316002)(82746002)(305945005)(8676002)(6116002)(81166006)(8936002)(26005)(58126008)(99286004)(66066001)(77096007)(3846002)(86362001)(81156014)(1730700003)(2906002)(68736007)(83716003)(83506002)(5660300001)(3280700002)(105586002)(2351001)(3660700001)(2501003)(966005)(2900100001)(33656002)(478600001)(6486002)(102836004)(106356001)(59450400001)(6436002)(14454004)(5640700003)(6506007); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB3018; H:DM5PR05MB3484.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: rOqD8QM0Kz2X/kaQPsqpaZ38FzqHIsMt6m208RRqPfggiDGSQpAvXq7Nec6z76N1RlkEiRJrZ8dMAB8FERyNYg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <5D5B8E51BC0B62409C929E69B426EB2E@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: b4e76073-182c-4cf6-2a35-08d55f60761b
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jan 2018 17:17:04.5159 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB3018
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-19_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801190224
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/LuCkOTHT986dxPUe_YX8j8eZAJM>
Subject: [Netconf] zerotouch issues found while preparing -20
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jan 2018 17:17:10 -0000

All,

I'm trying to get -20 out now, but ran into a couple issues:


1) can't support the remote-id & circuit-id parameters

In looking to see how to support DHCPv6, I noticed that the ability for the DHCP client to learn the relay parameters (i.e. remote-id & circuit-id) is not supported.  I asked the DHC WG, which confirmed this understanding (see link below).  This being the case, we should remove the "remote-id" and "circuit-id" input parameters from the get-bootstrapping-data RPC.  That is:

   module: ietf-zerotouch-bootstrap-server
     rpcs:
       +---x get-bootstrapping-data
          +---w input
             +---w untrusted-connection?   empty
             +---w os-name?                string
             +---w os-version?             string
-            +---w remote-id?              string
-            +---w circuit-id?             string
             +---w nonce?                  string

Link to the DHC WG email thread:
  https://mailarchive.ietf.org/arch/msg/dhcwg/SufOgBpLedIpQVpBwZu3FCWSM5s.  

Assuming there are no objections, I'll remove these two input parameters from the to-be-posted -20 draft.



2) 'hardwareModuleName' is not guaranteed in 802.1AR-2009

Looking at 802.1AR-2009, it turns out that the 'hardwareModuleName' field is optional.  This being the case, we should add a "hw-model" parameter to the get-bootstrapping-data RPC.  That is:

   module: ietf-zerotouch-bootstrap-server
     rpcs:
       +---x get-bootstrapping-data
          +---w input
             +---w untrusted-connection?   empty
+            +---w hw-model?               string
             +---w os-name?                string
             +---w os-version?             string
             +---w nonce?                  string

      leaf hw-model {
        type string;
        description
          "This optional input parameter enables a device to
           communicate to the bootstrap server its vendor specific
           hardware model number.  This parameter may be needed 
           when the device's IDevID certificate does not include
           the 'hardwareModelName' value in its subjectAltName
           field, as is allowed by 802.1AR-2009.";
        reference
          "IEEE 802.1AR-2009: IEEE Standard for Local and
             metropolitan area networks - Secure Device Identity";
      }

Assuming there are no objections, I'll add this input parameter to the to-be-posted -20 draft.



PS: I'm still waiting for yang-data-ext to be adopted, in order to resolve the rc:yang-data LC issue.  I just pinged the NETMOD chairs on it again...


Thanks,
Kent

v2.23.0 | Report a Bug | By Email