IETF Logo Mail Archive

[netconf] Re: [Tsv-art] UDP default port

Kent Watsen <kent+ietf@watsen.net> Fri, 20 December 2024 12:43 UTC

Return-Path: <01000193e417bb3e-e4753368-c0d7-47f6-bd6c-fc233e42809a-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F66CC17C882; Fri, 20 Dec 2024 04:43:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.001
X-Spam-Level:
X-Spam-Status: No, score=-1.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AkUS--b35EzF; Fri, 20 Dec 2024 04:43:02 -0800 (PST)
Received: from a48-95.smtp-out.amazonses.com (a48-95.smtp-out.amazonses.com [54.240.48.95]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCEA1C169435; Fri, 20 Dec 2024 04:43:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1734698580; h=Content-Type:Content-Transfer-Encoding:From:Mime-Version:Subject:Date:Message-Id:References:Cc:In-Reply-To:To:Feedback-ID; bh=MmSFqNnU/3hBr5GS5ZwXWY9mAI5jmzaaU80v+dTYTT8=; b=iNzTngrU/7YFM1smrwymAGmPNQp55qi2uDC20MjpZ9XiYdpouGdj6jsta5m+Mq+i 3os1kZ4hbkd7GQQYuvdaPKe9nQrRsQQy2iDRClfNI0z0/ydOXOdM+MvfP8g9SNh0voc nwDi86F7kZKxPf875LbP7GgYSz7/Zy6qndkWwRiA=
Content-Type: multipart/alternative; boundary="Apple-Mail-7E53D5EA-DAB3-4F7C-AFA2-134D276B98E2"
Content-Transfer-Encoding: 7bit
From: Kent Watsen <kent+ietf@watsen.net>
Mime-Version: 1.0 (1.0)
Date: Fri, 20 Dec 2024 12:43:00 +0000
Message-ID: <01000193e417bb3e-e4753368-c0d7-47f6-bd6c-fc233e42809a-000000@email.amazonses.com>
References: <bd3bb3982aa44eee87ebae80c85c45aa@swisscom.com>
In-Reply-To: <bd3bb3982aa44eee87ebae80c85c45aa@swisscom.com>
To: thomas.graf@swisscom.com
X-Mailer: iPhone Mail (22B91)
Feedback-ID: ::1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.12.20-54.240.48.95
Message-ID-Hash: JMJMPKNP4LAHNQO23TY6HLNFANFMI26Y
X-Message-ID-Hash: JMJMPKNP4LAHNQO23TY6HLNFANFMI26Y
X-MailFrom: 01000193e417bb3e-e4753368-c0d7-47f6-bd6c-fc233e42809a-000000@amazonses.watsen.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netconf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-netconf-udp-notif@ietf.org, netconf@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [netconf] Re: [Tsv-art] UDP default port
List-Id: NETCONF WG list <netconf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/O1Ja8JqshlmvZkRFJyJn06hnKag>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Owner: <mailto:netconf-owner@ietf.org>
List-Post: <mailto:netconf@ietf.org>
List-Subscribe: <mailto:netconf-join@ietf.org>
List-Unsubscribe: <mailto:netconf-leave@ietf.org>

Hi Thomas,

I perfectly well understand that some values (e.g., counters) are okay to be lossy.  But I’m wondering if only lossy are sent when:

1) some events on that slide seem singular (one-time-change), but maybe I’m reading the slide wrong?

2) the YP protocol definitely has messages that occur one time, the loss of which seems problematic (RFC violations?)

I understand that you are happy with the current solution, which is great, but I’m trying to understand how happy one can be when it seems some things that must not be dropped may be lost. 

The perfect response for me here would be, for #1, explain that there aren’t any one-time messages and, for #2, either explain that aren’t any one-time messages or explain that this is why YP Lite is needed (i.e., to remove the reliability constraints). 

Thanks,
Kent


On Dec 20, 2024, at 3:36 AM, thomas.graf@swisscom.com wrote:



Dear Kent,

 

Speaking as an operator who maintains a large scale Network Telemetry data collection. We at Swisscom have >2 years of experience operating udp-notif data collection in production environment with periodical, on-change and on-change sync-on-start subscriptions.

 

 

Correction. Slide 10 and 11 show the use cases. Slide 12 how they are being addressed.

 

https://datatracker.ietf.org/doc/html/draft-ietf-netconf-udp-notif#section-5" rel="nofollow">https://datatracker.ietf.org/doc/html/draft-ietf-netconf-udp-notif#section-5 describes main appliccability.

 

The main use case of the proposed mechanism is the collection of statistical metrics for accounting purposes, where potential loss is not a concern, but should however be reported (such as IPFIX Flow Records exported with UDP [https://www.rfc-editor.org/info/rfc7011" rel="nofollow">RFC7011]). Such metrics are typically exported in a periodical subscription as described in Section 3.1 of [https://www.rfc-editor.org/info/rfc8641" rel="nofollow">RFC8641].

 

Today snmp traps, the YANG-Push on-change pendant, are sent via udp. IPFIX has data-templates and options-templates, similar to YANG-Push subscription state change notifications, are sent also via UDP but periodically. Loss can occur not only in YANG-Push transport but also somewhere throughout the data processing chain (https://datatracker.ietf.org/doc/html/draft-ietf-nmop-yang-message-broker-integration-05#section-4" rel="nofollow">https://datatracker.ietf.org/doc/html/draft-ietf-nmop-yang-message-broker-integration-05#section-4). Therefore it is important to be able to recognize loss (https://datatracker.ietf.org/doc/html/draft-netana-netconf-notif-envelope-01#section-3.4.1" rel="nofollow">https://datatracker.ietf.org/doc/html/draft-netana-netconf-notif-envelope-01#section-3.4.1) throughout the data processing chain and not only retrieve at the YANG-Push session establishment the initial state with on-change sync-on-start (https://datatracker.ietf.org/doc/html/rfc8641#section-3.1" rel="nofollow">https://datatracker.ietf.org/doc/html/rfc8641#section-3.1) when the YANG-Push session was lost, but also periodically throughout the YANG-Push subscription life cycle. Today this requires two subscriptions but tomorrow, same as in gNMI, this could be an option at the subscription.

 

From vendor implementation interactions we understood that udp-notif is implementable on distributed systems because session states doesn't need to be maintained. Current implementations are ranging from routers with line cards in the IP domain, OLT's in the broadband access domain to even SmartSFP's. I am not aware of any vendors intend to implement https-notif nor QUIC transport for YANG-Push. In the future, with different hardware capabilities, this might change.

 

Best wishes

Thomas

 

From: Kent Watsen <kent+ietf@watsen.net>
Sent: Thursday, December 19, 2024 6:05 PM
To: draft-ietf-netconf-udp-notif@ietf.org
Cc: netconf@ietf.org
Subject: Re: [netconf] [Tsv-art] UDP default port

 

Be aware: This is an external email.

 

[Removing Joe and TSVART]

 

 

As I understand it, udp-notif is intended to be used only for notifications that do not require reliable delivery.  That is, there would be one configured subscription using udp-notif for nodes that don’t require reliable delivery, and another configured subscription using, e.g., https-notif, for nodes that do require reliable delivery.  Is this correct?

 

Two things confuse me:

 

1) the YANG Push protocol itself defines some notifications (subscription-changed) that are intended to be reliable.

 

2) Slides 11 of https://datatracker.ietf.org/meeting/121/materials/slides-121-nmop-ietf-yang-push-implementations-and-next-steps-01" rel="nofollow">IETF YANG-Push Implementations and Next Steps suggests that some notifications occur once (e.g., On-change sync), and hence suggest a need to be delivered reliably.

 

 

How are these issues resolved?   Wouldn’t QUIC resolve them better?

 

Thanks,

Kent

 

 



On Dec 17, 2024, at 11:37AM, Benoit Claise <benoit.claise=40huawei.com@dmarc.ietf.org> wrote:

 

Hi,

On 12/17/2024 3:44 PM, Rob Wilton (rwilton) wrote:

Hi Kent, all.

 

Not an author (but I am involved with the implementation of the UDP Notif draft), one comment inline …

 

 

 

Hi Joe and UDP-Notif Authors,

 

It seems that this thread has stalled.  What can we do to move it forward?  

 

Kent and Per // NETCONF chairs

 

 

A couple thought-provoking questions:

 

1.      What does "udp-notif" bring that isn’t supported by the "https-notif" draft, assuming the https-notif draft supports the QUIC transport?

2.      If the https-notif draft with QUIC transport is deemed unacceptable, would a "quic-notif” draft work?

 

 

PROs:

 

1.      QUIC is well-defined (RFC 9000) and tooling should prominent.

2.      HTTP/3 is well-defined (RFC 9114) and tooling should prominent. 

3.      QUIC supports reliability on a per frame-type basis, thus muxing both types is possible (see RFC 9221)

4.      Stateful firewalls supporting QUIC will allow the return packets, thus enabling an “encoding-discovery” mechanism.

5.      QUIC is still UDP, and so (I think) continues to support the properties desired by the “distributed-notify” draft.

6.      Anything else?

 

CONs:

 

1.      No ability to disable encryption (for “private” networks)

1.      I don’t know how big of a problem this is.

2.      Assuming long-lived connections, the overhead of the asymmetric key handshake is negligible.

3.      The overhead for symmetric-key encryption (e.g., AES) is also pretty negligible

4.      The “overhead” is mostly a concern on the receiver-side, as logging is a many-to-one activity, but it’s easy to scale receivers.

5.      Encryption negates the ability to copy frames directly to persistent storage.  This is unlikely a good idea anymore, but ~20 years ago I designed the binary logging protocol such that the packets could be mmap-ed directly to disk, in their final storage format (note: a post-sweep would build indices).

 

2.      Anything else?

Yes, it is not what the clients/servers are implementing. ;-)  I.e., the UDP notif draft ticks the running code box, but AFAIK nobody is yet implementing a QUIC based transport, although I understand that there is potentially interest in future.

Another key benefit of the UDP stack is that it is lightweight.  We implemented the core of it in a few weeks.  A QUIC implementation will take significantly more time and effort, or most likely we will try and find a suitable third-party library to leverage.

But ultimately, If the operators are saying that UDP fits their requirements, and the vendors are implementing then what is the stumbling block to publishing this?

What Rob said.
IPFIX has been proving that UDP works and scales in production now.

Regards, Benoit

Regards,
Rob

 

 

Kent / contributor

 



_______________________________________________
netconf mailing list -- netconf@ietf.org
To unsubscribe send an email to netconf-leave@ietf.org

 

_______________________________________________
netconf mailing list -- netconf@ietf.org
To unsubscribe send an email to netconf-leave@ietf.org

 

_______________________________________________
netconf mailing list -- netconf@ietf.org
To unsubscribe send an email to netconf-leave@ietf.org

v2.29.0 | Report a Bug | By Email | System Status