Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04
Kent Watsen <kwatsen@juniper.net> Tue, 15 August 2017 01:39 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EABA132476; Mon, 14 Aug 2017 18:39:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A_cyiMO3-i71; Mon, 14 Aug 2017 18:39:50 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0091.outbound.protection.outlook.com [104.47.42.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AB571321B6; Mon, 14 Aug 2017 18:39:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=P+/8/1G5ClalWqrpKJ1CM90mq8OwbU2eEENuZRFSaLg=; b=ObWgrX/CdNyXbY3YV9MAKX3mvusKUQljsPwa0/eW8nH0TzwcSlsBKV8T7GhqP5ycEv6NixM6+Zn/UkiJOehsblkz3pacibSeWefpxkQUWDeyH+9u7WUnu9iMwUQX65SVFxO6lYD0MfDAz+o3TuIkerHtZPe7SJ0Jhw8JWybepHo=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1108.namprd05.prod.outlook.com (10.160.113.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1362.12; Tue, 15 Aug 2017 01:39:47 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.1362.012; Tue, 15 Aug 2017 01:39:47 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Andy Bierman <andy@yumaworks.com>
CC: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "draft-ietf-netconf-restconf-client-server.all@ietf.org" <draft-ietf-netconf-restconf-client-server.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04
Thread-Index: AQHTB+8y29TveGyQA0qavQMqV/nni6JuTX8AgAGcVwCADGTdgIABkngAgAaaqAA=
Date: Tue, 15 Aug 2017 01:39:47 +0000
Message-ID: <C8D279C6-B735-453D-92BF-09886CAFF403@juniper.net>
References: <150128020275.20726.13027423171798327745@ietfa.amsl.com> <A9F2ED3F-6AC5-4AEF-8EBF-1C4F89A6F0F7@juniper.net> <CABCOCHTmNdi7ZGPL_R8vyZTOKeVwJgtrqsT0ZNBCbMUT4Qo9tA@mail.gmail.com> <30CD19F8-6441-4EA3-A340-8CEDD6D4FD6A@juniper.net> <CABCOCHQrgYOUGXo1g3LGn9t8rL3-MoJwNmSG2amgAkxMp_Prhw@mail.gmail.com>
In-Reply-To: <CABCOCHQrgYOUGXo1g3LGn9t8rL3-MoJwNmSG2amgAkxMp_Prhw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.13]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1108; 6:tVbaiDlhldiMbzgQ0ZO3OBdzz/yitgiZaJ4yfPLOjU+hiq8DqLE3kinjLtyQ8xSUfEcOWBKvOmFmCdPF9TmxJCyszgzu5XW/hR1u8Lf40uNSZ0dlynEbfhDlvQQN+JI13ss99HgODmEsAzRlYCq92S/yZ5l+/MLLt8tcwanWYuub+t1ueylJvItfeunDXZltTieaFdiJJp+g8pZIxl/WlQcLE1D8A61Iu4dz2RfTd7pClv11c+HFeuckoNt5ZUhUzg66a7EbPxoLp1aYDUn1ksxhadoUs5UrRiE04UTPVjsR3CD3d9KIxTYC9LlO8oSo0iicT5LEUAr6XRdB53Ot6g==; 5:gYW5VnVCveeMvSJ8EzR2fQYiMjW7eBQyEpF9eICdG8Bsb8coCyAZxqasnleR+UwsEz30G4NlK8FnMh1ljXubzPZHg6IX5sSwQq9YV2FSc8hJ0907CsAV8V7S6xHKcUOR4i9fMSrAG6U4RSJj+nxiow==; 24:c6cnSZTBt1Z07792PCdyWaVJkqTzmdE68rgtBB6B3/YQ7qcUzUNNj35oEUjgWCEz2BX3MsHjFxIHzrL9hd++TMwsNQWrkv7E/FndtwCRrTw=; 7:3W18SLtRuPAF+tq3UOkuZ3/DeiGg2lyXqyqOL7HejPcaxHniDuQVho+A2s1bi93YxZUn5ktyveBlJecqXQaHxmugTArmgCt+h3GBxEFJutWe27k2ROloMDS2rlwr/FOY+xCtJwqIhQ9/ePUyt9iU/GY8Mia2BxxBsTqmEDlGPFlES20q4Prcasv8dLjs52yy+P5y+RWye3IJCb9W2K+upL9m4QVboi/rnTTSvSXTmHI=
x-ms-office365-filtering-correlation-id: 0252ac68-1cf1-432f-17d9-08d4e37e8388
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603143)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN3PR0501MB1108;
x-ms-traffictypediagnostic: BN3PR0501MB1108:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kwatsen@juniper.net;
x-exchange-antispam-report-test: UriScan:(158342451672863)(21532816269658)(17755550239193);
x-microsoft-antispam-prvs: <BN3PR0501MB1108FB23B7FEBA1FDDF12BD2A58D0@BN3PR0501MB1108.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123560025)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1108; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1108;
x-forefront-prvs: 04004D94E2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(189002)(199003)(76104003)(2950100002)(2900100001)(189998001)(6916009)(14454004)(3846002)(36756003)(106356001)(53936002)(6506006)(77096006)(478600001)(230783001)(6486002)(6246003)(86362001)(6116002)(102836003)(83716003)(105586002)(82746002)(97736004)(83506001)(8676002)(110136004)(76176999)(4001350100001)(54356999)(8936002)(6512007)(66066001)(50986999)(101416001)(93886004)(54906002)(3660700001)(81166006)(25786009)(68736007)(7736002)(3280700002)(305945005)(99286003)(2906002)(5660300001)(4326008)(81156014)(229853002)(6436002)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1108; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <CC07A8D290F0134ABCD48A4D702F69F7@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Aug 2017 01:39:47.6638 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1108
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/PR9HQ8F6TB8W4fNg_vT56GGXd30>
Subject: Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 01:39:53 -0000
Hi Andy,
>>>> C2:
>>>>
>>>> (M1) feature tls-initiate
>>>> (M1) feature tls-listen
>>>> (M2) feature tls-listen
>>>> (M2) feature tls-call-home
>>>>
>>>> Are these features really needed since a RESTCONF server MUST support
>>>> the TLS transport?
>>>
>>> <KENT> the features themselves are needed, as we don't know what
>>> clients/servers may support.
>>>
>> OK -- These features are nested within other features (initiate, listen).
>> You should add a comment somewhere that TLS is optional-to-support,
>> but mandatory to support if the TLS transport is implemented.
>> Currently RESTCONF requires TLS be supported, but future
>> versions could be different.
>
> I added this to the description statement of the 'tls-listen' and
> 'tls-initiate' features:
>
> Currently TLS is the only transport supported by RESTCONF,
> this feature helps support possible future transports.";
>
>
> If you are trying to say that TLS might not be the mandatory-to-implement
> transport, this sentence is not quite right.
Fine, now it says "This feature exists as TLS might not be a
mandatory-to-implement transport in the future."
> You know I am not a big fan of YANG conformance.
> We have nothing in between "always mandatory" and "purely optional,
> server developer's choice". We have nothing like conditionally
> mandatory "If the RESTCONF server supports listening on TLS , then
> the listen-tls feature MUST be supported."
This seems unnecessary. Already the 'if-feature' statements will
force the server to advertise the features - or else they're not
configurable!
> The when-stmt can be used to provide this conditionally-mandatory
> conformance, but it has to be customized for each data subtree. It
> is more expensive than if-feature on many levels.
No thank-you. Let's stick with just the feature statements.
>>> Also, recent YANG 1.1 discussions concluded (wrongly IMO) that nested
>>> nodes do not inherit the if-feature-stmts of ancestors. It is not clear
>>> how one would access /foo/bar if /foo was not supported.
>>
>> Wait, seriously? I didn't see that. I don't understand how else nested
>> if-feature statements can be interpreted. Can you point to the thread
>> where this was discussed?
>
> I cannot find it now.
> Essentially, features are not coupled to objects:
>
> container foo {
> if-feature A;
> container foo2 {
> if-feature AA;
> }
> }
>
> container bar {
> if-feature AA;
> }
>
> The designer has to decide:
> Does feature AA depend on A, or just container foo2 depends
> on container foo? Does an external subtree (like /bar) depend
> on both features or can they be used independently?
I don't think the designer has any choice in this. The features
themselves have no inherent dependency (in your example, we can't
see if the feature definitions actually define a dependency), but
the containers certainly do (e.g., foo2 depends on foo). External
sub-trees (e.g., bar) can have just if-feature AA, without also
having an if-feature A (assuming that dependency doesn't exist).
> In this case I think the intent is to support feature listen if
> any transport is supported, and feature listen-<transport> is
> a specific transport is supported, so the if-feature inside the
> 2nd feature is correct.
Yes.
>> So perhaps you should add if-feature-stmts:
>>
>> feature tls-listen {
>> if-feature listen;
>> ...
>> }
>>
>> feature tls-listen {
>> if-feature listen;
>> ...
>> }
>
> I went ahead and made this change, it seems better.
Nothing to add here, but I'm leaving it for now since it adds
to the above discussion.
>>>> C5:
>>>
>>> It should be clear that the client would have to issue a GET
>>> or maybe POST to initiate the sending of stored data like logs
>>
>> Okay, how about this?
>>
>> "Periodically connect to the RESTCONF server, so that,
>> e.g., the RESTCONF client can collect data (logs)
>> from the RESTCONF server. The RESTCONF client must
>> close the connection when it is ready to release it.
>> Once the connection is closed, the RESTCONF client
>> restarts its timer until the next connection.";
>
> Not sure this is needed.
> RESTCONF does not define any interactions that are not initiated
> by the client, but if that changes, then no reason to constrain
> this text. I would change 'must' to 'SHOULD' in the 2nd sentence.
Oh, now I see your concern, how about this? (I removed the sentence
altogether):
"Periodically connect to the RESTCONF client, so that
the RESTCONF client may deliver messages pending for
the RESTCONF server. Once the connection has been
closed, for whatever reason, the server will restart
its timer until the next connection.";
...and by "for whatever reason", I mean, either due to the
client closing the connection, or due to reasons such as
an idle or keep-alive timeout.
>>>>C6:
>>>>
>>>> (M1) /restconf-client/initiate/restconf-server/periodic/
>>>> (M2) /restconf-server/call-home/restconf-client/connection-type/periodic/
>>>>
>>>> The RESTCONF notifications via SSE should be exempt from timeouts.
>>>> The RESTCONF client should terminate an SSE request. The server should
>>>> not timeout an SSE response connection
>>>
>>> <KENT> Agreed, and the description statement for the 'idle-timeout' leaf
>>> says "Sessions that have a notification subscription active are never
>>> dropped. But here, under 'periodic', the whole point is to shed idle
>>> connections. For instance, imagine a client that wants to collect logs
>>> from a low-powered server once a day. What do you think?
>>
>> Notification replay has a mode where it is terminated (i.e,.,
>> end-time >provided) I think this would have to be used by the
>> client. This tells the server to drop the connection when the
>> replay is complete.
>
> Sure, but keep in mind that logs are just an example, there could
> be other data-collection mechanisms. Still, note that when end-time
> provided is reached, the line would become idle, if it didn't drop.
> This seems like a more generic mechanism.
I have nothing to add here, but I'm keeping it here since it's
connected to the below comment.
>>> This is 1 exception -- another is close-session.
>>>
>>> POST /restconf/operations/ietf-netconf:close-session
>>>
>>> Is this supposed to do anything in RESTCONF?
>>
>> First, I don't view the above as an exception. With regards to
>> 'close-session', does it even have a meaning in RESTCONF? - and
>> is this actually an issue for RFC 8040?
>
> RESTCONF does not specify any behavior for specific operation
> resources. It is left as an implementation detail. Our server
> treats each RESTCONF request as a new management session, so a
> NETCONF operation like <lock> is granted and then released right
> afterwards by the server because the session is terminated. I
> think any standard behavior for application layer sessions would
> need to be defined in a new versions of RESTCONF.
Okay, but can you connect this to the draft? Are you asking for
a change, or are you actually thinking about a clarification
needed for RFC 8040?
> Andy
Kent
- [Netconf] Yangdoctors last call review of draft-i… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman