Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04
Kent Watsen <kwatsen@juniper.net> Mon, 31 July 2017 22:56 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AA2D129B4C; Mon, 31 Jul 2017 15:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E7ADxNjZzGsd; Mon, 31 Jul 2017 15:56:20 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0119.outbound.protection.outlook.com [104.47.40.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70C651327E7; Mon, 31 Jul 2017 15:56:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=RxA0tLiwSkbhlwkVg1t4vp93X9o45Jpc+5HtuQbf/5U=; b=arpFyR/paA6VDklN34uS8ccenymjiH6rCIuLZ47NEZ+qqy7418KvgNbAP0DYNfa1Ly9wl26WyRZn4n0d2wV1Lb+FajP4iAgdlr9PXoOsVhWYhyW6NHOz7VSyO00/xPgVxRS1tPXNuQr0s3eTyGg/dyGw2559YByD7T5ao24PB6s=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1538.namprd05.prod.outlook.com (10.161.217.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.10; Mon, 31 Jul 2017 22:56:14 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.1320.010; Mon, 31 Jul 2017 22:56:14 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Andy Bierman <andy@yumaworks.com>, "yang-doctors@ietf.org" <yang-doctors@ietf.org>
CC: "draft-ietf-netconf-restconf-client-server.all@ietf.org" <draft-ietf-netconf-restconf-client-server.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04
Thread-Index: AQHTB+8y29TveGyQA0qavQMqV/nni6JuTX8A
Date: Mon, 31 Jul 2017 22:56:14 +0000
Message-ID: <A9F2ED3F-6AC5-4AEF-8EBF-1C4F89A6F0F7@juniper.net>
References: <150128020275.20726.13027423171798327745@ietfa.amsl.com>
In-Reply-To: <150128020275.20726.13027423171798327745@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kwatsen@juniper.net;
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1538; 7:VOd5FaznHcvCaXaeBEhlHpYW39KU+Km5U9DPcFLaMc2b3pxaHRZ/Sa1G7YtN3+9IiBDmaGIWdIm/4Nc+DA0GYYY8XbaEsDdGsUwCuxJd51HWhQHPC4sG7BC9fw2ICXkiz7TWCpXniwGTiIRUFOe+xdEYQ08rUHlim1Ef/jGbe+DA0sGliYoFKXo+P2IKiwflf1yp5wS6/RLGhKsPCNqRIm4gT2Is/9TtoLMBXLIZ4GRXMug5tGO4EYIB8OF6Vif0R0WZaZC4EMo3065R0Q6n8TndtvRKOFtZQ3Xj/jbyqyl04VV9BFCPnzAqzaXpQXf5gVkZipNWQc9+dXSDT0Vgou541QPNK721ZxSRLuhx4h739QTOPcJduvV3j0D2W6zDS0aRhB3pH9ubuIZw0XnIDRAjTvpvtcav46wfLQ7rHNBHiuVvDdsOwZX/xmmvqRmf3hh4hY5YtotDy0Ih3lXz9XeokS6EJlvhKa3tAnTSdi5Mf2+XgkNCxhI+68INm9hsePp29hnPxukvkS4hFx9J2f9zCvo6UKYMD+QxilL4ladx3yzPQuexGx44PlWjqyTeL2xzM/TM/a5kBU/xSR9FCTnh5/0xjAjvEe86j7u14+z0IqlsOGMMoZGbNV4xgooREaW1yJnsPxveyuYIXf2RiZbU3rpCABs0wU9JgtjP+AmNF98AnfTWLPg5x29TY+bWny8Q1UfDD/WIzwF/YQbdxYRamFGRUhKEMvtzpgSbbW+EsHtYr42Gct2lz8elFgZQ19tuhZTIGu1oGoffzERRKqNrnVOEO3NRZmpB40CwQdw=
x-ms-office365-filtering-correlation-id: 36dcaf5b-95d8-472c-de5d-08d4d867585f
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(48565401081)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN3PR0501MB1538;
x-ms-traffictypediagnostic: BN3PR0501MB1538:
x-exchange-antispam-report-test: UriScan:(158342451672863)(21532816269658);
x-microsoft-antispam-prvs: <BN3PR0501MB1538E687E060A629AFD70569A5B20@BN3PR0501MB1538.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123562025)(20161123555025)(20161123558100)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1538; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1538;
x-forefront-prvs: 03853D523D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39840400002)(39410400002)(39400400002)(39450400003)(189002)(199003)(76104003)(86362001)(106356001)(7736002)(6512007)(83716003)(53936002)(83506001)(82746002)(54906002)(99286003)(97736004)(66066001)(2900100001)(68736007)(230783001)(478600001)(4326008)(36756003)(33656002)(14454004)(6506006)(4001350100001)(6436002)(6246003)(38730400002)(77096006)(6486002)(229853002)(102836003)(8676002)(6116002)(3846002)(2501003)(81156014)(189998001)(81166006)(2950100002)(101416001)(50986999)(561944003)(2906002)(54356999)(76176999)(8936002)(105586002)(25786009)(305945005)(3280700002)(5660300001)(3660700001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1538; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <3AE0EF548D45614BB7471513654E5E4D@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jul 2017 22:56:14.1366 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1538
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/RZ0f2ipHCX-ovZzkA0UeYx4Aa0M>
Subject: Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jul 2017 22:56:22 -0000
Hi Andy, Thanks for your review. Below are my responses to your comments. Thanks, Kent -- Reviewer: Andy Bierman Review result: Ready with Nits Review: draft-ietf-netconf-restconf-client-server-04 Modules: (M1) ietf-restconf-client@2017-07-03.yang (M2) ietf-restconf-server@2017-07-03.yang YANG Usage: I did not find anything wrong in either module. pyang and yangdump-pro do not report any errors or warnings. Comments: C1: (M1) RESTCONF does not have sessions so the term "RESTCONF session" needs to be defined <KENT> good point, in this case, it's actually the underlying transport (TLS) that has a session. Fixed. But what about the 'max-sessions' leaf, under 'listen', in both modules? - should this also be changed to talk about the TLS session, or removed altogether? C2: (M1) feature tls-initiate (M1) feature tls-listen (M2) feature tls-listen (M2) feature tls-call-home Are these features really needed since a RESTCONF server MUST support the TLS transport? <KENT> the features themselves are needed, as we don't know what clients/servers may support. <KENT> the "tls" in the name of these features is likely unnecessary but 1) maybe, someday, there will be another transport? and, 2) these names are consistent with the names in the ssh modules, where there are both the "tls" and "ssh" based feature names, and so make more sense there. C3: (M1) /restconf-client/initiate/restconf-server/persistent/ RESTCONF has no session setup; It only has request and response interactions. The purpose of reconnect, idle timeouts etc. are completely up to the client application. <KENT> similar to the above, this is really meant to reflect the TLS layer. It may not make too much sense for /restconf-client/initiate/restconf-server/persistent. That said, I think it's okay, in the sense that a real HTTPS client might keep the underlying TLS session open across many HTTP-level interactions as a performance optimization. What do you think? FWIW, it does *make* sense for /restconf-server/call-home/restconf-client/connection-type/persistent/. For instance, a client may need to keep the call-home connection open in order to send messages to the server when it needs to... C4: (M1) /restconf-client/initiate/restconf-server/persistent/max-attempts What should the RESTCONF client do if a "Connection: close" header is received from the server (indicating the server is dropping the TCP connection) Should the reconnects proceed? <KENT> I don't understand the question. The 'max-attempts' regards testing the aliveness of a server that the client is already connected to. But, assuming the client was configured to try to maintain a persisted TLS connection, the client would immediately try to reconnect to one of the configured RESTCONF servers. C5: (M1) /restconf-client/initiate/restconf-server/periodic/ "Periodically connect to the RESTCONF server, so that the RESTCONF server may deliver messages pending for the RESTCONF client. The RESTCONF server must close the connection when it is ready to release it. This is not how RESTCONF works. The RESTCONF server requires a request message in order to send content to a client. I do not understand the use-case for periodic RESTCONF sessions. <KENT> Right, the server might be buffering data to send to the client (e.g., logs). Maybe it's a wording issue? OLD server may deliver messages pending for the RESTCONF client NEW client can collect data (e.g., logs) from the RESTCONF server What do you think? C6: (M1) /restconf-client/initiate/restconf-server/periodic/ (M2) /restconf-server/call-home/restconf-client/connection-type/periodic/ The RESTCONF notifications via SSE should be exempt from timeouts. The RESTCONF client should terminate an SSE request. The server should not timeout an SSE response connection <KENT> Agreed, and the description statement for the 'idle-timeout' leaf says "Sessions that have a notification subscription active are never dropped. But here, under 'periodic', the whole point is to shed idle connections. For instance, imagine a client that wants to collect logs from a low-powered server once a day. What do you think? C7: Sec 1.2 Tree Diagrams Old text should be replaced with reference to draft-ietf-netmod-yang-tree-diagrams-01 <KENT> same comment as before. C8: (M1) IETF copyright says 2014; change to 2017 (M2) IETF copyright says 2014; change to 2017 <KENT> fixed. Nits: Some descriptions mention SSH. This should be removed from this document. <KENT> done. The descriptions for choices that have only 1 case should explain why a choice is being used. <KENT> done. The tree diagram shows the fully expanded groupings, even many objects are in other drafts. I needed all 5 drafts open in windows for searching, plus pyang tree output, to really follow the data model structure. <KENT> I know. Do you have a proposal? The examples do not show any usage of the hello-params. This would be useful because the namespace for the identityref objects (tls-version, cipher-suite) is not the same as the module that uses the grouping. <KENT> Point taken. I sent Gary an email on this also. Note that the 'map-type' identityref is shown correctly encoded in examples on page 19 and 20. <KENT> not sure which draft you mean, but it's okay, I know how to prefex identities.
- [Netconf] Yangdoctors last call review of draft-i… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman
- Re: [Netconf] Yangdoctors last call review of dra… Kent Watsen
- Re: [Netconf] Yangdoctors last call review of dra… Andy Bierman