IETF Logo Mail Archive

[Netconf] Subscription Use Cases (was RE: Still subject to agree on NETCONF ML)

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 08 December 2016 00:42 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4E6C1295CC for <netconf@ietfa.amsl.com>; Wed, 7 Dec 2016 16:42:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.417
X-Spam-Level:
X-Spam-Status: No, score=-17.417 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.896, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bIkLY5uMaGzu for <netconf@ietfa.amsl.com>; Wed, 7 Dec 2016 16:42:14 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C75C1295CF for <netconf@ietf.org>; Wed, 7 Dec 2016 16:42:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=36930; q=dns/txt; s=iport; t=1481157734; x=1482367334; h=from:to:cc:subject:date:message-id:mime-version; bh=/Go881Qz9E41wnDAtSxJK4RlKmSj61hYdRNg2fuMApU=; b=bbNM7/jeQFVvMUDbe06Yu/kwcXb7SeLC/LBXQb+JBugFdov6eM6x+MNt WT2xlyYBhjcoUYJPkpEKr01hxy1aHGJcS22zfvt9Lgf/Qyr24ISzF9Vie Q7/JwBseYimKbnAkaGJc2K6LiNIFo1HtWBASzn1WdeE8hm9FxhLP2PDFb 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AVAQCHq0hY/4gNJK1UChkBAQEBAQEBAQEBAQcBAQEBAYJzRgEBAQEBH1qBBgeNQ5cQh3SNC4IHHgEKgkOCbEocgWM/FAECAQEBAQEBAWIohGgBAQEDAQEBIQpBCwUNAR0PARMHAwIEHwYLFBIBBAENBQgTiDoDDwgOp16CKYc4DYN1AQEBAQEBAQEBAQEBAQEBAQEBAQEBFwWGPocjgVgSgxqCXQWOf4V+hTU1AY04g1mQSYlQhDWEDQEfNzBpI4M4HRiBRXKGYwIkAwEDgQOBDQEBAQ
X-IronPort-AV: E=Sophos;i="5.33,316,1477958400"; d="scan'208,217";a="184397609"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Dec 2016 00:42:13 +0000
Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id uB80gCJj019804 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 8 Dec 2016 00:42:13 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 7 Dec 2016 19:42:12 -0500
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1210.000; Wed, 7 Dec 2016 19:42:12 -0500
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Andy Bierman <andy@yumaworks.com>, MehmetErsue <mersue@gmail.com>
Thread-Topic: Subscription Use Cases (was RE: [Netconf] Still subject to agree on NETCONF ML)
Thread-Index: AdJQ6+UKJidjpmIMS9+gFVyAmKGyPQ==
Date: Thu, 08 Dec 2016 00:42:11 +0000
Message-ID: <e9128f79b8bc4923815e40510678c026@XCH-RTP-013.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.56.226]
Content-Type: multipart/alternative; boundary="_000_e9128f79b8bc4923815e40510678c026XCHRTP013ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/SD_3OxNjxyrlWKFmrFf4gghP4n0>
Cc: Netconf <netconf@ietf.org>
Subject: [Netconf] Subscription Use Cases (was RE: Still subject to agree on NETCONF ML)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2016 00:42:18 -0000

Here are some more cases.  Happy to talk more or demo if people are interested.



(Category 1) Streaming Telemetry

High volume set of objects pushed on a predictable schedule.

(1a) Telemetry: Fast replication of YANG operational/config data off-box for traffic or configuration analysis

(1b) Multi operations reporting: Send a targeted subset operational/config data to an Operations group not directly managing device

(Category 2) Distributed Eventing

No need to repeatedly poll to see if targeted subsets of Network Element config have changed. The latest is pushed as it happens.

(2a) Integrity Verification: Push discovered changes in keys, config, software hash as they happen.  Application validates that change is authorized.

(2b) Eliminate Polling: NMS/controllers pushed config changes as they occur in Network Elements (enabling real-time state synchronization).

(2c) IWAN: Changes in Operational Data drive network rebalancing for optimized enterprise facilities usage

(2d) Domain Policer: provide a single policed data rate across multiple data centers or branch offices

(2e) DDoS Protection: send suspect spikes of traffic across a set devices to a scrubber



(Category 3) Network as the Subscriber

Distributed CPE, VMs, routers can subscribe to a fast changing centralized configuration repository

(3a) Perimeter & Internal Blocking: When vulnerabilities are detected, ephemeral remediation policies are temporarily installed across a domain of devices.

(3b) Tunnel Endpoint Synch: Filtered subsets of centrally managed tunnel Ethernet endpoints can be downloaded and coordinated across edge devices to minimize effort in maintaining dynamic mesh

(3c) Policy mirroring: Enables trusted or partially-trusted edge devices to mirror the state of a central configuration repository

Eric



From: Netconf, December 7, 2016 5:42 PM



Hi,





The real question is what use-cases do we agree need to be supported which

are not currently supported that well. Here are 3, where the 5277 solution

may not scale well enough in implementation



   - notification collector: If subscriptions are provided as a service then multiple subscriptions

     per session may provide some opportunities for optimization on the collector and the server.

     e.g., send a notification just once, tagged with all the subscription-ids that are supposed to

    get this notification



  - telemetry: need high-performance and efficient use of the network; consider binary encoding

    and non-secure transports; relying on YANG Push so that draft has to clearly identify lower

    layer requirements



 - datastore replication: need reliable delivery and high performance; YANG Push is also

   the solution for this use-case



IMO we will not make progress on solution details without a better understanding of the use-cases.





Andy





On Wed, Dec 7, 2016 at 11:20 AM, MehmetErsue <mailto:mersue@gmail.com> wrote:

Hi Andy, All,

can anybody draft a list of must-have, should-have, and nice-to-have requirements for discussion on the ML?

I think writing a draft for this would be an over-kill but I'm flexible.

Mehmet





On Wed, Dec 7, 2016 at 6:54 PM Andy Bierman <mailto:andy@yumaworks.com> wrote:

On Wed, Dec 7, 2016 at 9:38 AM, MehmetErsue <mailto:mersue@gmail.com> wrote:

All,



> > The <nofitication> element is changing so old clients cannot

> > get the new version that contains a subscription-id and other

> > fields.

>

> I haven't seen any proposal for doing this on the ML.

Any discussion result from the notification team meetings is still subject to agree on NETCONF ML.

Such issues should be raised on the ML, the earlier the better.



I think Martin has raised valid concerns that we do not yet agree on the requirements.

The details of a solution do not matter if people do not agree on the problem first.



What are the must-have, should-have, and nice-to-have features that are missing from RFC 5277?



E.g., if we agree that is is a terrible burden on the client that 1 session be used for each subscription,

then multiple subscriptions per session is an important feature.  How to do that is the next step,

not this step.







Mehmet







Andy





On Mon, Dec 5, 2016 at 10:35 PM Martin Bjorklund <mailto:mbj@tail-f.com> wrote:

Andy Bierman <mailto:andy@yumaworks.com> wrote:

> On Mon, Dec 5, 2016 at 12:48 PM, Martin Bjorklund <mailto:mbj@tail-f.com> wrote:

>

> > Andy Bierman <mailto:andy@yumaworks.com> wrote:

> > > On Mon, Dec 5, 2016 at 12:37 PM, Martin Bjorklund <mailto:mbj@tail-f.com>

> > wrote:

> > >

> > > > Andy Bierman <mailto:andy@yumaworks.com> wrote:

> > > > > Hi,

> > > > >

> > > > > I prefer the current solution approach, which is to use

> > > > > 'establish-subscription'.

> > > >

> > > > Can you elaborate on why you prefer two operations instead of one,

> > > > when they do the same thing?

> > > >

> > >

> > > because they don't do the same thing.

> > > The new solution has configured filters, subscription-id, suspend and

> > > cancel operations

> >

> > These are trivial extensions to the current solution.

> >

> > If they are truly different the names should not be so similar.

> >

> > > and should not need streams.

> >

> > What do you mean "should not need streams"?

> >

> >

>

> The streams concept is half-baked and not useful.



I strongly disagree.  The stream concept including replay is very

powerful.



If you think it should be deprecated and replaced with something else,

I think that requires some careful discussion first.  (such as a

description of its problems, and a description of a new solution).



> We have 1 stream, NETCONF, which MUST contain everything



No it doesn't.  This was dicussed recently.  The text says:



   This stream contains all NETCONF XML event notifications supported by

   the NETCONF server.



Note it says "all NETCONF XML event notifications", not "all

[XML] event notifications".



> and

> MUST be encoded in XML.



Well, NETCONF is encoded in XML so this should not come as a

surprise...



> Every other stream is purely ad-hoc and

> proprietary



Not really.  All streams supported can be discovered by any client

(with proper access rights).



> with no chance at interoperability.



This is a false statement.  We have defined several different streams

that third party clients use w/o any problems.  If a stream doesn't

interoperate b/c of its name, some implementation is buggy.



> > > The old solution can be deprecated and replaced.

> >

> > Sure, if it is broken.  But I don't think it is broken in any way.

> >

> >

> >

> The <nofitication> element is changing so old clients cannot

> get the new version that contains a subscription-id and other

> fields.



I haven't seen any proposal for doing this on the ML.



> IMO it is simpler and clearer if the new solution is separate.



Maybe.  Anyway, my post was really in reply to Eric's statement that

these new features could not be built on top of what we have and still

be backwards compatible.



One way of making streams even more useful is to make them

configurable, e.g. instead of creating configurable filters, an idea

is to create a new stream together with a filter, and replay

definition.  Being able to do this dynamically would actually be quite

useful.





/martin



_______________________________________________

Netconf mailing list

mailto:Netconf@ietf.org

https://www.ietf.org/mailman/listinfo/netconf

--

Cheers,

Mehmet

--

Cheers,

Mehmet

v2.23.0 | Report a Bug | By Email