[netconf] Re: Adoption call for notif-yang-04

Kent Watsen <kent+ietf@watsen.net> Wed, 19 June 2024 02:17 UTC

Return-Path: <010001902e48dfb1-3f1dfb16-ef79-45d4-b49c-51025ebde320-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA48BC15199A for <netconf@ietfa.amsl.com>; Tue, 18 Jun 2024 19:17:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oKvKdZ13KD4G for <netconf@ietfa.amsl.com>; Tue, 18 Jun 2024 19:17:27 -0700 (PDT)
Received: from a48-92.smtp-out.amazonses.com (a48-92.smtp-out.amazonses.com [54.240.48.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AF42C169439 for <netconf@ietf.org>; Tue, 18 Jun 2024 19:17:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1718763446; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=yiK3uWY/0mlTTDurk2wrQ2P+zO0zKXVHxHH8sukmDLo=; b=sFYm3jU1bxmDKgpl1ScZWcG1RWTvGZP3B1JaO4ekC9Rg+UZe3OGjVZGahXfsB+YS SjzlsbJmR0dlTJHeZoh7ymFy7W6lp3vfUf4w17+CA4vMmZ/IxpbOhPfiFyGYOEU+cXZ HIFsj3S8wbB6Cz+rr8Ce6SOa/2Fb+l6pSFZcnFPQ=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <010001902e48dfb1-3f1dfb16-ef79-45d4-b49c-51025ebde320-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1F611A9B-CDBF-4EF0-BA7D-90ED5E0B6386"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Date: Wed, 19 Jun 2024 02:17:26 +0000
In-Reply-To: <9D189771-D7C7-4097-A3B2-FD1428B1BFC0@insa-lyon.fr>
To: Alex Huang Feng <alex.huang-feng@insa-lyon.fr>
References: <0100018eb57a21d8-26b38f41-a625-4d44-9248-09b349fd4212-000000@email.amazonses.com> <0100019012711c3f-d2317fe0-30c0-4207-bb1f-855190e3ea3f-000000@email.amazonses.com> <LV8PR11MB85360BCE465EDB48BFA9DCF7B5CD2@LV8PR11MB8536.namprd11.prod.outlook.com> <0100019026c604b4-3751e0b2-fd8c-45c1-9884-0852fb6395c8-000000@email.amazonses.com> <9D189771-D7C7-4097-A3B2-FD1428B1BFC0@insa-lyon.fr>
X-Mailer: Apple Mail (2.3774.400.31)
Feedback-ID: ::1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.06.19-54.240.48.92
Message-ID-Hash: HGRNILFGLWEMRW6XSGHVNN24KZU3OB5R
X-Message-ID-Hash: HGRNILFGLWEMRW6XSGHVNN24KZU3OB5R
X-MailFrom: 010001902e48dfb1-3f1dfb16-ef79-45d4-b49c-51025ebde320-000000@amazonses.watsen.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netconf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "netconf@ietf.org" <netconf@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netconf] Re: Adoption call for notif-yang-04
List-Id: NETCONF WG list <netconf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/TmgMt2K326oGBCEUhoYmrD4KFl0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Owner: <mailto:netconf-owner@ietf.org>
List-Post: <mailto:netconf@ietf.org>
List-Subscribe: <mailto:netconf-join@ietf.org>
List-Unsubscribe: <mailto:netconf-leave@ietf.org>

Hi Alex,

I’m glad you wrote this message, as you have surfaced a number of good issues.


>> For *configured* subscriptions, the "https-notif" and "udp-notif" drafts appear normative.  Currently the https-notif draft says to use string “letf-https-notif”, but this can (should, IMO) be changed to “ietf-notification”.  The udp-notif draft already uses “ietf-notification” but doesn’t have normative text for why.
> 
> I find this statement actually very surprising.

I just meant that udp-notif seems to be missing statements like found in https-notif:
  - when encoding XML, use the format described in RFC 5277
  - when encoding JSON, use the format described in RFC 8040, but replace “ietf-restconf” with “ietf-notification”
  - when encoding CBOR, ...

I understand that you’re purposely trying to not do this (for valid reasons), but what else can we do, and consistency is good...


> But re-reading HTTPS-notif, the draft is defining some constraints for the encoded message for the Application layer, would you agree that we are crossing layers here?

What constraints?  Do you mean what I wrote immediately above?  These could be perceived as crossing layers, but we’re already doing it everywhere, so it's par for the course?


> Also, the scope of both transports are a bit different:

I’ve been meaning to suggest that may want to align the scopes.  I don’t see why we’d want to limit sending YANG-defined notifications over UDP to just RFC 8639.  Be aware that several folks have stated 8639 is too complicated for simple systems.  Do we plan to shutout systems that rather not implement 8639 from being able to sending notifications over UDP?


> Note also that the title of the draft is for "Transport for YANG Notifications" (I would not call RFC5277 YANG notifications).

Perhaps “YANG-defined Notifications” would’ve been clearer?

But I wouldn’t call these messages "NETCONF Event Notification", as that name is only the title of an RFC and, of course, using the string “NETCONF” is incredibly confusing when something isn’t actually NETCONF-specific.   FWIW, RFC 5277 mostly uses the string “event notification”, which is reasonable, but I think YANG-defined Notifications is more descriptive.


> So, on UDP-notif, I don’t like the idea of having normative text stating how my upper layer message should look like. This should be defined in the general architecture document (RFC8639 in this case).

I’m sympathetic to your appeal, I don’t like it either, but it seems that we’re currently in a solution-space where the transports define the envelop.  How to get out of that, or if it’s necessary to get out of, is the question.  This goes to the requirements.

Speaking of requirements, I noticed that the notif-yang posted today has the same YANG model as before, which necessitates two-step validation, but I thought Thomas said single-step validation was a requirement?  Maybe single-step validation isn’t a requirement?

Taking a step back, it seems that the “requirement” in this work is to enable CBOR encoding.  Do I understand right that it is not possible today to CBOR-encode notifications, because there’s no YANG for the envelop?  And the current notif-yang solves that problem, and so is good enough, even though still necessitating two-step validation?


>> If the “https-notif” and “udp-notif” drafts are updated to use “ietf-notification”, normalizing the module name seems mostly resolved.
> 
> I agree both should use the same namespace “ietf-notification” when they are used in NETCONF environments. Since RESTCONF has its own namespace, seems reasonable to me to limit this to NETCONF.

What does "NETCONF environment” mean?   If you mean “NETCONF server”, please note that any *CONF server could be configured to send YANG-defined notifications using any protocol and/or encoding a la https-notif, udp-notif, or some future kafka-notif, rabbitmq-notif, etc.

FWIW, we might want RESTCONF-next to align the namespace as well:  https://github.com/netconf-wg/restconf-next/issues/18



> For a system to work at the end, we need cross-WG documents. If we want to extend HTTPS-notif to be used with CBOR and YANG-SIDs (a draft adding the CBOR encoding to HTTPS-notif and asking for the SIDs), I believe this document belongs to NETCONF WG.

If RFC 9254 is unclear, then one might expect the fix would be in RFC 9254 - right?

The CBOR solution entails SID registrations.  I don’t recall this WG ever registering a SID before.  For that matter, I’m unaware of any WG registering SIDs.  Perhaps CORE WG should write an RFC defining how IANA can auto-gen SIDs for all YANG modules to offload other WGs from having to do this?  [Note: having IANA auto-gen SIDs for IETF RFCs doesn’t help other SDOs defining YANG modules]


> My two cents,

Only two?  Let’s add more  ;)

What are the high-level goals?   (nice-to-have or must-have?)
  1) to have a single/unified definition for envelops
  2) to enable single-step validation 
  3) to enable additional headers (e.g., sysName, sequenceNum) [notif-sequencing]
  4) to enable multiple notifications in a message (only needed for UDP?) [notification-messages, expired]
  5) to enable additional footers (e.g., signature) [notification-messages, expired]
  6) to enable future metadata extensions, since it’s unlikely whatever we define now will last long?
  7) to enable all of the above regardless of encoding (XML, JSON, CBOR, etc.)

If we could start-over, what would we do differently?
  - would we change YANG’s “notification” statement? 
  - would we change the YANG-to-encoding docs (e.g., 7951)?

For this work, and others of its kind, instead of sx:structure, what about defining special YANG-defined notifications to carry the extra metadata?  For instance:

	notification bundled-notification {
		container header {
			…
		}
		list notifications {
			// the “key” statement not required for notifications 
			leaf event-time {
				type yang:data-and-time;
			}
			anydata notification;
		}
	}

PROs:
	- automatically works everywhere
	- validation in every encoding
	- the existing top-level “eventTime” leaf could be ignored/discarded
	- can be augmented
CONs:
	- still entails two-step validation
		- note that, for bundled messages, one-step validation is likely never possible.


> 
> Regards, 
> Alex

K.