IETF Logo Mail Archive

Re: [Netconf] YangPush now

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 19 July 2018 09:41 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53519130F14 for <netconf@ietfa.amsl.com>; Thu, 19 Jul 2018 02:41:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hHejo3Z9yV4Q for <netconf@ietfa.amsl.com>; Thu, 19 Jul 2018 02:41:03 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 101E1130F1B for <netconf@ietf.org>; Thu, 19 Jul 2018 02:41:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10072; q=dns/txt; s=iport; t=1531993263; x=1533202863; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=6DufHpqdcZU/jHk7+QeTld5uzHcLgtLZ0sjRs8VQ/zY=; b=lAdXhHrX7M3DqU4snyhAmErM04i1fBDCm59REnDwMF8EfLs7FD7KuY4B p6GOUfRtA5YzINQ5WRf8wuOWvAxKhCR8yzcW7Wnk5GzYgzwuQMz0NzxOH /uPv+KdWpjHBzn6RHwhBTCtFZfwBmq7qZOI4XgP0VWRo+6eYF/l+cIK5s g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C1BwBLW1Bb/5BdJa1ZAxkBAQEBAQEBAQEBAQEHAQEBAQGDIypjfzKDdJQvggyDOJIDFIFmCx+ETQIXgmohNhYBAgEBAgEBAm0cDIU2AQEBAwEjEToLBQkCAgEIDgIFAwICCR0CAgIZFxUQAgQODRMEgjZMgXcIqUOBLopHBQWBBod3gVc/gRGCE36ESAESAQktChkNgjqCVQKHYoYli2AJAo8ggUyEEogWkXUCERSBJCQFLGFxcBWDJYYzih4BihIFCheBCIEaAQE
X-IronPort-AV: E=Sophos;i="5.51,374,1526342400"; d="scan'208";a="422806794"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jul 2018 09:41:02 +0000
Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id w6J9f1nd014291 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 19 Jul 2018 09:41:01 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 19 Jul 2018 05:41:00 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1320.000; Thu, 19 Jul 2018 05:41:00 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: Andy Bierman <andy@yumaworks.com>, "Tim Jenkins (timjenki)" <timjenki@cisco.com>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] YangPush now
Thread-Index: AQHUHhHrAK87NKpG2E+Ouz7jjC6MRKSUNnVAgAEH3gCAAPvOkA==
Date: Thu, 19 Jul 2018 09:41:00 +0000
Message-ID: <6707abca9924442083ef165ce1345b7e@XCH-RTP-013.cisco.com>
References: <2E1BAD12-EFF2-4E35-B232-57A4C4490989@cisco.com> <20180717055030.7bmzlychtznf3mso@anna.jacobs.jacobs-university.de> <18622ABD-DB9F-406C-836F-64649F3D8FF6@cisco.com> <20180717172036.hhuoq6fzs7ctblpf@anna.jacobs.jacobs-university.de> <CABCOCHS8cfqKLaQe9M4tu-2zkZ5=6-a2FEv+idJwZiW_btx_Zw@mail.gmail.com> <a54850668bfb4483b89f4c2b15bf5f44@XCH-RTP-013.cisco.com> <20180718133200.u7fpsv3xanb2nosr@anna.jacobs.jacobs-university.de>
In-Reply-To: <20180718133200.u7fpsv3xanb2nosr@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.219.225]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.152, xch-rtp-012.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/VzSV2SfQYME_7YB8fANWesGGz10>
Subject: Re: [Netconf] YangPush now
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 09:41:07 -0000

Hi Juergen,

> From: Juergen Schoenwaelder, July 18, 2018 9:32 AM
> 
> On Wed, Jul 18, 2018 at 03:41:19AM +0000, Eric Voit (evoit) wrote:
> > From: Andy Bierman, July 17, 2018 5:06 PM
> >
> >
> > Hi,
> >
> > I agree with Juergen that there are TBD features in SN.
> >
> > I also agree with the co-authors that it would be too much work to
> refactor now.
> > It should be faster to complete SN then split it and start over.
> >
> > The main issues here seem to be:
> >  1) no end-point for the configured receiver
> >
> > <Eric> There should not be any endpoint in SN.   Endpoint specifics would
> need to be exposed in the transport document.
> >
> > Note that we tried for years to have something transport independent for
> receivers in SN.   I.e., there was an endpoint “address” in the SN from 00-
> v13.   Kent and Martin argued it out of the SN draft.  For more on this, there
> is plenty extensive email alias archive on this subject.   As a result, with v14,
> “address” is gone.
> >
> > To summarize Kent & Martin’s argument which led to the v14 change:
> current endpoint “address” might be confused with call home.  We won’t
> agree with anything that might conflict with call home.  It is better to do
> nothing if we can’t agree on something.  By doing nothing, vendors can
> augment in what is needed.
> 
> So the standard is unusable without vendor augmentations, 

Every solution needs to define boundaries to its scope.  Here it is reasonable to spit subscription configuration from transport connection / keystore configuration.   We have designed the solution so that transport implementations can layer in what they need.   I think it would be great if the industry implements draft-ietf-netconf-netconf-client-server when that document completes.   Until then, reality is that solutions must integrate with embedded vendor embodiments RFC-8071. 

> which are likely then not interoperable.

Yes.  Vendor model based configuration is needed until IETF model based configuration completes its definition and implementation. 

> If you go forward with this, I think this needs to be
> spelled out clearly in the document writeup so that the IESG can think
> about this.

That is what I was hoping would be accomplished with the text:

   The method of identifying the targeted receiver IP address, port, and
   security credentials are left up to implementers of this
   specification.  For implementation guidance and a YANG model for this
   function, please look to
   [I-D.draft-ietf-netconf-netconf-client-server].

> > For v14 we didn’t just ignore the hole removing “address” made of
> course.  Many email iterations over the last several months have proposed
> YANG augmentation code for those people who *do* want a leafref to
> netconf-server.yang now.  So if it makes this “endpoint completeness” issue
> go away, I would happily put an informational appendix into NETCONF-
> notif.  This appendix would include the necessary augmentations to the
> leafref which Kent and I worked through.
> >
> > But we should go no farther than an informational appendix on this.  The
> current solution of doing nothing is actually a far more compelling answer
> than the inserting a mandatory (but then deviated away) leafref to an
> unimplemented ietf call home model.   This would allow the “solution is
> complete” answer to match to what dominates the industry: vendors who
> have their own key and call home infrastructure.
> 
> Clearly, an address alone is not sufficient. What is needed is a concrete link
> to the configuration models. Right now we have:
> 
>    The method of identifying the targeted recevier IP address, port, and
>    security credentials are left up to implementers of this
>    specification.  For implementation guidance and a YANG model for this
>    function, please look to
>    [I-D.draft-ietf-netconf-netconf-client-server].
> 
> I am not sure this is concrete enough. What exactly does one have to
> augment in?

Either the IP address, port, and security credentials, or a leafref pointing to these objects.
 
> >  2) CallHome procedures and server requirements such as
> >      processing normal NC or RC requests on the session
> >
> > This is described in draft-ietf-netconf-netconf-event-notifications, section
> 5.2.
> 
> And I commented that I disagree with the solution and there was discussion
> on the mailing. Ignoring comments does not make them go away. I believe
> you can't simply overwrite call-home steps 

I don't recall that the issue of this solution not being permitted to refine call-home steps being raised before. 

> I believe after call-home NC
> starts and NC starts with a <hello> exchange. 

Agree. 

> And then, is it reasonable to
> throw notifications at the client without having its consent? A poor client
> not expecting to receive notifications will likely close the session and you
> likely call the poor client again, potentially forming an ugly loop.

To cover this, there is the following text in Section 5 of draft-ietf-netconf-netconf-event-notifications:

   publisher SHOULD place the receiver into the
   "timeout" state after a predetermined number of either failed call
   home attempts or NETCONF sessions remotely terminated by the
   receiver.

   Until NETCONF transport with a receiver has been established, and a
   "subscription-started" state change notification has been
   successfully sent for a configured subscription, that subscription's
   receiver MUST remain in either the "connecting" or the "timeout"
   state.

 
> >  3) no MUST or SHOULD implement values for transport
> >
> > This is on purpose.  IoT is not going to want a NETCONF transport default.
> The current draft allows identities to be added for transports supported by
> a platform.  It is not possible to configure a transport the platform doesn’t
> have.
> >
> 
> I do not buy the IoT argument. What is wrong with requiring that a
> NETCONF server must support at least the NETCONF transport and that a
> RESTCONF server must support at the RESTCONF transport?

Ahh.  I thought you meant that there should be a default transport for SN alone.    SN in section 1.0 & the end of 5.3 points to transport documents for such guidance.

Then looking at Section 1.0 in draft-ietf-netconf-netconf-event-notification: 

   This document provides a binding for events streamed over the NETCONF
   protocol [RFC6241] as per
   [I-D.draft-ietf-netconf-subscribed-notifications].  In addition, as
   [I-D.ietf-netconf-yang-push] is itself built upon
   [I-D.draft-ietf-netconf-subscribed-notifications], this document
   enables a NETCONF client to request and receive updates from a YANG
   datastore located on a NETCONF server.

Eric
 
> /js
> 
> PS: There were also issues raised concerning the "RESTCONF transport"
>     which really is not a RESTCONF transport but some new HTTP/2
>     transport. I think this also needs to be resolved before that
>     document can move.
> 
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email