Re: [netconf] Capability-fetching mechanisms

Qin Wu <> Tue, 18 May 2021 11:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BE0763A0949 for <>; Tue, 18 May 2021 04:40:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id u-lxgMK8dKRy for <>; Tue, 18 May 2021 04:40:09 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7AF083A08D4 for <>; Tue, 18 May 2021 04:40:08 -0700 (PDT)
Received: from (unknown []) by (SkyGuard) with ESMTP id 4FktzZ1ZCQz6fshZ; Tue, 18 May 2021 19:28:26 +0800 (CST)
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2176.2; Tue, 18 May 2021 13:40:03 +0200
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Tue, 18 May 2021 19:40:01 +0800
Received: from ([]) by ([]) with mapi id 15.01.2176.012; Tue, 18 May 2021 19:40:01 +0800
From: Qin Wu <>
To: Mahesh Jethanandani <>
CC: Kent Watsen <>, "" <>
Thread-Topic: [netconf] Capability-fetching mechanisms
Thread-Index: AddL2HWsR2fQuKr/T2WNMl8IjZzG7A==
Date: Tue, 18 May 2021 11:40:01 +0000
Message-ID: <>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_a8eaedd45bb94109ae4ab48c4c4ec872huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <>
Subject: Re: [netconf] Capability-fetching mechanisms
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 18 May 2021 11:40:25 -0000

Hi, Mahesh:

发件人: Mahesh Jethanandani []
发送时间: 2021年5月18日 5:48
收件人: Qin Wu <>
抄送: Kent Watsen <>et>;
主题: Re: [netconf] Capability-fetching mechanisms

Hi Qin,

On May 13, 2021, at 1:27 AM, Qin Wu <<>> wrote:

发件人: Mahesh Jethanandani []
发送时间: 2021年5月13日 8:13
收件人: Qin Wu <<>>
抄送: Kent Watsen <<>>;<>
主题: Re: [netconf] Capability-fetching mechanisms

Hi Qin,

When Kent and I started working on the HTTPs notif draft we wanted to make sure that it was lightweight as it relates to setting it up. That means that if the publisher and receiver are HTTPS capable, that in most cases that is all that isneeded to establish the notification channel. To quite an extent that is still true. With default values (JSON encoding), one can setup a HTTPS notification channel by configuring the *publisher* where the receiver resides (its IP address) and any credentials that are needed to setup the channel. The receiver does not need to be configured, and as such does not need to be a NETCONF/RESTCONF server (or a client for that matter).

[Qin]: Thanks for your clarification, I think in appendix using subscribed notification and not using subscribed notification are both supported.
In the case of using subscribed notification, RFC8639 enabled capability is supported while in the case without using subscribed notification, RFC8639 enabled capability is not supported?
In the first case, the publisher need to be NETCONF/RESTCONF server? In the second case, it is not. Right?

[mj] The fact that the publisher has to be a NETCONF/RESTCONF server was never in dispute.

[Qin]: Yes, we have agreed on this.
The question is whether the receiver needs to be a NETCONF/RESTCONF server. As maqiufang wrote in his response, if the receiver supports the data-export-capabilities draft, then it would need to be a NETCONF/RESTCONF server, whereas with the https-notif draft that is not the case. This is the case whether the receiver supports RFC 8639 or not.
[Qin]:My understanding is data-export-capabilities doesn’t require receiver to be tied with NETCONF/RESTCONF server. I assume the management system (i.e., receiver) and network device (i.e., publisher) can use HTTPS to exchange advertised data.

In addition, Maybe what is missing in the data-export-capabilities draft is to define RPC to allow the publisher get capability from receiver through HTTPS channel, similar to what is get-bootstrapping-data RPC defined in RFC8572.

Please note that RFC 8639 receivers do not have to be NETCONF/RESTCONF servers for configured subscriptions. RFC 8639, Section 2.7 defines the control messages such as <subscription-started> using one-way YANG “notification” statements.

[Qin]: Understand this case, Do you think we should define a new notification in the data-export-capabilities draft instead of considering to define RPC?



On May 11, 2021, at 6:51 PM, Qin Wu <<>> wrote:

Hi, Kent:
Sorry for late follow up.
On Apr 19, 2021, at 5:39 PM, Kent Watsen <<>> wrote:

Dear WG,

One of the outcomes from “https-notif” presentation during the NETCONF 110 session was to what extent all the notif (e.g., https, udp, etc.) drafts should define their own capability-fetching mechanism, or use the mechanism defined by the "data-export-capabilities” draft.

As authors, Mahesh and I discussed some of the PROs and CONs of the approaches as follows:
[Qin]:I am under impression that shared-mechanism has a lot of benefit.:-)

  *   PROs (for having a shared-mechanism):

     *   Enables a common mechanism spanning multiple notif transports to exist

  *   CONs (against having a shared mechanism):

     *   Entails each receiver also needing to be a NETCONF and/or RESTCONF server
                                [Qin]:Is receiver in this context NETCONF/RESTCONF server or client?
                                  I think we mix two things,
a.       one is the server advertise its capability to the client , (i.e., server capability advertisement)
b.       the other is server send the capability query request the client and get capability response from the client. (client capability fetching)
                                I think data-export-capabilities right now focuses on (a), the question you ask here is whether (b) can be defined as shared mechanism which can be part of
                                the "data-export-capabilities” draft. If my understanding is correct, I think it will be nice to have (b) such shared mechanism, i.e., Defining (a) and (b) in a single place.

        *   Whereas a notif-specific solution can be optimized on a per-protocol basis.
        *   FWIW, if RC, the receiver COULD minimally support *just* the single GET request (i.e., not a complete RC server)
        *   Still, networking/firewall would have to support the outbound NC/RC flow, in addition to the base notification flow
                   [Qin]: "data-export-capabilities " draft uses draft-ietf-netconf-notification-capabilities-16 as basis or foundation. If my understanding is correct, draft-ietf-netconf- notification-capabilities-16 doesn’t
require receiver to support NETCONF or   RESTCONF.

     *   Potentially extends the number of capabilities to be more than minimally necessary

        *   e.g., the current "data-export-capabilities” modules define dozens of capabilities supporting RFC 8639 and RFC 8641 that are not needed for https-notif,
                                     [Qin] Dozens of capabilities defined by the current "data-export-capabilities” modules are all optional capability. It doesn’t require all the capabilities to be supported.
when RFC 8639 is not in use.

           *   HTTPS-Notif seems to need only three capabilities:

              *   What encodings are supported (json, xml, binary)
              *   If the RFC 8639 state machine is supported.
              *   If bundled messages is supported.
                                  [Qin]: So HTTPs-notif can pick those three capabilities and ignore other capabilities.  I believe HTTP has mechanism to deal with these unhandled capabilities advertised by the network device.  One of such example is unhandled
Namespace defined in (

           *   Presumably, UDP-Notif would similarly have a small set of capacities.

              *   In fact, it may be less, as UDP may be unable to support RFC 8639
             [Qin]: See clarification above. For UDP notif, it doesn’t require all the capability to be supported.


Kent and Mahesh  // as authors

netconf mailing list<>

netconf mailing list<>

Mahesh Jethanandani<>

Mahesh Jethanandani<>