Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

[Balázs Lengyel <balazs.lengyel@ericsson.com>]

 

 

From: Rob Wilton (rwilton) <rwilton@cisco.com> 
Sent: 2019. szeptember 30., hétfő 16:45
To: Mahesh Jethanandani <mjethanandani@gmail.com>; Netconf <netconf@ietf.org>; Balázs Lengyel <balazs.lengyel@ericsson.com>
Subject: RE: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

 

Hi,

 

I have reviewed version -05b of this document.

 

I am supportive of this document, and its general approach of making subscription capability information available both online and offline.  I believe that this information is valuable to making YANG-Push more usable.

 

A few comments:

1.	Terminology and Introduction.  I wasn’t sure whether “implementation-time information” is the best description, or whether “offline information” would be a better description.   I believe that the key is that the information is available offline without requiring access to all the network devices.  Although I can see that providing this information at implementation time is useful and should be RECOMMENDED, I don’t think that it should be a MUST/SHALL (e.g. as per section 3). 

BALAZS: I would like to keep the term “implementation-time”, as we had a number of debates about the correct term and this is one term people seemed to agree upon.  In practice it is often important to provide the information early, before the network node is fully implemented as NMS planning and design often begins early as well. In practice the capabilities are decided in implementation time.

2.	Another benefit of having information available offline is that if there are classes of devices running the same software and hardware then they should all have the same capabilities without having to check each and every one.  To this end, it would be nice if there was some sort of simple checksum mechanism that could be used to ensure that the information stored in the instance-data file exactly matches the equivalent information provided by the server.  This would allows NMS implementations to be coded to the instance-data document, and then just validate that the checksums match those provided by the server without having to fetch and check that a portion of the data tree matches.  As a side note – YANG packages has a similar requirement.

BALAZS: This seems like a requirement to implement an Entity-tag similar to   <https://tools.ietf.org/html/rfc8040#section-3.5.2> https://tools.ietf.org/html/rfc8040#section-3.5.2 but with a deterministic algorithm to generate the tag value. While the idea is interesting/worthwhile, IMHO it should be handled in a generic manner, not for each YANG module separately. Also I was instructed to remove the entity tag from draft-ietf-netmod-yang-instance-file-format.

3.	Section 3, by “formal”, do you mean “machine readable”?  Otherwise expanding what is meant by formal might be useful.

BALAZS: OK, changed text

4.	Section 3, instead of “amount of notifications” would “throughput of notification data” be better? 

BALAZS: As you wish, changed text.

 

In terms of the YANG model, I think that it is possible to design this in a slightly more regular (and arguably simpler) way:

*	Rename “datastore-subscription-throughput-capabilities grouping” to “subscription-throughput-capabilities” (since the grouping is also used at the subscription level)

BALAZS: OK, renamed

BALAZS:: IMHO the other changes look more simple, but will actually make the model more complicated.

*	Add “on-change-supported” leaf to “subscription-throughput-capabilities” grouping, but change its type to an enum of “all-nodes, config-only, state-only” – this could then work in a fully hierarchical way.  (I.e. the existing on-change-supported-for-config, on-change-supported-for-state , on-change-supported could be removed).

BALAZS: The enum will need much more explanation e.g. what does it mean to have the “config-only” value on a config=false data node? It can be explained, it will just need more text. 

*	Instead of having a set of “datastore” level parameters, could these just be expressed as the set of parameters that apply to “/” within a datastore (e.g. as described in NACM YANG module “leaf path“)?  I.e. given that you support hierarchical paths within a datastore, it just means that you need two levels, per device and per datastore.

BALAZS: It looks simpler, but we would have to have longer explanations:

*	The “/” is not well defined or well known, so its use must be described
*	The extra case when there is no per-node-capabilities list-entry needs to be explained/specified

*	Ideally, it would be better to have a dependency on RFC6991-bis for node-instance-identify rather than on NACM.  Although I guess that you may not want to delay this RFC.

BALAZS: Agreed, but please no delay. 

*	Currently “leaf on-change-supported” is marked as mandatory true, but I’m not sure why it should be so.

BALAZS: OK. made it mandatory false; There is a use-case where the per leaf dampening period needs to be specified, but the on-change-supported is inherited from the containing parent/datastore.

*	Is “max-objects-per-update” optional.  What if the server doesn’t have any hard limit - can they just not return a value here?  If so, perhaps assigning a default value of uint32_max might make sense?

BALAZS: It is optional. If there is no hard limit or the limit is not known the leaf must be absent. The module description include the text:

      Any capability value MAY be absent ... if the publisher is not capable of 

      providing a value.

 

In the security section, are these capabilities sensitive information?  E.g. could it be used by an attacker to more effectively DDOS a server (by knowing which paths to target subscriptions towards)?

BALAZS: IMHO the information is not security sensitive. The minimum dampening period and minimum-update-period can be used to find schema sections that might generate more notifications, but this is really a corner-case and we usually don’t describe such details. However the security section now includes:

         The Network Configuration Access Control Model (NACM) [RFC8341] 

         provides the means to restrict access for particular NETCONF or 

         RESTCONF users to a preconfigured subset of all available NETCONF or 

         RESTCONF protocol operations and content. 

         If access control is not properly configured, it can expose

         system internals to those who should not have access to this

         information.

 

Thanks,

Rob

 

 

From: netconf <netconf-bounces@ietf.org <mailto:netconf-bounces@ietf.org> > On Behalf Of Mahesh Jethanandani
Sent: 24 September 2019 18:50
To: Netconf <netconf@ietf.org <mailto:netconf@ietf.org> >
Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

 

We were supposed to have closed on the WGLC today. However, between the document becoming a WG item and it going into LC, we have not received too many comments on the draft. As such, we are extending the LC by another week. Please review the draft and provide any comments you might have.

 

Mahesh & Kent (as co-chairs)

 

 

On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani <mjethanandani@gmail.com <mailto:mjethanandani@gmail.com> > wrote:

 

Authors have published -04 <https://tools.ietf.org/html/draft-ietf-netconf-notification-capabilities-04>  version of the draft, which addresses comments they received in IETF 105. If you provided comments please check to make sure your comments have been addressed. At this point, the authors believe that the document is ready for WGLC.

 

This therefore starts a two week LC, ending on September 24th. Please provide any technical comments you might have on the document. If you believe the document is not ready for LC, please state your reasons.

 

We will issue a IPR poll separately. 

 

Mahesh & Kent (as co-chairs)