IETF Logo Mail Archive

Re: [Netconf] netconf call home connection type

Kent Watsen <kwatsen@juniper.net> Wed, 29 August 2018 01:07 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00209130E23 for <netconf@ietfa.amsl.com>; Tue, 28 Aug 2018 18:07:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HPUr03bprIWk for <netconf@ietfa.amsl.com>; Tue, 28 Aug 2018 18:07:11 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2E07130DD3 for <netconf@ietf.org>; Tue, 28 Aug 2018 18:07:11 -0700 (PDT)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7T14wCu029522; Tue, 28 Aug 2018 18:07:10 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=u6OjPtswlq7r1zAWFPMRgUbNoetJBDxUqp3Bj2GsPJY=; b=GktijIeZV0ZHUg9evRU+tXitIgSbh2GRzhPJ4hluk6CdgpElB5j1114HGYBnHX1T0Eoo rATyK1z1fCUpnsTZ6G1SUTzBDgsymFTZtGDLMKr0qsJmkYk/HKfS/gCj2FgcrE6BEcJ9 mu55jRbFRVWqbLon1H2+97vriHLbhatZn4hHHs4XzAPlYpCEcDEMscVyh6wk94fGPeMM lPwIAZWKIqy/VU0WPfIPR2FKKGOdmv0JmoZ6FyOh1VTT0v2Nf6wKASiHfr8iJomYbnWx H4UU5pS+vxIHGKMOxey3Hy1MGEehL2aigWil3zW7QxsXZ1OO6t2+7sj9zgEdUDT/BUyL qQ==
Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp0054.outbound.protection.outlook.com [207.46.163.54]) by mx0b-00273201.pphosted.com with ESMTP id 2m5crgrhqx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Aug 2018 18:07:10 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB4315.namprd05.prod.outlook.com (20.176.78.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1101.10; Wed, 29 Aug 2018 01:07:07 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d%3]) with mapi id 15.20.1101.007; Wed, 29 Aug 2018 01:07:07 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Martin Bjorklund <mbj@tail-f.com>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] netconf call home connection type
Thread-Index: AQHUOUk8IdLBwLq95EWszUO4eDF4yKTKZDSAgAESIICAA7pUAIAEHU8AgADmugCAAJdjAIAAUaEAgAB3VoCAAB6KgA==
Date: Wed, 29 Aug 2018 01:07:07 +0000
Message-ID: <7A1BA8A7-76E5-4961-8DE8-8794FB97AA6C@juniper.net>
References: <BA9844F5-DAE0-4778-AC3D-52419B5456C1@juniper.net> <20180828.091832.1398197257133304.mbj@tail-f.com> <C2DCC92F-7382-4353-9AD4-3AC37E5A227A@juniper.net> <20180828.211749.1055874324314612702.mbj@tail-f.com>
In-Reply-To: <20180828.211749.1055874324314612702.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB4315; 6:VPvRnM+70RsKeOqAkQTitH5JDY5XglmeuarDPkgAE/DQFU5bpJIaunPg20okdGYsKlrmsCJVPkezOBAIZiBKqkacY79n87k+SaPKr+URcztUZGhi6b0SQlTT9jisqlfJRBxUGeEm0EByY40z4GFspnNgTxeRXO3m3oxITHhC+BLUX1MKbrcPKpi7FS2wk+wJT878451XVYPrxvNih/P7lUbr1oxlxRa87rlm5H+GGy7ppKcsehoAbFAdx7CUY6FXc3/619hnmrAo5qaMLBasQActF77SHL5HoSGzUMuhSi0yy9Z2mJBBAsmSFfEmlFBwYNJMTugi2byEykJPCHMuXKEfYSi0CcPdFarPicR4/Gid47x9/WGgaYqtxJfDJaJCiCB0UWhUAHLbNJxl3ZJ0/jW/bEfzv8ukCRQkPc43K0iFbVctxyVmtlEuirN4RyfirtklhRhcvCZlg1SvDWmi0w==; 5:Aktwx41WguLT0NJF2NqpvTrA8AgsLkssBnp2SgSIi3l0Zv0GsvbENJBgat+n0Tv03mfrPj3b5iPtfNigOeaX25LP+UqoIHJVDe/Ab3ril21bXkJr7mfIIoPzibEvFUme8zg7ppC8A8kw7JJguim/xpImbDqtzVUjHkfZtXKShTc=; 7:bsau/ciK/orfTR0qEsPvn0bX/3PCQxwc55asCzxYMTDVi6BcNikfct0v6Ef8ro3+QeMdgPp/ElaEZOgpe+Zn2nZ2e1kAVpKC3VWnVa0N+pj62vFCs40QfLU4Zq1XxRdaNhAFMgt+ZV66cHlyVM6v/asJcCWGtvgJnnYOmYcMJWZxgCp7oNJMGzvreoxOoUCSmuh79mLarLAq3vY4XM/r4Yr1OJxZ0DTVQpwkUZmpAh2uvNtvKS+uhtahfuImbfNG
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: b953e507-f1c7-4d1e-1d11-08d60d4bbdeb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB4315;
x-ms-traffictypediagnostic: DM6PR05MB4315:
x-microsoft-antispam-prvs: <DM6PR05MB4315041D0261E749AA643484A5090@DM6PR05MB4315.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(72170088055959);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(201708071742011)(7699016); SRVR:DM6PR05MB4315; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB4315;
x-forefront-prvs: 077929D941
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(39860400002)(136003)(376002)(346002)(69234005)(189003)(199004)(51444003)(52314003)(229853002)(5250100002)(186003)(33656002)(305945005)(6486002)(8936002)(256004)(76176011)(26005)(106356001)(105586002)(316002)(14444005)(102836004)(93886005)(25786009)(7736002)(83716003)(58126008)(82746002)(6436002)(97736004)(8676002)(36756003)(53936002)(4326008)(86362001)(2616005)(486006)(6512007)(5660300001)(81156014)(3846002)(11346002)(476003)(446003)(6506007)(6246003)(2906002)(66066001)(2900100001)(6916009)(99286004)(6116002)(68736007)(478600001)(81166006)(14454004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB4315; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 817AMf9N6sQ31hCf6TgVTq5OCPKU/PyyGxTYozVsIda6R6+qJA0X/hkSiQgc9e+Yxo2XZyVYFu/6HUnKrReiPGiK8QRddlGW8QHXQTJRVj/4W2SJ3dPAxp+r625ePTlqZE92TEGEr2HFY/B5UKKDuFR2T7lwDjdEZyLF+4zUmhX2icRhuL6MhF8aDFpdD6yZ/LncUnegZ87fF231RQwfWEDsNR2Hij1x+qrCPPS4FSvX3E6U56IwQ1iw6Ct1f+8tir201jPvkIPUfQUu7+HLYXu5IE+h9pRb0InsMOZ4aBwkssZ5sRRYAXq72ww99kVwCrDlc7JIESgK+20y8n5HcZiLl4eaKwPg6/wmz0dNYl0=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <9102F99D9E160949B0E68C6F1B217165@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: b953e507-f1c7-4d1e-1d11-08d60d4bbdeb
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Aug 2018 01:07:07.8264 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB4315
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-28_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808290009
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/XrgmbZG1zREk9no9LpDzhcyR0C4>
Subject: Re: [Netconf] netconf call home connection type
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Aug 2018 01:07:14 -0000

>> > I think the leafref can point to a client with any kind of connection;
>> > on-demand, periodic or persistent.
>> 
>> Are you implying connection sharing, multi-channeling?   Please define
>> the behavior you're expecting in each case.  What transport protocol 
>> requirements are there?
>
> Good point.  This issue exists also in the current model, since
> "periodic" also covers on-demand.  Anyway, I think that limiting to a
> single session is too restrictive.  So it seems ok to allow the server
> to start multiple sessions (note that w/ ssh, a session *may* be just
> another channel).  If we agree that multiple sessions are ok, do we
> put any limit on the number of sessions?  Probably not, imo.
> Implementation detail.

Yes, the issue exists in the current model too.  That is what my 
previous email was lamenting.  I can't quite figure out how it 
would work.

RFC 8071 says that the client starts the NETCONF-client protocol 
(i.e., creates an SSH channel and starts the "netconf" subsystem).  
In SSH, the SSH-client must open the channel, the SSH-server can't do
it.  So, let's say that the client knows (because it configured it)
that the server also pushes event notifications.  So, then what? 
Does it send a special RPC (TBD in a future NN draft) or open 
another SSH-channel to, perhaps, start an altogether different 
protocol (coap?) to receive the logs?  What if there are different
"triggers" all pointing to the same netconf-server instance and
all using "coap"; the server can't use the transport alone to
know what to push to each.  It seems that the client has to send
an RPC of some sort in each to bind the transport to a purpose.
But then we're in the realm of dynamic subscriptions and questioning
the value of on-demand connections.  [And then there's RESTCONF,
do we assert that both the client and server run HTTP2?]

All this trouble is because we want to repurpose a NC/RC call-home
connection, so that there is only a single TCP connection (is this
the goal? why would two device-->NMS connections not be as good?).
But, in my view, YP+SN is better served as a client: the publisher
connects and pushes content to the receiver.  This resolves most 
issues, and there is no need for an incompletely defined (in that
it's description statement would say "for reasons not described 
here") and possibly orphaned on-demand connection type.  The only
problem I see is that it necessitates the use of another connection
when the provisioning system and the monitoring system are in fact
the same, but I don't see that as an important issue, from an 
operator perspective and second device-->NMS connection is not
an issue I'm aware of.

Back to the subject line, my suggestion (for this one issue) is:

   - persistent (unchanged)
   - periodic   (unchanged, keep the on-demand language)
   - let the "notif" drafts, for configured subscriptions:
      - use <protocol>-client connections (recommended)
      - use <protocol>-server call-home connections (not recommended)
          - augment in an "subscribed-notifications" call-home 
            connection type and leafref that connection-type
          - and/or resolve what it means to point to (repurpose) a 
            persistent or periodic connection



> I meant that in some cases it might be useful to let the *operator*
> define a connection type to be "strictly periodic", i.e., the server
> will NOT create any sessions on demand.   In some other cases maybe
> the operator want periodic connections, but it is ok with on demand
> connections as well (this is the current "periodic").

I'm unsure if this is needed.  Either case, the standard call-home 
interaction occurs, even for the unexpected "on-demand" connections 
and, if the operator, in its config, leafref-ed a call-home connection
for yang-push also, then they did it on purpose.  If the operator
wants strictly-periodic, don't configure anything that might cause
an on-demand connection. Right?



> So for netconf-notif, I envision a leafref to a "client", with text
> that explains that if the connection type is:
>
>   o persistent then the notif is sent "immediately" (if possible,
>     otherwise queued).
>
>   o "strictly periodic" then the notifs are queued until the next
>      period starts (implementation-specific qlen)
>
>   o  "periodic" or "on-demand" then a new session is started
>      (meanwhile notifs are queued), and once the session is started,
>      the notifs can be sent

Maybe.  I'm not yet buying the need to repurpose a call-home 
connection for yang-push.


> Aha, ok, I see.  Well, this is, as you say, just orphaned config.  I
> think that is ok.

Yes, orphaned config is a small worry in all this.   

FYI, another niggle I'm getting is how all repurposed call-home 
connections might be supported by generic server frameworks like 
NCS.  Would NCS examine the device config, determine how many
triggers might have caused this and then, how each, start the
trigger-specific action to see if it was the reason why the 
device called home?


Kent // contributor

v2.23.0 | Report a Bug | By Email