Re: [Netconf] netconf call home connection type
Kent Watsen <kwatsen@juniper.net> Wed, 29 August 2018 01:07 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00209130E23 for <netconf@ietfa.amsl.com>; Tue, 28 Aug 2018 18:07:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HPUr03bprIWk for <netconf@ietfa.amsl.com>; Tue, 28 Aug 2018 18:07:11 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2E07130DD3 for <netconf@ietf.org>; Tue, 28 Aug 2018 18:07:11 -0700 (PDT)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7T14wCu029522; Tue, 28 Aug 2018 18:07:10 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=u6OjPtswlq7r1zAWFPMRgUbNoetJBDxUqp3Bj2GsPJY=; b=GktijIeZV0ZHUg9evRU+tXitIgSbh2GRzhPJ4hluk6CdgpElB5j1114HGYBnHX1T0Eoo rATyK1z1fCUpnsTZ6G1SUTzBDgsymFTZtGDLMKr0qsJmkYk/HKfS/gCj2FgcrE6BEcJ9 mu55jRbFRVWqbLon1H2+97vriHLbhatZn4hHHs4XzAPlYpCEcDEMscVyh6wk94fGPeMM lPwIAZWKIqy/VU0WPfIPR2FKKGOdmv0JmoZ6FyOh1VTT0v2Nf6wKASiHfr8iJomYbnWx H4UU5pS+vxIHGKMOxey3Hy1MGEehL2aigWil3zW7QxsXZ1OO6t2+7sj9zgEdUDT/BUyL qQ==
Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp0054.outbound.protection.outlook.com [207.46.163.54]) by mx0b-00273201.pphosted.com with ESMTP id 2m5crgrhqx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Aug 2018 18:07:10 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB4315.namprd05.prod.outlook.com (20.176.78.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1101.10; Wed, 29 Aug 2018 01:07:07 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d%3]) with mapi id 15.20.1101.007; Wed, 29 Aug 2018 01:07:07 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Martin Bjorklund <mbj@tail-f.com>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] netconf call home connection type
Thread-Index: AQHUOUk8IdLBwLq95EWszUO4eDF4yKTKZDSAgAESIICAA7pUAIAEHU8AgADmugCAAJdjAIAAUaEAgAB3VoCAAB6KgA==
Date: Wed, 29 Aug 2018 01:07:07 +0000
Message-ID: <7A1BA8A7-76E5-4961-8DE8-8794FB97AA6C@juniper.net>
References: <BA9844F5-DAE0-4778-AC3D-52419B5456C1@juniper.net> <20180828.091832.1398197257133304.mbj@tail-f.com> <C2DCC92F-7382-4353-9AD4-3AC37E5A227A@juniper.net> <20180828.211749.1055874324314612702.mbj@tail-f.com>
In-Reply-To: <20180828.211749.1055874324314612702.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB4315; 6:VPvRnM+70RsKeOqAkQTitH5JDY5XglmeuarDPkgAE/DQFU5bpJIaunPg20okdGYsKlrmsCJVPkezOBAIZiBKqkacY79n87k+SaPKr+URcztUZGhi6b0SQlTT9jisqlfJRBxUGeEm0EByY40z4GFspnNgTxeRXO3m3oxITHhC+BLUX1MKbrcPKpi7FS2wk+wJT878451XVYPrxvNih/P7lUbr1oxlxRa87rlm5H+GGy7ppKcsehoAbFAdx7CUY6FXc3/619hnmrAo5qaMLBasQActF77SHL5HoSGzUMuhSi0yy9Z2mJBBAsmSFfEmlFBwYNJMTugi2byEykJPCHMuXKEfYSi0CcPdFarPicR4/Gid47x9/WGgaYqtxJfDJaJCiCB0UWhUAHLbNJxl3ZJ0/jW/bEfzv8ukCRQkPc43K0iFbVctxyVmtlEuirN4RyfirtklhRhcvCZlg1SvDWmi0w==; 5:Aktwx41WguLT0NJF2NqpvTrA8AgsLkssBnp2SgSIi3l0Zv0GsvbENJBgat+n0Tv03mfrPj3b5iPtfNigOeaX25LP+UqoIHJVDe/Ab3ril21bXkJr7mfIIoPzibEvFUme8zg7ppC8A8kw7JJguim/xpImbDqtzVUjHkfZtXKShTc=; 7:bsau/ciK/orfTR0qEsPvn0bX/3PCQxwc55asCzxYMTDVi6BcNikfct0v6Ef8ro3+QeMdgPp/ElaEZOgpe+Zn2nZ2e1kAVpKC3VWnVa0N+pj62vFCs40QfLU4Zq1XxRdaNhAFMgt+ZV66cHlyVM6v/asJcCWGtvgJnnYOmYcMJWZxgCp7oNJMGzvreoxOoUCSmuh79mLarLAq3vY4XM/r4Yr1OJxZ0DTVQpwkUZmpAh2uvNtvKS+uhtahfuImbfNG
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: b953e507-f1c7-4d1e-1d11-08d60d4bbdeb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB4315;
x-ms-traffictypediagnostic: DM6PR05MB4315:
x-microsoft-antispam-prvs: <DM6PR05MB4315041D0261E749AA643484A5090@DM6PR05MB4315.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(72170088055959);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(201708071742011)(7699016); SRVR:DM6PR05MB4315; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB4315;
x-forefront-prvs: 077929D941
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(39860400002)(136003)(376002)(346002)(69234005)(189003)(199004)(51444003)(52314003)(229853002)(5250100002)(186003)(33656002)(305945005)(6486002)(8936002)(256004)(76176011)(26005)(106356001)(105586002)(316002)(14444005)(102836004)(93886005)(25786009)(7736002)(83716003)(58126008)(82746002)(6436002)(97736004)(8676002)(36756003)(53936002)(4326008)(86362001)(2616005)(486006)(6512007)(5660300001)(81156014)(3846002)(11346002)(476003)(446003)(6506007)(6246003)(2906002)(66066001)(2900100001)(6916009)(99286004)(6116002)(68736007)(478600001)(81166006)(14454004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB4315; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 817AMf9N6sQ31hCf6TgVTq5OCPKU/PyyGxTYozVsIda6R6+qJA0X/hkSiQgc9e+Yxo2XZyVYFu/6HUnKrReiPGiK8QRddlGW8QHXQTJRVj/4W2SJ3dPAxp+r625ePTlqZE92TEGEr2HFY/B5UKKDuFR2T7lwDjdEZyLF+4zUmhX2icRhuL6MhF8aDFpdD6yZ/LncUnegZ87fF231RQwfWEDsNR2Hij1x+qrCPPS4FSvX3E6U56IwQ1iw6Ct1f+8tir201jPvkIPUfQUu7+HLYXu5IE+h9pRb0InsMOZ4aBwkssZ5sRRYAXq72ww99kVwCrDlc7JIESgK+20y8n5HcZiLl4eaKwPg6/wmz0dNYl0=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <9102F99D9E160949B0E68C6F1B217165@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: b953e507-f1c7-4d1e-1d11-08d60d4bbdeb
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Aug 2018 01:07:07.8264 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB4315
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-28_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808290009
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/XrgmbZG1zREk9no9LpDzhcyR0C4>
Subject: Re: [Netconf] netconf call home connection type
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Aug 2018 01:07:14 -0000
>> > I think the leafref can point to a client with any kind of connection; >> > on-demand, periodic or persistent. >> >> Are you implying connection sharing, multi-channeling? Please define >> the behavior you're expecting in each case. What transport protocol >> requirements are there? > > Good point. This issue exists also in the current model, since > "periodic" also covers on-demand. Anyway, I think that limiting to a > single session is too restrictive. So it seems ok to allow the server > to start multiple sessions (note that w/ ssh, a session *may* be just > another channel). If we agree that multiple sessions are ok, do we > put any limit on the number of sessions? Probably not, imo. > Implementation detail. Yes, the issue exists in the current model too. That is what my previous email was lamenting. I can't quite figure out how it would work. RFC 8071 says that the client starts the NETCONF-client protocol (i.e., creates an SSH channel and starts the "netconf" subsystem). In SSH, the SSH-client must open the channel, the SSH-server can't do it. So, let's say that the client knows (because it configured it) that the server also pushes event notifications. So, then what? Does it send a special RPC (TBD in a future NN draft) or open another SSH-channel to, perhaps, start an altogether different protocol (coap?) to receive the logs? What if there are different "triggers" all pointing to the same netconf-server instance and all using "coap"; the server can't use the transport alone to know what to push to each. It seems that the client has to send an RPC of some sort in each to bind the transport to a purpose. But then we're in the realm of dynamic subscriptions and questioning the value of on-demand connections. [And then there's RESTCONF, do we assert that both the client and server run HTTP2?] All this trouble is because we want to repurpose a NC/RC call-home connection, so that there is only a single TCP connection (is this the goal? why would two device-->NMS connections not be as good?). But, in my view, YP+SN is better served as a client: the publisher connects and pushes content to the receiver. This resolves most issues, and there is no need for an incompletely defined (in that it's description statement would say "for reasons not described here") and possibly orphaned on-demand connection type. The only problem I see is that it necessitates the use of another connection when the provisioning system and the monitoring system are in fact the same, but I don't see that as an important issue, from an operator perspective and second device-->NMS connection is not an issue I'm aware of. Back to the subject line, my suggestion (for this one issue) is: - persistent (unchanged) - periodic (unchanged, keep the on-demand language) - let the "notif" drafts, for configured subscriptions: - use <protocol>-client connections (recommended) - use <protocol>-server call-home connections (not recommended) - augment in an "subscribed-notifications" call-home connection type and leafref that connection-type - and/or resolve what it means to point to (repurpose) a persistent or periodic connection > I meant that in some cases it might be useful to let the *operator* > define a connection type to be "strictly periodic", i.e., the server > will NOT create any sessions on demand. In some other cases maybe > the operator want periodic connections, but it is ok with on demand > connections as well (this is the current "periodic"). I'm unsure if this is needed. Either case, the standard call-home interaction occurs, even for the unexpected "on-demand" connections and, if the operator, in its config, leafref-ed a call-home connection for yang-push also, then they did it on purpose. If the operator wants strictly-periodic, don't configure anything that might cause an on-demand connection. Right? > So for netconf-notif, I envision a leafref to a "client", with text > that explains that if the connection type is: > > o persistent then the notif is sent "immediately" (if possible, > otherwise queued). > > o "strictly periodic" then the notifs are queued until the next > period starts (implementation-specific qlen) > > o "periodic" or "on-demand" then a new session is started > (meanwhile notifs are queued), and once the session is started, > the notifs can be sent Maybe. I'm not yet buying the need to repurpose a call-home connection for yang-push. > Aha, ok, I see. Well, this is, as you say, just orphaned config. I > think that is ok. Yes, orphaned config is a small worry in all this. FYI, another niggle I'm getting is how all repurposed call-home connections might be supported by generic server frameworks like NCS. Would NCS examine the device config, determine how many triggers might have caused this and then, how each, start the trigger-specific action to see if it was the reason why the device called home? Kent // contributor
- [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Juergen Schoenwaelder
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Juergen Schoenwaelder
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Juergen Schoenwaelder
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Andy Bierman
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Juergen Schoenwaelder
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Andy Bierman
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Martin Bjorklund
- Re: [Netconf] netconf call home connection type Kent Watsen
- Re: [Netconf] netconf call home connection type Andy Bierman