Re: [netconf] Capability-fetching mechanisms

Qin Wu <> Thu, 13 May 2021 08:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 58EA53A2F30 for <>; Thu, 13 May 2021 01:28:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TlnqzNTfUEEC for <>; Thu, 13 May 2021 01:28:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1CD3D3A2F70 for <>; Thu, 13 May 2021 01:27:30 -0700 (PDT)
Received: from (unknown []) by (SkyGuard) with ESMTP id 4Fgkxv1r1Sz6qn6W; Thu, 13 May 2021 16:16:03 +0800 (CST)
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2176.2; Thu, 13 May 2021 10:27:24 +0200
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Thu, 13 May 2021 16:27:22 +0800
Received: from ([]) by ([]) with mapi id 15.01.2176.012; Thu, 13 May 2021 16:27:22 +0800
From: Qin Wu <>
To: Mahesh Jethanandani <>
CC: Kent Watsen <>, "" <>
Thread-Topic: [netconf] Capability-fetching mechanisms
Thread-Index: AddH0Dhnx9H5N4HXTcmORZebNJclOA==
Date: Thu, 13 May 2021 08:27:21 +0000
Message-ID: <>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_531c9709c5da4980922aa31e53684d01huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <>
Subject: Re: [netconf] Capability-fetching mechanisms
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 May 2021 08:28:17 -0000

发件人: Mahesh Jethanandani []
发送时间: 2021年5月13日 8:13
收件人: Qin Wu <>
抄送: Kent Watsen <>;
主题: Re: [netconf] Capability-fetching mechanisms

Hi Qin,

When Kent and I started working on the HTTPs notif draft we wanted to make sure that it was lightweight as it relates to setting it up. That means that if the publisher and receiver are HTTPS capable, that in most cases that is all that isneeded to establish the notification channel. To quite an extent that is still true. With default values (JSON encoding), one can setup a HTTPS notification channel by configuring the *publisher* where the receiver resides (its IP address) and any credentials that are needed to setup the channel. The receiver does not need to be configured, and as such does not need to be a NETCONF/RESTCONF server (or a client for that matter).

[Qin]: Thanks for your clarification, I think in appendix using subscribed notification and not using subscribed notification are both supported.
In the case of using subscribed notification, RFC8639 enabled capability is supported while in the case without using subscribed notification, RFC8639 enabled capability is not supported?
In the first case, the publisher need to be NETCONF/RESTCONF server? In the second case, it is not. Right?


On May 11, 2021, at 6:51 PM, Qin Wu <<>> wrote:

Hi, Kent:
Sorry for late follow up.
On Apr 19, 2021, at 5:39 PM, Kent Watsen <<>> wrote:

Dear WG,

One of the outcomes from “https-notif” presentation during the NETCONF 110 session was to what extent all the notif (e.g., https, udp, etc.) drafts should define their own capability-fetching mechanism, or use the mechanism defined by the "data-export-capabilities” draft.

As authors, Mahesh and I discussed some of the PROs and CONs of the approaches as follows:
[Qin]:I am under impression that shared-mechanism has a lot of benefit.:-)

  *   PROs (for having a shared-mechanism):

     *   Enables a common mechanism spanning multiple notif transports to exist

  *   CONs (against having a shared mechanism):

     *   Entails each receiver also needing to be a NETCONF and/or RESTCONF server
                                [Qin]:Is receiver in this context NETCONF/RESTCONF server or client?
                                  I think we mix two things,
a.       one is the server advertise its capability to the client , (i.e., server capability advertisement)
b.       the other is server send the capability query request the client and get capability response from the client. (client capability fetching)
                                I think data-export-capabilities right now focuses on (a), the question you ask here is whether (b) can be defined as shared mechanism which can be part of
                                the "data-export-capabilities” draft. If my understanding is correct, I think it will be nice to have (b) such shared mechanism, i.e., Defining (a) and (b) in a single place.

        *   Whereas a notif-specific solution can be optimized on a per-protocol basis.
        *   FWIW, if RC, the receiver COULD minimally support *just* the single GET request (i.e., not a complete RC server)
        *   Still, networking/firewall would have to support the outbound NC/RC flow, in addition to the base notification flow
                   [Qin]: "data-export-capabilities " draft uses draft-ietf-netconf-notification-capabilities-16 as basis or foundation. If my understanding is correct, draft-ietf-netconf- notification-capabilities-16 doesn’t
require receiver to support NETCONF or   RESTCONF.

     *   Potentially extends the number of capabilities to be more than minimally necessary

        *   e.g., the current "data-export-capabilities” modules define dozens of capabilities supporting RFC 8639 and RFC 8641 that are not needed for https-notif,
                                     [Qin] Dozens of capabilities defined by the current "data-export-capabilities” modules are all optional capability. It doesn’t require all the capabilities to be supported.
when RFC 8639 is not in use.

           *   HTTPS-Notif seems to need only three capabilities:

              *   What encodings are supported (json, xml, binary)
              *   If the RFC 8639 state machine is supported.
              *   If bundled messages is supported.
                                  [Qin]: So HTTPs-notif can pick those three capabilities and ignore other capabilities.  I believe HTTP has mechanism to deal with these unhandled capabilities advertised by the network device.  One of such example is unhandled
Namespace defined in (

           *   Presumably, UDP-Notif would similarly have a small set of capacities.

              *   In fact, it may be less, as UDP may be unable to support RFC 8639
             [Qin]: See clarification above. For UDP notif, it doesn’t require all the capability to be supported.


Kent and Mahesh  // as authors

netconf mailing list<>

netconf mailing list<>

Mahesh Jethanandani<>