Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

"Rob Wilton (rwilton)" <rwilton@cisco.com> Thu, 03 October 2019 16:13 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE86912013F for <netconf@ietfa.amsl.com>; Thu, 3 Oct 2019 09:13:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=AL6iUY5b; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=bcYgsB8x
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HvzdBFQ4ZI1Y for <netconf@ietfa.amsl.com>; Thu, 3 Oct 2019 09:13:16 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADF82120104 for <netconf@ietf.org>; Thu, 3 Oct 2019 09:13:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=85224; q=dns/txt; s=iport; t=1570119196; x=1571328796; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=s7GZsAPlkwMJntiSUkOqPq6VRDPZGhv4T21dNedbCMs=; b=AL6iUY5bq3XCE33vaD4UlgkJz/LR0MbmyqEZjVse4vz1FUMK+kQy7Wjb 39+6szMH1DrsZhFy72SJPNIwngVoUQMdQqH0sVFea/gSn1zOQMYUa/QXw J8oGb9yebX4hWrYUeTYSixuGeVdXTObAfNvsQqo6fxLkhvT4BYBtvuhN2 c=;
IronPort-PHdr: =?us-ascii?q?9a23=3AIVjD4B0wrrgtIRQasmDT+zVfbzU7u7jyIg8e44?= =?us-ascii?q?YmjLQLaKm44pD+JxKHt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSw?= =?us-ascii?q?dDjMwXmwI6B8vQE1L6KOLtaQQxHd9JUxlu+HToeUU=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AWAABFHZZd/5pdJa1cChoBAQEBAQI?= =?us-ascii?q?BAQEBDAIBAQEBgVQEAQEBAQsBgRsvJCwDbVYgBAsqCoQYg0cDikVNgg9+iGm?= =?us-ascii?q?OEYEuFIEQA1QJAQEBDAEBJQgCAQGBTIJ0AheCLiM1CA4CAwkBAQQBAQECAQU?= =?us-ascii?q?EbYUtDIVLAQEBAQMSCAkKEwEBNQMPAgEGAhEEAQEOEwEGAwICAh8RFAkIAgQ?= =?us-ascii?q?BEggWBIMBgR1NAx0BAgySf5BhAoE4iGF1gTKCfQEBBYE4AoNPDQuCFwMGgTQ?= =?us-ascii?q?BimKBKxiBQD+BEUaBTkk1PoIaRwEBAgGBMwUOAhgrCYJXMoImjHMOATIDgjS?= =?us-ascii?q?FNYksji9BCoIjhwiKCYQigjqHTo1ZgV+OK4E+hmKCDY8EAgQCBAUCDgEBBYF?= =?us-ascii?q?TATcqgS5wFTuCbFAQFIFPCxiDUIUUhT90AQGBJ41hASQHgQQBgSIBAQ?=
X-IronPort-AV: E=Sophos;i="5.67,253,1566864000"; d="scan'208,217";a="343924299"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Oct 2019 16:13:15 +0000
Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x93GDFIq031295 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 3 Oct 2019 16:13:15 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 3 Oct 2019 11:13:14 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 3 Oct 2019 12:13:11 -0400
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 3 Oct 2019 12:13:06 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pv5pSaM3MwVMxT0WUrenThHlF8wDiakFxYeuxUT4Yonde5otagvTqpk6s083R57UUKphZpekn3857RQh6EAmb+V1LjBGcE9Fku3eNgT9wgxrvURUvrEJz8JuIlHXK96EyD9chGMEzmDsMXZJISl0ou0u3mDTGa9XTx37dadFU5UQXDANN2WVK4jAgHk7lS548xRKMQGiaFfm49ZvQu1Tm8xryCpppbgMDlYD7dEtyXG9OUWCNCQNqNxlYoEVIeUidt9xLuL9mN2cAswlk7PCKfWdYt3I3WIBKOAC5g4gOG22iy6sT8f2jVIjdtfv/9FCghLpXbSou7e/Z7O5SYGjCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s7GZsAPlkwMJntiSUkOqPq6VRDPZGhv4T21dNedbCMs=; b=lIvLEyCvZPjn1FRClyegpOndOxdxqIwF9KFhbTBgkPrW3VaVH0KH3+tUR7HT9jAz6FbrhNDeifOGnRDpaZeyPH0C3+hqpMrkH2K17qvkEb7re1UtSqKfQqkyFzgY8XZXzuPWMYOH6dMkFnuZB+MgLMwHQNtqt5T/3PUrSZQShnxqbz6vIVuu+sfFyii18fQZkt0yykiVxTgz2i7Au+GLqKXbIpoejoA0psfC3Wj+bwh/MrX+lnZgnGstG/iGdSekq7piK6rv1QVgNg2Igp6NixEPIHeQb3rFsqfSmSm20YRL82jzQzDXS97c0jeIRoHzXbtTkzpENb7p1JxGAEx+cA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s7GZsAPlkwMJntiSUkOqPq6VRDPZGhv4T21dNedbCMs=; b=bcYgsB8x4frzYi90Qa5bnxPCliLamkGmw9Y0g0nbD2A+LGt9mq6GW3/PSuFdYeWneouNxC/TK6HiYNr62fI7mEuSRVuRP0VrGNAXSpOA+jZeRIlmxAkf03QrGjyT8oV101QBfUyFeV1SBzAnq9MPMIvdBaTf9qosHEy8A+NQ/ug=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) by MN2PR11MB3775.namprd11.prod.outlook.com (20.178.253.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.20; Thu, 3 Oct 2019 16:12:53 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549%2]) with mapi id 15.20.2305.023; Thu, 3 Oct 2019 16:12:53 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= <balazs.lengyel@ericsson.com>, "Mahesh Jethanandani" <mjethanandani@gmail.com>, Netconf <netconf@ietf.org>
Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
Thread-Index: AQHVaCiuRGm9KKbjG02ELVvMwRO/n6c7MLcAgAkj1tCABMaJgIAABczQ
Date: Thu, 3 Oct 2019 16:12:52 +0000
Message-ID: <MN2PR11MB4366904781E2542E148636BCB59F0@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <D3B39347-DFB7-4BEE-8B22-0EE07AEB1F5A@gmail.com> <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> <MN2PR11MB43663B72FBA8D839E539A001B5820@MN2PR11MB4366.namprd11.prod.outlook.com> <VI1PR0701MB228681C3737A9954323B7774F09F0@VI1PR0701MB2286.eurprd07.prod.outlook.com>
In-Reply-To: <VI1PR0701MB228681C3737A9954323B7774F09F0@VI1PR0701MB2286.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [173.38.220.43]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c3695096-4210-4159-7434-08d7481c8b67
x-ms-traffictypediagnostic: MN2PR11MB3775:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB37752808419EA23497327F1AB59F0@MN2PR11MB3775.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01792087B6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(346002)(396003)(366004)(376002)(199004)(189003)(51444003)(52314003)(7736002)(606006)(66946007)(2906002)(6116002)(790700001)(3846002)(8676002)(966005)(66066001)(486006)(186003)(476003)(81166006)(81156014)(7110500001)(99286004)(7696005)(76176011)(30864003)(256004)(26005)(53546011)(478600001)(55016002)(6506007)(316002)(6306002)(54896002)(236005)(9686003)(6436002)(11346002)(229853002)(2420400007)(110136005)(76116006)(446003)(33656002)(14454004)(64756008)(66556008)(66446008)(74316002)(66476007)(15650500001)(6246003)(25786009)(14444005)(86362001)(9326002)(71200400001)(5660300002)(66574012)(52536014)(102836004)(71190400001)(8936002)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3775; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: L1+qkUGz+CDc3psK3D1F5qwzvDHkJui0tiyYoIoMH+lZWcDJZqvm5L2XtkTblt88uGymErKOnr0S+eKa7PpSNA9SuQ+BLxMQuOxMedrrYsgJzAVQ6UpEFtp3LMZv3wn4k5xDZajhNIZGJ2pKAm+fMOp+4D2DW7HhRYVHSADOr3XjsjtRPV3u6UPLPMSOL7ht5hWSMxU1cl2/nLHnuLGE78rWh1nP7qPdsaJ6gdz6Dj3jJyqzlxBZrsyhADOLiISGmQ8ABPpGqeeoWtjfOQC0RStzVsFrNy3xXkOWn845Pp8h1q/KieHkas2t/sxDW6M05k6br7zpBixMJSqAE8udcooZYM2W6KjsT1AG2utlV+gnOusj8q4spH5nccs+oyFljQqSz4uf4QFrDylQWB5xdvaDJPjH8B4Y4karPsFKprMgTzPfYcGvcASxkwie8CPij32HNgD609aLvlDaPgnJvQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4366904781E2542E148636BCB59F0MN2PR11MB4366namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c3695096-4210-4159-7434-08d7481c8b67
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2019 16:12:53.0212 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vHBZ5zTES6v+ZRcmqdretPfk5hTb2sLsRsZI7BfNxSEqR75o0/knb4nJcaVPvuwjQoWKsLwV4wlN0THFqAC96Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3775
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/bSPEBq5YPqWSvh8ybDwS-qzbvxs>
Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2019 16:13:22 -0000

Hi Balazs,

From: Balázs Lengyel <balazs.lengyel@ericsson.com>
Sent: 03 October 2019 15:20
To: Rob Wilton (rwilton) <rwilton@cisco.com>; Mahesh Jethanandani <mjethanandani@gmail.com>; Netconf <netconf@ietf.org>
Subject: RE: [netconf] WGLC for draft-ietf-netconf-notification-capabilities



From: Rob Wilton (rwilton) <rwilton@cisco.com<mailto:rwilton@cisco.com>>
Sent: 2019. szeptember 30., hétfő 16:45
To: Mahesh Jethanandani <mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>>; Netconf <netconf@ietf.org<mailto:netconf@ietf.org>>; Balázs Lengyel <balazs.lengyel@ericsson.com<mailto:balazs.lengyel@ericsson.com>>
Subject: RE: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

Hi,

I have reviewed version -05b of this document.

I am supportive of this document, and its general approach of making subscription capability information available both online and offline.  I believe that this information is valuable to making YANG-Push more usable.

A few comments:

1.       Terminology and Introduction.  I wasn’t sure whether “implementation-time information” is the best description, or whether “offline information” would be a better description.   I believe that the key is that the information is available offline without requiring access to all the network devices.  Although I can see that providing this information at implementation time is useful and should be RECOMMENDED, I don’t think that it should be a MUST/SHALL (e.g. as per section 3).
BALAZS: I would like to keep the term “implementation-time”, as we had a number of debates about the correct term and this is one term people seemed to agree upon.  In practice it is often important to provide the information early, before the network node is fully implemented as NMS planning and design often begins early as well. In practice the capabilities are decided in implementation time.
[RW]
OK.  But I’m not really convinced that all vendors will be able to provide this information at implementation time.  I would normally expect a vendor to delay providing this information until the implementation is complete, they have tested it and verified that they can make the subscription guarantees that are being stated.  I think that a common case would be provide this information when the software is available (which could be ahead of the hardware availability).  But if you want to call it “implementation time” then I can live with that.
In section 3, I think

   The information SHALL be provided in two ways both following the
   ietf-notification-capabilities module:

should be:

   The information SHOULD be provided in two ways both following the
   ietf-notification-capabilities module:



2.       Another benefit of having information available offline is that if there are classes of devices running the same software and hardware then they should all have the same capabilities without having to check each and every one.  To this end, it would be nice if there was some sort of simple checksum mechanism that could be used to ensure that the information stored in the instance-data file exactly matches the equivalent information provided by the server.  This would allows NMS implementations to be coded to the instance-data document, and then just validate that the checksums match those provided by the server without having to fetch and check that a portion of the data tree matches.  As a side note – YANG packages has a similar requirement.
BALAZS: This seems like a requirement to implement an Entity-tag similar to  https://tools.ietf.org/html/rfc8040#section-3.5.2 but with a deterministic algorithm to generate the tag value. While the idea is interesting/worthwhile, IMHO it should be handled in a generic manner, not for each YANG module separately. Also I was instructed to remove the entity tag from draft-ietf-netmod-yang-instance-file-format.
[RW]
I agree that it is better to handle generically, although in the YANG packages case, I don’t think that this would work, because not everything is part of an instance-data document (e.g. a checksum for a module).  The deterministic algorithm that the packages draft is currently using is a SHA-256 hash.


3.       Section 3, by “formal”, do you mean “machine readable”?  Otherwise expanding what is meant by formal might be useful.
BALAZS: OK, changed text

4.       Section 3, instead of “amount of notifications” would “throughput of notification data” be better?
BALAZS: As you wish, changed text.

In terms of the YANG model, I think that it is possible to design this in a slightly more regular (and arguably simpler) way:

-          Rename “datastore-subscription-throughput-capabilities grouping” to “subscription-throughput-capabilities” (since the grouping is also used at the subscription level)
BALAZS: OK, renamed
BALAZS:: IMHO the other changes look more simple, but will actually make the model more complicated.
[RW]
So, the current tree output is this:

module: ietf-notification-capabilities
  +--ro datastore-subscription-capabilities
     +--ro (update-period)?
     |  +--:(minimum-update-period)
     |  |  +--ro minimum-update-period?     uint32
     |  +--:(supported-update-period)
     |     +--ro supported-update-period*   uint32
    +--ro max-objects-per-update?          uint32
     +--ro minimum-dampening-period?        uint32 {yp:on-change}?
     +--ro datastore-capabilities* [datastore]
        +--ro datastore                          union
        +--ro (update-period)?
        |  +--:(minimum-update-period)
        |  |  +--ro minimum-update-period?       uint32
        |  +--:(supported-update-period)
        |     +--ro supported-update-period*     uint32
        +--ro max-objects-per-update?            uint32
        +--ro minimum-dampening-period?          uint32 {yp:on-change}?
        +--ro on-change-supported-for-config?    boolean {yp:on-change}?
        +--ro on-change-supported-for-state?     boolean {yp:on-change}?
        +--ro per-node-capabilities* [node-selector]
           +--ro node-selector             nacm:node-instance-identifier
           +--ro (update-period)?
           |  +--:(minimum-update-period)
           |  |  +--ro minimum-update-period?    uint32
           |  +--:(supported-update-period)
           |     +--ro supported-update-period*  uint32
           +--ro max-objects-per-update?         uint32
           +--ro minimum-dampening-period?       uint32 {yp:on-change}?
           +--ro on-change-supported             boolean {yp:on-change}?

The model that I proposed would look like this:

module: ietf-notification-capabilities
  +--ro datastore-subscription-capabilities
     +--ro (update-period)?
     |  +--:(minimum-update-period)
     |  |  +--ro minimum-update-period?     uint32
     |  +--:(supported-update-period)
     |     +--ro supported-update-period*   uint32
    +--ro max-objects-per-update?          uint32
     +--ro minimum-dampening-period?        uint32 {yp:on-change}?
     +--ro on-change-supported?             Enum of (config|state|both)
     +--ro datastore-capabilities* [datastore]
        +--ro datastore                          union
        +--ro per-node-capabilities* [node-selector]
           +--ro node-selector             nacm:node-instance-identifier
           +--ro (update-period)?
           |  +--:(minimum-update-period)
           |  |  +--ro minimum-update-period?    uint32
           |  +--:(supported-update-period)
           |     +--ro supported-update-period*  uint32
           +--ro max-objects-per-update?         uint32
           +--ro minimum-dampening-period?       uint32 {yp:on-change}?
           +--ro on-change-supported?            Enum of (config|state|both)


The code interacting with this is more generic , with less corner cases.

But I think that you could go a step further and define it like this, allowing (datastore=’all’ + node-selector = ‘/’) to define the default global capabilities.  Any capabilities for a specific datastore is more specific than “all”.  Capabilities for a more specific path win over a less specific path.  Personally, I would expect this to be simpler to implement because there are less special cases to handle.

module: ietf-notification-capabilities
  +--ro datastore-subscription-capabilities
     +--ro datastore-capabilities* [datastore]
        +--ro datastore                          union
        +--ro per-node-capabilities* [node-selector]
           +--ro node-selector             nacm:node-instance-identifier
           +--ro (update-period)?
           |  +--:(minimum-update-period)
           |  |  +--ro minimum-update-period?    uint32
           |  +--:(supported-update-period)
           |     +--ro supported-update-period*  uint32
           +--ro max-objects-per-update?         uint32
           +--ro minimum-dampening-period?       uint32 {yp:on-change}?
           +--ro on-change-supported?            Enum of (config|state|both)






-          Add “on-change-supported” leaf to “subscription-throughput-capabilities” grouping, but change its type to an enum of “all-nodes, config-only, state-only” – this could then work in a fully hierarchical way.  (I.e. the existing on-change-supported-for-config, on-change-supported-for-state , on-change-supported could be removed).
BALAZS: The enum will need much more explanation e.g. what does it mean to have the “config-only” value on a config=false data node? It can be explained, it will just need more text.
[RW]
I’m not convinced that this would take that much text to explain … e.g. possibly something like

“On change notifications can be supported for (i) only ‘config: true’ nodes, or (ii) only ‘config: false’ nodes, or (iii) all nodes regardless of the ‘config’ flag”



-          Instead of having a set of “datastore” level parameters, could these just be expressed as the set of parameters that apply to “/” within a datastore (e.g. as described in NACM YANG module “leaf path“)?  I.e. given that you support hierarchical paths within a datastore, it just means that you need two levels, per device and per datastore.
BALAZS: It looks simpler, but we would have to have longer explanations:

o   The “/” is not well defined or well known, so its use must be described
[RW]
But it is defined/used in this way for NACM.  I.e. your model would be more consistent with the approach defined in NACM rather than using a different approach.  I think that you also already need to handle the “/” case anyway, or explicitly indicate that it is not allowed.


o   The extra case when there is no per-node-capabilities list-entry needs to be explained/specified
[RW]
I don’t follow your comment.  I’m proposing changing from a model that has 3 levels of hierarchy (global, per-datastore, per datastore schema subtree) to one that only has 2 (global, per datastore schema subtree).




-          Ideally, it would be better to have a dependency on RFC6991-bis for node-instance-identify rather than on NACM.  Although I guess that you may not want to delay this RFC.
BALAZS: Agreed, but please no delay.
[RW]
Yes, OK.  The plan was to get RFC6991bis done fast, I’m not sure how close that document can be to WG LC.  Perhaps we could check with Juegen?


-          Currently “leaf on-change-supported” is marked as mandatory true, but I’m not sure why it should be so.
BALAZS: OK. made it mandatory false; There is a use-case where the per leaf dampening period needs to be specified, but the on-change-supported is inherited from the containing parent/datastore.
[RW]
Sure.


-          Is “max-objects-per-update” optional.  What if the server doesn’t have any hard limit - can they just not return a value here?  If so, perhaps assigning a default value of uint32_max might make sense?
BALAZS: It is optional. If there is no hard limit or the limit is not known the leaf must be absent. The module description include the text:
      Any capability value MAY be absent ... if the publisher is not capable of
      providing a value.
[RW]
OK.  Then I think that there should be a bit more text about what values mean if they are not specified.  E.g. perhaps the following (if this is the right behaviour for all properties).

Old:
      Any capability value MAY be absent if a more generic capability
      value is already provided or if the publisher is not capable of
      providing a value.

New:
      Any capability value MAY be absent if a more generic capability
      value is already provided or if the publisher is not capable of
      providing a value.  If not provided then it should be
      interpreted that the property is unconstrained.


In the security section, are these capabilities sensitive information?  E.g. could it be used by an attacker to more effectively DDOS a server (by knowing which paths to target subscriptions towards)?
BALAZS: IMHO the information is not security sensitive. The minimum dampening period and minimum-update-period can be used to find schema sections that might generate more notifications, but this is really a corner-case and we usually don’t describe such details. However the security section now includes:
         The Network Configuration Access Control Model (NACM) [RFC8341]
         provides the means to restrict access for particular NETCONF or
         RESTCONF users to a preconfigured subset of all available NETCONF or
         RESTCONF protocol operations and content.
         If access control is not properly configured, it can expose
         system internals to those who should not have access to this
         information.
[RW]
Thinking about this some more, I wonder whether the security section could/should refer back to YANG-Push, which allows a server to reject subscriptions if it would cause the server to become overloaded.

Thanks,
Rob


Thanks,
Rob


From: netconf <netconf-bounces@ietf.org<mailto:netconf-bounces@ietf.org>> On Behalf Of Mahesh Jethanandani
Sent: 24 September 2019 18:50
To: Netconf <netconf@ietf.org<mailto:netconf@ietf.org>>
Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

We were supposed to have closed on the WGLC today. However, between the document becoming a WG item and it going into LC, we have not received too many comments on the draft. As such, we are extending the LC by another week. Please review the draft and provide any comments you might have.

Mahesh & Kent (as co-chairs)


On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani <mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>> wrote:

Authors have published -04<https://tools.ietf.org/html/draft-ietf-netconf-notification-capabilities-04> version of the draft, which addresses comments they received in IETF 105. If you provided comments please check to make sure your comments have been addressed. At this point, the authors believe that the document is ready for WGLC.

This therefore starts a two week LC, ending on September 24th. Please provide any technical comments you might have on the document. If you believe the document is not ready for LC, please state your reasons.

We will issue a IPR poll separately.

Mahesh & Kent (as co-chairs)