[Netconf] HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)
"Eric Voit (evoit)" <evoit@cisco.com> Tue, 10 July 2018 23:53 UTC
Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C530130DF0 for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 16:53:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fs7UcbU4D_PS for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 16:53:12 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59001130DDC for <netconf@ietf.org>; Tue, 10 Jul 2018 16:53:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4242; q=dns/txt; s=iport; t=1531266792; x=1532476392; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=jk70uE/x13sQVKvrN/rMmPKQBf6fDlU9ROPTber1XR4=; b=dv3VJM3I2SpaMJ69QbZWrQlTSAVAYMX1BR5PEICcPG2FZXtg+6QZL0Y9 3lpkoJ9RXBDt7xUe+TLBb7Sl9BGtCvp8CJbGGtYiP5HzU+tFx7jDWh6so DJQNt5KoXAyY89CgXS65RSLhxwYkvo/Wtf5dfHjRzGDHTXGU3Y5ijLITI s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CEBgCNRkVb/5hdJa1cGQEBAQEBAQEBAQEBAQcBAQEBAYNJY38yg3CUPIIKgziReoF6C4RsGYITITUXAQIBAQIBAQJtKIU2AQEEJBETMgUNARYHBQIJFgcCBDAVEQEEAQ0NgxmBdwiqfoEugyWFKoE4gQuHUR2BVz+JBoMXglUCmVIJAo8cjWiRawIRFIEkHwE1gVJwFRqDC4JMjgaNJIEaAQE
X-IronPort-AV: E=Sophos;i="5.51,336,1526342400"; d="scan'208";a="419938396"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Jul 2018 23:52:55 +0000
Received: from XCH-RTP-014.cisco.com (xch-rtp-014.cisco.com [64.101.220.154]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id w6ANqtrQ010865 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 10 Jul 2018 23:52:55 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-014.cisco.com (64.101.220.154) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 10 Jul 2018 19:52:54 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1320.000; Tue, 10 Jul 2018 19:52:54 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Kent Watsen <kwatsen@juniper.net>, Lou Berger <lberger@labn.net>, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: Netconf <netconf@ietf.org>
Thread-Topic: HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: [Netconf] Anyone want just Configured Subscriptions?)
Thread-Index: AdQYqRibIyUKRz80SqisclOQdJB7zA==
Date: Tue, 10 Jul 2018 23:52:54 +0000
Message-ID: <97940484f3cb4ea8bbd2cd76bc46f764@XCH-RTP-013.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.41.32.86]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/c5BXAy4D-nFOofpItDwXdEyvylA>
Subject: [Netconf] HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 23:53:15 -0000
Changing the thread title, as we have moved off the original topic... > From: Kent Watsen, July 10, 2018 6:36 PM > Adding back in Lou's comment before mine to provide the context needed to understand my answer... >>> (Lou) or an an error when an unsolicited notification is received by a client that doesn't support it. (optimizing for what I think suspect will be the common case in the long term...) > > Effectively this is what draft-ietf-netconf-restconf-notif, section > > 4.2 defines now. A successful POST of a "subscription-started" > > notification must occur before events are sent. Failure to receiver > > an OK for the POST means an error to the publisher. > > But if we use RESTCONF Call Home, the receiver is the HTTP-client, can an HTTP > client process a POST? Considering Lou's comment, my response points out that a receiver must "OK" a "subscription-started" before the publisher can send events. In this case the publisher is the HTTP2 client. Otherwise there is an error. Since there is no RESTCONF is needed at all for configured subscriptions, the function draft-ietf-netconf-restconf-notif needs to include is the safe establishment of a secure tunnel between Publisher (HTTP2 client) and Receiver (HTTP2 server). Perhaps Call Home is not necessary at all here, and perhaps it is always safe for the publisher to initiate the encrypted tunnel. We can debate the pros/cons of each scenario for sure. Perhaps Call Home simply isn't needed here. And that would be excellent. My understanding is that Call Home does provide some protections here, so I left RESTCONF call-home in to spur this debate. Assuming that someone does want call-home for configured subscription encrypted tunnel establishment, steps C1-C7 of RFC8071 remain the same. It is just step C8 which changes so that a receiver starts to listening for the POST of notifications to its HTTP server rather than starting RESTCONF. Likewise Steps S1-S5 and S7 of RFC8071 remain the same. The only difference would be that step S6 initiates an HTTP2 client connection towards the receiver, and then POSTs a "subscription-started" notification. These specifics absolutely do need to be in draft-ietf-netconf-restconf-notif. They are not yet as I was awaiting this discussion first. > > Some form of RESTCONF Call Home with capability advertisement could > > also occur before the "subscription-started" POST. However, this > > advertisement of client capabilities might not be needed for all > implementations. > > I don't know how. RESTCONF Call Home just starts the RESTCONF protocol, > and there is no capability-exchange in RESTCONF. I could have worded this better. What I meant is that outside the current scope of draft-ietf-netconf-restconf-notif, some TBD exchange of receiver capabilities could be defined. This would let the publisher know that sending a "subscription-started" is supported. I don't believe this necessary/essential here, as you won't start pushing events until the receiver says "OK". Eric > Kent // contributor >
- [Netconf] HTTP2 configured subscriptions, is REST… Eric Voit (evoit)
- Re: [Netconf] HTTP2 configured subscriptions, is … Andy Bierman
- Re: [Netconf] HTTP2 configured subscriptions, is … Eric Voit (evoit)
- Re: [Netconf] HTTP2 configured subscriptions, is … Juergen Schoenwaelder