Re: [Netconf] HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)
"Eric Voit (evoit)" <evoit@cisco.com> Wed, 11 July 2018 00:27 UTC
Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E473A130DD4 for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 17:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nk44EPWCI4j for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 17:27:37 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED362127332 for <netconf@ietf.org>; Tue, 10 Jul 2018 17:27:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18410; q=dns/txt; s=iport; t=1531268856; x=1532478456; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=cu44mjtHucvcNvkm8pjNBuhaQvm7eLI1uW5K+ylFPuU=; b=Jamlg7extCGB+4kczKvEp3LhLfMhue7+Mq+wPLpWi1Hp8ffDzCtZoA3x /j0JhRdiJOGGspFZwp7P10KvW6OL2InCN+WBzYytv6p6ZrrnUhJeKgxIS tc0FUdeWkEAciTA0GBBtrfeAoskk1Oz7QYPpWq5hX4vf8NK3XmH+BlG2E E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CoAQC9TkVb/5NdJa1cGQEBAQEBAQEBAQEBAQcBAQEBAYJTTCpjfygKg3Bik1qCCpAkhQ6BegsYAQqEA0YCF4ITITUXAQIBAQIBAQJtHAyFNgEBAQMBAQEhChonCwULAgEIFRAWBAMCAgIlCxQRAgQOBQiDGYEbXAgPqmOBLoMlhSqBMwWIXB2BVz+Dcy6DGQEBAoFIJCiCS4JVAplSCQKPHI1okWsCERSBJB8BNYFScBUaIYJpgk1pAQeHV4U+bwGMNIEaAQE
X-IronPort-AV: E=Sophos;i="5.51,336,1526342400"; d="scan'208,217";a="141298275"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jul 2018 00:27:29 +0000
Received: from XCH-RTP-014.cisco.com (xch-rtp-014.cisco.com [64.101.220.154]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id w6B0RS5c027643 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 11 Jul 2018 00:27:28 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-014.cisco.com (64.101.220.154) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 10 Jul 2018 20:27:28 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1320.000; Tue, 10 Jul 2018 20:27:28 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Andy Bierman <andy@yumaworks.com>
CC: Kent Watsen <kwatsen@juniper.net>, Lou Berger <lberger@labn.net>, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Netconf <netconf@ietf.org>
Thread-Topic: [Netconf] HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)
Thread-Index: AQHUGKwgIepoIlK4lUKAgLRU4cxjKaSJJ6cg
Date: Wed, 11 Jul 2018 00:27:28 +0000
Message-ID: <6cf9067753e946d198b2b2690fe4bded@XCH-RTP-013.cisco.com>
References: <97940484f3cb4ea8bbd2cd76bc46f764@XCH-RTP-013.cisco.com> <CABCOCHS52CWwLugr_QK+Y5vFOqPGLbG10T3+zQYzVH=RozmBhw@mail.gmail.com>
In-Reply-To: <CABCOCHS52CWwLugr_QK+Y5vFOqPGLbG10T3+zQYzVH=RozmBhw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.41.32.86]
Content-Type: multipart/alternative; boundary="_000_6cf9067753e946d198b2b2690fe4bdedXCHRTP013ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/jTt5Jb1b6sZPRhKSQDllXHvcuNo>
Subject: Re: [Netconf] HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 00:27:39 -0000
From: Andy Bierman, July 10, 2018 8:14 PM On Tue, Jul 10, 2018 at 4:52 PM, Eric Voit (evoit) <evoit=40cisco.com@dmarc.ietf.org<mailto:evoit=40cisco.com@dmarc.ietf.org>> wrote: Changing the thread title, as we have moved off the original topic... > From: Kent Watsen, July 10, 2018 6:36 PM > Adding back in Lou's comment before mine to provide the context needed to understand my answer... >>> (Lou) or an an error when an unsolicited notification is received by a client that doesn't support it. (optimizing for what I think suspect will be the common case in the long term...) > > Effectively this is what draft-ietf-netconf-restconf-notif, section > > 4.2 defines now. A successful POST of a "subscription-started" > > notification must occur before events are sent. Failure to receiver > > an OK for the POST means an error to the publisher. > > But if we use RESTCONF Call Home, the receiver is the HTTP-client, can an HTTP > client process a POST? Considering Lou's comment, my response points out that a receiver must "OK" a "subscription-started" before the publisher can send events. In this case the publisher is the HTTP2 client. Otherwise there is an error. Since there is no RESTCONF is needed at all for configured subscriptions, the function draft-ietf-netconf-restconf-notif needs to include is the safe establishment of a secure tunnel between Publisher (HTTP2 client) and Receiver (HTTP2 server). Perhaps Call Home is not necessary at all here, and perhaps it is always safe for the publisher to initiate the encrypted tunnel. We can debate the pros/cons of each scenario for sure. Perhaps Call Home simply isn't needed here. And that would be excellent. My understanding is that Call Home does provide some protections here, so I left RESTCONF call-home in to spur this debate. Assuming that someone does want call-home for configured subscription encrypted tunnel establishment, steps C1-C7 of RFC8071 remain the same. It is just step C8 which changes so that a receiver starts to listening for the POST of notifications to its HTTP server rather than starting RESTCONF. Likewise Steps S1-S5 and S7 of RFC8071 remain the same. The only difference would be that step S6 initiates an HTTP2 client connection towards the receiver, and then POSTs a "subscription-started" notification. These specifics absolutely do need to be in draft-ietf-netconf-restconf-notif. They are not yet as I was awaiting this discussion first. > > Some form of RESTCONF Call Home with capability advertisement could > > also occur before the "subscription-started" POST. However, this > > advertisement of client capabilities might not be needed for all > implementations. > > I don't know how. RESTCONF Call Home just starts the RESTCONF protocol, > and there is no capability-exchange in RESTCONF. I could have worded this better. What I meant is that outside the current scope of draft-ietf-netconf-restconf-notif, some TBD exchange of receiver capabilities could be defined. This would let the publisher know that sending a "subscription-started" is supported. I don't believe this necessary/essential here, as you won't start pushing events until the receiver says "OK". It is very expensive to implement both HTTP client and server roles in both peers. IMO the existing RESTCONF SSE notifications need to be supported. <Eric> See other thread. I am looking for someone to champion existing RESTCONF SSE call flow / use case. I can’t do it justice as I haven’t seen an implementation. Eric I am concerned that not enough reviews of configured notifications are being done because it is a low priority for many vendors. It is clearly redundant if CallHome is used, but potentially useful for binary push and line-card push (UDP or TCP). It is hard to say if the correct pieces are being defined now to support fancy binary push standards later. Eric Andy > Kent // contributor > _______________________________________________ Netconf mailing list Netconf@ietf.org<mailto:Netconf@ietf.org> https://www.ietf.org/mailman/listinfo/netconf
- [Netconf] HTTP2 configured subscriptions, is REST… Eric Voit (evoit)
- Re: [Netconf] HTTP2 configured subscriptions, is … Andy Bierman
- Re: [Netconf] HTTP2 configured subscriptions, is … Eric Voit (evoit)
- Re: [Netconf] HTTP2 configured subscriptions, is … Juergen Schoenwaelder