IETF Logo Mail Archive

Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04

Andy Bierman <andy@yumaworks.com> Thu, 10 August 2017 16:48 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D79891323AE for <netconf@ietfa.amsl.com>; Thu, 10 Aug 2017 09:48:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtM0yWkQtGjV for <netconf@ietfa.amsl.com>; Thu, 10 Aug 2017 09:48:43 -0700 (PDT)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6276A132331 for <netconf@ietf.org>; Thu, 10 Aug 2017 09:48:42 -0700 (PDT)
Received: by mail-wm0-x22a.google.com with SMTP id t138so22232216wmt.1 for <netconf@ietf.org>; Thu, 10 Aug 2017 09:48:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=FLtVPIxiGymrLqNFeelhxxi+SxPriRfylhqYhumoYn8=; b=ukvX3pErkAvFawFY/xMe/9YS1xsol/T1iLVj8LITolJmXwAJNbiyQBVrY2YI/KMkE6 6aMSRt96mIUBMu7RnoE+3lEBoaLqqcejR9zndZ4pwzNYLHKlc/chcWHtmoDXkaU2fFKX IoTgsylr9RwDMv9jv5Wm9NSXYcRZBRYMY/A0ehDZtABl7PwJ3/lTXXashyiAcDkqkfAL yggfC1DWSIh6jWBwsTaEjLQNlFLa8aBLTxcEi78oviV2Wbw1PqflfiPYWG0VS8qm7DBO uwtB+RFmEmNjrkgrynf6+ZNDZxoQm7q75Fl8IPdpSnIhGjCcLv9YgJEMiW/6l5pGPRjh Murw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=FLtVPIxiGymrLqNFeelhxxi+SxPriRfylhqYhumoYn8=; b=WELyMlpw62HJx7PXwRraAgO+Qav2S/1MDz9XdCSX6hrTJswjyyfwHeT8yB3d51v6uP /lzBgw63+O2MQdJvRzdOu5vdfsgwH+FEu1ORlIU1WmkLM8PTWUxSKPfV8eLqDdqrq4Lz g29fAzyt3EZkMQa/zawdPwHn8VpyJAEkgsVKZDV2xNYjIC1gUcrYP2Tw2WoKMyBWYQ4f bQWXDeYuXixlp5TkCUMVoJtdhX9tfxiqlxRMp1IZ8kFTVK19Ip0krZXIMx3cBD2xJ+a5 4LzEXPvm9/RJnxlNucsvgFC5ifDhFwSelXGdRt8GyessDqHINGFJmHfy2+snja79HXn8 22ng==
X-Gm-Message-State: AHYfb5ihvNI98/fUdB5hmCT6lG6Y8EhDIph20KbJTG6SmQSUtsIEa7rs dOUXOykqXo3+rHjtSzH93DAs34/MZn7J
X-Received: by 10.28.203.78 with SMTP id b75mr7683584wmg.50.1502383720859; Thu, 10 Aug 2017 09:48:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.182.160 with HTTP; Thu, 10 Aug 2017 09:48:40 -0700 (PDT)
In-Reply-To: <30CD19F8-6441-4EA3-A340-8CEDD6D4FD6A@juniper.net>
References: <150128020275.20726.13027423171798327745@ietfa.amsl.com> <A9F2ED3F-6AC5-4AEF-8EBF-1C4F89A6F0F7@juniper.net> <CABCOCHTmNdi7ZGPL_R8vyZTOKeVwJgtrqsT0ZNBCbMUT4Qo9tA@mail.gmail.com> <30CD19F8-6441-4EA3-A340-8CEDD6D4FD6A@juniper.net>
From: Andy Bierman <andy@yumaworks.com>
Date: Thu, 10 Aug 2017 09:48:40 -0700
Message-ID: <CABCOCHQrgYOUGXo1g3LGn9t8rL3-MoJwNmSG2amgAkxMp_Prhw@mail.gmail.com>
To: Kent Watsen <kwatsen@juniper.net>
Cc: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "draft-ietf-netconf-restconf-client-server.all@ietf.org" <draft-ietf-netconf-restconf-client-server.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c1308feffa148055668f7d1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/jvHDipNULsCduKpcVDVDb8xd3ao>
Subject: Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-client-server-04
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2017 16:48:46 -0000

Hi Kent,


On Wed, Aug 9, 2017 at 1:48 PM, Kent Watsen <kwatsen@juniper.net> wrote:

> Hi Andy,
>
> >>> Modules:
> >>>  (M1) ietf-restconf-client@2017-07-03.yang
> >>>  (M2) ietf-restconf-server@2017-07-03.yang
> >>>
> >>> Comments:
> >>>
> >>> C1:
> >>>
> >>> (M1) RESTCONF does not have sessions so the term "RESTCONF session"
> >>> needs to be defined
> >>
> >> <KENT> good point, in this case, it's actually the underlying
> >> transport (TLS) that has a session.  Fixed.  But what about the
> >> 'max-sessions' leaf, under 'listen', in both modules?  - should
> >> this also be changed to talk about the TLS session, or removed
> >> altogether?
> >
> > I think you can change it to "transport session" or "TLS session"
> > if the concept of session reconnect is is kept for RESTCONF
>
> Fixed in my local copy.
>
>
> >>> C2:
> >>>
> >>> (M1) feature tls-initiate
> >>> (M1) feature tls-listen
> >>> (M2) feature tls-listen
> >>> (M2) feature tls-call-home
> >>>
> >>> Are these features really needed since a RESTCONF server MUST support
> >>> the TLS transport?
> >>
> >> <KENT> the features themselves are needed, as we don't know what
> >> clients/servers may support.
> >>
> > OK -- These features are nested within other features (initiate, listen).
> > You should add a comment somewhere that TLS is optional-to-support,
> > but mandatory to support if the TLS transport is implemented.
> > Currently RESTCONF requires TLS be supported, but future
> > versions could be different.
>
> I added this to the description statement of the 'tls-listen' and
> 'tls-initiate' features:
>
>       Currently TLS is the only transport supported by RESTCONF,
>       this feature helps support possible future transports.";
>


If you are trying to say that TLS might not be the mandatory-to-implement
transport, this sentence is not quite right.

You know I am not a big fan of YANG conformance.
We have nothing in between "always mandatory" and "purely optional,
server developer's choice".  We have nothing like conditionally
mandatory "If the RESTCONF server supports listening on TLS , then
the listen-tls feature MUST be supported."

The when-stmt can be used to provide this conditionally-mandatory
conformance,
but it has to be customized for each data subtree. It is more expensive
than if-feature
on many levels.



> and I also added a design note into the draft itself.
>
>
> > Also, recent YANG 1.1 discussions concluded (wrongly IMO) that nested
> > nodes do not inherit the if-feature-stmts of ancestors.  It is not clear
> > how one would access /foo/bar if /foo was not supported.
>
> Wait, seriously? I didn't see that.  I don't understand how else nested
> if-feature statements can be interpreted.  Can you point to the thread
> where this was discussed?
>
>
I cannot find it now.
Essentially, features are not coupled to objects:

  container foo {
     if-feature A;
     container foo2 {
        if-feature AA;
     }
  }

  container bar {
     if-feature AA;
   }

The designer has to decide:
Does feature AA depend on A, or just container foo2 depends on container
foo?
Does an external subtree (like /bar) depend on both features or can they be
used independently?

In this case I think the intent is to support feature listen if any
transport is supported,
and feature listen-<transport> is a specific transport is supported, so the
if-feature
inside the 2nd feature is correct.



>
> > So perhaps you should add if-feature-stmts:
> >
> >  feature tls-listen {
> >     if-feature listen;
> >     ...
> >  }
> >
> >  feature tls-listen {
> >    if-feature listen;
> >    ...
> >  }
>
> I went ahead and made this change, it seems better.
>
>
>
> >>> C3:
> >
> > Change it to be TLS session
>
> Done.
>
>
>
> >>> C4:
> >
> > OK -- this is how our server works. It does not make a special case for
> Connection: close.
>
> Correct.
>
>
>
> >>> C5:
> >
> > It should be clear that the client would have to issue a GET or maybe
> POST
> > to initiate the sending of stored data like logs
>
> Okay, how about this?
>
>    "Periodically connect to the RESTCONF server, so that,
>     e.g., the RESTCONF client can collect data (logs)
>     from the RESTCONF server.  The RESTCONF client must
>     close the connection when it is ready to release it.
>     Once the connection is closed, the RESTCONF client
>     restarts its timer until the next connection.";
>
>
>
Not sure this is needed.
RESTCONF does not define any interactions that are not initiated by the
client,
but if that changes, then no reason to constrain this text. I would change
'must' to 'SHOULD' in the 2nd sentence.



>
> >>>C6:
> >>>
> >>> (M1)  /restconf-client/initiate/restconf-server/periodic/
> >>> (M2)  /restconf-server/call-home/restconf-client/connection-
> type/periodic/
> >>>
> >>> The RESTCONF notifications via SSE should be exempt from timeouts.
> >>> The RESTCONF client should terminate an SSE request. The server should
> >>> not timeout an SSE response connection
> >>
> >> <KENT> Agreed, and the description statement for the 'idle-timeout' leaf
> >> says "Sessions that have a notification subscription active are never
> >> dropped.  But here, under 'periodic', the whole point is to shed idle
> >> connections.  For instance, imagine a client that wants to collect logs
> >> from a low-powered server once a day.  What do you think?
> >
> > Notification replay has a mode where it is terminated (i.e,., end-time
> provided)
> > I think this would have to be used by the client.  This tells the server
> to drop
> > the connection when the replay is complete.
>
> Sure, but keep in mind that logs are just an example, there could be other
> data-collection mechanisms.  Still, note that when end-time provided is
> reached, the line would become idle, if it didn't drop.  This seems like a
> more generic mechanism.
>
>
> > This is 1 exception -- another is close-session.
> >
> >   POST /restconf/operations/ietf-netconf:close-session
> >
> > Is this supposed to do anything in RESTCONF?
>
> First, I don't view the above as an exception.  With regards to 'close-
> session', does it even have a meaning in RESTCONF?  - and is this actually
> an issue for RFC 8040?
>
>

RESTCONF does not specify any behavior for specific operation resources.
It is left as an implementation detail.  Our server treats each RESTCONF
request
as a new management session, so a NETCONF operation like <lock> is granted
and then released right afterwards by the server because the session is
terminated.
I think any standard behavior for application layer sessions would need to
be defined
in a new versions of RESTCONF.








>
>
> >>> C7:
> >>>
> >>> Sec 1.2 Tree Diagrams
> >>>
> >>> Old text should be replaced with reference to
> >>> draft-ietf-netmod-yang-tree-diagrams-01
> >>
> >> <KENT> same comment as before.
> >
> > OK -- wait for tree draft to be stable
>
> Yep.
>
>
> >>> Nits:
> >>>
> >>> The tree diagram shows the fully expanded groupings,
> >>> even many objects are in other drafts. I needed all 5 drafts
> >>> open in windows for searching, plus pyang tree output,
> >>> to really follow the data model structure.
> >>
> >> <KENT> I know.  Do you have a proposal?
> >
> > The external nodes cannot really use a prefix because they
> > are pulled in from groupings, and technically in the same module
> > namespace. I don't know if any changes to the tree diagram
> > should be made for uses external-grouping.
>
> Agreed.
>
>
>
> > Andy
>
> Kent
>
>
>
Andy

v2.23.0 | Report a Bug | By Email