[netconf] Re: Adoption call for notif-yang-04

Kent Watsen <kent+ietf@watsen.net> Tue, 18 June 2024 17:14 UTC

Return-Path: <010001902c579910-f46cd7b0-3fd5-4646-b677-0095a66a385d-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22B56C1CAE68 for <netconf@ietfa.amsl.com>; Tue, 18 Jun 2024 10:14:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6kGP3lBNqwWN for <netconf@ietfa.amsl.com>; Tue, 18 Jun 2024 10:14:18 -0700 (PDT)
Received: from a8-88.smtp-out.amazonses.com (a8-88.smtp-out.amazonses.com [54.240.8.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D69FC1840E2 for <netconf@ietf.org>; Tue, 18 Jun 2024 10:14:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1718730856; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=0nNOLCjH4QyNGKNXnnxK0Vmi88a/CSbmPgjlLSw0iDI=; b=GjcHtGUtew0T4iNpCKiQIaOV563ASvmJqgHFpri7fnZe9sSXnL5S01kLPaddF7tn 8nmkpBCJzVwQ/IgF9iiALhbNIv5n2iFFt4yYjhciL20mGyrTGnwMZodfC6M6JCBw6Bp zrniYUJxeeTYHVq62pfkMWApPRci+riwRdNgQmJc=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <010001902c579910-f46cd7b0-3fd5-4646-b677-0095a66a385d-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_13EA5426-C69B-4EFD-A0F4-7BB4E5E921BF"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Date: Tue, 18 Jun 2024 17:14:16 +0000
In-Reply-To: <786d781d522a4c96b4a07f856d854582@swisscom.com>
To: Thomas.Graf@swisscom.com
References: <0100018eb57a21d8-26b38f41-a625-4d44-9248-09b349fd4212-000000@email.amazonses.com> <0100019012711c3f-d2317fe0-30c0-4207-bb1f-855190e3ea3f-000000@email.amazonses.com> <LV8PR11MB85360BCE465EDB48BFA9DCF7B5CD2@LV8PR11MB8536.namprd11.prod.outlook.com> <0100019026c604b4-3751e0b2-fd8c-45c1-9884-0852fb6395c8-000000@email.amazonses.com> <786d781d522a4c96b4a07f856d854582@swisscom.com>
X-Mailer: Apple Mail (2.3774.400.31)
Feedback-ID: ::1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.06.18-54.240.8.88
Message-ID-Hash: 7VJY42IE2FMNDYXJH3O3RSSN3AL26CHC
X-Message-ID-Hash: 7VJY42IE2FMNDYXJH3O3RSSN3AL26CHC
X-MailFrom: 010001902c579910-f46cd7b0-3fd5-4646-b677-0095a66a385d-000000@amazonses.watsen.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netconf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "netconf@ietf.org" <netconf@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netconf] Re: Adoption call for notif-yang-04
List-Id: NETCONF WG list <netconf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/kTpRFGlSG9ffQBJ82yJGGOb71g0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Owner: <mailto:netconf-owner@ietf.org>
List-Post: <mailto:netconf@ietf.org>
List-Subscribe: <mailto:netconf-join@ietf.org>
List-Unsubscribe: <mailto:netconf-leave@ietf.org>

Hi Thomas,

> On Jun 18, 2024, at 2:02 AM, Thomas.Graf@swisscom.com wrote:
> 
> Dear Kent,
>  
> Just two comments/clarifications from my side
>  
> The udp-notif draft already uses “ietf-notification” but doesn’t have normative text for why.
>  
> I think you are refering to below text and why it is "informativ" vs. "normative". Correct?
>  
> In the -13 revision there will be also an additional example in the appendix section detailing the layering of the packet including the notification message.
>  
> I have been reading "https://datatracker.ietf.org/doc/statement-iesg-iesg-statement-normative-and-informative-references-20060419/" to judge wherever it should be normative or not. I think we agree that looking at YANG-Push notification as a whole, an implementer implementing udp-notif needs to understand RFC 8639 and therefore also draft-ahuang-netconf-notif-yang. Since RFC 8639 is already normative in draft-ietf-netconf-udp-notif, I concur that draft-ahuang-netconf-notif-yang should be normative as well. That implies that when a new notification structure is being defined, the document needs to update draft-ietf-netconf-udp-notif then. Agree?
>  
>  
> https://datatracker.ietf.org/doc/html/draft-ietf-netconf-udp-notif-12#section-3.1
>  
> As specified in Sub-Notif, the YANG data is encapsulated in a NETCONF/RESTCONF notification message, which is then encapsulated and carried using a transport protocols such as TLS or HTTP2. This document defines a UDP based transport. Figure 1 <https://datatracker.ietf.org/doc/html/draft-ietf-netconf-udp-notif-12#fig_ups_message> illustrates the structure of an UDP-Notif message. 
>   The Message Header contains information that facilitate the message transmission before deserializing the notification message.
> 
>   Notification Message is the encoded content that is transported by the publication stream. The common encoding methods are listed in Section 3.2 <https://datatracker.ietf.org/doc/html/draft-ietf-netconf-udp-notif-12#sec_ups_format>. The structure of the Notification Message is defined in Section 2.6 of [RFC8639 <https://www.rfc-editor.org/info/rfc8639>] and a YANG model has been proposed in [I-D.ahuang-netconf-notif-yang <https://datatracker.ietf.org/api/v1/doc/document/draft-ahuang-netconf-notif-yang/>]. [I-D.ietf-netconf-notification-messages <https://datatracker.ietf.org/doc/html/draft-ietf-netconf-notification-messages-08>] proposes a structure to send bundled notifications in a single message.
> 
> +-------+  +--------------+  +--------------+
> |  UDP  |  |   Message    |  | Notification |
> |       |  |   Header     |  | Message      |
> +-------+  +--------------+  +--------------+
> Figure 1 <https://datatracker.ietf.org/doc/html/draft-ietf-netconf-udp-notif-12#figure-1>: UDP-Notif Message Overview <https://datatracker.ietf.org/doc/html/draft-ietf-netconf-udp-notif-12#name-udp-notif-message-overview>

What I mean is that the udp-notif doesn’t seem to have a section like this one in the https-notif draft: https://datatracker.ietf.org/doc/html/draft-ietf-netconf-https-notif-15#section-4.1.

The idea is that each “notif" draft (udp-notif, https-notif, kafka-notif, etc.) defines how notifications are encoded, for the encodings it supports.  Ideally, for each encoding, this is done by pointing to common encoding-specific drafts, but the transport drafts ultimately have the last word.  

As an example of having the last word, the https-notif draft say that, for JSON, the module name "ietf-restconf” is replaced by "ietf-https-notif”, but this should be changed to “ietf-notification”  (Mahesh, can you do this?).

K.



> By “associated schema”, do you mean a singular schema are perhaps two schema, one for the envelop and the other for the payload?
>  
> I just wanted to share my opinion- Maybe it helps the conversation. In these conversations, I am thinking about the overall architecture first. Networks are built in layers so responsibilities and clear boundaries can be defined. Different to BMP where BGP PDU's are being mirrored and encapsulated, YANG-Push does not encapsulate (I do not find any normative references). It encodes. Therefore the entire message structure from the netconf notification header down to the subscribed content is one message. Removing the netconf notification header from the YANG-Push notification message would render the message unusable since there is no longer a message timestamp. Therefore I believe that the netconf notification header is part of the message and therefore the YANG-Push message should be treated as one message vs YANG-Push notification encapsulated into netconf notification. Keeping the integrity of the message layer.
>  
> Best wishes
> Thomas
>  
> From: Kent Watsen <kent+ietf@watsen.net <mailto:kent+ietf@watsen.net>>
> Sent: Monday, June 17, 2024 5:17 PM
> To: Rob Wilton (rwilton) <rwilton@cisco.com <mailto:rwilton@cisco.com>>
> Cc: netconf@ietf.org <mailto:netconf@ietf.org>
> Subject: [netconf] Re: Adoption call for notif-yang-04
>  
> Be aware: This is an external email.
>  
> Hi Rob, 
>  
> 
> 
> On Jun 17, 2024, at 9:45 AM, Rob Wilton (rwilton) <rwilton@cisco.com <mailto:rwilton@cisco.com>> wrote:
>  
> Hi Kent, & authors,
>  
> Sorry, I thought that I had replied to this adoption call, but no, I see that I have a draft written sitting that I failed to actually send (but will post shortly) …
>  
> But taking a few steps back here.  As I suspect folks are already aware, I am in in the process on implementing YANG push on a core router to expose the operational state.  My initial focus is on-change notifications using the JSON encoding.  From my reading of the RFCs, if you are not using RESTCONF, then no RFC currently specifies how to encode YANG notifications in JSON (or CBOR).  E.g., Andy says that the top level notification should be namespaced to ietf-restconf (as per RFC 8040, section 6.4), but given that we are not implementing RESTCONF then for the moment I’m basing the encoding on the example from the YANG JSON encoding (RFC 7951), where there is an example using “ietf-notification:notification”, which seems to makes more sense to me if the subscription isn’t bound to RESTCONF anyway.  I appreciate that this text is just an example and not normative, but I still don’t think how JSON notifications are expected to be encoded outside of RESTCONF is properly specified anywhere.
>  
> Agree that “ietf-restconf” is not a great module name when RESTCONF isn’t used.
>  
>  
> Hence, at a minimum, I believe that we need an RFC to specify how NETCONF notifications are encoded over JSON when not using RESTCONF.
>  
> The good news is that the only published use of the “ietf-restconf” module-name  (that I’m aware of) appears RFC 8040 and RFC 8650 (for *dynamic* subscriptions).  So the creep isn’t too bad.
>  
> For *configured* subscriptions, the "https-notif" and "udp-notif" drafts appear normative.  Currently the https-notif draft says to use string “letf-https-notif”, but this can (should, IMO) be changed to “ietf-notification”.  The udp-notif draft already uses “ietf-notification” but doesn’t have normative text for why.
>  
> If the “https-notif” and “udp-notif” drafts are updated to use “ietf-notification”, normalizing the module name seems mostly resolve.
>  
> 
> 
> But also considering the YANG CBOR encoding (RFC 9254), that also doesn’t seem to be particularly clear about how YANG notifications are encoded in CBOR and could probably do with some additional clarity about what namespace the root notification element belongs to, and what associated SIDs should be used.
>  
> Likely, but also not this WG’s problem  ;)
>  
> Still, to the extent the configured-subscriptions are used, the https-notif and udp-notif drafts apply.
>  
>  
> Andy is arguably right that this doesn’t mean that it is necessary to define a YANG structure for a notification, but I can see some obvious benefits in being able to define such a structure, allowing implementations to choose to generically verify the message against a YANG schema without needing to hard code it.  I.e., it seems like specifying the structure in a more programmatic way may well benefit some implementations and shouldn’t be detrimental to other implementations that want to hard code the notification handling code.  I also think that we should consider that the goal here isn’t just for the collector to be able to use the schema to validate the message and then write it to storage, but instead to propagate these messages into a message broker (e.g., Kafka) and on to other services, whilst also propagating alongside an appropriate reference to the associated schema for the entire message (i.e., the top level JSON structure including the notification fields).
>  
> By “associated schema”, do you mean a singular schema are perhaps two schema, one for the envelop and the other for the payload?
>  
> I can imagine two schema but, due to limitations in YANG, the one for the envelop would not be able to validate whole message, with the “payload" present.  I can imagine these possible solutions, all entailing app-logic on the receiver side:
>  
> 1. Receiver extracts payload from whole message and then validates them separately using, e.g., the sx:structure schema for the envelop and the YANG-notification’s module for the payload.
>  
> 2. Receiver just-in-time creates a schema that augments the YANG “notification” statement into the sx:structure, and then validates them together.
>  
> 3. Update YANG so overcome the limitation then: Receiver validates the whole message (which really just validate the envelop) then extracts the payload and validates it using the YANG-notification’s module for the payload.   [this isn’t much better than #1]
>  
> 
> 
> Finally, we are also aware that there is a desire to add some additional meta-data annotation into the notifications structure.  Not all of these are useful for all notifications and hence could be defined in other augmenting modules (but only if there is a sensible base structure defined in YANG that can be augmented), otherwise each of these extra meta-data annotations is also stuck defining a bespoke encoding for XML, JSON, & CBOR, some of which could even end up using protocol specific namespaces (e.g., for RESTCONF).
>  
> Different headers in different contexts?   This plus that https-notif and udp-notif (presumably) can be used outside of RFC 8639 configured subscriptions, could create interoperability issues.  This is why I suggested to either:
>  
> 1. Hardcode the header-fields per protocol version.  E.g., RFC 8639 == has 8639-headers, rfc8639bis has bis-headers, and so on.  This seems sensible to me.
>  
> 2) Let client-configuration specify the header-fields to be used.  This seems possible, but may impact performance.
>  
> 
> 
> Regards,
> Rob
>  
> Kent // contributor