Re: [netconf] HTTPS notifications (draft-ietf-netconf-https-notif)

"Eric Voit (evoit)" <evoit@cisco.com> Tue, 24 September 2019 14:57 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 601691200CE for <netconf@ietfa.amsl.com>; Tue, 24 Sep 2019 07:57:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=WQs9xzf1; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=LeNOxp9N
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNzEdUhR8N5l for <netconf@ietfa.amsl.com>; Tue, 24 Sep 2019 07:57:44 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D9C612001A for <netconf@ietf.org>; Tue, 24 Sep 2019 07:57:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10828; q=dns/txt; s=iport; t=1569337064; x=1570546664; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=29knUyP39ijmbATqGmv1TrCt7U+o6rCvunGO6Og+a04=; b=WQs9xzf1heIFTQaO1Pr3eX6FJNoPfSvRwFfdwQzMJtADhzNuNUkiJvZU 1JEsoibmjz9sA70rByQdtAgoYiIT4UIYH3zuX2ZOxFkHE61Xgb9T2GR3N UpLm1ApOp2QDVwTvDdVFkjNHql2T9/MTBdS3/3qL2ze3Pcxl+RUJcmHcT o=;
X-Files: smime.p7s : 3975
IronPort-PHdr: =?us-ascii?q?9a23=3AyWrS4BFdPMAiOe5+BR0uOJ1GYnJ96bzpIg4Y7I?= =?us-ascii?q?YmgLtSc6Oluo7vJ1Hb+e4w3A3SRYuO7fVChqKWqK3mVWEaqbe5+HEZON0pNV?= =?us-ascii?q?cejNkO2QkpAcqLE0r+efP0aC0mNM9DT1RiuXq8NBsdFQ=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AeAADJLYpd/5NdJa1lGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQwBAQEBAQGBVgEBAQEBAQsBgUpQA21WIAQLKgqHXwOKdoJcl3SBQoE?= =?us-ascii?q?QA1QCBwEBAQkDAQEYCwoCAQGDekUCgyEjNwYOAgMJAQEEAQEBAgEFBG2FLQy?= =?us-ascii?q?FSgEBAQMBAQEQFRkBASwJAgEECwIBCA4GAQMNIQIlCyUCBAENBQgGFIMBgR1?= =?us-ascii?q?NAw4PAQIMolYCgTiIYYFyM4J9AQEFhQ0YghAHCYE0AYFQijgYgUA/gRFGgkw?= =?us-ascii?q?+gmEBAYEuARIBCRgVCR6Cf4ImlgaXCgqCIoNBgi6BFo4gmSWOGoMYgjyCP5E?= =?us-ascii?q?CAgQCBAUCDgEBBYFoImdxcBU7gmwJRxAUgU6DcoRLSYU/c4EpiTeBIgGBIgE?= =?us-ascii?q?B?=
X-IronPort-AV: E=Sophos;i="5.64,544,1559520000"; d="p7s'?scan'208";a="636310619"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Sep 2019 14:57:43 +0000
Received: from XCH-RCD-014.cisco.com (xch-rcd-014.cisco.com [173.37.102.24]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id x8OEvhVs009713 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 24 Sep 2019 14:57:43 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-014.cisco.com (173.37.102.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 24 Sep 2019 09:57:42 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 24 Sep 2019 09:57:40 -0500
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 24 Sep 2019 09:57:40 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mDyWBMiicZamp29eXPAAR5gUYpVsd61IGHxxAMikkmR05AIi0J5jgPn72258VMQzhLNXZUMF6GUafX4Gca19bOACZLIeYpIoK0+t/FKU3sSInQuBvBr5h15fKn8deX7LzmpR6mhqkoMYy3+ICb4ZtG8VW9LSVnF1lthgB/UF/wS2xV3AhApftdTq/KafEoIaz71BugMgUPYIOajOr6ksB1AN5j8QtCGbxkQmxfpL784cMyzfeyjDQ1VYPGioJfdp7GL+UWsPXHmX4ZdZ/viIvEHTy1NhOY+DRDg+GnNx5GwvOfCSTxXKE04tZfhAZfRdTtFLwwcPDe4o3joOkSLFQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OSdCst9yBnkfXAyy811tSvGFZIx1xHQaYVlyOYCkwN8=; b=QLbv2S9QBeE8qLiF/wgBZOoxMerznsc6EIdgpP4Sc5QG2klFsmhfdW0N2UrUI6CZEo/OIC0D5ZNQMSRQcr1Jt+6zxzKw4ylLuvD/jInw2AJJ1YGAU8spIeaVE94bE3Ejm496Jetwrvx38GZVgciEGnuUtgq4/ylec7wySNIqw6mgv3n0UHAxXHUQ9LdcuEYTTCEmBttxC0J4M2kE1J6VS1rKV8hHutijpSvKiA44XwEq90YZcYZLkhR7y37bGhaYRj0Gk7xtokdGoVrIA8rOUZuMAS7BE596HCvWeybei6M0csyIyGQTyry5KmNwKjibF2swqfDRRP2ajJ1bP/HFkQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OSdCst9yBnkfXAyy811tSvGFZIx1xHQaYVlyOYCkwN8=; b=LeNOxp9Nm24bXmnxdOxF7Yn2K9mJyDie9qO2o0oYQDbB3fkG1I4rcXyv7wj3NoUddt1pBS28fjBrVI9p+wijvD8oF3lJs0XYGStJy//98HEBjLrMd/kwTcP29c4CR0kjv34t+jEC5OWS3IonzlSbc64Cce9VPNzs6MlIQQPaMOA=
Received: from BN7PR11MB2627.namprd11.prod.outlook.com (52.135.255.31) by BN7PR11MB2593.namprd11.prod.outlook.com (52.135.253.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.25; Tue, 24 Sep 2019 14:57:37 +0000
Received: from BN7PR11MB2627.namprd11.prod.outlook.com ([fe80::61c6:4b6d:cf6c:f095]) by BN7PR11MB2627.namprd11.prod.outlook.com ([fe80::61c6:4b6d:cf6c:f095%3]) with mapi id 15.20.2284.023; Tue, 24 Sep 2019 14:57:37 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Martin Bjorklund <mbj@tail-f.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, "kent@watsen.net" <kent@watsen.net>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] HTTPS notifications (draft-ietf-netconf-https-notif)
Thread-Index: AQHVcm8M1F2iC/feQE6yftH94OJ7Eac6YpMAgABf18CAABg9gIAACLaA
Date: Tue, 24 Sep 2019 14:57:37 +0000
Message-ID: <BN7PR11MB26271822672E8BAD99387030A1840@BN7PR11MB2627.namprd11.prod.outlook.com>
References: <0100016d60ab5732-3db5a046-a7b1-4386-b507-977cfa0cd25b-000000@email.amazonses.com> <20190924.084558.420273240258823379.mbj@tail-f.com> <BN7PR11MB262795493DD8079F2A3D02EDA1840@BN7PR11MB2627.namprd11.prod.outlook.com> <20190924.155545.1143100128662277152.mbj@tail-f.com>
In-Reply-To: <20190924.155545.1143100128662277152.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com;
x-originating-ip: [173.38.117.75]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cb211a2d-b7bf-44c7-256a-08d740ff8a05
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(49563074)(7193020); SRVR:BN7PR11MB2593;
x-ms-traffictypediagnostic: BN7PR11MB2593:
x-microsoft-antispam-prvs: <BN7PR11MB2593F9C40A8D677793075526A1840@BN7PR11MB2593.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0170DAF08C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(346002)(39860400002)(136003)(396003)(199004)(189003)(33656002)(7110500001)(55016002)(14454004)(5660300002)(86362001)(7736002)(6306002)(9686003)(6246003)(4326008)(305945005)(478600001)(52536014)(66066001)(966005)(25786009)(486006)(99936001)(8676002)(81156014)(74316002)(8936002)(81166006)(14444005)(256004)(186003)(2906002)(476003)(26005)(76176011)(446003)(71200400001)(6116002)(102836004)(3846002)(71190400001)(15650500001)(2501003)(6506007)(2420400007)(6436002)(99286004)(76116006)(66476007)(110136005)(11346002)(66946007)(66556008)(316002)(66446008)(64756008)(229853002)(7696005)(66616009); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2593; H:BN7PR11MB2627.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: /JP5Qm0AgERBv3hIvE5JZljMbA3Lfy8ZA8F5OBOtl0hE91Myz0FmJW1hDwbYAed/eoT1KNiv2i6UUVTjJOE6ukzL6LlYHru5dBSjWnvxW9Wtq+g3Wct1juv9YHPHrQwzWdAQlGWQyg6CbKpd+H9oFnyYh3BYf5Br1PgC2r46HGWvPww1XVwYwkpsftBxcAMkc5dRj57jeDtKe3NK95g9blJeGiuybeiLCDmeTMrfJDjo9K7QLk5p4J0s8Zxh+iOyXGC3ss0XjihbvkQAXk1qozEhl+BsE4qCESkD2HAszX5DXpujZgPEUZzY1lRuybM+L4O0mOGjty+r5gpVZhfF+tD+RgOhfDhPZjR6MNH4Oyt2GbU2ZcknK1lSlsY1MnXFAVZ6jpd3vvxtAfap1JvD4Tv/mg5B1owK+bKpZBO2Uus=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0145_01D572C6.2CACF080"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: cb211a2d-b7bf-44c7-256a-08d740ff8a05
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2019 14:57:37.2265 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8S3EJgrIFyqo8Dv208iW/GPeBDarbafW0BPHjGrAIA4gnVmLQQVmxhzlhZK3orAB
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2593
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.24, xch-rcd-014.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/lz0xDMsKBOxZj3EysXVk_PYd0jA>
Subject: Re: [netconf] HTTPS notifications (draft-ietf-netconf-https-notif)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 14:57:48 -0000

> From: Martin Bjorklund, September 24, 2019 9:56 AM
> 
> "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> >
> >
> > > > From the email I sent Martin on Sep 9th, each POST MAY contain
> > > > more than one notification:
> > >
> > > .... to which I replied:
> > >
> > >   I'm not so sure about the streaming though.
> > >   Perhaps pipelining is the right mechanism.  For "bulk" sending, the
> > >   "bundled-message" defined in
draft-ietf-netconf-notification-messages
> > >   seems right.
> > >
> > > To clarify: if the client just sends a stream of notifs it becomes a
> > variant of
> > > SSE.  The server doesn't know when the stream will end, and thus
> > > cannot simply close the session.  You probably want to indicate
> > > end-of-message somehow (like in SSE).  And the content type in the
> > > example below cannot be "application/yang-data+xml", since it is not
> > > a valid XML instance document; you'd have to invent a new media type
> to indicate the streaming.
> > >
> > > I think we should stick to simple HTTP where each notif is POSTed,
> > > as in
> > your
> > > diagaram above.  With HTTP pipelining you can do:
> > >
> > > ------> establish TCP
> > > ------> establish TLS
> > > ------> Send HTTPS POST message with YANG defined notification 1
> > > ------> Send HTTPS POST message with YANG defined notification 2
> > > <-----Send 204 (No Content) for 1
> > > <-----Send 204 (No Content) for 2
> > >
> > > ------> Send HTTPS POST message with YANG defined notification 3
> > > <-----Send 204 (No Content) for 3
> > >
> > >
> > > If the server wants to send multiple notifs at once, it can use
> > > "bundled- message".
> >
> > This seems a reasonable approach.
> > draft-ietf-netconf-notification-messages
> > has several advantages:
> > (1) can push multiple YANG notifications at once
> > (2) can include the subscription-id in notifications when subscribing
> > to a stream.  (Right now including an explicit subscription-id is only
> > available when subscribing to a datastore.)
> > (3) includes methods to discover lost/dropped notifications
> >
> > Two things which would need to be worked:
> > (1) discovering receiver support for bundled notifications.  (As some
> > form of understanding/verifying configured receiver support over HTTP
> > is already needed, this is a topic which perhaps can be merged into
> > that.)
> 
> This can be configured or auto-detected.  For auto-detection, perhaps we
> can use HTTP OPTIONS with the server returning a special body or header to
> indicate capabilities such as this one?

The method previously proposed for HTTP configured subscriptions was an "OK"
to the POST of a <subscription-started>.  The "OK" had to be received prior
to sending YANG notifications.  If the authors want to build upon this, I
could see HTTP OPTIONS as a way to provide receiver capabilities.  Some
discussion about what capabilities would be advertisable as options would be
worthwhile.  Also worth discussion would be any intersections with
NETCONF/RESTCONF capabilities discovery/exchange.

Eric
 
> > (2) Completion of draft-ietf-netmod-yang-data-ext
> 
> Yes!  IMO it is ready for WGLC; I'll ping the chairs again.
> 
> 
> /martin
> 
> 
> 
> >
> > Eric
> >
> > > /martin
> > >
> > >
> > > >
> > > >     POST /some/path HTTP/1.1
> > > >     Host: my-receiver.my-domain.com <http://my-receiver.my-
> > > domain.com/>
> > > >     Content-Type: application/yang-data+xml
> > > >
> > > >     <notification
> > > >       xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
> > > >       <eventTime>2019-03-22T12:35:00Z</eventTime>
> > > >       <foo xmlns="https://example.com
> > > >       <https://example.com/>/my-foobar-module">
> > > >         ...
> > > >       </foo>
> > > >     </notification>
> > > >
> > > >     <notification
> > > >       xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
> > > >       <eventTime>2019-03-22T12:35:00Z</eventTime>
> > > >       <bar xmlns="https://example.com
> > > >       <https://example.com/>/my-foobar-module">
> > > >         ...
> > > >       </bar>
> > > >     </notification>
> > > >
> > > >     <notification
> > > >       xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
> > > >       <eventTime>2019-03-22T12:35:00Z</eventTime>
> > > >       <baz xmlns="https://example.com
> > > >       <https://example.com/>/my-foobar-module">
> > > >         ...
> > > >       </baz>
> > > >     </notification>
> > > >
> > > >
> > > > With response:
> > > >
> > > >       HTTP/1.1 204 No Content
> > > >       Date: Thu, 26 Jan 2017 20:56:30 GMT
> > > >       Server: my-receiver.my-domain.com
> > > > <http://my-receiver.my-domain.com/>
> > > >
> > > >
> > > > Kent // co-author
> > > >
> > > >
> > >
> > > _______________________________________________
> > > netconf mailing list
> > > netconf@ietf.org
> > > https://www.ietf.org/mailman/listinfo/netconf