IETF Logo Mail Archive

Re: [Netconf] Anyone want just Configured Subscriptions? (was RE: LC on subscribed-notifications-10)

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 05 July 2018 23:08 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA19B130E13 for <netconf@ietfa.amsl.com>; Thu, 5 Jul 2018 16:08:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pVqwfuJBUfg1 for <netconf@ietfa.amsl.com>; Thu, 5 Jul 2018 16:08:44 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7706130DF5 for <netconf@ietf.org>; Thu, 5 Jul 2018 16:08:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5846; q=dns/txt; s=iport; t=1530832124; x=1532041724; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=uRK/6Cwu+Rf1Q5w0/OhJ1Zj5C+6AvxNSd76EaSJJLXs=; b=dMDe9AYbA9muJH20UM9JkM+DVisMG4qqVOySaZeoRemm+xBbn5H4+E4R FcF+W1BQ7UEscWR4IpA9Q14q9/uZkWdQ3YeCdyqyisY/xW5tFxO9GPLsE f41ivkpVSSkMV1omRWgaVYAu5TlW449M3R2DNtaCqlFZ91WzSk3QPunSJ w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D9AwCgpD5b/4oNJK1SAQkaAQEBAQECAQEBAQgBAQEBgx8qYn8yg3CIBIw1ggeDOJF4FIFmC4RsAheCFiE0GAECAQECAQECbSiFNgEBAQMBIxFDAgULAgEIDgcFAgkWBwICAjAVEAIEAQ0Ngk1MgXcIqXGCHIhQgTqBC4ZLgReBVj+BD4JhLoRPARKDGYJVAoFPl30JAo8WjV+RYgIREwGBJB04gVJwFYMlgiMXEY4GjxGBGgEB
X-IronPort-AV: E=Sophos;i="5.51,314,1526342400"; d="scan'208";a="139201006"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Jul 2018 23:08:43 +0000
Received: from XCH-RTP-011.cisco.com (xch-rtp-011.cisco.com [64.101.220.151]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id w65N8hQf015049 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 5 Jul 2018 23:08:43 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-011.cisco.com (64.101.220.151) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 5 Jul 2018 19:08:42 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1320.000; Thu, 5 Jul 2018 19:08:42 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Kent Watsen <kwatsen@juniper.net>, Andy Bierman <andy@yumaworks.com>
CC: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] Anyone want just Configured Subscriptions? (was RE: LC on subscribed-notifications-10)
Thread-Index: AQHUC7Bk2NEfjxedcUmM/mAqvL2qMaRxMGsAgABNWwCACxi18IABmkaAgAGYmoD//77DcIABoTAA///VGaCAAGgzgP//2i4Q
Date: Thu, 05 Jul 2018 23:08:42 +0000
Message-ID: <04c12295eafa4ae38d240817aefb792f@XCH-RTP-013.cisco.com>
References: <4df95162a0a8464b884c4e88268df8ca@XCH-RTP-013.cisco.com> <DBD6B0CC-FE74-4C5A-A318-C96C8FBE11FE@sit.fraunhofer.de> <858F63BA-37A2-4925-B340-4DD79CEBEEF9@juniper.net> <CABCOCHTux6+pW=0xhPsgVKWqAr5uNKTNW-Qgv5CpV06Ki1hd-g@mail.gmail.com> <8c68a8ce85d946579f325e311a8e67a9@XCH-RTP-013.cisco.com> <D9AB67AB-A0B2-4D04-8672-76B704800C86@juniper.net> <CABCOCHQjYHYomj1ES+0bH2pOaJZ4Wa_z3suQiJpASmDXP35teg@mail.gmail.com> <2707704d84354cb784e0d2ae001bc599@XCH-RTP-013.cisco.com> <FF87E28E-5BC4-424A-84B0-C54DF0C49E02@juniper.net> <43507a18831540f195c9c2179c781155@XCH-RTP-013.cisco.com> <796FAB55-5BFE-41A2-A447-6E65A552D76C@juniper.net>
In-Reply-To: <796FAB55-5BFE-41A2-A447-6E65A552D76C@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.56.230]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/nJCJmuKuLbeaSKOBG_4YmRYeFeE>
Subject: Re: [Netconf] Anyone want just Configured Subscriptions? (was RE: LC on subscribed-notifications-10)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 23:08:47 -0000

> From: Kent Watsen, July 5, 2018 4:19 PM
> 
> 
> > My undefined point was that leaving NETCONF-Notif open means that  we
> > don't progress sections 3, 4, 5.1, 6, 7 , & 10 of
> > draft-ietf-netconf-netconf-event-notifications towards RFC.
> > These sections contain the needed requirements for dynamic
> > subscriptions.
> 
> I see, that's too bad, as I was hoping that we could just not progress the "notif"
> documents at all.  Let's review these sections to see what's possible:
> 
>   Section 3: yes, it seems like this needs to be said.  Though I
>   think a case is missing: establish-subscription RPC cannot be
>   sent on a session on which create-subscription is active, right?

To make it perfectly clear, I updated bullet #2 to:

It is a prohibited to accept an establish-subscription request, or send either updates or state change notifications for a configured subscription on a NETCONF session where the create-subscription RPC has successfully [RFC5277] created subscription.

>   Section 4: the first paragraph would now no longer be needed.

Yes

>   The 2nd paragraph seems like it should be moved to SN Section
>   2.1.  

No, the NETCONF stream is not a MUST for non-NETCONF or non-RESTCONF publishers.  E.g.: draft-birkholz-yang-core-telemetry

>  Is the 3rd paragraph needed? - YP already requires
>   ietf-datastore to be implemented, and the nmda-netconf draft
>   requires that <operational> be supported...

It could be removed as the requirement is inherited through the YANG models.  As drafts over in core are looking at YANG push for CoMI defined datastores (i.e., draft-birkholz-yang-core-telemetry), I thought it couldn't hurt to make it clear.

>   Section 5.1: the first paragraph seems obvious, 

For HTTP transport, it can be ok to lose the transport session and leave up the subscription.  (This can improve scale)   So better to make it explicit.

>   but also I think
>   the word "deleted" is wrong, since there is nothing to delete,
>   should this be rephrased?

There is a delete-subscription RPC.  Why is it wrong?

>   Section 6: the 1st paragraph seems okay.  The 2nd paragraph
>   seems okay for dynamic subscriptions, but this section applies
>   to configured subscriptions too, from which there isn't an
>   "establish-subscription" - right?

True.  To clarify the 2nd paragraph, tweaked the words to:

"For dynamic subscriptions, all notification messages MUST use the NETCONF transport session used by the "establish-subscription" RPC."

>   Section 7: First, it seems like much of this section (and s3.3
>   in restconf-notif) could be moved to the SN draft.

This is not the case, as the mapping is NETCONF specific.  Non NETCONF/RESTCONF transports will not necessarily use this mapping.

>   That said,
>   I think that the 1st paragraph should remove the reference to YP
>   draft, since YP just augments the SN draft. 

There is an additional non-augmented RPC in YANG-Push:  resynch-subscription.

>  Regarding the 4th
>   bullet point following the first paragraph, I think that it is
>   sufficient to just identify that a suitable base identity must
>   be returned (i.e., lose the refs to Sections 2.4.6 and A.1).

That is the way I initially had it.  Martin requested that these be made explicit during his review.

>   The 2nd paragraph seems to be defining a non-standard way to
>   encode identities (red flag).

This also was at Martin's request.  It is not non-standard as it simply describes the encoding of an error string.

>   Section 10: the 1st paragraph is not a security consideration
>   (move to Section 5?).  

Moved into 5.2.

>  The 2nd paragraph articulates a valid
>   concern, but it seems to apply to all transports (although
>   missing in the restconf-notif draft) and so should be moved
>   to the SN draft? 

As the mechanism for mitigating certain DDoS vectors is transport specific, the transport drafts seemed a better place.  

If you are good with it staying as a transport mechanism, I will add corresponding text to RESTCONF-Notif.

>   The 3rd paragraph could be removed, since it
>   isn't for dynamic subscriptions.

Yes.

Eric

> Thoughts?
> 
> Kent // contributor

v2.23.0 | Report a Bug | By Email