IETF Logo Mail Archive

Re: [Netconf] HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)

"Eric Voit (evoit)" <evoit@cisco.com> Wed, 11 July 2018 15:16 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D33C124D68 for <netconf@ietfa.amsl.com>; Wed, 11 Jul 2018 08:16:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Ow9rAA5wFr9 for <netconf@ietfa.amsl.com>; Wed, 11 Jul 2018 08:16:00 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 713A4130DFD for <netconf@ietf.org>; Wed, 11 Jul 2018 08:16:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5220; q=dns/txt; s=iport; t=1531322160; x=1532531760; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=rXkNKzemSReT3Y4mHqgAvrQUNHGUzQKDwh79ibQxQKQ=; b=SJgZpYjY+eAajxKj0mNiZgnEnYCL9aHyJtf6Nf5VfZXYiC0VGe8aIaZR MrhpebtTtEo/GxVa83FVimf070UnTcb3METVjSjQkl7P1KlVMpCKPoPM5 kZCbgrmiZHBMimztVwGnh72LOLPUlmMyR8cebKiYrahyB8J4aZEfihGfq s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CbAACNHkZb/4QNJK1ZAxkBAQEBAQEBAQEBAQEHAQEBAQGDSWN/Mot0jDiCC5UyFIFmCx+ETQKCPSE0GAECAQECAQECbRwMhTYBAQEBAgE6DTIFCQICAQgOAgUDDREFCxsXJQEBBA4NEQKDBoF3CKtCgyWGWwUFiHmBVz+BEIMRhEgBEgEHAjcmhQ8CmVcJAo8dgUuGe4UjkWsCERMBgSQdOGFxcBU7gmqCTINnih+MGIEfgRoBAQ
X-IronPort-AV: E=Sophos;i="5.51,338,1526342400"; d="scan'208";a="204242507"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jul 2018 15:15:59 +0000
Received: from XCH-RTP-011.cisco.com (xch-rtp-011.cisco.com [64.101.220.151]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id w6BFFwT8001476 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 11 Jul 2018 15:15:59 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-011.cisco.com (64.101.220.151) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 11 Jul 2018 11:15:58 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1320.000; Wed, 11 Jul 2018 11:15:58 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: Lou Berger <lberger@labn.net>, Kent Watsen <kwatsen@juniper.net>, Netconf <netconf@ietf.org>
Thread-Topic: HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)
Thread-Index: AdQYqhJAfRhRABCKSmSEYThB7pSKSAAUrocAAAnSZFA=
Date: Wed, 11 Jul 2018 15:15:58 +0000
Message-ID: <3a07a3b121ed4bf589544ba94c3e4c66@XCH-RTP-013.cisco.com>
References: <e9905b9899db49539b0aa8afc5491f45@XCH-RTP-013.cisco.com> <20180711055154.qzmg2ofdid5dog7y@anna.jacobs.jacobs-university.de>
In-Reply-To: <20180711055154.qzmg2ofdid5dog7y@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.35.164.34]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/oj_NDFWZpgDmVTJ1kD-OJrwnRe0>
Subject: Re: [Netconf] HTTP2 configured subscriptions, is RESTCONF call home necessary? (was RE: Anyone want just Configured Subscriptions?)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 15:16:04 -0000

> From: Juergen Schoenwaelder, july 11, 2018 1:52 AM
> 
> On Wed, Jul 11, 2018 at 12:15:45AM +0000, Eric Voit (evoit) wrote:
> > > From: Juergen Schoenwaelder, July 10, 2018 6:43 PM
> > >
> > > On Tue, Jul 10, 2018 at 10:27:23PM +0000, Eric Voit (evoit) wrote:
> > > > > From: Lou Berger, July 10, 2018 4:43 PM
> > > > >
> > > > > On 7/10/2018 4:37 PM, Kent Watsen wrote:
> > > > > >
> > > > > >> So in short, after RFC 8071 call home, you get NC/RC client
> > > > > >> and server starting with a <hello> exchange. Ideally, the
> > > > > >> client would indicate its readiness to receive unsolicited
> > > > > >> notifications before you push notifications to the client
> > > > > >> (and the notification sender may even be interested to know
> > > > > >> that it is sending notifications to a remote system that does not
> just drop them).
> > > > > >> So either the clients invokes an RPC to start the
> > > > > >> notification flow or, if you want to optimize one round trip,
> > > > > >> the client includes a special
> > > > > >>
> > > > > >>   :willing-to-receive-unsolicited-notifications
> > > > > >>
> > > > > >> capability in the <hello> exchange.
> > > > > > I agree that a client-advertised capability would be goodness
> > > > > > here, but it only works for NC-clients, there is no corollary for RC-
> clients.
> > > > > >
> > > > > > Maybe clients should send a "willing-to-receive-unsolicited-
> notifications"
> > > > > > RPC instead?
> > > > > or an an error when an unsolicited notification is received by a
> > > > > client that doesn't support it.
> > > > > (optimizing for what I think suspect will be the common case in
> > > > > the long
> > > > > term...)
> > > >
> > > > Effectively this is what draft-ietf-netconf-restconf-notif,
> > > > section 4.2 defines
> > > now.  A successful POST of a "subscription-started" notification
> > > must occur before events are sent.  Failure to receiver an OK for
> > > the POST means an error to the publisher.
> > > >
> > > > Some form of RESTCONF Call Home with capability advertisement
> > > > could also
> > > occur before the "subscription-started" POST.  However this
> > > advertisement of client capabilities might not be needed for all
> implementations.
> > > >
> > >
> > > I fail to understand section 4.2. The first sentence already leaves
> > > me
> > > puzzled:
> > >
> > >    With HTTP2 connectivity established, a POST of each new
> > >    "subscription-started" state change notification messages will be
> > >    addressed to HTTP augmentation code on the receiver capable of
> > >    accepting and acknowledging to subscription state change
> > >    notifications.
> > >
> > > What does this say? And why is this HTTP2 specific? The publisher is
> > > the RC server, no?
> >
> > Actually no.  This specification does not use RESTCONF for configured
> > subscriptions.  (See other email I just sent to Kent.)
> 
> OK. So you have a solution for sending dynamic subscriptions via RC but no
> solution for sending configured subscriptions via RC since you are actually
> inventing a new protocol for this (which for some unknown reason requires
> HTTP/2).

It has been since IETF 96/97 since we discussed this on the list.   The basics are:

(a) There is no bi-directional signaling with configured subscriptions, hence no need for RESTCONF.  This simplifies interactions, and widens the possible device list.

(b) With HTTP2 there is no need for SSE.  Each subscription becomes its own HTTP2 POST.

(c) With HTTP2 there is no head-of-line blocking between independent subscriptions.
 
> > > So the RC server does HTTP transactions agains the client? This does
> > > not seem to have anything to do with how the call home RFC works.
> > >
> > > I am not saying that what Figure 3 shows won't work, it just has
> > > nothing to do with call home. You are reversing the RC client and
> > > server roles, call home only reverses the connection establishment
> roles. Big difference.
> >
> > Yes this is a big difference.  Especially as RESTCONF is removed as well for
> configured subscriptions.
> >
> > Per the other thread, I am actually quite fine with removing call home for
> configured subscriptions if nobody else sees a need for the receiver to
> initiate this connection.  That would make life simpler.
> >
> 
> The receiver? I read in 4.1:
> 
>    If the above conditions are met, then the publisher MUST initiate a
>    transport session via RESTCONF call home [RFC8071], section 4.1 to
>    that receiver.
> 
> Still puzzled.

Yes, this needs to be updated.  Per the other thread, this requirements statement is left in as a proxy for what type of connection establishment (with underlying security mechanisms) might be required for the HTTP2 connection.   I.e., the HTTP2 still needs to go over TLS, how do we accomplish this.

Eric
 
> /js
> 
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email