[netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-yang-push-23: (with DISCUSS and COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Wed, 01 May 2019 19:08 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: netconf@ietf.org
Delivered-To: netconf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 133D112008D; Wed, 1 May 2019 12:08:24 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-netconf-yang-push@ietf.org, Kent Watsen <kent+ietf@watsen.net>, netconf-chairs@ietf.org, kent+ietf@watsen.net, netconf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.95.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <155673770403.950.6197744294924652887.idtracker@ietfa.amsl.com>
Date: Wed, 01 May 2019 12:08:24 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/qW61tun1sKl_tQGw6eMYaXgaf-8>
Subject: [netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-yang-push-23: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 May 2019 19:08:24 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-netconf-yang-push-23: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-netconf-yang-push/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Note that I reviewed the -22 and the current version is -23. Briefly skimming the diff, it seems that some changes touch on points I make in my review, but there is probably still discussion to have on them. (pro-forma) I see the GenArt reviewer noted the author count (seven) already, but I couldn't find a response or note in the ballot or shephert writeup acknowledging this. So failing that, I'll put up a discuss point until the responsible AD says it's fine. [See also discussion on draft-ietf-netconf-subscribed notifications about the pre-RFC5378 boilerplate and whether or not it can be removed from this document] Section 3.3 states: In order for a subscriber to determine whether objects support on-change subscriptions, objects are marked accordingly on a publisher. Accordingly, when subscribing, it is the responsibility of the subscriber to ensure it is aware of which objects support on- change and which do not. For more on how objects are so marked, see Section 3.10. Chasing the reference, we see that this marking is left for future work or implementation-specific usage. I'm not very comfortable with the way we are describing this situation, as it seems pretty fragile in the face of different implementations trying to interoperate. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for the very thoughtful document! I've lost track of the number of places where I started writing a comment only to note that my concern had already been addressed in the following text. In general the writing style is great, though I did find some grammar and clarity nits (noted inline). Abstract Providing such visibility into updates enables new capabilities based on the remote mirroring and monitoring of configuration and operational state. This phrasing ("new capabilities based on") is hard for me to follow, particularly about whether these are protocol-level capabilities and what actors are granted the new capabilities. Section 1 Traditional approaches to providing visibility into managed entities from remote have been built on polling. [...] nit: "remote" is an adjective and needs a noun to bind to; "from remote systems", "from remote vantages", or "from afar" would all be fine wordings here. o Polling incurs significant latency. This latency prohibits many application types. nit: I'd suggest wording as "types of application", since on my first reading I thought this was referring to some sort of codepoint. o Polling cycles may be missed, requests may be delayed or get lost, often when the network is under stress and the need for the data is the greatest. nit: the grammar is a bit weird, here, as if a comma splice. I think replacing the first comma with a colon or em dash would suffice. o Datastore node update: A data item containing the current value of a datastore node at the time the datastore node update was created, as well as the path to the datastore node. Is this storing the "new" or the "old" value as the "current value"? Section 3.1 + Dampening period: In an on-change subscription, detected [...] is included. The dampening period goes into effect every time an update record completes assembly. Just to double-check: this means that after a long hiatus, the first change to the monitored subtree(s) triggers an immediate push with just the single update, and only then does the dampening period kick in and defer delivery of potential subsequent updates? Section 3.5.2 This bit about the "create" and "delete" errors from RFC 8072 Section 2.5 not being errors in our usage is a little interesting, process-wise. In one sense, we are changing the semantics of an already published RFC, and would need to apply an "Updates:" relationship to indicate that, but in the other sense we are building a new custom thing that reuses a lot of the syntax/semantics of YANG patch but is fundamentally a new (different) thing. The phrasing we use to talk about it can affect which case the reader perceives us to be in... The discussion on the "change-type" enumeration seems to pretty clearly place us in the latter case, which is good. Section 3.6 Thank you for the note about the power of XPath expressions and the duty of the receiver to understand what it's asking for -- that sort of statement would potentially even be appropriate in the Security Considerations (but is fine where it is)! Section 3.7 Of note in the above example is the 'patch-id' with a value of '0'. Per [RFC8072], the 'patch-id' is an arbitrary string. With YANG Push, the publisher SHOULD put into the 'patch-id' a counter starting at '0' which increments with every 'push-change-update' generated for a subscription. If used as a counter, this counter MUST be reset to '0' anytime a resynchronization occurs (i.e., with the sending of a 'push-update'). Also if used as a counter, the counter MUST be reset to '0' after passing a maximum value of '4294967295' (i.e. maximum value that can be represented using uint32 data type). Such a mechanism allows easy identification of lost or out-of-sequence update records. It's not really clear to me how much value there is in this counter mechanism if the client' can't rely on the server's behavior actually being to use a counter (the requirement is only "SHOULD"). Can this be a "MUST" (or maybe "MUST excpet when [...]") instead? Section 3.9 Empty "push- change-update" messages (in case of an on-change subscription) MUST NOT be sent. This is required to ensure that clients cannot surreptitiously monitor objects that they do not have access to via carefully crafted selection filters. By the same token, changes to objects that are filtered MUST NOT affect any dampening intervals. I appreciate this attention to security-relevant detail; thank you! Section 3.11.1 Do we want to give any guidance for the "incomplete-update" case about whether a subscriber should wait and give the publisher a chance to provide a full "push-update" for resynchronization (per Section 4.3.2) versus perform a normal query for the datastore contents and effectuating its own resynchronization? Section 4.2 o For on-change subscriptions, assuming any dampening period has completed, triggering occurs whenever a change in the subscribed information is detected. On-change subscriptions have more complex semantics that is guided by its own set of parameters: nit: singular/plural mismatch "semantics"/"is" Section 4.3.2 A "time-of-update" which represents the time an update record snapshot was generated. A receiver MAY assume that at this point in time a publisher's objects have the values that were pushed. nit: I think "had the values" (past tense) is more appropriate. Section 4.4.1 a publisher that cannot serve on-change updates but periodic updates might return the following NETCONF response: nit: "but can serve periodic updates" Section 4.4.2 The specific parameters to be returned in as part of the RPC error response depend on the specific transport that is used to manage the subscription. For NETCONF, those parameters are specified in [I-D.draft-ietf-netconf-netconf-event-notifications]. nit: "in" and "as part of" are redundant. Section 5 It is slightly interesting to note that (apparently) the update-policy-modifiable grouping allows for a subscription to switch between periodic and triggered at runtime (by virtue of wanting a single grouping to cover all the cases and needing to be able to modify the parameters for each case). I would mostly expect implementations to deny such modification requests due to the needed complexity, but I'm also not sure that there's a need to mention this explicitly in the document. leaf period { type centiseconds; mandatory true; description "Duration of time which should occur between periodic push updates, in one hundredths of a second."; It would probably be okay to skip "in one hundredths of a second" given the usage of the centiseconds typedef. rc:yang-data resync-subscription-error { container resync-subscription-error { description "If a 'resync-subscription' RPC fails, the subscription is not resynced and the RPC error response MUST indicate the reason for this failure. This yang-data MAY be inserted as structured data within a subscription's RPC error response to indicate the failure reason."; It's a little weird to have the normative language here constraining the RPC error response that must be returned for a specific RPC, since this is not the description of that RPC. (It's probably also duplicating langauge elsewhere but I didn't double-check.) rc:yang-data establish-subscription-datastore-error-info { container establish-subscription-datastore-error-info { description "If any 'establish-subscription' RPC parameters are unsupportable against the datastore, a subscription is not created and the RPC error response MUST indicate the reason why the subscription failed to be created. This yang-data MAY be inserted as structured data within a subscription's RPC error response to indicate the failure reason. This yang-data MUST be inserted if hints are to be provided back to the subscriber."; (ditto) Contrast to modify-subscription-datastore-error-info, which only has normative language about the yang-data being described and not the RPCs that (might) use it. nit: push-update and push-change-update use different langauge about "does not constitute a general-purpose notification" and I'm not sure there's a reason to diverge. Their "incomplete-update" leaves also have divergent descriptions, but I think that latter divergence is more reasonable. augment "/sn:subscription-modified/sn:target" { [...] case datastore { uses datastore-criteria { refine "selection-filter/within-subscription" { description "Specifies where the selection filter, and where it came from within the subscription and then populated within this notification. If the 'selection-filter-ref' is nit: "where the selection filter" seems like an incomplete clause.
- [netconf] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk via Datatracker
- Re: [netconf] Benjamin Kaduk's Discuss on draft-i… Alexander Clemm
- Re: [netconf] Benjamin Kaduk's Discuss on draft-i… Benjamin Kaduk
- Re: [netconf] Benjamin Kaduk's Discuss on draft-i… Alexander Clemm
- Re: [netconf] Benjamin Kaduk's Discuss on draft-i… Eric Voit (evoit)
- Re: [netconf] Benjamin Kaduk's Discuss on draft-i… Alexander Clemm