Re: [netconf] AD review of draft-ietf-netconf-tcp-client-server-16
"Scharf, Michael" <Michael.Scharf@hs-esslingen.de> Thu, 06 July 2023 09:23 UTC
Return-Path: <Michael.Scharf@hs-esslingen.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0604C1522DB; Thu, 6 Jul 2023 02:23:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.794
X-Spam-Level:
X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hs-esslingen.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W9NwhKCJ1ST3; Thu, 6 Jul 2023 02:23:38 -0700 (PDT)
Received: from mail.hs-esslingen.de (mail.hs-esslingen.de [134.108.32.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58DD2C14CE38; Thu, 6 Jul 2023 02:23:37 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.hs-esslingen.de (Postfix) with ESMTP id C99F425A1A; Thu, 6 Jul 2023 11:23:34 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hs-esslingen.de; s=mail; t=1688635414; bh=dghoFUK4MQnEu6mhAz+af9HTiS0gwyT1FtYEdpJCfRg=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=Nem7755k8AvxICdy7d+g4RDBkoEae7zZBmhOpEa4obOOipaIsZl6p5mL+K8iVrKk/ Btua1e9MFpuJ07Eza+i/BScjQlODwlUYg+mG84jc/umJNG9vTliYWmeVmwKnVj4WOD 3T5k1BnWGLnuZUW4mFwam9n7Wdd9maBVSJhGl574=
X-Virus-Scanned: by amavisd-new-2.7.1 (20120429) (Debian) at hs-esslingen.de
Received: from mail.hs-esslingen.de ([127.0.0.1]) by localhost (hs-esslingen.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vyVGeOtUc9s8; Thu, 6 Jul 2023 11:23:33 +0200 (CEST)
Received: from rznt8202.rznt.rzdir.fht-esslingen.de (rznt8202.hs-esslingen.de [134.108.48.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.hs-esslingen.de (Postfix) with ESMTPS; Thu, 6 Jul 2023 11:23:33 +0200 (CEST)
Received: from rznt8202.rznt.rzdir.fht-esslingen.de (134.108.48.165) by rznt8202.rznt.rzdir.fht-esslingen.de (134.108.48.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 6 Jul 2023 11:23:33 +0200
Received: from rznt8202.rznt.rzdir.fht-esslingen.de ([fe80::aca4:171a:3ee1:57e0]) by rznt8202.rznt.rzdir.fht-esslingen.de ([fe80::aca4:171a:3ee1:57e0%3]) with mapi id 15.01.2507.027; Thu, 6 Jul 2023 11:23:33 +0200
From: "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>
To: Kent Watsen <kent+ietf@watsen.net>, "Rob Wilton (rwilton)" <rwilton=40cisco.com@dmarc.ietf.org>
CC: "netconf@ietf.org" <netconf@ietf.org>, "draft-ietf-netconf-tcp-client-server.all@ietf.org" <draft-ietf-netconf-tcp-client-server.all@ietf.org>, "tcpm@ietf.org Extensions" <tcpm@ietf.org>
Thread-Topic: [netconf] AD review of draft-ietf-netconf-tcp-client-server-16
Thread-Index: AdmoQBXcCyJkTc9HQLKZz3b45CwgwwHASDeAACmdB8A=
Date: Thu, 06 Jul 2023 09:23:33 +0000
Message-ID: <5a7fe26fbd324cf78a74e104941f72cd@hs-esslingen.de>
References: <BY5PR11MB419654EA6A355DBE29D739D7B526A@BY5PR11MB4196.namprd11.prod.outlook.com> <0100018926953adf-731925f4-8e95-49de-a1a8-ab346a9da1b8-000000@email.amazonses.com>
In-Reply-To: <0100018926953adf-731925f4-8e95-49de-a1a8-ab346a9da1b8-000000@email.amazonses.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [134.108.140.249]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/quG-xtZsKsSF4IO0tC3slWq0aO4>
Subject: Re: [netconf] AD review of draft-ietf-netconf-tcp-client-server-16
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jul 2023 09:23:43 -0000
Hi all,
Please see inline some comments on the pending issues. I have removed the points that are apparently resolved already.
> > Moderate level comments:
> >
> > (2) p 7, sec 2.2. Example Usage
> >
> > <tcp-common xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-common">
> > <keepalives>
> > <idle-time>15</idle-time>
> > <max-probes>3</max-probes>
> > <probe-interval>30</probe-interval>
> > </keepalives>
> > </tcp-common>
> >
> > I note that your example (and the subsequent ones) uses significantly
> shorter times than those recommended in the prose above. Should the idle
> time be greatly increased in the example? Or further text be included to justify
> or explain this example?
>
> Michael (co-author), I believe that you wrote this text. Can you guide us here?
>
> <snip>
> Given the cost of keep-alives, parameters have to be configured
> carefully:
>
> * The default idle interval (leaf "idle-time") MUST default to no
> less than two hours, i.e., 7200 seconds [RFC1122]. A lower value
> MAY be configured, but keep-alive messages SHOULD NOT be
> transmitted more frequently than once every 15 seconds. Longer
> intervals SHOULD be used when possible.
> </snip>
Good catch. Out of my head, these values have been used in the draft since day one, i.e., before the reference to RFC 1122 was added.
It makes sense to use more conservative values in the example. A proposal would be:
<tcp-common xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-common">
<keepalives>
<idle-time>7200</idle-time>
<max-probes>9</max-probes>
<probe-interval>75</probe-interval>
</keepalives>
</tcp-common>
These are the defaults in the Linux kernel 6.1.0 (tested using Debian 12), i.e., I guess that order of magnitude is somewhat common.
> > Minor level comments:
> >
> > (8) p 6, sec 2.1.5. Guidelines for Configuring TCP Keep-Alives
> >
> > * The default idle interval (leaf "idle-time") MUST default to no
> > less than two hours, i.e., 7200 seconds [RFC1122]. A lower value
> > MAY be configured, but keep-alive messages SHOULD NOT be
> > transmitted more frequently than once every 15 seconds. Longer
> > intervals SHOULD be used when possible.
> >
> > Why not set the YANG default idle interval to 2 hours? In fact, why not
> assign defaults to all of these parameters? Or is the expectation that when
> these groupings are used, they may be refined with appropriate default values
> for the application?
>
> Good questions for Michael (my co-author), who worked on this section of
> the draft.
Well, to be honest, I don't recall why we have not assigned default values. When the draft was discussed in TCPM, there has been some pushback regarding use of keep-alive messages in general. Also, different applications may have different timing requirements. One key requirement in RFC 1122 is that keep-alives should be off by default. No assigning default values is somewhat consistent with that.
Yet, the reality is that TCP stacks have default values. As long as the guidance in RFC 1122 is taken into account, I don't believe adding a default value to the YANG model would be harmful, e.g. the ones used by Linux (see above).
To be on the safe side, I have added the TCPM list in CC, given past TCPM discussions.
> > (9) p 7, sec 2.1.5. Guidelines for Configuring TCP Keep-Alives
> >
> > * The maximum number of sequential keep-alive probes that can fail
> > (leaf "max-probes") trades off responsiveness and robustness
> > against packet loss. ACK segments that contain no data are not
> > reliably transmitted by TCP. Consequently, if a keep-alive
> > mechanism is implemented it MUST NOT interpret failure to respond
> > to any specific probe as a dead connection [RFC1122]. Typically,
> > a single-digit number should suffice.
> >
> > Some of this guidance might be better in the description in the YANG model,
> or alternatively having a reference back to this section.
>
> Michael, can you look at the “description” statement in the "ietf-tcp-common"
> YANG module too?
The "description" statement already summarizes the most important constraints from Section 2.1.5, albeit in very few words and without much background.
I don't know if the whole text from 2.1.5 needs to be added to the description in the YANG model.
In my point of view, in the YANG model a reference to section 2.1.5 would be sufficient, e.g., along the lines of:
"Further guidance can be found in Section 2.1.5 of RFC DDDD."
This is my personal view. As the normative guidance in Section 2.1.5 was discussed in TCPM, it makes sense to have TCPM in the loop.
> > (13) p 13, sec 3.2. Example Usage
> >
> > <tcp-client xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-client">
> > <remote-address>www.example.com</remote-address>
> > <remote-port>443</remote-port>
> > <local-address>0.0.0.0</local-address>
> > <local-port>0</local-port>
> > <proxy-server>
> > <socks5-parameters>
> > <remote-address>proxy.example.com</remote-address>
> > <remote-port>1080</remote-port>
> > <authentication-parameters>
> > <username-password>
> > <username>foobar</username>
> > <cleartext-password>secret</cleartext-password>
> > </username-password>
> > </authentication-parameters>
> > </socks5-parameters>
> > </proxy-server>
> > <keepalives>
> > <idle-time>15</idle-time>
> > <max-probes>3</max-probes>
> > <probe-interval>30</probe-interval>
> > </keepalives>
> > </tcp-client>
> >
> > Possibly for this example, it could elide the remote-port, local-address and
> local-port values to illustrate that they are not strictly requried to be
> populated.
>
> Generally, I want examples to populate every field, so to they’re visible to
> readers. But you’re right that configuring the defaults is lame. I change the
> examples (both this one and the w/o proxy example) to configure non default
> values:
>
> <remote-port>8443</remote-port>
> <local-address>192.0.2.2</local-address>
> <local-port>12345</local-port>
>
> This item is considered resolved.
Just to add: The keepalive example values in this example should probably be updated, too.
Michael
- [netconf] AD review of draft-ietf-netconf-tcp-cli… Rob Wilton (rwilton)
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Kent Watsen
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Scharf, Michael
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Kent Watsen
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Rob Wilton (rwilton)
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Kent Watsen
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Scharf, Michael
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Rob Wilton (rwilton)
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Rob Wilton (rwilton)
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Kent Watsen
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Kent Watsen
- Re: [netconf] AD review of draft-ietf-netconf-tcp… Rob Wilton (rwilton)