IETF Logo Mail Archive

Re: [Netconf] I-D Action: draft-ietf-netconf-restconf-notif-09.txt

Martin Bjorklund <mbj@tail-f.com> Wed, 31 October 2018 14:31 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 152D21252B7 for <netconf@ietfa.amsl.com>; Wed, 31 Oct 2018 07:31:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dosx-A5ep1o5 for <netconf@ietfa.amsl.com>; Wed, 31 Oct 2018 07:31:45 -0700 (PDT)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 8157E130E27 for <netconf@ietf.org>; Wed, 31 Oct 2018 07:31:45 -0700 (PDT)
Received: from localhost (unknown [173.38.220.61]) by mail.tail-f.com (Postfix) with ESMTPSA id A35721AE018C; Wed, 31 Oct 2018 15:31:40 +0100 (CET)
Date: Wed, 31 Oct 2018 15:31:40 +0100
Message-Id: <20181031.153140.702981255637301075.mbj@tail-f.com>
To: evoit@cisco.com
Cc: rrahman@cisco.com, kwatsen@juniper.net, netconf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <9e4e338991cf4666a4ae11783e63de57@XCH-RTP-013.cisco.com>
References: <602bff9c5cd4408a8426e93e6c67ad41@XCH-RTP-013.cisco.com> <20181031.114204.548428490278175532.mbj@tail-f.com> <9e4e338991cf4666a4ae11783e63de57@XCH-RTP-013.cisco.com>
X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/r4NlobcQgZZFTZ3yQAbAdIGsx7s>
Subject: Re: [Netconf] I-D Action: draft-ietf-netconf-restconf-notif-09.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 14:31:48 -0000

"Eric Voit (evoit)" <evoit@cisco.com> wrote:
> > From: Martin Bjorklund, October 31, 2018 6:42 AM
> > 
> > Hi,
> > 
> > "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> > >
> > >
> > > > -----Original Message-----
> > > > From: Netconf <netconf-bounces@ietf.org> On Behalf Of Reshad Rahman
> > > > (rrahman)
> > > > Sent: Monday, October 29, 2018 6:01 PM
> > > > To: Kent Watsen <kwatsen@juniper.net>; netconf@ietf.org
> > > > Subject: Re: [Netconf] I-D Action:
> > > > draft-ietf-netconf-restconf-notif-09.txt
> > > >
> > > > Hi Kent,
> > > >
> > > >
> > > > On 2018-10-29, 2:29 PM, "Kent Watsen" <kwatsen@juniper.net> wrote:
> > > >
> > > >     Hi Reshad,
> > > >
> > > >     > Most of the comments received during WGLC (from Kent, Martin and
> > > >     > Qin) have been addressed. Those not addressed are:
> > > >     >
> > > >     > 1- s/uri/location/ (to use same term as in RFC8040), I'm fine with
> > > >     >   this change but would like to hear from WG.
> > > >
> > > >
> > > >     I resist the idea that node names need to be consistent across
> > > >     modules.
> > > >     Yes, there exists some meta-conventions (e.g., the "enabled" leaf)
> > > >     that
> > > >     are unfortunately with us at the moment.
> > > >
> > > >     Modules should firstly use whatever name makes most sense for their
> > > >     own purpose.  If it doesn't matter, then picking a value consistent
> > > >     with another module is okay, but I wouldn't spend more than five
> > > >     minutes searching for it.
> > > >
> > > >     FWIW, the zerotouch draft has an inet:uri node called "download-uri".
> > > >     I don't know if it's a better name within the ZTP context, but it
> > > >     made sense to me at the time and no one questioned it.
> > > > <RR> I'll keep "uri" unless we hear from more people who would like to
> > > > see
> > it
> > > > changed to location.  I don't feel strongly about this, I got used to
> > > > "uri" and
> > > > think it's appropriate.
> > > >
> > > >     > 2- Allowing modify/delete subscription from a different connection.
> > There
> > > >     >  was a discussion between Martin and Eric on this topic:
> > > >     >
> > > > https://mailarchive.ietf.org/arch/msg/netconf/3WaiWBVlLhj9wBOtuFuxVJ
> > > > kfsig
> > > >
> > > >     RESTCONF doesn't have connections, per se, but sometimes drafts refer
> > to
> > > >     the underlying TLS connection.
> > > >
> > > >     Regardless, the general goals (for NETCONF too, I would think) could
> > > >     be:
> > > >       - a client (i.e., a RESTCONF username) can always
> > > >       - modify/delete/resynch
> > > >         their own subscriptions.
> > > >       - an authorized administrator can modify/kill any client's
> > > >       - subscription.
> > > > <RR> We should have this discussion in the context of SN.
> > >
> > > This is covered in SN.  Section 2.4.3:
> > >
> > > "Dynamic subscriptions can only be modified via this RPC using a
> > > transport session connecting to the subscriber."
> > 
> > I don't understand what this means.  Or maybe I don't understand how
> > it is supposed to be implemented.   I think the text says that
> > modify-subscription only can be done by the same client that sent the
> > establish-subscription.  But what is "the same client"?  If I have two
> > separate
> > management systems, that connect with the same user name to a device,
> > is
> > that the same client?
> > 
> > Since we don't have a "client id" in our protocols, the best/only
> > thing we can
> > use is the user name.
> 
> Agree.  That was how this should be embodied for RESTCONF.  For
> NETCONF, as the modify and delete RPCs can only be passed over the
> same NETCONF session as the establish (see Section 5 of
> NETCONF-Notif), an implementation will already enforce this without
> extra effort.

Do you want this to be transport-specific?  If so, the SN draft should
say that, and specific text should go into the transport drafts;

NETCONF should say that it MUST be the same NETCONF session (which of
course is more restrictive than saying same user name, and also more
restrictive than same transport session (since you can have multiple
NETCONF sessions on the same SSH session)).

and RESTCONF should say that it MUST be the same RESTCONF user name.


/martin

> > Also, I think the details should go into the YANG definition of
> > "modify-
> > subscription", like it does for "delete-subscription".  So maybe
> > change the
> > "description" of the leaf "id" to:
> > 
> >        "Identifier of the subscription that is to be modified.
> > 
> >         Only subscriptions that were created using
> >         'establish-subscription' with the user name as this RPC
> >         can be modified with this RPC."
> 
> 'User name' has its own issues.  How about 'subscriber identity or
> security credentials'?
> 
> Eric
> 
> > (and modify the description for "delete-subscription" in a similar
> > way)
> > 
> > 
> > 
> > /martin
> > 
> > 
> > 
> > 
> > 
> > > and Section 2.4.4:
> > >
> > > " Dynamic subscriptions can only be deleted via this RPC using a
> > > transport
> > session connecting to the subscriber."
> > >
> > > In  -v19, I have also removed the sentence: " If the delete request
> > >    matches a known subscription established on the same transport
> > >    session, then it MUST be deleted; otherwise it MUST be rejected with
> > >    no changes to the publisher."
> > >
> > > Eric
> > >
> > > >     > 3- Take uri out of subscription-modified. It was pointed out to me
> > > >     > that
> > > >     > SN draft says the following:
> > > >     >
> > > >     >       For completeness, this subscription state change notification
> > > >     >       includes both modified and non-modified aspects of a
> > > >     >       subscription.
> > > >
> > > >     I'm unsure how the [non-]modified matters to this question, but it
> > > >     seems
> > > >     that "uri" may not be *needed* as there is already an "id" node that
> > > >     achieves the similar ability to identify the subscription.  That
> > > >     said,
> > > >     I'm okay with the "uri" field being present, even if it's only mildly
> > > >     helpful, so long as there is no concern for the message size or the
> > > >     publisher's ability to populate the value.
> > > > <RR> The "uri" does not change, that's why the [non-]modified
> > > > question came up. I'm keeping it.
> > > >
> > > > Regards,
> > > > Reshad.
> > > >
> > > >     Kent // contributor
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Netconf mailing list
> > > > Netconf@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/netconf
> > > _______________________________________________
> > > Netconf mailing list
> > > Netconf@ietf.org
> > > https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email