IETF Logo Mail Archive

Re: [Netconf] YangPush now

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 19 July 2018 19:00 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64D92130FBF for <netconf@ietfa.amsl.com>; Thu, 19 Jul 2018 12:00:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nvzw1jqO3Or9 for <netconf@ietfa.amsl.com>; Thu, 19 Jul 2018 12:00:29 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FC8C131141 for <netconf@ietf.org>; Thu, 19 Jul 2018 12:00:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=31358; q=dns/txt; s=iport; t=1532026821; x=1533236421; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=SQ6nM68xi4M4jGcpOrm6my4XaLYLKReONYaIioCcOnU=; b=e55S3lSDseKvhwQjSehVfyA7QxhrP1zp++B29D+lEYfMGZ5spO6B/7XF +aJBNUZsyDxiBaAmDAODuhfvENVdshrhcgSR2Msbk0OOqW0qWkfoede7y R55bRZokris4A6deNL+1QhvGH405VXdhWCTmFkfTMqZvtIwTsYe51Zxy2 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DMAQDL3lBb/4wNJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYJXTCpjfygKg3SUL4IMlTuBegsYAQqEA0YCF4JuITYWAQIBAQIBAQJtHAyFNgEBAQEDAQEhCkELEAIBCBUQEwcDAgICJQsUEQIEAQ0FCBODBoEbZA+pTYEuikQFiQKBVz+BEYMRgxkBAYFKJAkfgkuCVQKMXIUah3IJAo8ijXSPH4JXAhEUgSQkATCBUnAVO4JpgiUXegECh1yFPm+KW4EaAQE
X-IronPort-AV: E=Sophos;i="5.51,375,1526342400"; d="scan'208,217";a="423063829"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jul 2018 19:00:20 +0000
Received: from XCH-RTP-011.cisco.com (xch-rtp-011.cisco.com [64.101.220.151]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id w6JJ0Kwk010381 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 19 Jul 2018 19:00:20 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-011.cisco.com (64.101.220.151) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 19 Jul 2018 15:00:19 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1320.000; Thu, 19 Jul 2018 15:00:19 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Andy Bierman <andy@yumaworks.com>, Kent Watsen <kwatsen@juniper.net>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] YangPush now
Thread-Index: AQHUHhHrAK87NKpG2E+Ouz7jjC6MRKSUNnVAgACYGQCAAgVBgIAAKY0AgAAMN4D//8pd8A==
Date: Thu, 19 Jul 2018 19:00:19 +0000
Message-ID: <00995d3cf9fe45248d36e955301d0443@XCH-RTP-013.cisco.com>
References: <2E1BAD12-EFF2-4E35-B232-57A4C4490989@cisco.com> <20180717055030.7bmzlychtznf3mso@anna.jacobs.jacobs-university.de> <18622ABD-DB9F-406C-836F-64649F3D8FF6@cisco.com> <20180717172036.hhuoq6fzs7ctblpf@anna.jacobs.jacobs-university.de> <CABCOCHS8cfqKLaQe9M4tu-2zkZ5=6-a2FEv+idJwZiW_btx_Zw@mail.gmail.com> <a54850668bfb4483b89f4c2b15bf5f44@XCH-RTP-013.cisco.com> <CABCOCHSxTh7J1Kys1B+sNC2dWuJKr_L7cJgO9T+E+-_+k9H-6w@mail.gmail.com> <5366188A-111C-49ED-95AF-82A5171750CC@cisco.com> <85CBFD6B-CBEE-47C5-83ED-FD37007B78A3@juniper.net> <CABCOCHRRGjZSjWOEj_XXGQLAOeRhiO9avuhShh_xpLk_=CZZ3g@mail.gmail.com>
In-Reply-To: <CABCOCHRRGjZSjWOEj_XXGQLAOeRhiO9avuhShh_xpLk_=CZZ3g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.219.225]
Content-Type: multipart/alternative; boundary="_000_00995d3cf9fe45248d36e955301d0443XCHRTP013ciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.151, xch-rtp-011.cisco.com
X-Outbound-Node: alln-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/rvB5EX2uA0wTNRCgGHIFvs7Mb44>
Subject: Re: [Netconf] YangPush now
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 19:00:43 -0000

From: Andy Bierman, July 19, 2018 12:56 PM

On Thu, Jul 19, 2018 at 9:12 AM, Kent Watsen <kwatsen@juniper.net<mailto:kwatsen@juniper.net>> wrote:

To address some of the concerns being raise here, I suggest the following:

1. make the augmentation of a "notif" model mandatory (see the '+' lines
   below), to ensure that there is always something more than just a name
   being configured per receiver.

      container receivers {
        list receiver {
          key "name";
          min-elements 1;
          leaf name {
            type string;
          }
   +      choice transport {
   +        mandatory true;
   +        description
   +          "Defines the transport-specific configuration data
   +           for the selected transport.";
   +      }



The notion of an empty mandatory choice really stretches the definition of YANG Conformance.
This says you cannot possible implement the SN module without some other module augmenting it.
Yet there is no way in YANG (besides import) to say the module bar needs to be present
if module foo is present.

<Eric> One other issue is there is a “transport” leaf at the subscription level which would be redundant with the choice at the receiver level.  Placing it there enforces a decision the WG made at a previous IETF that transport would not vary by receiver.

Extending this, in previous discussions on the mailing list on this topic, I have not seen XPATH able to enforce the same transport case is selected across all receivers.


2. modify netconf-notif to augment-in the ietf-netconf-server grouping:

  module ietf-netconf-notifications {
    prefix nn;
    import ietf-netconf-server { prefix ncs; }
    import ietf-subscribed-notifications { prefix sn; }

    // define a *local* netconf-server instance
    container "netconf-server" {
      uses "ncs:netconf-server-grouping" {
        // prune out the "listen" subtree
        refine "listen" {
          if-feature "never-supported-feature";
        }
        // disable dependency on the "call-home" feature
        refine "call-home" {
          if-feature "true"; // needed? (see 7950, s7.20.2, P3)
                             // valid? (unsure)
        }
      }
    }



The use of constant (true or false) values for if-feature are not supported and
the use of dummy features that are always supposed to be a constant value
seems to abuse the intent of YANG features.

Refactoring the groupings would be the cleanest solution.

<Eric> This refactoring point would suggest that there could be meaningful changes to the netconf-server model.  Which would delay everything.   Better to do a –bis version of NETCONF-Notif when the call home is ready



    // add leafref to above locally-configured call-home instances
    augment "/sn:subscriptions/sn:subscription/sn:receivers/sn:receiver" {
      leaf netconf-endpoint {
        type leafref {
          path "/nn:netconf-server/nn:call-home/nn:netconf-client/nn:name";
        }
      }
    }
  }


3. do the identical thing to the restconf-nofif draft:

  module ietf-restconf-notifications {
    prefix rn;
    import ietf-restconf-server { prefix rcs; }
    import ietf-subscribed-notifications { prefix sn; }

    // define a *local* restconf-server instance
    container "restconf-server" {
      uses "rcs:restconf-server-grouping" {
        // prune out the "listen" subtree
        refine "listen" {
          if-feature "never-supported-feature";
        }
        // disable dependency on the "call-home" feature
        refine "call-home" {
          if-feature "true"; // needed? (see 7950, s7.20.2, P3)
                             // valid? (unsure)
        }
      }
    }

    // add leafref to above locally-configured call-home instances
    augment "/sn:subscriptions/sn:subscription/sn:receivers/sn:receiver" {
      leaf restconf-endpoint {
        type leafref {
          path "/rn:restconf-server/rn:call-home/rn:netconf-client/rn:name";
        }
      }
    }
  }


The problem with identityref leafs is that the client has no clue what the
server will support. The problem gets much worse for the client dealing
with a mandatory empty choice.


Andy



Doing so would fill in the missing piece folks are asking to see.  Yes,
it introduces a normative reference to the client/server work, but it is
consistent with the result from Monday's NETCONF "dynamic ~ configured"
discussion and, besides, that work seems almost done now.

<Eric> Per previous discussions on this, I have no problem with the client/server work.

However I do have a problem with establishing this normative dependency due to:
(a) the potential time delay (see Andy’s refactoring point above, the text below, and the fact that netconf-server type drafts have yet to enter WGLC.)
(b) relevance of all this depends on vendors adoption timeframes for netconf-server.

There still might be an issue regarding the server pushing notifications
immediately after the NC/RC session starts, but I feel that by having a
*conf-server instance inside the "notif" model, we can more easily claim
that the behavior is okay.

The current restconf-notif draft is more https-focused, but I feel that,
if there is a goal to have a plain-https transport, then that should be
defined in a separate "https-notif" draft.

Currently the restconf-client-server model does not enable the
configuration of the "http-version" to be used.  I cringe to say this,
but we might consider introducing an "https-client-server" draft that
the "restconf-client-server" draft could be refactored to depend on.
If this were done, then said "https-notif" draft could use the "https-
client-grouping", and thus be consistent with the pattern we're
establishing here.

To address the interoperability issue, it seems we either: 1) define
a super-simple mandatory-to-implement "notif" layer (I would recommend
https-client for this) or 2) a good mandatory-to-implement "notif"
layer (e.g., binary over DTLS and per line-card, per the udp-pub-channel
draft), or 3) do nothing, leaving it to the market to decide, similar
to how RFC 8040 doesn't require a specific encoding (XML, JSON, etc.)


All these point can safely be considered by a –bis draft if call home model standardization considerations are left out of the current set of drafts in WGLC.

Eric


Kent  // contributor



_______________________________________________
Netconf mailing list
Netconf@ietf.org<mailto:Netconf@ietf.org>
https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email