IETF Logo Mail Archive

Re: [Netconf] IETF 101 SN Question 1: Proper designation of receiver

Kent Watsen <kwatsen@juniper.net> Mon, 25 June 2018 19:42 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC0F8130EED for <netconf@ietfa.amsl.com>; Mon, 25 Jun 2018 12:42:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfzkxXoMeUCy for <netconf@ietfa.amsl.com>; Mon, 25 Jun 2018 12:42:55 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE7F1130EF0 for <netconf@ietf.org>; Mon, 25 Jun 2018 12:42:55 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w5PJJrNn010981; Mon, 25 Jun 2018 12:42:54 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=RJ7Ew2N6qiI08LrboG8GznHgEiYF0xIpctPv9kOolNc=; b=gnMzFH78eAmDX6/LFKgD1lxV83Tp+dAC5pJOP6jfCBA2E7H0OVxQuG48LJvOnWWd4jgg Aui3zB72tTwh4ofogSMMtZXclrH75psiS67tMn8pRSqEpV/tUygbsWfu2jNwrO8oYD7Q N2WfCz/UYHTMU25YaWeBfEBQgaBrtIksHReJj2iVUT3bP1DXfDyhJXi3IyEXSLxCySj0 QWl0jlNLLz5h7WwpTg/gDLA0Vb72FE777KIt7ZMc1y3PBF1LyWEZK/643CopxTkYqZAa okOeEArHUCTc3Gqv+oxEA28cxOWfyYmwmBKu7XxiPEsrzZfYhFFo9SkITQtf2zNWPA+3 TA==
Received: from nam03-dm3-obe.outbound.protection.outlook.com (mail-dm3nam03lp0015.outbound.protection.outlook.com [207.46.163.15]) by mx0a-00273201.pphosted.com with ESMTP id 2ju6f5815h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 25 Jun 2018 12:42:53 -0700
Received: from BYAPR05MB4230.namprd05.prod.outlook.com (52.135.200.153) by BYAPR05MB4422.namprd05.prod.outlook.com (52.135.202.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.906.14; Mon, 25 Jun 2018 19:42:51 +0000
Received: from BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::959d:9fbe:90e4:3cc]) by BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::959d:9fbe:90e4:3cc%4]) with mapi id 15.20.0906.018; Mon, 25 Jun 2018 19:42:51 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "Eric Voit (evoit)" <evoit@cisco.com>, Martin Bjorklund <mbj@tail-f.com>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] IETF 101 SN Question 1: Proper designation of receiver
Thread-Index: AQHT7qXx6AR0hwD/VEqFVDxs31zp6aQ1kroAgAAEGoCAAA8IgIAAYuSAgCWiwACAAZ7SAIAK57IAgAEbxgD//+unAIAAbY0AgAEjt4CAAFpqAIABijQAgABnB4CABEKyAA==
Date: Mon, 25 Jun 2018 19:42:51 +0000
Message-ID: <2BE57A46-2D39-46D8-B751-203681C23F43@juniper.net>
References: <0c1b4c46d2de4190af83488dff293181@XCH-RTP-013.cisco.com> <20180518.144414.334141005925835002.mbj@tail-f.com> <fbb940135ccb465eb3f5b95d1fb53721@XCH-RTP-013.cisco.com> <20180518.170823.427077888694872498.mbj@tail-f.com> <595D0676-7DBD-4339-A551-374FBED705EC@juniper.net> <4a1e2f7367d54d088e517f7f6614765a@XCH-RTP-013.cisco.com> <ED90F588-9BCC-49C6-B8FF-18554247BD7F@juniper.net> <0a3b0b0b29e246b98c684d13162e15a8@XCH-RTP-013.cisco.com> <B8385EF7-C565-4F63-90AC-A4B36679B406@juniper.net> <c3b9cd55b30647e582d905320562a0eb@XCH-RTP-013.cisco.com> <CFB4FA41-C614-4604-B869-267533368335@juniper.net> <73ec3c52ffde452cae47642ce5ff2dd2@XCH-RTP-013.cisco.com> <DA6A819A-680E-4524-A5B7-E2E36466FA8D@juniper.net> <cd9b7871b2ce4ad9987b6d782e6bcc3d@XCH-RTP-013.cisco.com> <38D9AA27-DFFE-4BA3-9B9A-F33BD24B9C21@juniper.net> <5682ba83228f41e6b6a04a866b3dc49d@XCH-RTP-013.cisco.com>
In-Reply-To: <5682ba83228f41e6b6a04a866b3dc49d@XCH-RTP-013.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR05MB4422; 7:dljsthpaJkdmQzwZlP7zH4jcDuRl7bsWbTmsR0AikJjYI+B1AXTTsI/nJy+wqc/3kS1uOwRjREB0qtR0XHdshVmMNzMBGH7xK5uF2saXzzwA0+BFXj5amF81pXxipPkHSasdxOSyUNZ919WbW2bIlshhXZ1rgwWL/USaa0dTPqniq4VDm4qeV4EOFnhEm9rQDluW+O8yvz7Ga6IhS1NnAK+ihMv23gDnHm3Xld2I0TqqW0JHtEW3w6Cj/ZNTTZXh
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: d8fc58ee-3f57-4039-1f1b-08d5dad3d691
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600026)(711020)(48565401081)(2017052603328)(7153060)(7193020); SRVR:BYAPR05MB4422;
x-ms-traffictypediagnostic: BYAPR05MB4422:
x-microsoft-antispam-prvs: <BYAPR05MB4422A452F50FD07761F01A6AA54A0@BYAPR05MB4422.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(100405760836317);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231254)(944501410)(52105095)(93006095)(93001095)(10201501046)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:BYAPR05MB4422; BCL:0; PCL:0; RULEID:; SRVR:BYAPR05MB4422;
x-forefront-prvs: 0714841678
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(136003)(39860400002)(366004)(396003)(189003)(199004)(69234005)(52314003)(2616005)(36756003)(5250100002)(305945005)(6246003)(7736002)(2900100001)(76176011)(2906002)(102836004)(486006)(68736007)(476003)(256004)(446003)(26005)(8676002)(82746002)(186003)(11346002)(8936002)(106356001)(81166006)(105586002)(81156014)(66066001)(5660300001)(6506007)(97736004)(316002)(99286004)(6436002)(6486002)(83716003)(6116002)(6512007)(110136005)(229853002)(3846002)(478600001)(53936002)(53946003)(25786009)(4326008)(58126008)(561944003)(93886005)(86362001)(33656002)(14454004)(14444005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4422; H:BYAPR05MB4230.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: vXfwcYF/InIOIU1e5CnaXeECe+q2CzF8jO0HsZdujZYEcaZI+mmo4KdinexGKp4cY8tlKRUlerGIXpMf8rdYtMLVkw6sautspz1XSIFthIs8xtITPl7wkxMMCw4EfEGlqZh1cDUbyFaUAl6Smd0aDMwdgOgoZR7sSKtQSO4e8F3qmlhcNhFuU86/vMwPB+4ZhPyV4iNgTyBOUjKpipr3bvcp9Osztnsgg3cBGbh34JCnXDjkyMltu0l/HSYTrjCz3bBjGKc1F0/lmv7e8q01F3/w7sQc2pJYMrApjNTIuL6qzRDMYGE6nMGyp9AA2Tfq7pWTgrGb7hg7/XKu5WGbVS8YV0XcUJ2bBp3UO25as8c=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <1AC5BC9080538E47AFBAEEB098E9197E@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: d8fc58ee-3f57-4039-1f1b-08d5dad3d691
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jun 2018 19:42:51.4321 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4422
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-25_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1806250220
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/trlVZhz8tw7zH4q8Z-7dELCgFyo>
Subject: Re: [Netconf] IETF 101 SN Question 1: Proper designation of receiver
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jun 2018 19:42:59 -0000


>> >> <kent-orig> Okay, glad to see that you embrace using
>> >> ietf-netconf-server, rather than ietf-netconf-client.  And I'll grant
>> >> you that it's infinitely more likely that the ietf-netconf-server
>> >> module would be implemented (i.e., the top-level /ncs:netconf-server
>> >> container exists), more so than the ietf-netconf-client module would
>> >> be implemented.  The WG created the top-level /ncc:netconf- client
>> >> container more for the sake of symmetry than for having a use-case
>> >> for when it would be implemented.  I think the question to ask is, is it
>> possible that a device wants to use SN but doesn't *implement* ietf-netconf-
>> server?
>> >>
>> >> <Eric>  Yes, this will be possible.   Reasons would include: alternative
>> transports
>> >> (COMI, UDP), HTTP2 configured subscriptions (which might use
>> >> ietf-restconf- server), or no need for a publisher to include the
>> >> configured subscriptions feature.
>> >>
>> >> <Kent> I should've be more specific: is it possible that a device
>> >> would use netconf-notif (where your leafref is defined) but not implement
>> ietf-netconf-
>> >> server?   Similarly, restconf-notif would presumably have a leafref to ietf-
>> >> restconf-server, etc.
>> >
>> >Yes.  Cases would include:
>> >(a) platform doesn't support configured subscriptions
>> >(b) vendor has not yet implemented ietf-netconf-server, and uses something
>> else.
>> 
>> (a) is this a valid case?  - I thought this conversion only regards configured
>> subscriptions.  No leafref or equivalent would be needed to support a dynamic
>> subscription.  Right?
>
> Correct.  But your question was "can you use netconf-notif without a leafref to...".
> Needing both drafts is absolutely the case for dynamic subscription support, and
> ietf-netconf-server would not be needed here.

I read the above a few times, but I'm having a hard time understanding it.  Can
say it differently or provide an example?



>> (b) this seems like a possibility, but then I think this make the case for why a
>> leafref to the global *conf servers definitions won't always work.
>
> Agree that nothing here will always work.  Deployments commonly will have a 
> heterogeneous mixture of model ecosystem models.
>
> This actually makes a *very* strong case for why the leafref should be added as
> an augmentation from the *conf-server models.  That way leafref augmentations
> are explicitly tied to the actual implementation of the model against which they refer.

Not in the *conf-server models, the augments go into the *conf-notif models, I
assume that is what you meant.


>> This is why I
>> was thinking before that your modules might themselves *use* the *conf-
>> server-groupings (while pruning out unneeded parts, e.g., the "listen" subtree),
>> so that it's independent of what the system has implemented at the global
>> level.
>
> If you have 500 subscriptions, you then have to populate 500 identical groupings.

No, you have one grouping, with 500 /netconf-server/call-home/netconf-client
instances.


>  And yes this is possible.  But it makes the part of me which likes Normalized
>  data quite uncomfortable.
>
> But as I said before, it the WG wants such redundancy, fine.  Either choice need not
> impact decisions as part of LC.

I don't believe that is a WG-preference thing, so much as an outcome of the current
design, which is that each receiver for each subscription has its own state-machine
and protocol messages.  There is no sharing; no two receives can use the same 
RFC 6241 NETCONF session, which effectively translates to each receiver having its 
own /netconf-server/call-home/netconf-client instance, right?




>> >> <kent-orig> Even though it seems like ietf-netconf-server might
>> >> always be implemented, I do not yet think it is okay for this data
>> >> model to have a leafref to one of the globally-configured
>> >> /ncs:netconf-server/ncs:call-home/ncs:netconf-client instances,
>> >> since that instance would be expected to use normal NETCONF
>> >> interactions (i.e. client-driven); it could be a problem if the
>> >> server started sending <subscription-started> messages right away.
>> >> For this reason, maybe the SN data model needs to have its own
>> >> instance of the netconf-server-grouping (perhaps with the top-level
>> >> /listen tree pruned out), so then it's clear that these netconf-server
>> instances are specifically for subscriptions?
>> >>
>> >> <Eric> The original thread was trying to enforce a single transport
>> >> across the receivers of a configured subscription, and where objects
>> >> specific to that transport could be augmented to those receivers.
>> >>
>> >> <Kent> Sorry, can you go over this again.  What is the stated goal?
>> >> I recall Martin wanting the same encoding across receivers, but the
>> >> same transport too?  I assume you don't mean "same transport" but "same
>> kind of transport"?
>> >> So, if one receiver of a subscription uses netconf-notif, they all
>> >> must use netconf-notif?
>> >
>> > Yes.   This was a WG decision driven through IETF 101.
>> >
>> > <mangled URL removed>
>> 
>> 
>> Okay, I see it, weak, but it's there.
>> 
>> I completely understand why we'd want the same encoding, but not so much
>> same protocol, since each receiver has its own distinct instance of the protocol
>> anyway, so it doesn't seem to make a difference, i.e. no runtime optimization.
>> Did you ever figure it out?
>
> I have seen many subscriptions use a single NETCONF transport session.
>
> In any case my proposal was to support transport per receiver.   The WG voted 
> very clearly to use a common transport at and after IETF 101.   The WG document
> was changed accordingly.  I consider this issue closed.

You didn't answer the question, which is essentially what benefit having a single
protocol provides?   Looking at the thread, I see Martin asked a similar question
which was never answered either.


>> BTW, in that thread, I see Einar mentioning that the multiple receives are there
>> to support HA/redundancy.  As I understand this, this would be duplicated-
>> delivery to multiple receivers, which would be merged into some centralized
>> datastore, where all the duplicates would be removed.  Is this your
>> understanding too? 
>
> Some implementations can choose to do this.

Yes, but I would consider it a poor choice relative to the reconnection-strategy 
in the ietf-*conf-server modules.  That said, I don't necessary object, I'm just 
hoping this isn't the primary motivation for the SN model supporting multiple
receivers.


>> FWIW, the ietf-*conf-server modules also enable each
>> call-home connection to a logical "netconf-client" composed of multiple
>> endpoints, for HA purposes, but these endpoints are connected to one at a
>> time.  So, when thinking about incorporating the ietf-*conf-servers, will having
>> these two HA mechanisms in play at the same time cause any conflict?  Would
>> it make sense to remove the multi-receiver HA config in SN and instead rely
>> and the *-conf-server's HA mechanism + dynamic-subscriptions to fill in any
>> gaps between reconnects?
>
> Multi-receiver is not just for HA.  And some HA will want multiple live 
> connections.  But where it is used for single-live HA in NETCONF and RESTCONF,
> future implementations could choose to use *-conf-server for this function.  

Agreed. A subscription having a single receiver that is a /netconf-server/call-\
home/netconf-client instance can still be HA using the built-in reconnection
logic.  Is this what you meant by single-live HA?



>> >> <Eric> The design pattern in the example augmentation below seems to
>> >> do that.  This design pattern should hold whether a leafref is augmented in,
>> or a
>> >> group is augmented in.   This design pattern also works with the existing SN
>> >> model.  I don’t know of an alternate proposal which meets these
>> >> requirements.
>> >>
>> >> <Kent> unsure.
>> >
>> > I should have said is that there is no alternate proposal.
>> >
>> > What I am not sure about if one can even be defined with YANG using explicit
>> case structure.
>> 
>> <Kent> what do you mean by "explicit case structure"?  I don't see any in the
>> example you shared previously...
>
> The explicit case structure was your proposed design pattern. But this pattern
> doesn't work.  Because you can't enforce a single transport.

Maybe it can and, even if it can't at the YANG-level, it doesn't mean that a
server can't enforce it during <edit-config> processing.


> As there is no alternate proposal, I am asserting WG consensus that the explicit
> case structure is not supported.  Which is the same consensus which came out 
> of WG 101 on this particular topic.

I don't think that we should put too much weight on this decision.  It was made
before the Last Call for which we're digging into many things.  I'm just trying
to understand the motivation behind this decision.  How is forcing the same 
transport for all receivers of a subscription a "good" thing?


>> >> <Eric> If this makes sense, the question becomes when to apply this design
>> >> pattern on top of SN.   I agree there are interesting questions you raise
>> >> above.  These questions appear to be bound to NETCONF call-home, and
>> >> therefore the answers should be more closely aligned with
>> >> draft-ietf-netconf- netconf-event-notifications rather than SN itself.
>> >>
>> >> <Kent> agreed, most of this regards what's in the transport-binding
>> >> drafts (netconf-notif, etc.), but I'm wanting to do this to prove out
>> >> that the SN model.
>> >>
>> >> <Eric> That is the driver behind my
>> >> “ietf-netconf-subscribed-notifications-
>> >> plus.yang” below.  Whether it augments in a  leafref or a group, this
>> >> snippet of YANG provides a template for transport specific
>> >> augmentations.  And using this template, how to embody NETCONF call
>> >> home for subscriptions  could be delivered in a timeframe concurrent with
>> “ietf-netconf-server.yang”.
>> >>
>> >> <Kent> I understand you're trying to say "let's not worry about how
>> >> ietf- netconf-server works with this now".  I appreciate the desire
>> >> to defer what we can.  I will again say, as co-chair, that I'm okay
>> >> with us moving without having a draft that depends on ietf-netconf-server
>> or the ietf-restconf-server modules.
>> >> That said, I don't understand what value the *conf-notif drafts have
>> >> if they don't.
>> >
>> > Per cases (a) & (b) above, there is value.
>> 
>> There is a difference between a server not *implementing* a ietf-*conf-server
>> module and the *conf-notif not *using* the *conf-server-grouping statements.
>> My suggestion has been, that the *conf-notif drafts should have their own lists
>> of netconf-servers (via "uses" statements), and thereby not be dependent on
>> the existence of a global ietf-*conf-server instance (which may not exist).
>
> While technically correct, there are several reasons why this is problematic.
> (1) redundancy (see the 500 above)

This is a non-issue (see above)


> (2) availability of the group means that a platform will have exposed *conf-server.
> Explaining that a model is only available for its grouping would be quite a
> confusing deviation.

No, it's easy, this is the difference between a module being *implemented* or
not.  The implementation status of each module is yang-library.


> And in any case, these questions are all viable model augmentations which can
> be performed after *conf-server progresses.  Therefore, no matter the disposition,
> there is need be no impact to SN at this time.

Already, there has been an impact to SN, as we removed the "address" leaf.  But
I agree that this fork in the discussion is primarily impacting the *conf-notif
drafts (not SN), I'm just using this thread for convenience sake, since all the
drafts are so connected.


>> Separately, there is the issue of how to get something to RFC status faster than
>> the client-server drafts (assuming that is a good idea).  My first thought,
>> mentioned before, is that we could define "no-crypto" variants of the modules,
>> thus ensuring that all the patterns are consistently applied, while not having a
>> dependency on those other modules.  This is hard to discuss currently because
>> ietf-netconf-subscribed-notifications and ietf-http-subscribed-notifications
>> don't actually enable configuring the transports yet…
>
> I would rather jettison the 'address' object.  This makes for a strong separation
> of interests for call home.  

+1


>> >> It seems that these drafts should depend on the ietf-*conf-server
>> >> modules, but in order to get something to market faster, we want them
>> >> to depend on something more like the ietf-*conf-no-crypto-server
>> >> (right?), which the SN has further reduced to a single "address"
>> >> leaf, which might be fine, but I don't think it should be in the SN
>> >> model, since the ietf-*conf-server modules already define an address field,
>> which would be redundant.
>> >
>> > I believe there is utility in address.  But at this point I am ok with
>> > removing "address".  And any vendors wanting to support (b) can then
>> > add proprietary augmentations to do this.
>> 
>> The "address" leaf would be perfect in another circumstance, but it's
>> redundant in conjunction with the ietf-*conf usage, which already have an
>> "address" leaf, per "endpoint" no less.  My guess is that the "address" leaf
>> needs to disappear from the SN module, thereby allow each transport to
>> augment in exactly what it needs.
>
> Let's do that and end this thread.  We have a viable solution.

Agreed.


>> >> <Eric> Noe: If you wanted, a possible alternative to concurrent
>> >> module delivery might be a single model.  To do this you would include a
>> “subscription
>> >> support” feature within “ietf-netconf-server.yang”.    The needed
>> >> augmentation to
>> >> "/sn:subscriptions/sn:subscription/sn:receivers/sn:receiver"  could
>> >> then be made there.  (Note: that augmentation of course would be
>> >> refined to meet the call-home questions/considerations from this
>> >> thread, such as being aimed to its own instance of the
>> >> netconf-server-grouping.)
>> >>
>> >>> <Kent> If I understand correctly, this would be a way to flag the
>> >>> call-home
>> >> connection as being for SN, which addresses the issue I raised about
>> >> how that would be known.  This is possible, and it might work well,
>> >> but rather than put it into the ietf-*conf-server models directly, I
>> >> think it would be better for the *conf-notif drafts to augment in the flag.
>> >
>> > The best two choices I see are:
>> > (1) Make an augmentation to the *conf-notif models.  This could be done via
>> new
>> >     drafts, and the model within.
>> > (2) Add the flag to *conf-server models.  This eliminates the need for future
>> >     updates to the *conf-notif drafts.  It also keeps call-home specifics in one
>> place.
>> >
>> > Both choices allow us to support (a) & (b) now.
>> 
>> I like (1) more, as it then ties the existence of the flag to the *implementation*
>> of the corresponding *conf-server module.
>
> Per the point at the beginning of the email, adding it *conf-server seems much
> cleaner.    You only can add the leafref if the *conf-server model is available.
> The analysis and decision on this can be safely move later in any case.   

We agree above that the ietf-*conf-server module may not be *implemented*, and
yet subscriptions still need to be configured, so then what they are leafref-ing
becomes the issue.   This is why I'm suggesting the netconf-notif YANG module 
*use* the netconf-server-group itself.  This way, when the netconf-notif draft
is implemented, its own definition comes into play.  When done this way, the 
flag would no longer be needed since the entire netconf-server instance would 
be SN-specific.


>> That said, I have to say that I'm not entirely sure if I understand if what is
>> planned is legal.  For instance, in a normal NETCONF call-home situation, the
>> NETCONF session begins with both sides sending <hello> messages and then
>> the server waiting for the client to send RPCs, which might include a 5277
>> <create-subscription>, after which the <notifications> begin to flow.  Is this 
>> the same here, or are you expecting the <notification> messages to start flowing
>> immediately?
>
> A subscription started notification will be sent after the hellos are successful.
> Can you point to something in RFC 6241 which says a <notification> can't be sent
> until an RPC is sent from the client?
 
It's not a very good reference, but I found this (emphasis added):

   o  client: Invokes protocol operations on a server.  In addition, a
      client can *subscribe* to receive notifications from a server.

We should ask the WG.  All I know is that it's always been that the client does
something to initiate server behavior.  Admittedly, this is kind of a new thing,
and it might be okay, but I think it warrants review by others.


> Eric

Kent // contributor



> >> <kent-orig> I also have an issue with the proposed leafref because it leaves
> >> open the possibility that two subscriptions could point to the same
> >> /ncs:netconf-server/ncs:call-home/ncs:netconf-client instance, which would
> >> likely cause protocol and state machine problems.
> >>
> >> <Eric> Looking closer, perhaps a better place for the receiver leafref would
> be a
> >> choice of:
> >> /ncs:netconf-server/ncs:call-home/ncs:netconf-
> >> client/ncs:name/ncs:ssh/ncs:endpoints/ncs:endpoint/ncs:name
> >> or
> >> /ncs:netconf-server/ncs:call-home/ncs:netconf-
> >> client/ncs:name/ncs:tls/ncs:endpoints/ncs:endpoint/ncs:name
> >>
> >> But again, I am fine with anything which doesn’t insert redundant data as
> part
> >> of the receiver call home configuration.
> >>
> >> <Kent> No, just pointing to /ncs:netconf-server/ncs:call-home/ncs:netconf-
> >> client should work, since the instance can have only one transport (ssh or
> tls)
> >> defined at a time.  That said, if your requirement is that they must all be ssh
> or
> >> must all be tls, we have a bigger issue.
> >>
> >>  FYI, the list of "endpoints" is there for
> >> HA reasons - they're a pool of failover endpoints the server can try - is that
> >> concept consistent with the SN draft?
> >
> > I don't see any conflict.   In fact it should be a nice benefit of pointing to
> *conf-server.
> 
> Great!
> 
> 
> Kent // contributor
>

v2.23.0 | Report a Bug | By Email