IETF Logo Mail Archive

Re: [Netconf] Anyone want just Configured Subscriptions?

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Tue, 10 July 2018 19:39 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A80DA13104C for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 12:39:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VQE-UE8yNvkw for <netconf@ietfa.amsl.com>; Tue, 10 Jul 2018 12:39:41 -0700 (PDT)
Received: from anna.localdomain (firewallix.jacobs-university.de [212.201.44.247]) by ietfa.amsl.com (Postfix) with ESMTP id 81A02130E18 for <netconf@ietf.org>; Tue, 10 Jul 2018 12:39:41 -0700 (PDT)
Received: by anna.localdomain (Postfix, from userid 501) id AF92022FF537; Tue, 10 Jul 2018 21:39:40 +0200 (CEST)
Date: Tue, 10 Jul 2018 21:39:40 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Eric Voit (evoit)" <evoit@cisco.com>
Cc: Andy Bierman <andy@yumaworks.com>, Martin Bjorklund <mbj@tail-f.com>, Netconf <netconf@ietf.org>
Message-ID: <20180710193940.jsslo3657wwee6ku@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: "Eric Voit (evoit)" <evoit@cisco.com>, Andy Bierman <andy@yumaworks.com>, Martin Bjorklund <mbj@tail-f.com>, Netconf <netconf@ietf.org>
References: <CABCOCHSfzpj3Kca2RRtNFV6wLLt_6r4p3vfS_j4Hzfai-0Y2gA@mail.gmail.com> <20180708.095807.918450792556408986.mbj@tail-f.com> <20180708100310.gn3xaol66f7c7lo5@anna.jacobs.jacobs-university.de> <20180708.180552.1582913595227099806.mbj@tail-f.com> <CABCOCHQfirYPAVJwLELnqw0VJ=js7aFNX9wB7Xcs6Tkw06w1hw@mail.gmail.com> <9c3799f19cf84b22a3659c04a548ba67@XCH-RTP-013.cisco.com> <CABCOCHT=7-dPzTPYLvVN1J12uwGWh9GoA7r5nu=zYYD1nnFwTQ@mail.gmail.com> <273f987e3a224411a01a599afb42f25f@XCH-RTP-013.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <273f987e3a224411a01a599afb42f25f@XCH-RTP-013.cisco.com>
User-Agent: NeoMutt/20180622
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/uq7pytmp63n2I25NuMM_qA3R2Wo>
Subject: Re: [Netconf] Anyone want just Configured Subscriptions?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 19:39:46 -0000

[I can't read this email exchange anymore because the plain text
 format is a mess. So this may be a bit out of context.]

Lets not forget that RFC 8071 is pretty clear that after the call home
procedure the NETCONF / RESTCONF protocol starts (see steps C8 / S6).
And RFC 6241 is pretty clear that the NETCONF protocol starts with a
<hello> exchange. The <hello> exchange is a very useful negotiation
step.

So in short, after RFC 8071 call home, you get NC/RC client and server
starting with a <hello> exchange. Ideally, the client would indicate
its readiness to receive unsolicited notifications before you push
notifications to the client (and the notification sender may even be
interested to know that it is sending notifications to a remote system
that does not just drop them). So either the clients invokes an RPC to
start the notification flow or, if you want to optimize one round
trip, the client includes a special

  :willing-to-receive-unsolicited-notifications

capability in the <hello> exchange.

Note that possible protocol extensions like for example different
encodings will likely be negotiated via the hello exchange as
well. Hence, any attempts to optimize the <hello> exchange away may
cause you some trouble down the road.

/js

On Tue, Jul 10, 2018 at 03:57:37PM +0000, Eric Voit (evoit) wrote:
> 
> 
> From: Andy Bierman, July 9, 2018 11:07 PM
> ...
> 
> On Sun, Jul 8, 2018 at 8:05 PM, Eric Voit (evoit) <evoit@cisco.com<mailto:evoit@cisco.com>> wrote:
> Hi Andy,
> 
> From: Andy Bierman, July 8, 2018 12:26 PM
> On Sun, Jul 8, 2018 at 9:05 AM, Martin Bjorklund <mbj@tail-f.com<mailto:mbj@tail-f.com>> wrote:
> Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de<mailto:j.schoenwaelder@jacobs-university.de>> wrote:
> > On Sun, Jul 08, 2018 at 09:58:07AM +0200, Martin Bjorklund wrote:
> > > Andy Bierman <andy@yumaworks.com<mailto:andy@yumaworks.com>> wrote:
> > > >
> > > > You mean <start-all-configured-subscriptions> I think.
> > >
> > > Yes.
> > >
> >
> > If you do this, why does the client, after receiving a call home, not
> > simply create dynamic subscriptions? ;-)
> 
> Well, the configured subscription is needed anyway in order for the
> device to call home, so having the client create all configured
> subscriptions as dynamic subscriptions as well doesn't seem quite
> right.
> 
> It is quite possible that multiple RPC operations are needed to get the session
> started, such as reading the YANG library, and that the client
> is not ready to receive notifications as soon as the session is started.
> So an <activate-configured-sessions> operation may help.
> 
> 
> But if the WG agrees that it is ok to send <notification> directly,
> this issue goes away.
> 
> Sitting idle is definitely OK.
> Accepting notifications right away is OK as an implementation feature
> outside the standard.
> 
> <Eric> If the NETCONF-Notif says that the NETCONF client for a configured subscription must be able to handle accepting notifications right away, do you see any standardization issue with this behavior in this context?
> 
> 
> Actually, I think there are issues with configured subscriptions wrt/ CallHome because
> of the text in RFC 8071, 1.3:
> 
> https://tools.ietf.org/html/rfc8071#section-1.3
> 
> The transport and encoding leafs are identityrefs, which means the possible values
> are unknown and unbounded.
> 
> Do all possible values (including vendor values, which are valid for the YANG leaf)
> change the protocol enough so separate security analysis are required?
> I think a SecDir review may raise concerns wrt/ this issue.
> 
> <Eric> For any IETF defined transport, a “Transport-Notif” draft definitely needs to address any issues with Call Home or other such mechanism.  At next IETF, perhaps we will see if this can await concurrent resolution with the NETCONF client/server work.
> 
> For configured subscriptions with a vendor specified transport identity, it would be great to see SecDir sees any issues.  I don’t see anything off hand (as it is a vendor transport), but I certainly don’t claim all their perspectives.
> 
> Eric
> 
> Eric
> 
> /martin
> 
> Andy
> 
> 
> Andy
> 

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email