IETF Logo Mail Archive

Re: [Netconf] Subscription Use Cases

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 08 December 2016 15:01 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB393129A35 for <netconf@ietfa.amsl.com>; Thu, 8 Dec 2016 07:01:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.418
X-Spam-Level:
X-Spam-Status: No, score=-17.418 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.896, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cayUwXs4Gbsq for <netconf@ietfa.amsl.com>; Thu, 8 Dec 2016 07:01:08 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F17ED1299CB for <netconf@ietf.org>; Thu, 8 Dec 2016 06:52:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3475; q=dns/txt; s=iport; t=1481208724; x=1482418324; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=AN/UV7laPLYQumQbrgfrQvfmVxLa90dMd5VRx8p7r6c=; b=Fihv2IxNM7+J6iS+vym5ZL6LtST7sFy+dwnaMZVP8mv3uws4g7qUI+jz ZjIhw05mRCsa1LK88T4ifHzE/YWYoWIgWUNwRQWV0CFUlwOZwk+2jPW+Z HjgWHEmOS0Oxmpu1KJvpTFdymsjP322Kke0HWkqZNC4PhdD9Y7HzMdWeS 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BuAQAic0lY/4wNJK1eGgEBAQECAQEBAQgBAQEBgzcBAQEBAR+BZ41DlxOVAYIIgmuDNgKBcz8UAQIBAQEBAQEBYiiEaAEBAQMBOj8FCwIBCA4HDwEREDIlAgQODRECiEgIqleLPgEBAQEBAQEBAQEBAQEBAQEBAQEBAR2GPoRbiikFmmoBkRWQSo4IhA0BHzeBGYNcHYFdhmcCJAQDgQOBDQEBAQ
X-IronPort-AV: E=Sophos;i="5.33,320,1477958400"; d="scan'208";a="358342869"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Dec 2016 14:52:04 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id uB8Eq3iu018261 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 8 Dec 2016 14:52:04 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 8 Dec 2016 09:52:03 -0500
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1210.000; Thu, 8 Dec 2016 09:52:03 -0500
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Martin Bjorklund <mbj@tail-f.com>
Thread-Topic: [Netconf] Subscription Use Cases
Thread-Index: AQHSUTKNz0LSmZX5b0GYyl1Cgj0Ou6D+G3xg
Date: Thu, 08 Dec 2016 14:52:02 +0000
Message-ID: <a2b682ef436c4b67881c26c04ad3d0b5@XCH-RTP-013.cisco.com>
References: <e9128f79b8bc4923815e40510678c026@XCH-RTP-013.cisco.com> <20161208.100745.1423954834248283961.mbj@tail-f.com>
In-Reply-To: <20161208.100745.1423954834248283961.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.56.226]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/yT4VWHa1XXCoTcfCf0DtTPHqeV4>
Cc: "netconf@ietf.org" <netconf@ietf.org>
Subject: Re: [Netconf] Subscription Use Cases
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2016 15:01:15 -0000

Hi Martin,

> From: Martin Bjorklund, December 8, 2016 4:08 AM
> 
> I think your requirements below are more like driving forces for YANG push,
> right?  Is there any of these that affects the solution in RFC 5277?

The majority of these cases need yang-push.   But yang push is only possible when the information is yang modeled.  And in some of these cases, not all the information is yang modeled on a platform.  (As much as I wish it were.)  I have indicated a few places where this is the case in-line.

Beyond the original cases I sent, there are other use cases where there are notifications will not be YANG modeled. 

(Category 4) Control Plane Notifications

(4a) First-sign-of-life on new CPE.   In this case you need to figure out what to do when a new CPE appears on an access link.  For example, a policy determination needs to be made on what security treatment it needs.  This notification could be done via NETCONF.  And the request could come from the same controller subscribing to traditional NETCONF notifications.

In the end, more and more stuff will be yang modeled on the device.  That is one reason I like your alarm-yang-module.  Approaches like the alarm will allow more robust yang-push mechanisms to be used over event notifications.  But we won't be there for a while.

> > (Category 1) Streaming Telemetry
> >
> > High volume set of objects pushed on a predictable schedule.
> >
> > (1a) Telemetry: Fast replication of YANG operational/config data
> > off-box for traffic or configuration analysis
> >
> > (1b) Multi operations reporting: Send a targeted subset
> > operational/config data to an Operations group not directly managing
> > device
> >
> > (Category 2) Distributed Eventing
> >
> > No need to repeatedly poll to see if targeted subsets of Network
> > Element config have changed. The latest is pushed as it happens.
> >
> > (2a) Integrity Verification: Push discovered changes in keys, config,
> > software hash as they happen.  Application validates that change is
> > authorized.

Not all the needed info here is yang modeled.

> > (2b) Eliminate Polling: NMS/controllers pushed config changes as they
> > occur in Network Elements (enabling real-time state synchronization).
> >
> > (2c) IWAN: Changes in Operational Data drive network rebalancing for
> > optimized enterprise facilities usage
> >
> > (2d) Domain Policer: provide a single policed data rate across
> > multiple data centers or branch offices
> >
> > (2e) DDoS Protection: send suspect spikes of traffic across a set
> > devices to a scrubber

Not all the needed info here is yang modeled.

> >
> > (Category 3) Network as the Subscriber
> >
> > Distributed CPE, VMs, routers can subscribe to a fast changing
> > centralized configuration repository
> >
> > (3a) Perimeter & Internal Blocking: When vulnerabilities are detected,
> > ephemeral remediation policies are temporarily installed across a
> > domain of devices.
> >
> > (3b) Tunnel Endpoint Synch: Filtered subsets of centrally managed
> > tunnel Ethernet endpoints can be downloaded and coordinated across
> > edge devices to minimize effort in maintaining dynamic mesh

Not all the needed info here is yang modeled.

Eric

> > (3c) Policy mirroring: Enables trusted or partially-trusted edge
> > devices to mirror the state of a central configuration repository
> 
> 
> /martin

v2.23.0 | Report a Bug | By Email