Re: [netconf] HTTPS notifications (draft-ietf-netconf-https-notif)

Balázs Lengyel <balazs.lengyel@ericsson.com> Thu, 26 September 2019 09:04 UTC

Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AEE4120844 for <netconf@ietfa.amsl.com>; Thu, 26 Sep 2019 02:04:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErlmNue9-hJw for <netconf@ietfa.amsl.com>; Thu, 26 Sep 2019 02:04:22 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03on060c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe09::60c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6461120843 for <netconf@ietf.org>; Thu, 26 Sep 2019 02:04:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WyRmaC8I8MAq/1282jEavHIkjyFQ0CByr0sD7w1/GekNPrKQrH1BkS9idXMeJpC1R+McoVqpK7J09DBHVOW3XVHo2lDDkNDAch/f35qn+pxdcxaFD7YrRp3uywGx+/c/LDOaKqmEIs4BJHoTP7lY4YZzBwBGgK17b6SKfxOxzNq2ANG5ZY9sAqBa0VY306dtk6nvN8xLtAfZdWHgyKxkS3hiLVuc48opRIvYRpEwgXspJtq/wumQDec0MjHUp+bQUhuMhbHRx4v1k8AP5AlwYvN5PsFvIds1JYKg4ajSKb8WA5XW/MWyMDGfh0/R+euLKuTBRYapwbx+5WTAX3EkCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t1pUq8L0C+z71X6WuLF//ZxZvrdt/Fh8w+IS3pwmBjk=; b=QnbrfZjzi3ZiVdKjnTnMWgZLwYFBSsni7Xd04d8TbeVREt/hZkp6Jo+N0HIsbjUeSQ7FGpTl2APYzaDxlc2VRJwWN+Bsp5dVZeESVDmCW3rskvuf3Ib+FcBvlqPKhNYMCkcFhCQ1JWKqbwLq3bcFVy0LO647iWhyP6axeW4saPtR5OaZ9o3SkfZ4pEN4bIc31e2pzjtgcCfXRFHehFkiTvmIiEGtu4GQAVoVjQPMROgT8tXEgQwF3HD5e+nmz2wbAOCNa2hqfuCVegOUFzbhekuN9JTL5s6B0aBC2z1hQ2Nayb+2a2PpDTCFqZOK4p5VHZm4wcljscIcShPSGgfQhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t1pUq8L0C+z71X6WuLF//ZxZvrdt/Fh8w+IS3pwmBjk=; b=HJ4N9ZK5+RiH1dRW4fwHv2kYXn7U4wuwhYB/PvuDTx96ABcEiO5JmiQLy5rLBuZnvezg7ldksQT3CX522bfb0AVfvSDNilnD1AvHz3p+2kxptlB7L9xzyoiQvxwihNfQRP4SY7wSvfdE3vXk0A13wQqGzv5B/kCh3208uKHlM24=
Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2591.eurprd07.prod.outlook.com (10.173.85.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.15; Thu, 26 Sep 2019 09:04:19 +0000
Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f%7]) with mapi id 15.20.2305.017; Thu, 26 Sep 2019 09:04:19 +0000
From: Balázs Lengyel <balazs.lengyel@ericsson.com>
To: Martin Bjorklund <mbj@tail-f.com>, "evoit@cisco.com" <evoit@cisco.com>
CC: "kent@watsen.net" <kent@watsen.net>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] HTTPS notifications (draft-ietf-netconf-https-notif)
Thread-Index: AdVyXY/fdU3HloeGTTOWCxwrTn1HQwAEWnoAAA0vtgAADqW6AAAAXNaAAFoxXVA=
Date: Thu, 26 Sep 2019 09:04:19 +0000
Message-ID: <VI1PR0701MB22866E0805D00F623205146CF0860@VI1PR0701MB2286.eurprd07.prod.outlook.com>
References: <0100016d60ab5732-3db5a046-a7b1-4386-b507-977cfa0cd25b-000000@email.amazonses.com> <20190924.084558.420273240258823379.mbj@tail-f.com> <BN7PR11MB262795493DD8079F2A3D02EDA1840@BN7PR11MB2627.namprd11.prod.outlook.com> <20190924.155545.1143100128662277152.mbj@tail-f.com>
In-Reply-To: <20190924.155545.1143100128662277152.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com;
x-originating-ip: [89.135.192.225]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aa8695bd-eb2a-42ab-1eba-08d7426083ec
x-ms-traffictypediagnostic: VI1PR0701MB2591:
x-microsoft-antispam-prvs: <VI1PR0701MB25910F05E5F24ED362C17749F0860@VI1PR0701MB2591.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0172F0EF77
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(39860400002)(396003)(346002)(366004)(13464003)(199004)(189003)(14454004)(26005)(256004)(71190400001)(6246003)(7736002)(2501003)(5660300002)(6506007)(3846002)(53546011)(102836004)(186003)(99286004)(71200400001)(478600001)(7696005)(86362001)(45776006)(76176011)(6116002)(2906002)(9686003)(81156014)(55016002)(486006)(99936001)(14444005)(54906003)(15650500001)(11346002)(33656002)(66574012)(66066001)(25786009)(8676002)(110136005)(66446008)(81166006)(316002)(4326008)(229853002)(52536014)(66946007)(476003)(446003)(66616009)(66556008)(64756008)(74316002)(66476007)(76116006)(6436002)(305945005)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2591; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zN/ZjCTRZUtgX3CGmeeXryuw5PV2yBxiAeSgYo7SpwLDV1R2vxSqGXke8EZHLhR6xCvsbqMvVhToYKlBYMqHKuLPBDhZSESM1Ij/H6NjRaNvhWrMlkfz7I3AJeETCfzzeFtgMO/BEfHLTygulunRoBavE7rGbhfN8Ki+HUQN0eWwqDUFGcaNKxglDCxeTw1rWescC6Wkpcd0lIE5W3kLMi5A1+R6V6AQHhDUvg+NFJh3+TtoqCXxpvaQY3Su4yurZhLDBZF/eOEaMhqh5UT46vcjsOgmOuKTiEYVoYJUKD8so2/eTATYQ/CFIVBK/PmT9lIbXzqNRS+Nwz5pui2qgbqzYiGDEF+ZkzyJCGYV7/0eyVSKeX017tw7K5zQM9q7KJYdaUPOAWfEYDXNPha4mymgcznjTA2CvqThClo2Q0o=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_03D1_01D5745A.23FC3EB0"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa8695bd-eb2a-42ab-1eba-08d7426083ec
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2019 09:04:19.3238 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8eWQDw3zgY/Kxh+6FtXkYQG+etFQysvaTLagbycdthd3vptT2X/4AvmvPhKAOZFJi751NqeKNyQtek5Z8MZTdgUeh2qbCZa+n2+YnWtJP/8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2591
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/zJxXBWCEb1K9eUbf-XECl000BuM>
Subject: Re: [netconf] HTTPS notifications (draft-ietf-netconf-https-notif)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2019 09:04:25 -0000


-----Original Message-----
From: Martin Bjorklund <mbj@tail-f.com> 
Sent: 2019. szeptember 24., kedd 15:56
To: evoit@cisco.com
Cc: kent@watsen.net; Balázs Lengyel <balazs.lengyel@ericsson.com>;
netconf@ietf.org
Subject: Re: [netconf] HTTPS notifications (draft-ietf-netconf-https-notif)

"Eric Voit (evoit)" <evoit@cisco.com> wrote:
> 
> 
> > > From the email I sent Martin on Sep 9th, each POST MAY contain 
> > > more than one notification:
> > 
> > .... to which I replied:
> > 
> >   I'm not so sure about the streaming though.
> >   Perhaps pipelining is the right mechanism.  For "bulk" sending, the
> >   "bundled-message" defined in draft-ietf-netconf-notification-messages
> >   seems right.
> > 
> > To clarify: if the client just sends a stream of notifs it becomes a
> variant of
> > SSE.  The server doesn't know when the stream will end, and thus 
> > cannot simply close the session.  You probably want to indicate 
> > end-of-message somehow (like in SSE).  And the content type in the 
> > example below cannot be "application/yang-data+xml", since it is not 
> > a valid XML instance document; you'd have to invent a new media type to
indicate the streaming.
> > 
> > I think we should stick to simple HTTP where each notif is POSTed, 
> > as in
> your
> > diagaram above.  With HTTP pipelining you can do:
> > 
> > ------> establish TCP
> > ------> establish TLS
> > ------> Send HTTPS POST message with YANG defined notification 1 
> > ------> Send HTTPS POST message with YANG defined notification 2
> > <-----Send 204 (No Content) for 1
> > <-----Send 204 (No Content) for 2
> > 
> > ------> Send HTTPS POST message with YANG defined notification 3
> > <-----Send 204 (No Content) for 3
> > 
> > 
> > If the server wants to send multiple notifs at once, it can use 
> > "bundled- message".
> 
> This seems a reasonable approach. 
> draft-ietf-netconf-notification-messages
> has several advantages:
> (1) can push multiple YANG notifications at once
> (2) can include the subscription-id in notifications when subscribing 
> to a stream.  (Right now including an explicit subscription-id is only 
> available when subscribing to a datastore.)
> (3) includes methods to discover lost/dropped notifications
> 
> Two things which would need to be worked:
> (1) discovering receiver support for bundled notifications.  (As some 
> form of understanding/verifying configured receiver support over HTTP 
> is already needed, this is a topic which perhaps can be merged into 
> that.)
This can be configured or auto-detected.  For auto-detection, perhaps we can
use HTTP OPTIONS with the server returning a special body or header to
indicate capabilities such as this one?
> (2) Completion of draft-ietf-netmod-yang-data-ext
Yes!  IMO it is ready for WGLC; I'll ping the chairs again.
/martin

BALAZS: IMHO autodetection is much better then configuration. However we
should try to avoid extra message roundtrips to do autodetection, so IMHO
either
- cache receiver capabilities for subscriptions, so autodetection is needed
only once
- send bundled notifications immediately and fallback to simple
notifications if needed based on any error messages received 
Regards Balazs