IETF Logo Mail Archive

Re: [secdir] [i2rs] Asynchronous Nature of the I2RS Protocol - vs RESTCONF and NETCONF

Jeffrey Haas <jhaas@pfrc.org> Wed, 04 March 2015 19:42 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37DFD1A879F; Wed, 4 Mar 2015 11:42:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.578
X-Spam-Level:
X-Spam-Status: No, score=-1.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eyWnr3JuF-QS; Wed, 4 Mar 2015 11:42:45 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF241A8727; Wed, 4 Mar 2015 11:42:45 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id C95ADC20C; Wed, 4 Mar 2015 14:42:44 -0500 (EST)
Date: Wed, 04 Mar 2015 14:42:44 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: Susan Hares <shares@ndzh.com>
Message-ID: <20150304194244.GB9142@pfrc>
References: <01c301d05538$0b4846c0$21d8d440$@ndzh.com> <54F4E7D7.1000603@gmail.com> <023e01d055fe$8688c9b0$939a5d10$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <023e01d055fe$8688c9b0$939a5d10$@ndzh.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/wtXOy9ud59C7lrO3ie5dV29AyEM>
X-Mailman-Approved-At: Wed, 04 Mar 2015 14:11:57 -0800
Cc: i2rs@ietf.org, secdir@ietf.org
Subject: Re: [secdir] [i2rs] Asynchronous Nature of the I2RS Protocol - vs RESTCONF and NETCONF
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2015 19:42:46 -0000

To expand on some of Sue's details in-line:

On Tue, Mar 03, 2015 at 05:08:05PM -0500, Susan Hares wrote:
> Thank you for your clear question - let me try to unpack and answer your
> question.  I really appreciate your aid in working through these cases. 
> 
> <chair-hat off> 
> The asynchronous models we've discussed are:
> 1) polling based - I2RS client queries at a set of agents to receive status
> information

An example of this is the GET operation in NETCONF or RESTCONF.

> 2) call-back based - the I2RS Client performs an action (adds an interface)
> and the I2RS agent returns a response after the sequence is done.

An example of this is creating a subscription against interface state, then
taking an action (edit-config, RPC) that adds that interface.

> 3) pub/sub based - meaning the I2RS clients sign up to receive publications
> of results. 

E.g. netconf notifications

> 4) atomic based - a sequence of commands that are done and then returned
> with a call-back.  
> (if you think I've missed one, please let me know). 

Most of our cases fit this and are aligned with RESTCONF.

> 
> IHMO the use of a checkpoint in each of the cases is the following. 
> 1) polling 
> The checkpoint (or revision counter) would be used to indicate if something
> else had written or change the portion of the tree after the polling began.
> This checkpoint can be for the whole tree or a model.  The keeping of a
> checkpoint per item within a model may be prohibited. 

This checkpoint detail is something that we will likely need to raise to the
netconf group as a component to assist in I2RS scenarios.  Here's a high
level description of how it might work.

There is a presumption that it may be possible for the I2RS agent to
restart.  Given that a number of I2RS operations are likely to be built
using multiple interactions with the agent, it's necessary to understand
what state the agent may be in with regard to last-reset.  A simple but
unscalable way to implement this is to preceed each operation with a
get/get-config to verify the state of the system prior to sending in the
next I2RS operation.  What is likely more stable is simply knowing whether
the system is in the same state as when you last interacted with it.

A version numbering system of some sort, whether system-wide or potentially
as part of some models (perhaps even just I2RS models) would be sufficient
to provide such a checkpoint.

An example of the problem space this would address presuming three
operations must be completed to accomplish a given I2RS goal, "A B C".
If the agent crashes after B has been done, C may either complete with no
errors, or may fail before the setup state for A and B are no longer in the
system.

An analogous mechanism in SNMP to address such issues are discontinuity
objects.


-- Jeff

v2.23.0 | Report a Bug | By Email