IETF Logo Mail Archive

Re: [yang-doctors] [netconf] Yangdoctors last call review of draft-ietf-netconf-subscribed-notifications-21

"Eric Voit (evoit)" <evoit@cisco.com> Fri, 25 January 2019 21:15 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C12C2124D68; Fri, 25 Jan 2019 13:15:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -19.054
X-Spam-Level:
X-Spam-Status: No, score=-19.054 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G0cevMUDSQVd; Fri, 25 Jan 2019 13:15:33 -0800 (PST)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9903A123FFD; Fri, 25 Jan 2019 13:15:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6952; q=dns/txt; s=iport; t=1548450933; x=1549660533; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=wVvA8P7h8/7TbqrP7rIIB2Wa8kUCv2dkDoMJSMGGv1A=; b=gySdmJMVhk+MHZ3fnklimnycY0Cf9cXnLH04h6g5wjCjmZxmnUKVQ94L eVvdafAGEycb11GnkolBsj7bc3e23lhEIll5zFVb0K/OEnFilFbmPCYKM h2k2hiOpjDhhmQGGCdIIxsNgjcQmNGvnbvNlnYITv5QniZdf6XTOQKrFg U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADAABKe0tc/49dJa1kGQEBAQEBAQEBAQEBAQcBAQEBAQGBUQQBAQEBAQsBgVopZ4EDJwqMEYt1gg18lwuBewsBARgLhANGAoMKIjQJDQEDAQECAQECbRwMhUoBAQEBAgEBATgtBwkCBQsCAQgVAw0RBQsnCyUCBAENBQiCT0yBeQgPq3aKKAWMQReBQD+BEYJdNYMeAQGBS4VUIgKJSEqHWZBNCQKLBYcbIJInihORCwIRFIEnHziBVnAVO4JsgicXE20BB4dXhT4BQTGKD4EfAQE
X-IronPort-AV: E=Sophos;i="5.56,523,1539648000"; d="scan'208";a="231338274"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jan 2019 21:15:32 +0000
Received: from XCH-RTP-015.cisco.com (xch-rtp-015.cisco.com [64.101.220.155]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x0PLFVbR014265 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 25 Jan 2019 21:15:31 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-015.cisco.com (64.101.220.155) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 25 Jan 2019 16:15:31 -0500
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1395.000; Fri, 25 Jan 2019 16:15:31 -0500
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Per Hedeland <per@hedeland.org>, Martin Bjorklund <mbj@tail-f.com>
CC: "draft-ietf-netconf-subscribed-notifications.all@ietf.org" <draft-ietf-netconf-subscribed-notifications.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, "yang-doctors@ietf.org" <yang-doctors@ietf.org>
Thread-Topic: [netconf] [yang-doctors] Yangdoctors last call review of draft-ietf-netconf-subscribed-notifications-21
Thread-Index: AQHUrG6+nBjZ9hMl8U25QTRsXd0ZC6Ww36AggANDEICAARW3EIAAAXJggAU/bACAAWWKIIABCD+A///v5GCAAKn4AP//skVAgAGV2gD//60SYAANQ54AAApn7nD//7rBgIAATO5Q///xy4CAAB+zwIAAwVMA///xWjCAAIE3gIAAU4mQ///b6QAACBjB0A==
Date: Fri, 25 Jan 2019 21:15:31 +0000
Message-ID: <e6e5a75f9f9c4f12b8f2dd4069b53cf0@XCH-RTP-013.cisco.com>
References: <83b12adbb7234a84a56ac3ec00bb0673@XCH-RTP-013.cisco.com> <20190125.093938.375156009332209799.mbj@tail-f.com> <adb990ccef2e4fa78d2ad7c12323617e@XCH-RTP-013.cisco.com> <20190125.162941.2222352349671950038.mbj@tail-f.com> <9d4bbc12ddb448ca98fd8560a02565c5@XCH-RTP-013.cisco.com> <2b60239e-979e-3627-e3c5-62b264811f18@hedeland.org>
In-Reply-To: <2b60239e-979e-3627-e3c5-62b264811f18@hedeland.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.56.226]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.155, xch-rtp-015.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/zJgmtpjN15Gl5nWty4yZJoK5lbo>
Subject: Re: [yang-doctors] [netconf] Yangdoctors last call review of draft-ietf-netconf-subscribed-notifications-21
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jan 2019 21:15:37 -0000

> From: Per Hedeland, January 25, 2019 1:20 PM
> 
> On 2019-01-25 16:41, Eric Voit (evoit) wrote:
> >> From: Martin Bjorklund, January 25, 2019 10:30 AM
> >>
> >> "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> >>>> From: Martin Bjorklund, January 25, 2019 3:40 AM
> >>>>
> >>>> "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> >>>>>> "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> >>>>>>>> "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> >>>>>>>>>> From: Martin Bjorklund, January 24, 2019 9:40 AM
> >>>>>>>>>>
> >>>>>>>>>> "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> >>>>>>>>>>>> From: Martin Bjorklund, January 24, 2019 8:17 AM
> >>>>
> >>>> [...]
> >>>>
> >>>>>>>>>>>> Thinking some more, what is supposed to happen if the
> >>>>>>>>>>>> client on the same session sends first an
> >>>>>>>>>>>> establish-subscription with dscp 42, and then another
> >>>>>>>>>>>> establish-
> >>>> subscription with dscp 10?
> >>>>>>>>>>>
> >>>>>>>>>>> This would be allowed.
> >>>>>>>>>>
> >>>>>>>>>> On linux at least this is a sockopt, i.e., the option applies
> >>>>>>>>>> to the socket, which means all packets on the session.  So
> >>>>>>>>>> how is this supposed to be implemented if different messages
> >>>>>>>>>> on the session should have different dscp values?
> >>>>>>>>>> Or is the
> >>>>>>>>>> idea that you send the msg, flush all data from ssh/tls to
> >>>>>>>>>> tcp, then flush the tcp buffers (not that easy...)?
> >>>>>>>>>>
> >>>>>>>>>> Even if there's just one establish-subscription with a dscp
> >>>>>>>>>> value, since it applies to the session it means that all
> >>>>>>>>>> normal rpcs on this session will get the same dscp value.
> >>>>>>>>>> It is not clear that this is the intention?
> >>>>>>
> >>>>>> Did you miss these questions?
> >>>>>
> >>>>> With NETCONF, one DSCP will apply to single TCP session.  So there
> >>>>> is no
> >>>> issue.
> >>>>
> >>>> The problem is if a client sends two establish-subscriptions with
> >>>> different values for dscp on the same session.  Or even if the
> >>>> client sends one
> >>>> establish-
> >>>> subscription with som dscp value, then the dscp will be applied to
> >>>> all packets from other rpcs as well.
> >>>>
> >>>> ... and even worse, with SSH channels you can have multiple NETCONF
> >>>> session on the same TCP session, which means that the dscp value
> >>>> applies to all packets in all NETCONF sessions sharing the same TCP
> >>>> session.
> >>>>
> >>>> I don't know what the right thing to do is.  Probably first agree
> >>>> that this is in fact a problem, then maybe simply document this
> >>>> somehow.
> >>>
> >>> I hadn't thought about multiple NETCONF SSH channels.  I agree
> >>> something to guide developers is needed here.  The easiest fix is to
> >>> recommend not supporting feature "dscp" with NETCONF.  (It shouldn't
> >>> be absolutely prohibited as DSCP related RFC's such as RFC7657 embed
> >>> text like "a single DSCP should be used for all packets in a TCP
> >>> connection".)
> >>>
> >>> Here is the text I suggest is put into
> >>> draft-ietf-netconf-netconf-event-notifications, Section 5:
> >>>
> >>> "The feature "dscp" SHOULD NOT be supported over NETCONF.  This will
> >>> avoid the potential for out-of-order packet delivery of the set of
> >>> all traffic within the TCP session."
> >>
> >> I think this is a bit too limiting.  For configured subscriptions it
> >> can be perfectly fine, since the server can ensure that there's a
> >> single TCP session to the receiver in this case.  (I know we don't support
> configured subscriptions at the moment).
> >>
> >> Perhaps we can say in the SN document:
> >>
> >>    If a server that supports the "dscp" feature cannot guarantee that
> >>    the only packets sent on an underlying transport session are from
> >>    the subscription, then it should reject the subscription with a
> >>    "dscp-unavailable" error.  This will avoid the potential for
> >>    out-of-order packet delivery of the set of all traffic within the
> >>    TCP session.
> >
> > This works for me.    I will put this in Section 2.3, directly after the sentence:
> >
> >     If the publisher supports the "dscp" feature, then a subscription
> >     with a "dscp" leaf MUST result in a corresponding [RFC2474] DSCP
> >     marking being placed within the IP header of any resulting
> >     notification messages and subscription state change notifications.
> >
> >   unless I hear any objections on this thread.
> 
> I'm not sure why the "avoid out-of-order" rationale was presented.
> There is no order "of the set of all traffic within the TCP session"
> to be out-of. Regardless of DSCP, SSH peers will send data on the channels
> (NETCONF sessions) in an order that depends, among other things, on the rate
> of consumption of that data. They will preserve order on any given channel, but
> will not consider order with respect to other channels (arguably, not having to
> do that is the whole point of having flow control at the SSH level).

Hi Per,

What you say is absolutely true.  You likely know this, but Martin asked to include the out-of-order rationale because if a TCP session carries traffic consisting of a set of DSCP values, then the network elements between the publisher and receiver might reorder the packets.   While the order might be restored at the receiver (per your point), this might also be seen as loss.  The result to the application is that higher priority dscp packets will be seen no faster those with lower priority.  Again you likely know this, but there is more on this general topic in places like RFC-7657, Section 5.2.

To cover what Martin wants, and reduce the non-normative text, how about the following?...

"Where TCP is used, a publisher which supports the "dscp" feature SHOULD ensure that a subscription's notification messages are returned within a single TCP transport session where all traffic shares the subscription's requested "dscp" leaf value.   Where this cannot be guaranteed, any "establish subscription" RPC request SHOULD be rejected with a "dscp-unavailable" error."

Eric

> I suggest simply dropping the "This will avoid ..." sentence.
> 
> --Per
> 
> > Eric
> >
> >> I think such text belongs to the SN document, since it may apply to
> >> other transports than just NETCONF.
> >>
> >>
> >> /martin
> >>
> >>
> >>
> >>> With this text, a RESTCONF publisher can support the feature dscp.
> >>> And if someone attempts to use dscp with a NETCONF subscription to
> >>> the same publisher, the error "dscp-unavailable" can be sent.
> >>>
> >>> Eric
> >>>
> >>>
> >>> ...
> >>>> /martin
> >>>
> >
> > _______________________________________________
> > netconf mailing list
> > netconf@ietf.org
> > https://www.ietf.org/mailman/listinfo/netconf
> >

v2.23.0 | Report a Bug | By Email