draft-ietf-netconf-restconf-notif-02.txt   draft-ietf-netconf-restconf-notif-03.txt 
NETCONF E. Voit NETCONF E. Voit
Internet-Draft A. Gonzalez Prieto Internet-Draft A. Tripathy
Intended status: Standards Track A. Tripathy Intended status: Standards Track E. Nilsen-Nygaard
Expires: September 14, 2017 E. Nilsen-Nygaard Expires: February 5, 2018 Cisco Systems
Cisco Systems
A. Clemm A. Clemm
Huawei Huawei
A. Gonzalez Prieto
VMWare
A. Bierman A. Bierman
YumaWorks YumaWorks
March 13, 2017 August 4, 2017
Restconf and HTTP Transport for Event Notifications Restconf and HTTP Transport for Event Notifications
draft-ietf-netconf-restconf-notif-02 draft-ietf-netconf-restconf-notif-03
Abstract Abstract
This document defines Restconf, HTTP2, and HTTP1.1 bindings for the This document defines Restconf, HTTP2, and HTTP1.1 bindings for the
transport of Subscription requests and corresponding push updates. transport of Subscription requests and corresponding push updates.
Being subscribed may be either Event Notifications or objects or Being subscribed may be either publisher defined event streams or
subtress of YANG Datastores. nodes/subtrees of YANG Datastores.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 14, 2017. This Internet-Draft will expire on February 5, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 17 skipping to change at page 2, line 18
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Dynamic YANG Subscription with RESTCONF control . . . . . 3 3.1. Dynamic YANG Subscription with RESTCONF control . . . . . 3
3.2. Subscription Multiplexing . . . . . . . . . . . . . . . . 6 3.2. Subscription Multiplexing . . . . . . . . . . . . . . . . 6
4. Encoded Subscription and Event Notification Examples . . . . 7 4. Encoded Subscription and Notification Message Examples . . . 7
4.1. Restconf Subscription and Events over HTTP1.1 . . . . . . 7 4.1. Restconf Subscription and Events over HTTP1.1 . . . . . . 7
4.2. Event Notification over HTTP2 . . . . . . . . . . . . . . 12 4.2. Event Notification over HTTP2 . . . . . . . . . . . . . . 12
5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 5. Security Considerations . . . . . . . . . . . . . . . . . . . 12
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
7.1. Normative References . . . . . . . . . . . . . . . . . . 13 7.1. Normative References . . . . . . . . . . . . . . . . . . 13
7.2. Informative References . . . . . . . . . . . . . . . . . 14 7.2. Informative References . . . . . . . . . . . . . . . . . 14
Appendix A. End-to-End Deployment Guidance . . . . . . . . . . . 14 Appendix A. End-to-End Deployment Guidance . . . . . . . . . . . 14
A.1. Call Home . . . . . . . . . . . . . . . . . . . . . . . . 14 A.1. Call Home . . . . . . . . . . . . . . . . . . . . . . . . 14
A.2. TLS Heartbeat . . . . . . . . . . . . . . . . . . . . . . 15 A.2. TLS Heartbeat . . . . . . . . . . . . . . . . . . . . . . 15
Appendix B. Issues being worked and resolved . . . . . . . . . . 15 Appendix B. RESTCONF over GRPC . . . . . . . . . . . . . . . . . 15
B.1. Unresolved Issues . . . . . . . . . . . . . . . . . . . . 15
Appendix C. Changes between revisions . . . . . . . . . . . . . 15 Appendix C. Changes between revisions . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
Mechanisms to support Event subscription and push are defined in Mechanisms to support Event subscription and push are defined in
[sn]. Enhancements to [sn] which enable YANG Datastore subscription [sn]. Enhancements to [sn] which enable YANG Datastore subscription
and push are defined in [yang-push]. This document provides a and push are defined in [yang-push]. This document provides a
transport specification for these protocols over Restconf and HTTP. transport specification for these protocols over Restconf and HTTP.
Driving these requirements is [RFC7923]. Driving these requirements is [RFC7923].
The streaming of Subscription Event Notifications has synergies with The streaming of notifications encapsulating the resulting
HTTP2 streams. Benefits which can be realized when transporting information push can be done with either HTTP1.1 and HTTP2. When
events directly HTTP2 [RFC7540] include: using HTTP2 [RFC7540] benefits which can be realized include:
o Elimination of head-of-line blocking o Elimination of head-of-line blocking
o Weighting and proportional dequeuing of Events from different o Weighting and proportional dequeuing of Events from different
subscriptions subscriptions
o Explicit precedence in subscriptions so that events from one o Explicit precedence in subscriptions so that events from one
subscription must be sent before another dequeues subscription must be sent before another dequeues
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
The following terms use the defintions from [sn]: Configured The following terms use the defintions from [sn]: configured
Subscription, Dynamic Subscription, Event Notification, Publisher, subscription, dynamic subscription, event notification, publisher,
Receiver, Subscriber, Subscription. receiver, subscriber, and subscription.
3. Solution 3. Solution
Event subscription is defined in [sn], YANG Datastore subscription is Subscribing to event streams is defined in [sn], YANG Datastore
defined in [yang-push]. This section specifies transport mechanisms subscription is defined in [yang-push]. This section specifies
applicable to both. transport mechanisms applicable to both.
3.1. Dynamic YANG Subscription with RESTCONF control 3.1. Dynamic YANG Subscription with RESTCONF control
Dynamic Subscriptions for both [sn] and its [yang-push] augmentations Dynamic Subscriptions for both [sn] and its [yang-push] augmentations
are configured and managed via signaling messages transported over are configured and managed via signaling messages transported over
[RFC8040]. These interactions will be accomplished via a Restconf [RFC8040]. These interactions will be accomplished via a Restconf
POST into RPCs located on the Publisher. HTTP responses codes will POST into RPCs located on the Publisher. HTTP responses codes will
indicate the results of the interaction with the Publisher. An HTTP indicate the results of the interaction with the Publisher. An HTTP
status code of 200 is the proper response to a successful <establish- status code of 200 is the proper response to a successful <establish-
subscription> RPC call. The successful <establish-subscription> will subscription> RPC call. The successful <establish-subscription> will
result in a HTTP message with returned subscription URI on a result in a HTTP message with returned subscription URI on a
logically separate mechanism than was used for the original Restconf logically separate mechanism than was used for the original Restconf
POST. This mechanism is via a parallel TCP connection in the case of POST. This mechanism is via a parallel TCP connection in the case of
HTTP 1.x, or in the case of HTTP2 via a separate HTTP stream within HTTP 1.x, or in the case of HTTP2 via a separate HTTP stream within
the HTTP connection. When a being returned by the Publisher, failure the HTTP connection. When a being returned by the Publisher, failure
will be indicated by error codes transported in payload. will be indicated by error codes transported in payload.
Once established, the resulting stream of Event Notifications are Once established, the resulting stream of notification messages are
then delivered via SSE for HTTP1.1 and via HTTP Data for HTTP2. then delivered via SSE for HTTP1.1 and via HTTP Data for HTTP2.
3.1.1. Call Flow for HTTP2 3.1.1. Call Flow for HTTP2
Requests to [yang-push] augmented RPCs are sent on one or more HTTP2 Requests to [sn] or [yang-push] augmented RPCs are sent on one or
streams indicated by (a) in Figure 2. Event Notifications related to more HTTP2 streams indicated by (a) in Figure 2. Notification
a single subscription are pushed on a unique logical channel (b). In messages related to a single subscription are pushed on a unique
the case below, a newly established subscription has its events logical channel (b). In the case below, a newly established
pushed over HTTP2 stream (7). subscription has its associated messages pushed over HTTP2 stream
(7).
+------------+ +------------+ +------------+ +------------+
| Subscriber | | Publisher | | Subscriber | | Publisher |
|HTTP2 Stream| |HTTP2 Stream| |HTTP2 Stream| |HTTP2 Stream|
| (a) (b) | | (a) (b) | | (a) (b) | | (a) (b) |
+------------+ +------------+ +------------+ +------------+
| Restconf POST (RPC:establish-subscription) | | Restconf POST (RPC:establish-subscription) |
|--------------------------------------------->| |--------------------------------------------->|
| HTTP 200 OK (URI)| | HTTP 200 OK (URI)|
|<---------------------------------------------| |<---------------------------------------------|
skipping to change at page 4, line 41 skipping to change at page 4, line 41
|<---------------------------------------------| | |<---------------------------------------------| |
| | HTTP Headers (end of stream)| | | HTTP Headers (end of stream)|
| (/7)<-----------------------------------------(/7) | (/7)<-----------------------------------------(/7)
| |
Figure 1: Dynamic with HTTP2 Figure 1: Dynamic with HTTP2
3.1.2. Call flow for HTTP1.1 3.1.2. Call flow for HTTP1.1
Requests to [yang-push] RPCs are sent on the TCP connection indicated Requests to [yang-push] RPCs are sent on the TCP connection indicated
by (a). Event Notifications are pushed on a separate connection (b). by (a). Notification messages are pushed on a separate connection
This connection (b) will be used for all Event Notifications across (b). This connection (b) will be used for all notification messages
all subscriptions. across all subscriptions.
+--------------+ +--------------+ +--------------+ +--------------+
| Subscriber | | Publisher | | Subscriber | | Publisher |
|TCP connection| |TCP connection| |TCP connection| |TCP connection|
| (a) (b) | | (a) (b) | | (a) (b) | | (a) (b) |
+--------------+ +--------------+ +--------------+ +--------------+
| Restconf POST (RPC:establish-subscription) | | Restconf POST (RPC:establish-subscription) |
|--------------------------------------------->| |--------------------------------------------->|
| HTTP 200 OK (URI)| | HTTP 200 OK (URI)|
|<---------------------------------------------| |<---------------------------------------------|
skipping to change at page 5, line 42 skipping to change at page 5, line 42
| | | | | |
| | | |
Figure 2: Dynamic with HTTP1.1 Figure 2: Dynamic with HTTP1.1
3.1.3. Configured Subscription over HTTP2 3.1.3. Configured Subscription over HTTP2
With a Configured Subscription, all information needed to establish a With a Configured Subscription, all information needed to establish a
secure relationship with that Receiver is available on the Publisher. secure relationship with that Receiver is available on the Publisher.
With this information, the Publisher will establish a secure With this information, the Publisher will establish a secure
transport connection with the Receiver and then begin pushing the transport connection with the Receiver and then begin pushing
Event Notifications to the Receiver. Since Restconf might not exist notification messages to the Receiver. Since Restconf might not
on the Receiver, it is not desirable to require that such Event exist on the Receiver, it is not desirable to require that subscribed
Notifications be pushed with any dependency on Restconf. Nor is content be pushed with any dependency on Restconf. Nor is there
there value which Restconf provides on top of HTTP. Therefore in value which Restconf provides on top of HTTP. Therefore in place of
place of Restconf, a TLS secured HTTP2 Client connection must be Restconf, a TLS secured HTTP2 Client connection must be established
established with an HTTP2 Server located on the Receiver. Event with an HTTP2 Server located on the Receiver. Notification messages
Notifications will then be sent as part of an extended HTTP POST to will then be sent as part of an extended HTTP POST to the Receiver.
the Receiver.
POST messages will be addressed to HTTP augmentation code on the POST messages will be addressed to HTTP augmentation code on the
Receiver capable of accepting and responding to Event Notifications. Receiver capable of accepting and responding to state change
The first POST message must be a subscription-started notification. notifications and subscribed content notification messages. The
Push update notifications must not be sent until the receipt of an first POST message must be a subscription-started notification.
HTTP 200 OK for this initial notification. The 200 OK will indicate Notifications which include any subscribed content must not be sent
that the Receiver is ready for Event Notifications. At this point a until the receipt of an HTTP 200 OK for this initial notification.
Subscription must be allocated its own HTTP2 stream. Figure 4 The 200 OK will indicate that the Receiver is ready for the delivery
depicts this message flow. of subscribed content. At this point a Subscription must be
allocated its own HTTP2 stream. Figure 4 depicts this message flow.
+------------+ +------------+ +------------+ +------------+
| Receiver | | Publisher | | Receiver | | Publisher |
|HTTP2 Stream| |HTTP2 Stream| |HTTP2 Stream| |HTTP2 Stream|
| (a) (b) | | (a) (b) | | (a) (b) | | (a) (b) |
+------------+ +------------+ +------------+ +------------+
| HTTP Post Headers, Data (sub-start, SubID)| | HTTP Post Headers, Data (sub-start, SubID)|
|<---------------------------------------------| |<---------------------------------------------|
| HTTP 200 OK | | HTTP 200 OK |
|--------------------------------------------->| |--------------------------------------------->|
skipping to change at page 6, line 46 skipping to change at page 6, line 44
o take any subscription-priority and copy it into the HTTP2 stream o take any subscription-priority and copy it into the HTTP2 stream
priority, and priority, and
o take a subscription-dependency if it has been provided and map the o take a subscription-dependency if it has been provided and map the
HTTP2 stream for the parent subscription into the HTTP2 stream HTTP2 stream for the parent subscription into the HTTP2 stream
dependency. dependency.
3.2. Subscription Multiplexing 3.2. Subscription Multiplexing
It is possible that updates might be delivered in a different It is possible that updates across subscriptions might be delivered
sequence than generated. Reasons for this might include (but are not in a different sequence than the encapsulated records were generated.
limited to): Reasons for this might include (but are not limited to):
o replay of pushed updates o generation of event records on different line cards
o replay of pushed information, and
o temporary loss of transport connectivity, with update buffering o temporary loss of transport connectivity, with update buffering
and different dequeuing priorities per Subscription and different dequeuing priorities per Subscription
o population, marshalling and bundling of independent Subscription o population, marshalling and bundling across independent
Updates, and Subscription Updates, and
Therefore each Event Notification will include a timestamp to ensure
that a Receiver understands the time when a that update was
generated. Use of this timestamp can give an indication of the state
of objects at a Publisher when state-entangled information is
received across different subscriptions. The use of the latest Event
Notification timestamp for a particular object update can introduce
errors. So when state-entangled updates have inconsistent object
values and temporally close timestamps, a Receiver might consider
performing a GET to validate the current state of a Publisher.
4. Encoded Subscription and Event Notification Examples Therefore each notification message will include a timestamp to
provide a Receiver with its best information indicating when a
particular record was generated. Use of this timestamp can give an
indication of the state of objects at a Publisher. This is
especially important when state-entangled information is received
across different subscriptions. Note that use of notification
message timestamps may not indicate a the exact time of occurrence.
So when state-entangled updates have inconsistent object values and
temporally close timestamps, a Receiver might consider performing a
GET to validate the current state of a Publisher.
Transported updates will contain context data for one or more Event 4. Encoded Subscription and Notification Message Examples
Notifications. Each transported Event Notification will contain
several parameters:
4.1. Restconf Subscription and Events over HTTP1.1 4.1. Restconf Subscription and Events over HTTP1.1
Subscribers can dynamically learn whether a RESTCONF server supports Subscribers can dynamically learn whether a RESTCONF server supports
various types of Event or Yang datastore subscription capabilities. various types of Event or Yang datastore subscription capabilities.
This is done by issuing an HTTP request OPTIONS, HEAD, or GET on the This is done by issuing an HTTP request OPTIONS, HEAD, or GET on the
stream. Some examples building upon the Call flow for HTTP1.1 from stream. Some examples building upon the Call flow for HTTP1.1 from
Section 3.2.2 are: Section 3.2.2 are:
GET /restconf/data/ietf-restconf-monitoring:restconf-state/ GET /restconf/data/ietf-restconf-monitoring:restconf-state/
skipping to change at page 9, line 5 skipping to change at page 9, line 5
Content-Type: application/yang.api+xml Content-Type: application/yang.api+xml
<location <location
xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-monitoring"> xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-monitoring">
https://example.com/streams/yang-push-xml https://example.com/streams/yang-push-xml
</location> </location>
To subscribe and start receiving updates, the subscriber can then To subscribe and start receiving updates, the subscriber can then
send an HTTP GET request for the URL returned by the Publisher in the send an HTTP GET request for the URL returned by the Publisher in the
request above. The accept header must be "text/event-stream". The request above. The accept header must be "text/event-stream". The
Publisher uses the Server Sent Events [W3C-20150203] transport Publisher uses the Server Sent Events [W3C-20150203] transport
strategy to push filtered Event Notifications from the Event stream. strategy to push filtered events from the event stream.
The Publisher MUST support individual parameters within the POST The Publisher MUST support individual parameters within the POST
request body for all the parameters of a subscription. The only request body for all the parameters of a subscription. The only
exception is the encoding, which is embedded in the URI. An example exception is the encoding, which is embedded in the URI. An example
of this is: of this is:
// subtree filter = /foo // subtree filter = /foo
// periodic updates, every 5 seconds // periodic updates, every 5 seconds
POST /restconf/operations/ietf-event-notifications: POST /restconf/operations/ietf-event-notifications:
establish-subscription HTTP/1.1 establish-subscription HTTP/1.1
Host: example.com Host: example.com
Content-Type: application/yang-data+json Content-Type: application/yang-data+json
{ {
"ietf-event-notifications:input" : { "ietf-event-notifications:input" : {
?stream?: ?push-data" "stream": "push-data"
?period" : 5, "period" : 5,
"xpath-filter" : ?/ex:foo[starts-with(?bar?.?some']" "xpath-filter" : "/ex:foo[starts-with('bar'.'some']"
} }
} }
Should the publisher not support the requested subscription, it may Should the publisher not support the requested subscription, it may
reply: reply:
HTTP/1.1 501 Not Implemented HTTP/1.1 501 Not Implemented
Date: Mon, 23 Apr 2012 17:11:00 GMT Date: Mon, 23 Apr 2012 17:11:00 GMT
Server: example-server Server: example-server
Content-Type: application/yang.errors+xml Content-Type: application/yang.errors+xml
skipping to change at page 10, line 45 skipping to change at page 10, line 45
"error-message": "Xpath filters not supported." "error-message": "Xpath filters not supported."
"error-info": { "error-info": {
"datastore-push:supported-subscription": { "datastore-push:supported-subscription": {
"subtree-filter": [null] "subtree-filter": [null]
} }
} }
} }
} }
} }
The following is an example of a pushed Event Notification data for The following is an example of a pushed content for the Subscription
the Subscription above. It contains a subtree with root foo that above. It contains a subtree with root foo that contains a leaf
contains a leaf called bar: called bar:
XML encoding representation: XML encoding representation:
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<notification xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf"> <notification xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf">
<subscription-id xmlns="urn:ietf:params:xml:ns:restconf: <subscription-id xmlns="urn:ietf:params:xml:ns:restconf:
datastore-push:1.0"> datastore-push:1.0">
my-sub my-sub
</subscription-id> </subscription-id>
<eventTime>2015-03-09T19:14:56.233Z</eventTime> <eventTime>2015-03-09T19:14:56.233Z</eventTime>
<datastore-contents xmlns="urn:ietf:params:xml:ns:restconf: <datastore-contents xmlns="urn:ietf:params:xml:ns:restconf:
skipping to change at page 11, line 46 skipping to change at page 11, line 46
request. For example, to modify the update period to 10 seconds, the request. For example, to modify the update period to 10 seconds, the
subscriber may send: subscriber may send:
POST /restconf/operations/ietf-event-notifications: POST /restconf/operations/ietf-event-notifications:
modify-subscription HTTP/1.1 modify-subscription HTTP/1.1
Host: example.com Host: example.com
Content-Type: application/yang-data+json Content-Type: application/yang-data+json
{ {
"ietf-event-notifications:input" : { "ietf-event-notifications:input" : {
?subscription-id?: 100, "subscription-id": 100,
?period" : 10 "period" : 10
} }
} }
To delete a Subscription, the Subscriber issues a DELETE request on To delete a Subscription, the Subscriber issues a DELETE request on
the provided URI using the same subscription-id as in the original the provided URI using the same subscription-id as in the original
request request
4.2. Event Notification over HTTP2 4.2. Event Notification over HTTP2
The basic encoding will look as below. It will consists of a JSON The basic encoding will look as below. It will consists of a JSON
skipping to change at page 12, line 34 skipping to change at page 12, line 34
"foo": { "bar": "some_string" } "foo": { "bar": "some_string" }
} }
} }
} }
5. Security Considerations 5. Security Considerations
Subscriptions could be used to intentionally or accidentally overload Subscriptions could be used to intentionally or accidentally overload
the resources of a Publisher. For this reason, it is important that the resources of a Publisher. For this reason, it is important that
the Publisher has the ability to prioritize the establishment and the Publisher has the ability to prioritize the establishment and
push of Event Notifications where there might be resource exhaust push of notification messages where there is the potential for
potential. In addition, a server needs to be able to suspend resource exhaust. In addition, a server needs to be able to suspend
existing Subscriptions when needed. When this occurs, the existing Subscriptions when needed. When this occurs, the
subscription status must be updated accordingly and the Receivers subscription status must be updated accordingly and the Receivers
notified. notified.
A Subscription could be used to attempt retrieve information for A Subscription could be used to attempt retrieve information for
which a Receiver has no authorized access. Therefore it is important which a Receiver has no authorized access. Therefore it is important
that data pushed via a Subscription is authorized equivalently with that data pushed via a Subscription is authorized equivalently with
regular data retrieval operations. Data being pushed to a Receiver regular data retrieval operations. Data being pushed to a Receiver
needs therefore to be filtered accordingly, just like if the data needs therefore to be filtered accordingly, just like if the data
were being retrieved on-demand. The Netconf Authorization Control were being retrieved on-demand. The Netconf Authorization Control
Model [RFC6536] applies even though the transport is not NETCONF. Model [RFC6536] applies even though the transport is not NETCONF.
One or more Publishers of Configured Subscriptions could be used to One or more Publishers of Configured Subscriptions could be used to
overwhelm a Receiver which doesn't even support Subscriptions. There overwhelm a Receiver which doesn't even support Subscriptions. There
are two protections here. First Event Notifications for Configured are two protections here. First, notification messages for
Subscriptions MUST only be transmittable over Encrypted transports. Configured Subscriptions MUST only be transmittable over encrypted
Clients which do not want pushed Event Notifications need only transports. Clients which do not want pushed content need only
terminate or refuse any transport sessions from the Publisher. terminate or refuse any transport sessions from the Publisher.
Second, the HTTP transport augmentation on the Receiver must send an Second, the HTTP transport augmentation on the Receiver must send an
HTTP 200 OK to a subscription started notification before the HTTP 200 OK to a subscription started notification before the
Publisher starts streaming any events. Publisher starts streaming any subscribed content.
One or more Publishers could overwhelm a Receiver which is unable to One or more Publishers could overwhelm a Receiver which is unable to
control or handle the volume of Event Notifications received. In control or handle the volume of Event Notifications received. In
deployments where this might be a concern, HTTP2 transport such as deployments where this might be a concern, HTTP2 transport such as
HTTP2) should be selected. HTTP2) should be selected.
6. Acknowledgments 6. Acknowledgments
We wish to acknowledge the helpful contributions, comments, and We wish to acknowledge the helpful contributions, comments, and
suggestions that were received from: Susan Hares, Tim Jenkins, Balazs suggestions that were received from: Susan Hares, Tim Jenkins, Balazs
skipping to change at page 14, line 13 skipping to change at page 14, line 13
<http://www.rfc-editor.org/info/rfc8040>. <http://www.rfc-editor.org/info/rfc8040>.
[sn] Voit, E., Clemm, A., Gonzalez Prieto, A., Prasad Tripathy, [sn] Voit, E., Clemm, A., Gonzalez Prieto, A., Prasad Tripathy,
A., and E. Nilsen-Nygaard, "Subscribing to Event A., and E. Nilsen-Nygaard, "Subscribing to Event
Notifications", February 2017, Notifications", February 2017,
<https://datatracker.ietf.org/doc/draft-ietf-netconf- <https://datatracker.ietf.org/doc/draft-ietf-netconf-
subscribed-notifications/>. subscribed-notifications/>.
7.2. Informative References 7.2. Informative References
[GRPC] "RPC framework that runs over HTTP2", August 2017,
<https://grpc.io/>.
[RFC7923] Voit, E., Clemm, A., and A. Gonzalez Prieto, "Requirements [RFC7923] Voit, E., Clemm, A., and A. Gonzalez Prieto, "Requirements
for Subscription to YANG Datastores", RFC 7923, for Subscription to YANG Datastores", RFC 7923,
DOI 10.17487/RFC7923, June 2016, DOI 10.17487/RFC7923, June 2016,
<http://www.rfc-editor.org/info/rfc7923>. <http://www.rfc-editor.org/info/rfc7923>.
[RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG",
RFC 7951, DOI 10.17487/RFC7951, August 2016, RFC 7951, DOI 10.17487/RFC7951, August 2016,
<http://www.rfc-editor.org/info/rfc7951>. <http://www.rfc-editor.org/info/rfc7951>.
[RFC8071] Watsen, K., "NETCONF Call Home and RESTCONF Call Home", [RFC8071] Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
skipping to change at page 14, line 47 skipping to change at page 14, line 50
Appendix A. End-to-End Deployment Guidance Appendix A. End-to-End Deployment Guidance
Several technologies are expected to be seen within a deployment to Several technologies are expected to be seen within a deployment to
achieve security and ease-of-use requirements. These are not achieve security and ease-of-use requirements. These are not
necessary for an implementation of this specification, but will be necessary for an implementation of this specification, but will be
useful to consider when considering the operational context. useful to consider when considering the operational context.
A.1. Call Home A.1. Call Home
Pub/Sub implementations should have the ability to transparently Implementations should include the ability to transparently
incorporate 'call home' [RFC8071] so that secure TLS connections can incorporate 'call home' [RFC8071] so that secure TLS connections can
originate from the desired device. originate from the desired device.
A.2. TLS Heartbeat A.2. TLS Heartbeat
HTTP sessions might not quickly allow a Subscriber to recognize when HTTP sessions might not quickly allow a Subscriber to recognize when
the communication path has been lost from the Publisher. To the communication path has been lost from the Publisher. To
recognize this, it is possible for a Receiver to establish a TLS recognize this, it is possible for a Receiver to establish a TLS
heartbeat [RFC6520]. In the case where a TLS heartbeat is included, heartbeat [RFC6520]. In the case where a TLS heartbeat is included,
it should be sent just from Receiver to Publisher. Loss of the it should be sent just from Receiver to Publisher. Loss of the
heartbeat should result in any Subscription related TCP sessions heartbeat should result in any Subscription related TCP sessions
between those endpoints being torn down. The subscription can then between those endpoints being torn down. The subscription can then
attempt to re-establish. attempt to re-establish.
Appendix B. Issues being worked and resolved Appendix B. RESTCONF over GRPC
(To be removed by RFC editor prior to publication)
B.1. Unresolved Issues
GRPC compatibility 1: Mechanisms for HTTP2 to GRPC mapping need to be An initial goal for this document was to support [GRPC] transport
considered. There is a good start there as this draft only uses seamlessly without any mapping or extra layering. However there is
POST, not GET. As GET is used in RESTCONF for capabilities an incompatibility of RESTCONF and GRPC. RESTCONF uses HTTP GET, and
discovery, we have some backwards compatibility issues with existing GRPC uses HTTP2's POST rather than GET. As GET is used across
IETF drafts. Possible options to address are (1) provide a POST RESTCONF for things like capabilities exchange, a seamless mapping
method for anything done by GET in RESTCONF, (2) await support of GET depends on specification changes outside the scope of this document.
by GRPC, or (3) tunnel RESTCONF's GET messages within a GRPC POST. If/when GRPC supports GET, or RESTCONF is updated to support POST,
this should be revisited. It is hoped that the resulting fix will be
transparent to this document.
GRPC compatibility 2: We need to expose a method against which POST Appendix C. Changes between revisions
is done as events begin on a stream. See Stream 7 in figure 2. Can
only send traffic to a method, not a URI. URI points to a method,
not a resource.
Need to add into document examples of Event streams. Document only (To be removed by RFC editor prior to publication)
includes yang-push examples at this point.
We need to reference the viable encodings of notifications. v01 - v03
Appendix C. Changes between revisions o Terminoology aligned with draft-voit-netconf-notification-
messages.
(To be removed by RFC editor prior to publication) o Tweaks to wording/capitalization/format.
v01 - v02 v01 - v02
o Removed sections now redundant with [sn] and [yang-push] such as: o Removed sections now redundant with [sn] and [yang-push] such as:
mechanisms for subscription maintenance, terminology definitions, mechanisms for subscription maintenance, terminology definitions,
stream discovery. stream discovery.
o 3rd party subscriptions are out-of-scope. o 3rd party subscriptions are out-of-scope.
o SSE only used with Restconf and HTTP1.1 Dynamic Subscriptions o SSE only used with Restconf and HTTP1.1 Dynamic Subscriptions
skipping to change at page 16, line 29 skipping to change at page 16, line 26
o Many clean-ups of wording and terminology o Many clean-ups of wording and terminology
Authors' Addresses Authors' Addresses
Eric Voit Eric Voit
Cisco Systems Cisco Systems
Email: evoit@cisco.com Email: evoit@cisco.com
Alberto Gonzalez Prieto
Cisco Systems
Email: albertgo@cisco.com
Ambika Prasad Tripathy Ambika Prasad Tripathy
Cisco Systems Cisco Systems
Email: ambtripa@cisco.com Email: ambtripa@cisco.com
Einar Nilsen-Nygaard Einar Nilsen-Nygaard
Cisco Systems Cisco Systems
Email: einarnn@cisco.com Email: einarnn@cisco.com
Alexander Clemm Alexander Clemm
Huawei Huawei
Email: ludwig@clemm.org Email: ludwig@clemm.org
Alberto Gonzalez Prieto
VMWare
Email: agonzalezpri@vmware.com
Andy Bierman Andy Bierman
YumaWorks YumaWorks
Email: andy@yumaworks.com Email: andy@yumaworks.com
 End of changes. 39 change blocks. 
108 lines changed or deleted 106 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/