NETCONF E. Voit Internet-Draft A. Clemm Intended status:InformationalStandards Track A.TripathyGonzalez Prieto Expires:February 27,April 2, 2017 A. Tripathy E. Nilsen-NygaardA. Gonzalez PrietoCisco SystemsAugust 26,A. Bierman YumaWorks September 29, 2016 Restconf and HTTP Transport for Event Notificationsdraft-ietf-netconf-restconf-notif-00draft-ietf-netconf-restconf-notif-01 Abstract This document defines Restconf,HTTP,HTTP2, andHTTP2HTTP1.1 bindings for the transport Subscription requests and corresponding push updates. Being subscribed may be both Event Notifications and YANG Datastores. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire onFebruary 27,April 2, 2017. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Mechanisms for Subscription Establishment and Maintenance 4 3.2. Dynamic YANG SubscriptionMultiplexing . .with RESTCONF control . . . . . 5 3.3. Subscription Multiplexing . . . . . . . . .6 3.3. Push Data Stream and Transport Mapping. . . . . . . 8 3.4. Encoded Subscription and Event Notification Examples . .7 3.4.9 3.5. Stream Discovery . . . . . . . . . . . . . . . . . . . .1214 4. Security Considerations . . . . . . . . . . . . . . . . . . .1214 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .1315 6. References . . . . . . . . . . . . . . . . . . . . . . . . .1315 6.1. Normative References . . . . . . . . . . . . . . . . . .1415 6.2. Informative References . . . . . . . . . . . . . . . . .1416 Appendix A. Proxy YANG Subscription when the Subscriber and Receiver are different . . . . . . . . . . . . . . .1517 Appendix B. End-to-End Deployment Guidance . . . . . . . . . . .1617 B.1. Call Home . . . . . . . . . . . . . . . . . . . . . . . .1617 B.2. TLS Heartbeat . . . . . . . . . . . . . . . . . . . . . .1618 Appendix C. Issues being worked and resolved . . . . . . . . . .1718 C.1. Unresolved Issues . . . . . . . . . . . . . . . . . . . .1718 C.2. Agreement in principal . . . . . . . . . . . . . . . . .1718 C.3. Resolved Issues . . . . . . . . . . . . . . . . . . . . . 18 Appendix D. Changes between revisions . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . .1819 1. Introduction Mechanisms to support Event subscription and push are defined in [rfc5277bis]. Enhancements to [rfc5277bis] which enable YANG Datastore subscription and push are defined in [yang-push]. This document provides a transport specification for these protocols over Restconf and HTTP.ThisDriving these requirements is [RFC7923]. The streaming of Subscription Event Notifications hasbeen driven by Requirements for subscriptions to YANG datastores are defined in[RFC7923] . Beyond based transport bindings, there are benefitssynergies with HTTP2 streams. Benefits which can be realized when transportingupdatesevents directlyHTTP/2[RFC7540] which can be realized via an implementation of this transport specification including:HTTP2 [RFC7540] include: oSubscription multiplexing over independent HTTP/2 streamsElimination of head-of-line blocking oStream prioritizationWeighting andstream dependenciesproportional dequeuing of Events from different subscriptions oFlow control on independent streamsExplicit precedence in subscriptions so that events from one subscription must be sent before another dequeues 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Configured Subscription: a Subscription installed via a configuration interface which persists across reboots.Data Node: An instance of management information in a datastore. Data Node Update: A data item containing the current value/property of a Data Node at the time the Data Node Update was created.Dynamic Subscription: a Subscription negotiated between Subscriber and Publisher via create, establish, modify, and delete RPCcontrol planesignaling messages. Event: an occurrence of something that may be of interest. (e.g., a configuration change, a fault, a change in status, crossing a threshold, status of a flow, or an external input to the system.) Event Notification: a set of information intended for a Receiver indicating that one or more Event(s) have occurred. Details of the Event(s) may be included within. Event Stream: a continuous, ordered set of Events grouped under an explicit criteria. Notification: the communication of an occurrence, perhaps triggered by the occurrence of an Event. Publisher: an entity responsible for streaming Event Notifications per the terms of a Subscription. Receiver: a target to which a Publisher pushes Event Notifications. For Dynamic Subscriptions, the Receiver and Subscriber will often be the same entity. Subscriber: an entity able to request and negotiate a contract for the receipt of Event Notifications from a Publisher Subscription: a contract between a Subscriber and a Publisher stipulating which information the Receiver wishes to have pushed from the Publisher without the need for further solicitation. 3. Solution Event subscription is defined in [rfc5277bis], YANG Datastore subscription is defined in [yang-push]. This section specifies transport mechanisms applicable to both. 3.1. Mechanisms for Subscription Establishment and Maintenance There are three models for Subscription establishment and maintenance: 1. Dynamic Subscription: Here the Subscriber and Receiver are the same. A Subscription ends with a subscription-terminated notification, or by a loss of transport connectivity. 2. Configured Subscription: Receiver(s) are specified on Publisher in startup and running config. Subscription is not terminated except via an operations interface. (Subscriptions may be Suspended, with no Event Notifications sent however.) 3. Proxy Subscription: Subscriber and Receiver are different. Subscription ends when a Subscription End-time is reached, or the Publisher process is restarted.The realA key difference between2this and3configured subscriptions (#2) is that configuration requests are made to RPCs which might evaluate run-time conditions much like in1.(#1). Typically direct configuration via2(#2) will not go through the same sort of capacity and validation checks seen in1.(#1). The first two models are described in this section. The third is described in Appendix A. This thirdoption canmodel will be moved into the body of this specification should the IETF community desire. In theory, all three models may be intermixed in a single deployment. .---------------. | Publisher | '---------------' ^ ^ | ^ | | | | .-----Restconf----' | | '-----Restconf----. | .-----' '-HTTP-. | V | V | .-------------. .------------. .----------. .------------. | Subscriber+ | | Operations | | Receiver | | Subscriber | | Receiver | | /Config | '----------' '------------' '-------------' '------------' ^ ^ ^ ^ (out of scope) : : : : ^ ::....Model 3....: Model 1:...Model2...:#3....: Model #1 :..Model #2...: (out of scope)3.1.1.Figure 1: Subscription Models 3.2. Dynamic YANG Subscriptionoverwith RESTCONF control Dynamic Subscriptions for both [rfc5277bis] and its[rfc5277bis][yang-push] augmentations are configured and managed via signaling messages transported overRestconf. Extending the paradigm of [restconf] section 6.3.1, it must support the encoding and transport query parameters corresponding to the YANG model for subscriptions defined in [RFC5277bis] and [Yang-Push].[restconf]. These interactions will be accomplished viathe typical[restconf]a Restconf POST intoSuccessRPCs located on the Publisher. HTTP responses codes will indicate the results of theRPCinteraction with the Publisher. An HTTP status code of 200 is the proper response to a successful <establish-subscription> RPC call. The successful <establish-subscription> will result in a HTTP message with returned subscription URI on a logically separate mechanism than was used for the original Restconf POST. This mechanism would beindicated byvia a parallel TCP connection in the case of HTTPstatus codes1.x, or in the case of20xHTTP2 via a separate HTTP stream within the HTTP connection. When a being returned by the Publisher, failure will be indicated by error codes transported in payload, as well as the return of negotiation parameters. Once established, streaming Event Notifications are then delivered viaRestconfSSE(assuming issue RT8 is reloved, see appx). As theyfor HTTP1.1 and via HTTP Data for HTTP2. 3.2.1. Call Flow for HTTP2 Requests to [yang-push] augmented RPCs are sent on one or more HTTP2 streams indicated by (a) in Figure 2. Event Notifications related to a single subscription aresuccessfully received,pushed on a unique logical channel (b). In the case below, a newly established subscription has its events pushed over HTTP2 stream (7). +------------+ +------------+ | Subscriber | | Publisher | |HTTP2 Stream| |HTTP2 Stream| | (a) (b) | | (a) (b) | +------------+ +------------+ | Restconf POST (RPC:establish-subscription) | |--------------------------------------------->| | HTTPstatus codes200 OK (URI)| |<---------------------------------------------| | (7)HTTP POST (URI) (7) | |--------------------------------------------->| | | HTTP 200 OK| | |<---------------------------------------------| | | HTTP Data (event-notif)| | |<---------------------------------------------| | Restconf POST (RPC:modify-subscription) | | |--------------------------------------------->| | | | HTTP 200 OK| | |<---------------------------------------------| | | | HTTP Data (subscription-modified)| | |<---------------------------------------------| | | HTTP Data (event-notif)| | |<---------------------------------------------| | Restconf POST (RPC:delete-subscription) | | |--------------------------------------------->| | | | HTTP 200 OK| | |<---------------------------------------------| | | | HTTP Headers (end of20xstream)| | (/7)<-----------------------------------------(/7) | Figure 2: Dynamic with HTTP2 3.2.2. Call flow for HTTP1.1 Requests to [yang-push] RPCs are sent on the TCP connection indicated by (a). Event Notifications are pushed on a separate connection (b). This connection (b) will bereturned by the Receiver. 3.1.2.used for all Event Notifications across all subscriptions. +--------------+ +--------------+ | Subscriber | | Publisher | |TCP connection| |TCP connection| | (a) (b) | | (a) (b) | +--------------+ +--------------+ | Restconf POST (RPC:establish-subscription) | |--------------------------------------------->| | HTTP 200 OK (URI)| |<---------------------------------------------| | |HTTP GET (URI) | | |--------------------------------------------->| | | HTTP 200 OK| | |<---------------------------------------------| | | SSE (event-notif)| | |<---------------------------------------------| | Restconf POST (RPC:modify-subscription) | | |--------------------------------------------->| | | | HTTP 200 OK| | |<---------------------------------------------| | | | SSE (subscription-modified)| | |<---------------------------------------------| | | SSE (event-notif)| | |<---------------------------------------------| | Restconf POST (RPC:delete-subscription) | | |--------------------------------------------->| | | | HTTP 200 OK| | |<---------------------------------------------| | | | | | | Figure 3: Dynamic with HTTP1.1 3.2.3. Configured Subscription overHTTPHTTP2 With a Configured Subscription, all information needed to establish a secure relationship with that Receiver isconfiguredavailable on the Publisher. With this information, the Publisher will establish a secure transport connection with the Receiver and then begin pushing the Event Notifications to the Receiver. Since Restconf might not exist on the Receiver, it is not desirable to require that such Event Notifications be pushedviawith any dependency on Restconf. Nor is there value which Restconf provides on top of HTTP. Therefore in place of Restconf, a TLS securedHTTPHTTP2 Client connection must be established with anHTTPHTTP2 Server located on the Receiver. Event Notifications will then be sentviaas part of an extended HTTPPost messagesPOST to the Receiver.PostPOST messages will be addressed to HTTP augmentation code on the Receiver capable of accepting and responding to Event Notifications.Some Post messagesThe first POST message mustinclude the URI for the subscribed resource. This URI canberetained for operational tracking and debugging use bya subscription-started notification. Push update notifications must not be sent until theReceiver. After successfulreceipt of aninitial Event Notification for a particular Subscription, the Reciever should reply back with anHTTPstatus code of 201 (Created). Further successful receipts should result in the return of code of200(Accepted). To ensureOK for this initial notification. The 200 OK will indicate that the Receiveralways has the URI, it should also be sent in the next push updateis ready fora Subscription after any status code of 201 (Created) has been returned from the Receiver.Event Notifications. Atany point, receipt of any status codes from 300-510 with the exception of 408 (Request Timeout) should result in either the movement of the Subscription to the suspended state, or cause the HTTP session to fail (need to determine appropriate action). A sequential series of multiple 408 exceptions should also drive the Subscription to a suspended state. If a suspension occurs, a POST including a subscription Id and URI post- pended withthis point aSuspended indication (format tbd)Subscription must besent.allocated its own HTTP2 stream. Figure24 depicts this message flow.+-----------+ +----------++------------+ +------------+ | Receiver | | Publisher | |HTTP2 Stream| |HTTP2 Stream| |Receiver(a) (b) |+-----------+ +----------+ |<--------------TLS------------>|| (a) (b) ||HTTP POST (Sub ID, data1)+------------+ +------------+ ||------------------------------>|HTTP Post Headers, Data (sub-start, SubID)| |<---------------------------------------------| | HTTP201 (Created)| |<------------------------------| |HTTP POST (Sub ID, URI, data2)200 OK | |--------------------------------------------->| | | HTTP Post Headers, Data (event-notif)| | |<---------------------------------------------| | | HTTP Data (event-notif)| | |<---------------------------------------------| ||------------------------------>|| HTTP Data (sub-terminate)| | |<---------------------------------------------| | |HTTP 200(OK)| |<------------------------------|OK |data3||<----------------------------->| If HTTP/2|--------------------------------------------->| Figure 4: Configured over HTTP2 As the HTTP2 transport is available toathe Receiver, the Publishershould also: o point individual Event Notifications to a unique HTTP/2 stream for that Subscription,should: o take any subscription-priority andprovisioncopy it into theHTTP/2HTTP2 stream priority, and o takeanya subscription-dependencyand provisionif it has been provided and map the HTTP2 stream for the parent subscription into theHTTP/2HTTP2 stream dependency.3.2.3.3. Subscription MultiplexingWhen pushed directly over HTTP/2, it is expected that the Event Notifications from a single Subscription will be allocated a separate HTTP/2 stream. This will enable multiplexing, and address issues of Head-of-line blocking with different priority Subscriptions. When pushed via Restconf over HTTP/2, different Subscriptions will not be mapped to independent HTTP/2 streams. When Restconf specifies this mapping, support may be appended on top of this specification. With or without independent queueing of multiplexed subscriptions, itIt is possible that updates might be delivered in a different sequence than generated. Reasons for this might include (but are not limited to): o replay of pushed updates o temporary loss of transport connectivity, with update buffering and different dequeuing priorities per Subscription o population, marshalling and bundling of independent Subscription Updates, ando parallel HTTP1.1 sessionsTherefore each Event Notification will include amicrosecondmillisecond level timestamp to ensure that a Receiver understands the time when a that update was generated. Use of this timestamp can give an indication of the state of objects at a Publisher when state-entangled information is received across different subscriptions. The use of the latest Event Notification timestamp for a particular object update can introduce errors. So when state-entangled updates have inconsistent object values and temporally close timestamps, a Receiver might consider performing a'get'GET to validate the current state of a Publisher.3.3. Push Data Stream3.4. Encoded Subscription andTransport MappingEvent Notification Examples Transported updates will contain context data for one or more Event Notifications. Each transported Event Notification will contain several parameters:o A Subscription ID correlator o Event Notification(s) . (Note 1: These must be filtered per access control rules to contain only data that the Subscriber is authorized to see. Note 2: these Event Notifications might be Data Node Update(s).) o A timestamp indication when the Event Notification was generated on the Publisher. The timestamp must correspond to a time where any Data Nodes included in the Update held the values/state indicated within the Update. 3.3.1.3.4.1. Restconf Subscription andUpdates via RestconfEvents over HTTP1.1 Subscribers can dynamically learn whether a RESTCONF server supports various types of Event or Yang datastore subscription capabilities. This is done by issuing an HTTP request OPTIONS, HEAD, or GET on the stream. Some examples building upon theexisting RESTCONF mechanisms are below:Call flow for HTTP1.1 from Section 3.2.2 are: GET /restconf/data/ietf-restconf-monitoring:restconf-state/ streams/stream=yang-push HTTP/1.1 Host: example.com Accept: application/yang.data+xml If the server supports it, it may respond HTTP/1.1 200 OK Content-Type: application/yang.api+xml <stream xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-monitoring"> <name>yang-push</name> <description>Yang push stream</description> <access> <encoding>xml</encoding> <location>https://example.com/streams/yang-push-xml </location> </access> <access> <encoding>json</encoding> <location>https://example.com/streams/yang-push-json </location> </access> </stream> If the server does not support any form of subscription, it may respond HTTP/1.1 404 Not Found Date: Mon, 25 Apr 2012 11:10:30 GMT Server: example-server Subscribers can determine the URL to receive updates by sending an HTTP GET as a request for the "location" leaf with the stream listentry.Theentry. The stream to use for may be selected from the Event Stream list provided in the capabilities exchange. Note that different encodings are supporting using different Event Stream locations. For example, the Subscriber might send the following request: GET /restconf/data/ietf-restconf-monitoring:restconf-state/ streams/stream=yang-push/access=xml/location HTTP/1.1 Host: example.com Accept: application/yang.data+xml The Publisher might send the following response: HTTP/1.1 200 OK Content-Type: application/yang.api+xml <location xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-monitoring"> https://example.com/streams/yang-push-xml </location> To subscribe and start receiving updates, the subscriber can then send an HTTP GET request for the URL returned by the Publisher in the request above. The accept header must be "text/event-stream". The Publisher uses the Server SentEvents[W3C-20150203]Events [W3C-20150203] transport strategy to push filtered Event Notifications from the Eventstream,.stream. The Publisher MUST support individual parameters within the POST request body for all the parameters of a subscription. The only exception is the encoding, which is embedded in the URI. An example of this is: // subtree filter = /foo // periodic updates, every 5 seconds POST /restconf/operations/ietf-event-notifications: establish-subscription HTTP/1.1 Host: example.com Content-Type: application/yang-data+json { "ietf-event-notifications:input" : { ?stream?: ?push-data" ?period" : 5, "xpath-filter" : ?/ex:foo[starts-with(?bar?.?some']" } } Should the publisher not support the requested subscription, it may reply: HTTP/1.1 501 Not Implemented Date: Mon, 23 Apr 2012 17:11:00 GMT Server: example-server Content-Type: application/yang.errors+xml <errors xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf"> <error> <error-type>application</error-type> <error-tag>operation-not-supported</error-tag> <error-severity>error</error-severity> <error-message>Xpath filters not supported</error-message> <error-info> <supported-subscription xmlns="urn:ietf:params:xml:ns: netconf:datastore-push:1.0"> <subtree-filter/> </supported-subscription> </error-info> </error> </errors> with an equivalent JSON encoding representation of: HTTP/1.1 501 Not Implemented Date: Mon, 23 Apr 2012 17:11:00 GMT Server: example-server Content-Type: application/yang.errors+json { "ietf-restconf:errors": { "error": { "error-type": "protocol", "error-tag": "operation-not-supported", "error-message": "Xpath filters not supported." "error-info": { "datastore-push:supported-subscription": { "subtree-filter": [null] } } } } } The following is an example of a pushed Event Notification data for thesubscriptionSubscription above. It contains a subtree with root foo that contains a leaf called bar: XML encoding representation: <?xml version="1.0" encoding="UTF-8"?> <notification xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf"> <subscription-id xmlns="urn:ietf:params:xml:ns:restconf: datastore-push:1.0"> my-sub </subscription-id><eventTime>2015-03-09T19:14:56Z</eventTime><eventTime>2015-03-09T19:14:56.23Z</eventTime> <datastore-contents xmlns="urn:ietf:params:xml:ns:restconf: datastore-push:1.0"> <foo xmlns="http://example.com/yang-push/1.0"> <bar>some_string</bar> </foo> </datastore-contents> </notification> Or with the equivalent YANG over JSON encoding representation as definedin[yang-json] :in [RFC7951]: { "ietf-restconf:notification": { "datastore-push:subscription-id": "my-sub", "eventTime":"2015-03-09T19:14:56Z","2015-03-09T19:14:56.23Z", "datastore-push:datastore-contents": { "example-mod:foo": { "bar": "some_string" } } } } To modify a Subscription, the subscriber issues another POST request on the provided URI using the same subscription-id as in the original request. For example, to modify the update period to 10 seconds, the subscriber may send: POST /restconf/operations/ietf-event-notifications: modify-subscription HTTP/1.1 Host: example.com Content-Type: application/yang-data+json { "ietf-event-notifications:input" : { ?subscription-id?: 100, ?period" :10,10 } } To delete a Subscription, the Subscriber issues a DELETE request on the provided URI using the same subscription-id as in the original requestDELETE /mystreams/yang-push?subscription-id=my-sub 3.3.2. Subscription and Updates directly via HTTP For any version of HTTP, the3.4.2. Event Notification over HTTP2 The basic encoding will look as below. It will consists of a JSON representation wrapped in anHTTPHTTP2 header. HyperText Transfer Protocol 2 Stream: HEADERS, Stream ID: 5 Header: :method: POST(IP+Port) HTTP/1.1 From: (Identifier for Network Element) User-Agent: (CiscoYANGPubSub/1.0) Content-Type: multipart/form-data Content-Length: (determined runtime)Stream: HEADERS, Stream ID: 5 { "ietf-yangpush:notification": { "datastore-push:subscription-id": "my-sub", "eventTime":"2015-03-09T19:14:56Z","2015-03-09T19:14:56.23Z", "datastore-push:datastore-contents": { "foo": { "bar": "some_string" } } } }3.4.3.5. Stream DiscoveryFor Restconf,Relevant for Dynamic Subscriptions, this will be accomplished as specified in[Restconf][restconf] section 6.2. The namespace chosen will be the same as how stream names are acquired for NETCONF, and so that backwards compatibility can be maintained without replicating this information.For HTTP, this is not specified as there is no client driven signaling/ subscription.As per [restconf] section 6.3, RESTCONF clients can determine the URL for the subscription resource (to receive notifications) by sending an HTTP GET request for the "location" leaf with the stream list entry. 4. Security Considerations Subscriptions could be used to intentionally or accidentally overload the resources of a Publisher. For this reason, it is important that the Publisher has the ability to prioritize the establishment and push of Event Notifications where there might be resource exhaust potential. In addition, a server needs to be able to suspend existing Subscriptions when needed. When this occurs, the subscription status must be updated accordingly and the Receivers notified. A Subscription could be used to attempt retrieve information for which a Receiver has no authorized access. Therefore it is important that data pushed via a Subscription is authorized equivalently with regular data retrieval operations. Data being pushed to a Receiver needs therefore to be filtered accordingly, just like if the data were being retrieved on-demand. The Netconf Authorization Control Model [RFC6536] applies even though the transport is not NETCONF. One or more Publishers of Configured Subscriptions could be used to overwhelm a Receiver which doesn't even support Subscriptions.ThereforeThere are two protections here. First Event Notifications for Configured Subscriptions MUST only be transmittable over Encrypted transports. Clients which do not want pushed Event Notifications need only terminate or refuse any transport sessions from the Publisher. Second, the HTTP transport augmentation on the Receiver must send an HTTP 200 OK to a subscription started notification before the Publisher starts streaming any events. One or more Publishers could overwhelm a Receiver which is unable to control or handle the volume of Event Notifications received. In deployments where this might be a concern,transports supporting per- subscription Flow Control and Prioritization (suchHTTP2 transport such asHTTP/2)HTTP2) should be selected.Another benefit is that a well-behaved Publisher implementation is that it is difficult to a Publisher to perform a DoS attack on a Receiver. DoS attack protection comes from: o the requirement for trust of a TLS session before publication, o the need for an HTTP transport augmentation on the Receiver, and o that the Publication process is suspended when the Receiver doesn't respond.5. Acknowledgments We wish to acknowledge the helpful contributions, comments, and suggestions that were received from:Andy Bierman, Sharon Chisholm, Yan Gang, Peipei Guo,Susan Hares, Tim Jenkins, Balazs Lengyel,Hector Trevino,Kent Watsen, Michael Scharf, and Guangying Zheng. 6. References 6.1. Normative References [restconf] Bierman,Andy.,A., Bjorklund,Martin.,M., andKent.K. Watsen, "RESTCONF Protocol", March 2016,<https://datatracker.ietf.org/doc/draft-ietf-netconf- restconf/>.<https://datatracker.ietf.org/doc/ draft-ietf-netconf-restconf/>. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC6520] Seggelmann, R., Tuexen, M., and M. Williams, "Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension", RFC 6520, DOI 10.17487/RFC6520, February 2012, <http://www.rfc-editor.org/info/rfc6520>. [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration Protocol (NETCONF) Access Control Model", RFC 6536, DOI 10.17487/RFC6536, March 2012, <http://www.rfc-editor.org/info/rfc6536>. [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI 10.17487/RFC7540, May 2015, <http://www.rfc-editor.org/info/rfc7540>. [RFC7923] Voit, E., Clemm, A., and A. Gonzalez Prieto, "Requirements for Subscription to YANG Datastores", RFC 7923, DOI 10.17487/RFC7923, June 2016, <http://www.rfc-editor.org/info/rfc7923>. [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", RFC 7951, DOI 10.17487/RFC7951, August 2016, <http://www.rfc-editor.org/info/rfc7951>. 6.2. Informative References [call-home] Watsen, K., "NETCONF Call Home and RESTCONF Call Home", December 2015, <https://tools.ietf.org/html/draft-ietf- netconf-call-home-17>. [rfc5277bis] Gonzalez Prieto,Alberto.,A., Clemm,Alexander.,A., Voit,Eric.,E., Prasad Tripathy,Ambika.,A., andEinar.E. Nilsen-Nygaard, "NETCONF Event Notifications",MarchSeptember 2016,<https://datatracker.ietf.org/doc/draft-gonzalez-netconf- 5277bis/>.<https://datatracker.ietf.org/doc/draft- ietf-netconf-rfc5277bis/>. [W3C-20150203] "Server-Sent Events, World Wide Web Consortium CR CR- eventsource-20121211", February 2015, <https://www.w3.org/TR/2015/REC-eventsource-20150203/>.[yang-json] Lhotka, Ladislav., "JSON Encoding of Data Modeled with YANG", March 2016, <https://datatracker.ietf.org/doc/ draft-ietf-netmod-yang-json/>.[yang-push] Clemm,Alexander.,A., Voit, E., Gonzalez Prieto,Alberto., Voit, Eric.,A., Prasad Tripathy,Ambika.,A., andEinar.E. Nilsen-Nygaard, "Subscribing to YANG datastore push updates",FebruaryJune 2016,<https://datatracker.ietf.org/doc/draft-ietf- netconf-yang-push/>.<https://datatracker.ietf.org/doc/draft-ietf-netconf-yang- push/>. Appendix A. Proxy YANG Subscription when the Subscriber and Receiver are different The properties of Dynamic and Configured Subscriptions can be combined to enable deployment models where the Subscriber and Receiver are different. Such separation can be useful with some combination of: o An operatordoesn'tdoes not want the subscription to be dependent on the maintenance of transport level keep-alives. (Transport independence provides different scalability characteristics.) o There is not a transport session binding, and a transient Subscription needs to survive in an environment where there is unreliable connectivity with the Receiver and/or Subscriber. o An operator wants the Publisher to include highly restrictive capacity management and Subscription security mechanisms outside of domain of existing operational or programmatic interfaces. To build a Proxy Subscription, first the necessary information must be signaled as part of the <establish-subscription>. Using this set of Subscriber provided information; the same process described within section 3 will be followed. There is one exception.WhenOnly when an HTTP status codeis 201 is received byof 200 comes back from thePublisher, itreceiver, will it inform the Subscriber of Subscription establishment success via its Restconf connection. After a successful establishment, if the Subscriber wishes to track the state of Receiver subscriptions, it may choose to place a separate on-change Subscription into the "Subscriptions" subtree of the YANG Datastore on the Publisher.Putting it all together, the message flow is: +------------+ +-----------+ +----------+ | Subscriber | | Publisher | | Receiver | +------------+ +-----------+ +----------+ | Restconf PUT: | | | <establish-subscription>| | |------------------------>| | | | | | |<-----------TLS-------------->| | | | | |HTTP POST (Sub ID, data1) | | |----------------------------->| | | HTTP 201 (Created)| | |<-----------------------------| | Success: HTTP 204| | |<------------------------| | | |HTTP POST (SubID, URI, data2) | | |----------------------------->| | | HTTP 200 (OK)| | |<-----------------------------| | | data3 | | |<---------------------------->| | | |Appendix B. End-to-End Deployment Guidance Several technologies are expected to be seen within a deployment to achieve security and ease-of-use requirements. These are not necessary for an implementation of this specification, but will be useful to consider when considering the operational context. B.1. Call Home Pub/Sub implementations should have the ability to transparently incorporatelower layer technologies such as Call Home[call-home] so that secure TLS connectionsare always originatedcan originate from thePublisher. There is a Restconf Call home function in [call-home]. For security reasons, this should be implemented when applicable.desired device. B.2. TLS HeartbeatUnlike NETCONF,HTTP sessions might not quickly allow a Subscriber to recognize when the communication path has been lost from the Publisher. To recognize this, it is possible for a Receiver(usually the subscriber)to establish a TLS heartbeat [RFC6520]. In the case where a TLS heartbeat is included, it should be sent just from Receiver to Publisher. Loss of the heartbeat should result intheany Subscription related TCP sessions between those endpoints beingterminated with the Subscriber (even when the Subscriber and Receiver are different).torn down. TheSubscribersubscription can then attempt tore-establish the subscription if desired. If the Subscription remains active on the Publisher, future receipt of objects associated with that (or any other unknown) subscription ID should result in a <delete-subscription> being returned to the Publisher from the Receiver.re-establish. Appendix C. Issues being worked and resolved (To be removed by RFC editor prior to publication) C.1. Unresolved IssuesRT2 - In what way to we position "Event notifications" model in this document vs. current solution in Restconf.RT3 - Do we include 3rd party signaled subscriptions within models that need to be supported generically, or for a particular type of transport.RT8RT10 -Once SSE starts, there will be no more Restconf interpretation of further signaling uponRight now theconnection. It is unclear how this can be made to work with modify and delete subscription. If it cannot,examples show amethodYANG timestamp at the hundredths ofsending events without SSE will be needed, although this would diverge froma second level. But theexisting Restconf mechanismsyang-push draft is at seconds. And the requirements show at least milliseconds (if not more). C.2. Agreement in principalRT1 - Integration specifics for Restconf capability discovery on different types of StreamsRT4 - Need to add into document examples of 5277bis Event streams. Document only includes yang-push examples at this point. RT6 - We need to define encodings of rfc5277bisnotificationsnotifications. C.3. Resolved Issues RT1 - Integration specifics forbothRestconfand HTTP.capability discovery on different types of Streams RT2 - In what way to we position Event notifications model in this document vs. current solution in Restconf. RT5 - Doesn't make sense to use Restconf for Configured subscriptions. HTTP will be used. RT7 - HTTP native option doesn't currently use SSE. But we should evaluate moving to that as possible. It will make development integration easier and more consistent. RT8 - Once SSE starts, there will be no more Restconf interpretation of further signaling upon the connection. It is unclear how this can be made to work with modify and delete subscription. If it cannot, a method of sending events without SSE will be needed, although this would diverge from the existing Restconf mechanisms RT9 - For static subscriptions, perhaps we can use Restconf call home to originate an SSE connection. This assume RT8 & RT2 can be resolved with SSE.C.3. Resolved Issues RT5Appendix D. Changes between revisions (To be removed by RFC editor prior to publication) v00 -Doesn't make sensev01 o Removed the ability for more than one subscription tousego to a single HTTP2 stream. o Updated call flows. Extensively. o SSE only used with Restconffor Configured subscriptions.and HTTP1.1 Dynamic Subscriptions o HTTPwill be used.is not used to determine that a Receiver has gone silent and is not Receiving Event Notifications o Many clean-ups of wording and terminology Authors' Addresses Eric Voit Cisco Systems Email: evoit@cisco.com Alexander Clemm Cisco Systems Email:alex@cisco.comalex@clemm.org Alberto Gonzalez Prieto Cisco Systems Email: albertgo@cisco.com Ambika Prasad Tripathy Cisco Systems Email: ambtripa@cisco.com Einar Nilsen-Nygaard Cisco Systems Email: einarnn@cisco.comAlberto Gonzalez Prieto Cisco SystemsAndy Bierman YumaWorks Email:albertgo@cisco.comandy@yumaworks.com