idnits 2.17.1
draft-ietf-netconf-restconf-notif-00.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The document seems to lack an IANA Considerations section. (See Section
2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
when there are no actions for IANA.)
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document date (August 26, 2016) is 2800 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Missing Reference: 'RFC5277bis' is mentioned on line 198, but not defined
== Missing Reference: 'Yang-Push' is mentioned on line 198, but not defined
== Missing Reference: 'Restconf' is mentioned on line 537, but not defined
** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341)
** Obsolete normative reference: RFC 7540 (Obsoleted by RFC 9113)
Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETCONF E. Voit
3 Internet-Draft A. Clemm
4 Intended status: Informational A. Tripathy
5 Expires: February 27, 2017 E. Nilsen-Nygaard
6 A. Gonzalez Prieto
7 Cisco Systems
8 August 26, 2016
10 Restconf and HTTP Transport for Event Notifications
11 draft-ietf-netconf-restconf-notif-00
13 Abstract
15 This document defines Restconf, HTTP, and HTTP2 bindings for the
16 transport Subscription requests and corresponding push updates.
17 Being subscribed may be both Event Notifications and YANG Datastores.
19 Status of This Memo
21 This Internet-Draft is submitted in full conformance with the
22 provisions of BCP 78 and BCP 79.
24 Internet-Drafts are working documents of the Internet Engineering
25 Task Force (IETF). Note that other groups may also distribute
26 working documents as Internet-Drafts. The list of current Internet-
27 Drafts is at http://datatracker.ietf.org/drafts/current/.
29 Internet-Drafts are draft documents valid for a maximum of six months
30 and may be updated, replaced, or obsoleted by other documents at any
31 time. It is inappropriate to use Internet-Drafts as reference
32 material or to cite them other than as "work in progress."
34 This Internet-Draft will expire on February 27, 2017.
36 Copyright Notice
38 Copyright (c) 2016 IETF Trust and the persons identified as the
39 document authors. All rights reserved.
41 This document is subject to BCP 78 and the IETF Trust's Legal
42 Provisions Relating to IETF Documents
43 (http://trustee.ietf.org/license-info) in effect on the date of
44 publication of this document. Please review these documents
45 carefully, as they describe your rights and restrictions with respect
46 to this document. Code Components extracted from this document must
47 include Simplified BSD License text as described in Section 4.e of
48 the Trust Legal Provisions and are provided without warranty as
49 described in the Simplified BSD License.
51 Table of Contents
53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
54 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
55 3. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . 4
56 3.1. Mechanisms for Subscription Establishment and Maintenance 4
57 3.2. Subscription Multiplexing . . . . . . . . . . . . . . . . 6
58 3.3. Push Data Stream and Transport Mapping . . . . . . . . . 7
59 3.4. Stream Discovery . . . . . . . . . . . . . . . . . . . . 12
60 4. Security Considerations . . . . . . . . . . . . . . . . . . . 12
61 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13
62 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
63 6.1. Normative References . . . . . . . . . . . . . . . . . . 14
64 6.2. Informative References . . . . . . . . . . . . . . . . . 14
65 Appendix A. Proxy YANG Subscription when the Subscriber and
66 Receiver are different . . . . . . . . . . . . . . . 15
67 Appendix B. End-to-End Deployment Guidance . . . . . . . . . . . 16
68 B.1. Call Home . . . . . . . . . . . . . . . . . . . . . . . . 16
69 B.2. TLS Heartbeat . . . . . . . . . . . . . . . . . . . . . . 16
70 Appendix C. Issues being worked and resolved . . . . . . . . . . 17
71 C.1. Unresolved Issues . . . . . . . . . . . . . . . . . . . . 17
72 C.2. Agreement in principal . . . . . . . . . . . . . . . . . 17
73 C.3. Resolved Issues . . . . . . . . . . . . . . . . . . . . . 18
74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18
76 1. Introduction
78 Mechanisms to support Event subscription and push are defined in
79 [rfc5277bis]. Enhancements to [rfc5277bis] which enable YANG
80 Datastore subscription and push are defined in [yang-push]. This
81 document provides a transport specification for these Restconf and
82 HTTP. This has been driven by Requirements for subscriptions to YANG
83 datastores are defined in[RFC7923] .
85 Beyond based transport bindings, there are benefits which can be
86 realized when transporting updates directly HTTP/2[RFC7540] which can
87 be realized via an implementation of this transport specification
88 including:
90 o Subscription multiplexing over independent HTTP/2 streams
92 o Stream prioritization and stream dependencies
94 o Flow control on independent streams
96 2. Terminology
98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
100 document are to be interpreted as described in RFC 2119 [RFC2119].
102 Configured Subscription: a Subscription installed via a configuration
103 interface which persists across reboots.
105 Data Node: An instance of management information in a datastore.
107 Data Node Update: A data item containing the current value/property
108 of a Data Node at the time the Data Node Update was created.
110 Dynamic Subscription: a Subscription negotiated between Subscriber
111 and Publisher via create, establish, modify, and delete RPC control
112 plane signaling messages.
114 Event: an occurrence of something that may be of interest. (e.g., a
115 configuration change, a fault, a change in status, crossing a
116 threshold, status of a flow, or an external input to the system.)
118 Event Notification: a set of information intended for a Receiver
119 indicating that one or more Event(s) have occurred. Details of the
120 Event(s) may be included within.
122 Event Stream: a continuous, ordered set of Events grouped under an
123 explicit criteria.
125 Notification: the communication of an occurrence, perhaps triggered
126 by the occurrence of an Event.
128 Publisher: an entity responsible for streaming Event Notifications
129 per the terms of a Subscription.
131 Receiver: a target to which a Publisher pushes Event Notifications.
132 For Dynamic Subscriptions, the Receiver and Subscriber will often be
133 the same entity.
135 Subscriber: an entity able to request and negotiate a contract for
136 the receipt of Event Notifications from a Publisher
138 Subscription: a contract between a Subscriber and a Publisher
139 stipulating which information the Receiver wishes to have pushed from
140 the Publisher without the need for further solicitation.
142 3. Solution
144 Event subscription is defined in [rfc5277bis], YANG Datastore
145 subscription is defined in [yang-push]. This section specifies
146 transport mechanisms applicable to both.
148 3.1. Mechanisms for Subscription Establishment and Maintenance
150 There are three models for Subscription establishment and
151 maintenance:
153 1. Dynamic Subscription: Here the Subscriber and Receiver are the
154 same. A Subscription ends with a subscription-terminated
155 notification, or by a loss of transport connectivity.
157 2. Configured Subscription: Receiver(s) are specified on Publisher
158 in startup and running config. Subscription is not terminated
159 except via an operations interface. (Subscriptions may be
160 Suspended, with no Event Notifications sent however.)
162 3. Proxy Subscription: Subscriber and Receiver are different.
163 Subscription ends when a Subscription End-time is reached, or the
164 Publisher process is restarted. The real difference between 2
165 and 3 is that configuration requests are made to RPCs which might
166 evaluate run-time conditions much like in 1. Typically direct
167 configuration via 2 will not go through the same sort of capacity
168 and validation checks seen in 1.
170 The first two are described in this section. The third is described
171 in Appendix A. This third option can be moved into the body of this
172 specification should the IETF community desire. In theory, all three
173 models may be intermixed in a single deployment.
175 .---------------.
176 | Publisher |
177 '---------------'
178 ^ ^ | ^
179 | | | |
180 .-----Restconf----' | | '-----Restconf----.
181 | .-----' '-HTTP-. |
182 V | V |
183 .-------------. .------------. .----------. .------------.
184 | Subscriber+ | | Operations | | Receiver | | Subscriber |
185 | Receiver | | /Config | '----------' '------------'
186 '-------------' '------------' ^ ^ ^
187 ^ (out of scope) : : :
188 : ^ : :....Model 3....:
189 Model 1 :...Model 2...: (out of scope)
191 3.1.1. Dynamic YANG Subscription over RESTCONF
193 Dynamic Subscriptions for both [rfc5277bis] and its [rfc5277bis]
194 augmentations are configured and managed via signaling messages
195 transported over Restconf. Extending the paradigm of [restconf]
196 section 6.3.1, it must support the encoding and transport query
197 parameters corresponding to the YANG model for subscriptions defined
198 in [RFC5277bis] and [Yang-Push]. These interactions will be
199 accomplished via the typical[restconf] POST into Success of the RPC
200 interaction will be indicated by HTTP status codes of 20x being
201 returned by the Publisher, failure will be indicated by error codes
202 transported in payload, as well as the return of negotiation
203 parameters.
205 Once established, streaming Event Notifications are then delivered
206 via Restconf SSE (assuming issue RT8 is reloved, see appx). As they
207 are successfully received, HTTP status codes of 20x will be returned
208 by the Receiver.
210 3.1.2. Configured Subscription over HTTP
212 With a Configured Subscription, all information needed to establish a
213 secure relationship with that Receiver is configured on the
214 Publisher. With this information, the Publisher will establish a
215 secure transport connection with the Receiver and then begin pushing
216 the Event Notifications to the Receiver. Since Restconf might not
217 exist on the Receiver, it is not desirable to require that such Event
218 Notifications be pushed via Restconf. Nor is there value which
219 Restconf provides on top of HTTP. Therefore in place of Restconf, a
220 TLS secured HTTP Client connection must be established with an HTTP
221 Server located on the Receiver. Event Notifications will then be
222 sent via HTTP Post messages to the Receiver.
224 Post messages will be addressed to HTTP augmentation code on the
225 Receiver capable of accepting and responding to Event Notifications.
226 Some Post messages must include the URI for the subscribed resource.
227 This URI can be retained for operational tracking and debugging use
228 by the Receiver.
230 After successful receipt of an initial Event Notification for a
231 particular Subscription, the Reciever should reply back with an HTTP
232 status code of 201 (Created). Further successful receipts should
233 result in the return of code of 200 (Accepted). To ensure the
234 Receiver always has the URI, it should also be sent in the next push
235 update for a Subscription after any status code of 201 (Created) has
236 been returned from the Receiver. At any point, receipt of any status
237 codes from 300-510 with the exception of 408 (Request Timeout) should
238 result in either the movement of the Subscription to the suspended
239 state, or cause the HTTP session to fail (need to determine
240 appropriate action). A sequential series of multiple 408 exceptions
241 should also drive the Subscription to a suspended state. If a
242 suspension occurs, a POST including a subscription Id and URI post-
243 pended with a Suspended indication (format tbd) must be sent.
245 Figure 2 depicts this message flow.
247 +-----------+ +----------+
248 | Publisher | | Receiver |
249 +-----------+ +----------+
250 |<--------------TLS------------>|
251 | |
252 |HTTP POST (Sub ID, data1) |
253 |------------------------------>|
254 | HTTP 201 (Created)|
255 |<------------------------------|
256 |HTTP POST (Sub ID, URI, data2) |
257 |------------------------------>|
258 | HTTP 200 (OK)|
259 |<------------------------------|
260 | data3 |
261 |<----------------------------->|
263 If HTTP/2 transport is available to a Receiver, the Publisher should
264 also:
266 o point individual Event Notifications to a unique HTTP/2 stream for
267 that Subscription,
269 o take any subscription-priority and provision it into the HTTP/2
270 stream priority, and
272 o take any subscription-dependency and provision it into the HTTP/2
273 stream dependency.
275 3.2. Subscription Multiplexing
277 When pushed directly over HTTP/2, it is expected that the Event
278 Notifications from a single Subscription will be allocated a separate
279 HTTP/2 stream. This will enable multiplexing, and address issues of
280 Head-of-line blocking with different priority Subscriptions.
282 When pushed via Restconf over HTTP/2, different Subscriptions will
283 not be mapped to independent HTTP/2 streams. When Restconf specifies
284 this mapping, support may be appended on top of this specification.
286 With or without independent queueing of multiplexed subscriptions, it
287 is possible that updates might be delivered in a different sequence
288 than generated. Reasons for this might include (but are not limited
289 to):
291 o replay of pushed updates
293 o temporary loss of transport connectivity, with update buffering
294 and different dequeuing priorities per Subscription
296 o population, marshalling and bundling of independent Subscription
297 Updates, and
299 o parallel HTTP1.1 sessions
301 Therefore each Event Notification will include a microsecond level
302 timestamp to ensure that a Receiver understands the time when a that
303 update was generated. Use of this timestamp can give an indication
304 of the state of objects at a Publisher when state-entangled
305 information is received across different subscriptions. The use of
306 the latest Event Notification timestamp for a particular object
307 update can introduce errors. So when state-entangled updates have
308 inconsistent object values and temporally close timestamps, a
309 Receiver might consider performing a 'get' to validate the current
310 state of a Publisher.
312 3.3. Push Data Stream and Transport Mapping
314 Transported updates will contain data for one or more Event
315 Notifications. Each transported Event Notification will contain
316 several parameters:
318 o A Subscription ID correlator
320 o Event Notification(s) . (Note 1: These must be filtered per access
321 control rules to contain only data that the Subscriber is
322 authorized to see. Note 2: these Event Notifications might be
323 Data Node Update(s).)
325 o A timestamp indication when the Event Notification was generated
326 on the Publisher. The timestamp must correspond to a time where
327 any Data Nodes included in the Update held the values/state
328 indicated within the Update.
330 3.3.1. Subscription and Updates via Restconf
332 Subscribers can dynamically learn whether a RESTCONF server supports
333 various types of Event or Yang datastore subscription capabilities.
334 This is done by issuing an HTTP request OPTIONS, HEAD, or GET on the
335 stream. Some examples building upon the existing RESTCONF mechanisms
336 are below:
338 GET /restconf/data/ietf-restconf-monitoring:restconf-state/
339 streams/stream=yang-push HTTP/1.1
340 Host: example.com
341 Accept: application/yang.data+xml
343 If the server supports it, it may respond
345 HTTP/1.1 200 OK
346 Content-Type: application/yang.api+xml
347
348 yang-push
349 Yang push stream
350
351 xml
352 https://example.com/streams/yang-push-xml
353
354
355
356 json
357 https://example.com/streams/yang-push-json
358
359
360
362 If the server does not support any form of subscription, it may
363 respond
365 HTTP/1.1 404 Not Found
366 Date: Mon, 25 Apr 2012 11:10:30 GMT
367 Server: example-server
369 Subscribers can determine the URL to receive updates by sending an
370 HTTP GET as a request for the "location" leaf with the stream list
371 entry.The stream to use for may be selected from the Event Stream
372 list provided in the capabilities exchange. Note that different
373 encodings are supporting using different Event Stream locations. For
374 example, the Subscriber might send the following request:
376 GET /restconf/data/ietf-restconf-monitoring:restconf-state/
377 streams/stream=yang-push/access=xml/location HTTP/1.1
378 Host: example.com
379 Accept: application/yang.data+xml
381 The Publisher might send the following response:
383 HTTP/1.1 200 OK
384 Content-Type: application/yang.api+xml
385
387 https://example.com/streams/yang-push-xml
388
390 To subscribe and start receiving updates, the subscriber can then
391 send an HTTP GET request for the URL returned by the Publisher in the
392 request above. The accept header must be "text/event-stream". The
393 Publisher uses the Server Sent Events[W3C-20150203] transport
394 strategy to push filtered Event Notifications from the Event stream,.
396 The Publisher MUST support individual parameters within the POST
397 request body for all the parameters of a subscription. The only
398 exception is the encoding, which is embedded in the URI. An example
399 of this is:
401 // subtree filter = /foo
402 // periodic updates, every 5 seconds
403 POST /restconf/operations/ietf-event-notifications:
404 establish-subscription HTTP/1.1
405 Host: example.com
406 Content-Type: application/yang-data+json
408 {
409 "ietf-event-notifications:input" : {
410 ?stream?: ?push-data"
411 ?period" : 5,
412 "xpath-filter" : ?/ex:foo[starts-with(?bar?.?some']"
413 }
414 }
416 Should the publisher not support the requested subscription, it may
417 reply:
419 HTTP/1.1 501 Not Implemented
420 Date: Mon, 23 Apr 2012 17:11:00 GMT
421 Server: example-server
422 Content-Type: application/yang.errors+xml
423
424
425 application
426 operation-not-supported
427 error
428 Xpath filters not supported
429
430
432
433
434
435
436
438 with an equivalent JSON encoding representation of:
440 HTTP/1.1 501 Not Implemented
441 Date: Mon, 23 Apr 2012 17:11:00 GMT
442 Server: example-server
443 Content-Type: application/yang.errors+json
444 {
445 "ietf-restconf:errors": {
446 "error": {
447 "error-type": "protocol",
448 "error-tag": "operation-not-supported",
449 "error-message": "Xpath filters not supported."
450 "error-info": {
451 "datastore-push:supported-subscription": {
452 "subtree-filter": [null]
453 }
454 }
455 }
456 }
457 }
459 The following is an example of a pushed Event Notification data for
460 the subscription above. It contains a subtree with root foo that
461 contains a leaf called bar:
463 XML encoding representation:
464
465
466
468 my-sub
469
470 2015-03-09T19:14:56Z
471
473
474 some_string
475
476
477
479 Or with the equivalent YANG over JSON encoding representation as
480 defined in[yang-json] :
482 {
483 "ietf-restconf:notification": {
484 "datastore-push:subscription-id": "my-sub",
485 "eventTime": "2015-03-09T19:14:56Z",
486 "datastore-push:datastore-contents": {
487 "example-mod:foo": { "bar": "some_string" }
488 }
489 }
490 }
492 To modify a Subscription, the subscriber issues another POST request
493 on the provided URI using the same subscription-id as in the original
494 request. For example, to modify the update period to 10 seconds, the
495 subscriber may send:
497 POST /restconf/operations/ietf-event-notifications:
498 modify-subscription HTTP/1.1
499 Host: example.com
500 Content-Type: application/yang-data+json
502 {
503 "ietf-event-notifications:input" : {
504 ?subscription-id?: 100,
505 ?period" : 10,
506 }
507 }
509 To delete a Subscription, the Subscriber issues a DELETE request on
510 the provided URI using the same subscription-id as in the original
511 request
513 DELETE /mystreams/yang-push?subscription-id=my-sub
515 3.3.2. Subscription and Updates directly via HTTP
517 For any version of HTTP, the basic encoding will look as below. It
518 consists of a JSON representation wrapped in an HTTP header.
520 POST (IP+Port) HTTP/1.1
521 From: (Identifier for Network Element)
522 User-Agent: (CiscoYANGPubSub/1.0)
523 Content-Type: multipart/form-data
524 Content-Length: (determined runtime)
525 {
526 "ietf-yangpush:notification": {
527 "datastore-push:subscription-id": "my-sub",
528 "eventTime": "2015-03-09T19:14:56Z",
529 "datastore-push:datastore-contents": {
530 "foo": { "bar": "some_string" }
531 }
532 }
533 }
535 3.4. Stream Discovery
537 For Restconf, this will be accomplished as specified in [Restconf]
538 section 6.2. The namespace chosen will be the same as how stream
539 names are acquired for NETCONF, and so that backwards compatibility
540 can be maintained without replicating this information. For HTTP,
541 this is not specified as there is no client driven signaling/
542 subscription.
544 As per [restconf] section 6.3, RESTCONF clients can determine the URL
545 for the subscription resource (to receive notifications) by sending
546 an HTTP GET request for the "location" leaf with the stream list
547 entry.
549 4. Security Considerations
551 Subscriptions could be used to intentionally or accidentally overload
552 resources of a Publisher. For this reason, it is important that the
553 Publisher has the ability to prioritize the establishment and push of
554 Event Notifications where there might be resource exhaust potential.
555 In addition, a server needs to be able to suspend existing
556 Subscriptions when needed. When this occurs, the subscription status
557 must be updated accordingly and the Receivers notified.
559 A Subscription could be used to attempt retrieve information for
560 which a Receiver has no authorized access. Therefore it is important
561 that data pushed via a Subscription is authorized equivalently with
562 regular data retrieval operations. Data being pushed to a Receiver
563 needs therefore to be filtered accordingly, just like if the data
564 were being retrieved on-demand. The Netconf Authorization Control
565 Model [RFC6536] applies even though the transport is not NETCONF.
567 One or more Publishers could be used to overwhelm a Receiver which
568 doesn't even support Subscriptions. Therefore Event Notifications
569 for Configured Subscriptions MUST only be transmittable over
570 Encrypted transports. Clients which do not want pushed Event
571 Notifications need only terminate or refuse any transport sessions
572 from the Publisher.
574 One or more Publishers could overwhelm a Receiver which is unable to
575 control or handle the volume of Event Notifications received. In
576 deployments where this might be a concern, transports supporting per-
577 subscription Flow Control and Prioritization (such as HTTP/2) should
578 be selected.
580 Another benefit is that a well-behaved Publisher implementation is
581 that it is difficult to a Publisher to perform a DoS attack on a
582 Receiver. DoS attack protection comes from:
584 o the requirement for trust of a TLS session before publication,
586 o the need for an HTTP transport augmentation on the Receiver, and
588 o that the Publication process is suspended when the Receiver
589 doesn't respond.
591 5. Acknowledgments
593 We wish to acknowledge the helpful contributions, comments, and
594 suggestions that were received from: Andy Bierman, Sharon Chisholm,
595 Yan Gang, Peipei Guo, Susan Hares, Tim Jenkins, Balazs Lengyel,
596 Hector Trevino, Kent Watsen, and Guangying Zheng.
598 6. References
599 6.1. Normative References
601 [restconf]
602 Bierman, Andy., Bjorklund, Martin., and Kent. Watsen,
603 "RESTCONF Protocol", March 2016,
604 .
607 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
608 Requirement Levels", BCP 14, RFC 2119,
609 DOI 10.17487/RFC2119, March 1997,
610 .
612 [RFC6520] Seggelmann, R., Tuexen, M., and M. Williams, "Transport
613 Layer Security (TLS) and Datagram Transport Layer Security
614 (DTLS) Heartbeat Extension", RFC 6520,
615 DOI 10.17487/RFC6520, February 2012,
616 .
618 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
619 Protocol (NETCONF) Access Control Model", RFC 6536,
620 DOI 10.17487/RFC6536, March 2012,
621 .
623 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
624 Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
625 DOI 10.17487/RFC7540, May 2015,
626 .
628 [RFC7923] Voit, E., Clemm, A., and A. Gonzalez Prieto, "Requirements
629 for Subscription to YANG Datastores", RFC 7923,
630 DOI 10.17487/RFC7923, June 2016,
631 .
633 6.2. Informative References
635 [call-home]
636 Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
637 December 2015, .
640 [rfc5277bis]
641 Gonzalez Prieto, Alberto., Clemm, Alexander., Voit, Eric.,
642 Prasad Tripathy, Ambika., and Einar. Nilsen-Nygaard,
643 "NETCONF Event Notifications", March 2016,
644 .
647 [W3C-20150203]
648 "Server-Sent Events, World Wide Web Consortium CR CR-
649 eventsource-20121211", February 2015,
650 .
652 [yang-json]
653 Lhotka, Ladislav., "JSON Encoding of Data Modeled with
654 YANG", March 2016, .
657 [yang-push]
658 Clemm, Alexander., Gonzalez Prieto, Alberto., Voit, Eric.,
659 Prasad Tripathy, Ambika., and Einar. Nilsen-Nygaard,
660 "Subscribing to YANG datastore push updates", February
661 2016, .
664 Appendix A. Proxy YANG Subscription when the Subscriber and Receiver
665 are different
667 The properties of Dynamic and Configured Subscriptions can be
668 combined to enable deployment models where the Subscriber and
669 Receiver are different. Such separation can be useful with some
670 combination of:
672 o An operator doesn't want the subscription to be dependent on the
673 maintenance of transport level keep-alives. (Transport
674 independence provides different scalability characteristics.)
676 o There is not a transport session binding, and a transient
677 Subscription needs to survive in an environment where there is
678 unreliable connectivity with the Receiver and/or Subscriber.
680 o An operator wants the Publisher to include highly restrictive
681 capacity management and Subscription security mechanisms outside
682 of domain of existing operational or programmatic interfaces.
684 To build a Proxy Subscription, first the necessary information must
685 be signaled as part of the . Using this set
686 of Subscriber provided information; the same process described within
687 section 3 will be followed. There is one exception. When an HTTP
688 status code is 201 is received by the Publisher, it will inform the
689 Subscriber of Subscription establishment success via its Restconf
690 connection.
692 After a successful establishment, if the Subscriber wishes to track
693 the state of Receiver subscriptions, it may choose to place a
694 separate on-change Subscription into the "Subscriptions" subtree of
695 the YANG Datastore on the Publisher.
697 Putting it all together, the message flow is:
699 +------------+ +-----------+ +----------+
700 | Subscriber | | Publisher | | Receiver |
701 +------------+ +-----------+ +----------+
702 | Restconf PUT: | |
703 | | |
704 |------------------------>| |
705 | | |
706 | |<-----------TLS-------------->|
707 | | |
708 | |HTTP POST (Sub ID, data1) |
709 | |----------------------------->|
710 | | HTTP 201 (Created)|
711 | |<-----------------------------|
712 | Success: HTTP 204| |
713 |<------------------------| |
714 | |HTTP POST (SubID, URI, data2) |
715 | |----------------------------->|
716 | | HTTP 200 (OK)|
717 | |<-----------------------------|
718 | | data3 |
719 | |<---------------------------->|
720 | | |
722 Appendix B. End-to-End Deployment Guidance
724 Several technologies are expected to be seen within a deployment to
725 achieve security and ease-of-use requirements. These are not
726 necessary for an implementation of this specification, but will be
727 useful to consider when considering the operational context.
729 B.1. Call Home
731 Pub/Sub implementations should have the ability to transparently
732 incorporate lower layer technologies such as Call Home so that secure
733 TLS connections are always originated from the Publisher. There is a
734 Restconf Call home function in [call-home]. For security reasons,
735 this should be implemented when applicable.
737 B.2. TLS Heartbeat
739 Unlike NETCONF, HTTP sessions might not quickly allow a Subscriber to
740 recognize when the communication path has been lost from the
741 Publisher. To recognize this, it is possible for a Receiver (usually
742 the subscriber) to establish a TLS heartbeat [RFC6520]. In the case
743 where a TLS heartbeat is included, it should be sent just from
744 Receiver to Publisher. Loss of the heartbeat should result in the
745 Subscription being terminated with the Subscriber (even when the
746 Subscriber and Receiver are different). The Subscriber can then
747 attempt to re-establish the subscription if desired. If the
748 Subscription remains active on the Publisher, future receipt of
749 objects associated with that (or any other unknown) subscription ID
750 should result in a being returned to the
751 Publisher from the Receiver.
753 Appendix C. Issues being worked and resolved
755 (To be removed by RFC editor prior to publication)
757 C.1. Unresolved Issues
759 RT2 - In what way to we position "Event notifications" model in this
760 document vs. current solution in Restconf.
762 RT3 - Do we include 3rd party signaled subscriptions within models
763 that need to be supported generically, or for a particular type of
764 transport.
766 RT8 - Once SSE starts, there will be no more Restconf interpretation
767 of further signaling upon the connection. It is unclear how this can
768 be made to work with modify and delete subscription. If it cannot, a
769 method of sending events without SSE will be needed, although this
770 would diverge from the existing Restconf mechanisms
772 C.2. Agreement in principal
774 RT1 - Integration specifics for Restconf capability discovery on
775 different types of Streams
777 RT4 - Need to add into document examples of 5277bis Event streams.
778 Document only includes yang-push examples at this point.
780 RT6 - We need to define encodings of rfc5277bis notifications for
781 both Restconf and HTTP.
783 RT7 - HTTP native option doesn't currently use SSE. But we should
784 evaluate moving to that as possible. It will make development
785 integration easier and more consistent.
787 RT9 - For static subscriptions, perhaps we can use Restconf call home
788 to originate an SSE connection. This assume RT8 & RT2 can be
789 resolved with SSE.
791 C.3. Resolved Issues
793 RT5 - Doesn't make sense to use Restconf for Configured
794 subscriptions. HTTP will be used.
796 Authors' Addresses
798 Eric Voit
799 Cisco Systems
801 Email: evoit@cisco.com
803 Alexander Clemm
804 Cisco Systems
806 Email: alex@cisco.com
808 Ambika Prasad Tripathy
809 Cisco Systems
811 Email: ambtripa@cisco.com
813 Einar Nilsen-Nygaard
814 Cisco Systems
816 Email: einarnn@cisco.com
818 Alberto Gonzalez Prieto
819 Cisco Systems
821 Email: albertgo@cisco.com