idnits 2.17.1 draft-zhou-netconf-multi-stream-originators-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 07, 2019) is 1753 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.ietf-netconf-notification-messages' is defined on line 711, but no explicit reference was found in the text ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) == Outdated reference: A later version (-14) exists of draft-ietf-core-coap-pubsub-08 == Outdated reference: A later version (-08) exists of draft-ietf-netconf-notification-messages-05 Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETCONF T. Zhou 3 Internet-Draft G. Zheng 4 Intended status: Standards Track Huawei 5 Expires: January 8, 2020 E. Voit 6 Cisco Systems 7 A. Clemm 8 Futurewai 9 A. Bierman 10 YumaWorks 11 July 07, 2019 13 Subscription to Multiple Stream Originators 14 draft-zhou-netconf-multi-stream-originators-06 16 Abstract 18 This document describes the distributed data export mechanism that 19 allows multiple data streams to be managed using a single 20 subscription. Specifically, multiple data streams are pushed 21 directly to the collector without passing through a broker for 22 internal consolidation. 24 Requirements Language 26 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 27 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 28 document are to be interpreted as described in RFC 2119 [RFC2119]. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on January 8, 2020. 47 Copyright Notice 49 Copyright (c) 2019 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3 66 2.1. Use Case 1: Data Collection from Devices with Main-board 67 and Line-cards . . . . . . . . . . . . . . . . . . . . . 3 68 2.2. Use Case 2: IoT Data Collection . . . . . . . . . . . . . 4 69 3. Terminologies . . . . . . . . . . . . . . . . . . . . . . . . 5 70 4. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 6 71 5. Subscription Decomposition . . . . . . . . . . . . . . . . . 8 72 6. Publication Composition . . . . . . . . . . . . . . . . . . . 9 73 7. Subscription State Change Notifications . . . . . . . . . . . 10 74 8. YANG Tree . . . . . . . . . . . . . . . . . . . . . . . . . . 10 75 9. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 11 76 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 77 11. Transport Considerations . . . . . . . . . . . . . . . . . . 14 78 12. Security Considerations . . . . . . . . . . . . . . . . . . . 14 79 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 80 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 81 14.1. Normative References . . . . . . . . . . . . . . . . . . 15 82 14.2. Informative References . . . . . . . . . . . . . . . . . 16 83 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 17 84 A.1. RESTCONF Establishing Dynamic Subscription . . . . . . . 17 85 A.2. HTTPS Configured Subscription . . . . . . . . . . . . . . 18 86 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 20 87 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 89 1. Introduction 91 Streaming telemetry refers to sending a continuous stream of 92 operational data from a device to a remote receiver. This provides 93 an ability to monitor a network from remote and to provide network 94 analytics. Devices generate telemetry data and push that data to a 95 collector for further analysis. By streaming the data, much better 96 performance, finer-grained sampling, monitoring accuracy, and 97 bandwidth utilization can be achieved than with polling-based 98 alternatives. 100 YANG-Push [I-D.ietf-netconf-yang-push] defines a transport- 101 independent subscription mechanism for datastore updates, in which a 102 subscriber can subscribe to a stream of datastore updates from a 103 server, or update provider. The current design involves subscription 104 to a single push server. This conceptually centralized model 105 encounters efficiency limitations in cases where the data sources are 106 themselves distributed, such as line cards in a piece of network 107 equipment. In such cases, it will be a lot more efficient to have 108 each data source (e.g., each line card) originate its own stream of 109 updates, rather than requiring updates to be tunneled through a 110 central server where they are combined. What is needed is a 111 distributed mechanism that allows to directly push multiple 112 individual data substreams, without needing to first pass them 113 through an additional processing stage for internal consolidation, 114 but still allowing those substreams to be managed and controlled via 115 a single subscription. 117 This document will describe such distributed data collection 118 mechanism and how it can work by extending existing YANG-Push 119 mechanism. The proposal is general enough to fit many scenarios. 121 2. Use Cases 123 2.1. Use Case 1: Data Collection from Devices with Main-board and Line- 124 cards 126 For data collection from devices with main-board and line-cards, 127 existing YANG-Push solutions consider only one push server typically 128 reside in the main board. As shown in the following figure, data are 129 collected from line cards and aggregate to the main board as one 130 consolidated stream. So the main board can easily become the 131 performance bottle-neck. The optimization is to apply the 132 distributed data collection mechanism which can directly push data 133 from line cards to a collector. On one hand, this will reduce the 134 cost of scarce compute and memory resources on the main board for 135 data processing and assembling. On the other hand, distributed data 136 push can off-load the streaming traffic to multiple interfaces. 138 +-------------------------------------+ 139 | collector | 140 +------^-----------^-----------^------+ 141 | | | 142 | | | 143 +-------------------------------------+ 144 | | | | | 145 | | +-----+------+ | | 146 | | | main board | | | 147 | | +--^-----^---+ | | 148 | | | | | | 149 | | +---+ +---+ | | 150 | | | | | | 151 | +----+----+---+ +---+----+----+ | 152 | | line card 1 | | line card 2 | | 153 | +-------------+ +-------------+ | 154 | device | 155 +-------------------------------------+ 157 Fig. 1 Data Collection from Devices with Main-board and Line-cards 159 2.2. Use Case 2: IoT Data Collection 161 In the IoT data collection scenario, as shown in the following 162 figure, collector usually cannot access to IoT nodes directly, but is 163 isolated by the border router. So the collector subscribes data from 164 the border router, and let the border router to disassemble the 165 subscription to corresponding IoT nodes. The border router is 166 typically the traffic convergence point. It's intuitive to treat the 167 border router as a broker assembling the data collected from the IoT 168 nodes and forwarding to the collector[I-D.ietf-core-coap-pubsub]. 169 However, the border router is not so powerful on data assembling as a 170 network device. It's more efficient for the collector, which may be 171 a server or even a cluster, to assemble the subscribed data if 172 possible. In this case, push servers that reside in IoT nodes can 173 stream data to the collector directly while traffic only passes 174 through the border router. 176 +-------------------------------+ 177 | collector | 178 +---^-----------^------------^--+ 179 | | | 180 | | | 181 | | | 182 | +-------+--------+ | 183 | | border router | | 184 | +----^------^----+ | 185 | | | | 186 | | | | 187 | +---+ +---+ | 188 | | | | 189 +---+----+---+ +---+----+---+ 190 | IoT node 1 | | IoT node 2 | 191 +------------+ +------------+ 193 Fig. 2 IoT Data Collection 195 3. Terminologies 197 Subscriber: generates the subscription instructions to express what 198 and how the collector want to receive the data 200 Receiver: is the target for the data publication. 202 Publisher: pushes data to the receiver according to the subscription 203 information. 205 Subscription Server: which manages capabilities that it can provide 206 to the subscriber. 208 Global Subscription: the subscription requested by the subscriber. 209 It may be decomposed into multiple Component Subscriptions. 211 Component Subscription: is the subscription that defines the data 212 from each individual telemetry source which is managed and controlled 213 by a single Subscription Server. 215 Global Capability: is the overall subscription capability that the 216 group of Publishers can expose to the Subscriber. 218 Component Capability: is the subscription capability that each 219 Publisher can expose to the Subscriber. 221 Master Publication Channel: the session between the Master Publisher 222 and the Receiver. 224 Agent Publication Channel: the session between the Agent Publisher 225 and the Receiver. 227 4. Solution Overview 229 All the use cases described in the previous section are very similar 230 on the data subscription and publication mode, hence can be 231 abstracted to the following generic distributed data collection 232 framework, as shown in the following figure. 234 A Collector usually includes two components, 236 o the Subscriber generates the subscription instructions to express 237 what and how the collector want to receive the data; 239 o the Receiver is the target for the data publication. 241 For one subscription, there may be one to many receivers. And the 242 subscriber does not necessarily share the same address with the 243 receivers. 245 In this framework, the Publisher pushes data to the receiver 246 according to the subscription information. The Publisher has the 247 Master role and the Agent role. Both the Master and the Agent 248 include the Subscription Server which actually manages capabilities 249 that it can provide to the subscriber. 251 The Master knows all the capabilities that the attached Agents and 252 itself can provide, and exposes the Global Capability to the 253 Collector. The Collector cannot see the Agents directly, so it will 254 only send the Global Subscription information to the Master. The 255 Master disassembles the Global Subscription to multiple Component 256 Subscriptions, each involving data from a separate telemetry source. 257 The Component Subscriptions are then distributed to the corresponding 258 Agents. 260 When data streaming, the Publisher collects and encapsulates the 261 packets per the Component Subscription, and pushes the piece of data 262 which can serve directly to the designated data Collector. The 263 Collector is able to assemble many pieces of data associated with one 264 Global Subscription, and can also deduce the missing pieces of data. 266 +-------------------------------------+ 267 | Collector |-------------+ | 268 | +------------+ | | 269 | +------------+ || Receiver | | | 270 | | Subscriber | |--------------+ | 271 | +-^----+-----+ +---^--------^ | 272 | | | | | | 273 +-------------------------------------+ 274 Global | |Global |Push | 275 Capability | |Subscription | | 276 +------------------------+-----+ | 277 | | | Publisher(Master) | | 278 | +--+----v------+ | | 279 | | Subscription | | | 280 | | Server | | | 281 | +--^----+------+ | | 282 | | | | | 283 +------------------------------+ | 284 Component | | Component |Push 285 Capability | | Subscription | 286 +------------------------------+ | 287 | | | Publisher(Agent) | | 288 | +--+----v------+ | | 289 | | Component | | | 290 | | Subscription | +--+ 291 | | Server | | 292 | +--------------+ | 293 +------------------------------+ 295 Fig. 3 The Generic Distributed Data Collection Framework 297 Master and Agents may interact with each other in several ways: 299 o Agents need to have a registration or announcement handshake with 300 the Master, so the Master is aware of them and of life-cycle 301 events (such as Agent appearing and disappearing). 303 o Contracts are needed between the Master and each Agent on the 304 Component Capability, and the format for streaming data structure. 306 o The Master relays the component subscriptions to the Agents. 308 o The Agents indicate status of Component Subscriptions to the 309 Master. The status of the overall subscription is maintained by 310 the Master. The Master is also responsible for notifying the 311 subscriber in case of any problems of Component Subscriptions. 313 Any technical mechanisms or protocols used for the coordination of 314 operational information between Master and Agent is out-of-scope of 315 the solution. We will need to instrument the results of this 316 coordination on the Master Node. 318 5. Subscription Decomposition 320 Since Agents are invisible to the Collector, the Collector can only 321 subscribe to the Master. This requires the Master to: 323 1. expose the Global Capability that can be served by multiple 324 Publishers; 326 2. disassemble the Global Subscription to multiple Component 327 Subscriptions, and distribute them to the corresponding telemetry 328 sources; 330 3. notify on changes when portions of a subscription moving between 331 different Agents over time. 333 To achieve the above requirements, the Master need a Global 334 Capability description which is typically the YANG [RFC7950] data 335 model. This global YANG model is provided as the contract between 336 the Master and the Collector. Each Agent associating with the Master 337 owns a local YANG model to describe the Component Capabilities which 338 it can serve as part of the Global Capability. All the Agents need 339 to know the namespace associated with the Master. 341 The Master also need a data structure, typically a Resource-Location 342 Table, to keep track of the mapping between the resource and the 343 corresponding location of the Subscription Server which commits to 344 serve the data. When a Global Subscription request arrives, the 345 Master will firstly extract the filter information from the request. 346 Consequently, according to the Resource-Location Table, the Global 347 Subscription can be disassembled into multiple Component 348 Subscriptions, and the corresponding location can be associated. 350 The decision whether to decompose a Global Subscription into multiple 351 Component Subscriptions rests with the Resource-Location Table. A 352 Master can decide to not decompose a Global Subscription at all and 353 push a single stream to the receiver, because the location 354 information indicates the Global Subscription can be served locally 355 by the Master. Similarly, it can decide to entirely decompose a 356 Global Subscription into multiple Component Subscriptions that each 357 push their own streams, but not from the Master. It can also decide 358 to decompose the Global Subscription into several Component 359 Subscriptions and retain some aspects of the Global Subscription 360 itself, also pushing its own stream. 362 Component Subscriptions belonging to the same Global Subscription 363 MUST NOT overlap. The combination of all Component Subscriptions 364 MUST cover the same range of nodes as the Global Subscription. Also, 365 the same subscription settings apply to each Component Subscription, 366 i.e., the same receivers, the same time periods, the same encodings 367 are applied to each Component Subscription per the settings of the 368 Global Subscription. 370 Each Component Subscription in effect constitutes a full-fledged 371 subscription, with the following constraints: 373 o Component subscriptions are system-controlled, i.e. managed by the 374 Master, not by the subscriber. 376 o Component subscription settings such as time periods, dampening 377 periods, encodings, receivers adopt the settings of their Global 378 Subscription. 380 o The life-cycle of the Component Subscription is tied to the life- 381 cycle of the Global Subscription. Specifically, terminating/ 382 removing the Global Subscription results in termination/removal of 383 Component Subscriptions. 385 o The Component Subscriptions share the same Subscription ID as the 386 Global Subscription. 388 6. Publication Composition 390 The Publisher collects data and encapsulates the packets per the 391 Component Subscription. There are several potential encodings, 392 including XML, JSON, CBOR and GPB. The format and structure of the 393 data records are defined by the YANG schema, so that the composition 394 at the Receiver can benefit from the structured and hierarchical data 395 instance. 397 The Receiver is able to assemble many pieces of data associated with 398 one subscription, and can also deduce the missing pieces of data. 399 The Receiver recognizes data records associated with one subscription 400 according the Subscription ID. Data records generated per one 401 subscription are assigned with the same Subscription ID. 403 For the time series data stream, records are produced periodically 404 from each stream originator. The message arrival time varies because 405 of the distributed nature of the publication. The Receiver assembles 406 data generated at the same time period based on the recording time 407 consisted in each data record. In this case, time synchronization is 408 required for all the Publishers. 410 To check the integrity of the data generated from different 411 Publishers at the same time period, the Message Generator ID 412 [I-D.ietf-netconf-notification-messages]is helpful. This requires 413 the Subscriber to know the number of Component Subscriptions which 414 the Global Subscription is decomposed to. For the dynamic 415 subscription, the output of the "establish-subscription" and "modify- 416 subscription" RPC defined in 417 [I-D.ietf-netconf-subscribed-notifications] MUST include a list of 418 Message Generator IDs to indicate how the Global Subscription is 419 decomposed into several Component Subscriptions. The "subscription- 420 started" and "subscription-modified" notification defined in 421 [I-D.ietf-netconf-subscribed-notifications] MUST also include a list 422 of Message Generator IDs to notify the current Publishers for the 423 corresponding Global Subscription. 425 7. Subscription State Change Notifications 427 In addition to sending event records to receivers, the Master MUST 428 also send subscription state change 429 notifications[I-D.ietf-netconf-subscribed-notifications] when events 430 related to subscription management have occurred. All the 431 subscription state change notifications MUST be delivered by the 432 Master Publication Channel which is the session between the Master 433 Publisher and the Receiver. 435 When the subscription decomposition result changed, the 436 "subscription-modified" notification MUST be sent to indicate the new 437 list of Publishers. 439 8. YANG Tree 440 module: ietf-multiple-stream-originators 441 augment /sn:subscriptions/sn:subscription: 442 +--ro message-generator-id* string 443 +--ro (transport-access) ? 444 +--: (restconf-access) 445 +--ro uri* inet:uri 446 augment /sn:subscription-started: 447 +--ro message-generator-id* string 448 augment /sn:subscription-modified: 449 +--ro message-generator-id* string 450 augment /sn:establish-subscription/sn:output: 451 +--ro message-generator-id* string 452 +--ro (transport-access) ? 453 +--: (restconf-access) 454 +--ro uri* inet:uri 455 augment /sn:modify-subscription/sn:output: 456 +--ro message-generator-id* string 457 +--ro (transport-access) ? 458 +--: (restconf-access) 459 +--ro uri* inet:uri 461 9. YANG Module 463 file "ietf-multiple-stream-originators@2019-07-07.yang" 464 module ietf-multiple-stream-originators { 465 yang-version 1.1; 466 namespace 467 "urn:ietf:params:xml:ns:yang:ietf-multiple-stream-originators"; 468 prefix mso; 469 import ietf-subscribed-notifications { 470 prefix sn; 471 } 473 import ietf-inet-types { 474 prefix inet; 475 } 477 organization "IETF NETCONF (Network Configuration) Working Group"; 478 contact 479 "WG Web: 480 WG List: 482 Editor: Tianran Zhou 483 485 Editor: Guangying Zheng 486 "; 488 description 489 "Defines augmentation for ietf-subscribed-notifications to enable 490 the distributed publication with single subscription. 492 Copyright (c) 2018 IETF Trust and the persons identified as authors 493 of the code. All rights reserved. 495 Redistribution and use in source and binary forms, with or without 496 modification, is permitted pursuant to, and subject to the license 497 terms contained in, the Simplified BSD License set forth in Section 498 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents 499 (https://trustee.ietf.org/license-info). 501 This version of this YANG module is part of RFC XXXX; see the RFC 503 itself for full legal notices."; 505 revision 2019-07-07 { 506 description 507 "Initial version"; 508 reference 509 "RFC XXXX: Subscription to Multiple Stream Originators"; 510 } 512 grouping message-generator-ids { 513 description 514 "Provides a reusable list of message-generator-ids."; 516 leaf-list message-generator-id { 517 type string; 518 config false; 519 ordered-by user; 520 description 521 "Software entity which created the message (e.g., 522 linecard 1). This field is used to notify the 523 collector the working originator."; 524 } 525 } 527 grouping resource-access-list { 528 description 529 "Provides a reusable list of resource access information."; 531 choice transport-access { 532 description 533 "identify the transport used."; 535 case restconf-access { 536 description 537 "When the transport is RESTCONF"; 538 leaf-list uri { 539 type inet:uri; 540 config false; 541 ordered-by user; 542 description 543 "Location of a subscription specific URI on the 544 publisher."; 545 } 546 } 547 } 548 } 550 augment "/sn:subscriptions/sn:subscription" { 551 description 552 "This augmentation allows the message generators to be exposed 553 for a subscription."; 555 uses resource-access-list; 556 uses message-generator-ids; 557 } 559 augment "/sn:subscription-started" { 560 description 561 "This augmentation allows MSO specific parameters to be 562 exposed for a subscription."; 564 uses message-generator-ids; 565 } 567 augment "/sn:subscription-modified" { 568 description 569 "This augmentation allows MSO specific parameters to be 570 exposed for a subscription."; 572 uses message-generator-ids; 573 } 575 augment "/sn:establish-subscription/sn:output" { 576 description 577 "This augmentation allows MSO specific parameters to be 578 exposed for a subscription."; 580 uses resource-access-list; 581 uses message-generator-ids; 582 } 583 augment "/sn:modify-subscription/sn:output" { 584 description 585 "This augmentation allows MSO specific parameters to be 586 exposed for a subscription."; 588 uses resource-access-list; 589 uses message-generator-ids; 590 } 591 } 592 594 10. IANA Considerations 596 This document registers the following namespace URI in the IETF XML 597 Registry [RFC3688]: 599 URI: urn:ietf:params:xml:ns:yang:ietf-multiple-stream-originators 601 Registrant Contact: The IESG. 603 XML: N/A; the requested URI is an XML namespace. 605 This document registers the following YANG module in the YANG Module 606 Names registry [RFC3688]: 608 Name: ietf-multiple-stream-originators 610 Namespace: urn:ietf:params:xml:ns:yang:ietf-multiple-stream- 611 originators 613 Prefix: mso 615 Reference: RFC XXXX 617 11. Transport Considerations 619 The distributed data export mechanism enabled by this draft is 620 expected to generate more data than YANG-Push. The large amount of 621 data may congest the network and impact other network business. In 622 this case, the collector may also not be able to accept all the data. 623 So the congestion control method is required for any transport that 624 is going to implement the solution proposed in this document. 626 12. Security Considerations 628 The YANG module specified in this document defines a schema for data 629 that is designed to be accessed via network management protocols such 630 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 631 is the secure transport layer, and the mandatory-to-implement secure 632 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 633 is HTTPS, and the mandatory-to-implement secure transport is TLS 634 [RFC5246]. 636 The NETCONF Access Control Model (NACM) [RFC6536] provides the means 637 to restrict access for particular NETCONF or RESTCONF users to a 638 preconfigured subset of all available NETCONF or RESTCONF protocol 639 operations and content. 641 The new data nodes introduced in this YANG module may be considered 642 sensitive or vulnerable in some network environments. It is thus 643 important to control read access (e.g., via get-config or 644 notification) to this data nodes. These are the subtrees and data 645 nodes and their sensitivity/vulnerability: 647 o /subscriptions/subscription/message-generator-ids 649 o /subscriptions/subscription/resource-access-list 651 The entries in the two lists above will show where subscribed 652 resources might be located on the publishers. Access control MUST be 653 set so that only someone with proper access permissions has the 654 ability to access this resource. 656 Other Security Considerations is the same as those discussed in YANG- 657 Push [I-D.ietf-netconf-yang-push]. 659 13. Acknowledgements 661 TBD 663 14. References 665 14.1. Normative References 667 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 668 Requirement Levels", BCP 14, RFC 2119, 669 DOI 10.17487/RFC2119, March 1997, 670 . 672 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 673 DOI 10.17487/RFC3688, January 2004, 674 . 676 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 677 (TLS) Protocol Version 1.2", RFC 5246, 678 DOI 10.17487/RFC5246, August 2008, 679 . 681 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 682 and A. Bierman, Ed., "Network Configuration Protocol 683 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 684 . 686 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 687 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 688 . 690 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 691 Protocol (NETCONF) Access Control Model", RFC 6536, 692 DOI 10.17487/RFC6536, March 2012, 693 . 695 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 696 RFC 7950, DOI 10.17487/RFC7950, August 2016, 697 . 699 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 700 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 701 . 703 14.2. Informative References 705 [I-D.ietf-core-coap-pubsub] 706 Koster, M., Keranen, A., and J. Jimenez, "Publish- 707 Subscribe Broker for the Constrained Application Protocol 708 (CoAP)", draft-ietf-core-coap-pubsub-08 (work in 709 progress), March 2019. 711 [I-D.ietf-netconf-notification-messages] 712 Voit, E., Birkholz, H., Bierman, A., Clemm, A., and T. 713 Jenkins, "Notification Message Headers and Bundles", 714 draft-ietf-netconf-notification-messages-05 (work in 715 progress), February 2019. 717 [I-D.ietf-netconf-subscribed-notifications] 718 Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and 719 A. Tripathy, "Subscription to YANG Event Notifications", 720 draft-ietf-netconf-subscribed-notifications-26 (work in 721 progress), May 2019. 723 [I-D.ietf-netconf-yang-push] 724 Clemm, A. and E. Voit, "Subscription to YANG Datastores", 725 draft-ietf-netconf-yang-push-25 (work in progress), May 726 2019. 728 [I-D.mahesh-netconf-https-notif] 729 Jethanandani, M. and K. Watsen, "An HTTPS-based Transport 730 for Configured Subscriptions", draft-mahesh-netconf-https- 731 notif-00 (work in progress), June 2019. 733 Appendix A. Examples 735 A.1. RESTCONF Establishing Dynamic Subscription 737 This example shows how a RESTCONF dynamic subscription is 738 established. The request is given a subscription identifier of 22, 739 and decomposed into two component subsrciptions. 741 Firstly, an establish-subscription request is sent to the Master. 743 POST /restconf/operations 744 /ietf-subscribed-notifications:establish-subscription 745 { 746 "ietf-subscribed-notifications:input": { 747 "stream-xpath-filter": "/example-module:foo/", 748 "stream": "NETCONF", 749 "dscp": 10 750 } 751 } 753 Fig. 4 establish-subscription request 755 As publisher was able to fully satisfy the request, the Master sends 756 the subscription identifier of the accepted subscription, the URIs, 757 and the message generator IDs: 759 HTTP status code - 200 760 { 761 "id": 22, 762 "uri": [ 763 "https://192.0.3.1/restconf/subscriptions/22", 764 "https://192.0.3.2/restconf/subscriptions/22" 765 ], 766 "message-generator-id":["1","2"] 767 } 769 Fig. 5 establish-subscription success 771 Upon receipt of the successful response, the subscriber GET the 772 provided URIs to start the flow of notification messages. 774 GET https://192.0.3.1/restconf/subscriptions/22 775 GET https://192.0.3.2/restconf/subscriptions/22 777 Fig. 6 establish-subscription subsequent POST 779 A.2. HTTPS Configured Subscription 781 This example reuses the use case in [I-D.mahesh-netconf-https-notif] 782 and shows how two message originators associated to one subscription 783 can be configured to send https notifications to a receiver at 784 address 192.0.2.1, port 443 with server certificates, and the 785 corresponding trust store that is used to authenticate connections. 787 [note: '\' line wrapping for formatting only] 789 790 791 793 794 foo 795 796 797 192.0.2.1 798 443 799 192.0.3.1 800 63001 801 802 803 804 explicitly-trusted-server-ca-certs 805 explicitly-trusted-server-certs 807 808 809 810 811 812 192.0.2.1 813 443 814 192.0.3.2 815 63001 816 817 818 819 explicitly-trusted-server-ca-certs 820 explicitly-trusted-server-certs 822 823 824 825 826 828 831 832 6666 833 foo 834 some-stream 835 836 837 my-receiver1 838 840 foo 841 842 843 844 845 847 848 849 explicitly-trusted-server-certs 850 851 Specific server authentication certificates for explicitly 852 trusted servers. These are needed for server certificates 853 that are not signed by a pinned CA. 854 855 856 Fred Flintstone 857 base64encodedvalue== 858 859 860 861 explicitly-trusted-server-ca-certs 862 863 Trust anchors (i.e. CA certs) that are used to authenticate\ 864 server connections. Servers are authenticated if their 865 certificate has a chain of trust to one of these CA 866 certificates. 868 869 870 ca.example.com 871 base64encodedvalue== 872 873 874 875 877 Appendix B. Change Log 879 (To be removed by RFC editor prior to publication) 881 v01 883 o Minor revision on Subscription Decomposition 885 o Revised terminologies 887 o Removed most implementation related text 889 o Place holder of two sections: Subscription Management, and 890 Notifications on Subscription State Changes 892 v02 894 o Revised section 4 and 5. Moved them from apendix to the main 895 text. 897 v03 899 o Added a section for Terminologies. 901 o Added a section for Subscription State Change Notifications. 903 o Improved the Publication Composition section by adding a method to 904 check the integrity of the data generated from different 905 Publishers at the same time period. 907 o Revised the solution overview for a more clear description. 909 v04 911 o Added the YANG data model for the proposed augment. 913 v05 914 o Added the IANA considerations, transport considerations and 915 security considerations. 917 v06 919 o Added examples. 921 Authors' Addresses 923 Tianran Zhou 924 Huawei 925 156 Beiqing Rd., Haidian District 926 Beijing 927 China 929 Email: zhoutianran@huawei.com 931 Guangying Zheng 932 Huawei 933 101 Yu-Hua-Tai Software Road 934 Nanjing, Jiangsu 935 China 937 Email: zhengguangying@huawei.com 939 Eric Voit 940 Cisco Systems 941 United States of America 943 Email: evoit@cisco.com 945 Alexander Clemm 946 Futurewai 947 2330 Central Expressway 948 Santa Clara, California 949 United States of America 951 Email: ludwig@clemm.org 953 Andy Bierman 954 YumaWorks 955 United States of America 957 Email: andy@yumaworks.com