-
Notifications
You must be signed in to change notification settings - Fork 0
/
draft-ietf-netconf-yang-push-12.txt
2968 lines (2235 loc) · 112 KB
/
draft-ietf-netconf-yang-push-12.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
PRE-SUBMISSION WORKING COPY DEC 7th 2017
NETCONF A. Clemm
Internet-Draft Huawei
Intended status: Standards Track E. Voit
Expires: June 10, 2018 Cisco Systems
A. Gonzalez Prieto
VMware
A. Tripathy
E. Nilsen-Nygaard
Cisco Systems
A. Bierman
YumaWorks
B. Lengyel
Ericsson
December 7, 2017
YANG Datastore Subscription
draft-ietf-netconf-yang-push-12
Abstract
Providing visibility into changes mademay be selected by on YANG
configuration and operational objects enables new capabilities such
as remote mirroring of configuration and operational state. Via the
mechanism described in this document, subscriber applications may
request a continuous, customized stream of updates from a YANG
datastore.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 10, 2018.
Clemm, et al. Expires June 10, 2018 [Page 1]
Internet-Draft YANG-Push December 2017
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 4
3. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Subscription Model . . . . . . . . . . . . . . . . . . . 4
3.2. Negotiation of Subscription Policies . . . . . . . . . . 6
3.3. On-Change Considerations . . . . . . . . . . . . . . . . 6
3.4. Promise-Theory Considerations . . . . . . . . . . . . . . 8
3.5. Data Encodings . . . . . . . . . . . . . . . . . . . . . 8
3.6. Datastore Selection . . . . . . . . . . . . . . . . . . . 9
3.7. Streaming Updates . . . . . . . . . . . . . . . . . . . . 10
3.8. Subscription Management . . . . . . . . . . . . . . . . . 12
3.9. Receiver Authorization . . . . . . . . . . . . . . . . . 14
3.10. On-change Notifiable YANG objects . . . . . . . . . . . . 15
3.11. Other Considerations . . . . . . . . . . . . . . . . . . 16
4. A YANG data model for management of datastore push
subscriptions . . . . . . . . . . . . . . . . . . . . . . . . 17
4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 17
4.2. Subscription configuration . . . . . . . . . . . . . . . 25
4.3. YANG Notifications . . . . . . . . . . . . . . . . . . . 26
Clemm, et al. Expires June 10, 2018 [Page 2]
Internet-Draft YANG-Push December 2017
4.4. YANG RPCs . . . . . . . . . . . . . . . . . . . . . . . . 27
5. YANG module . . . . . . . . . . . . . . . . . . . . . . . . . 32
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 47
7. Security Considerations . . . . . . . . . . . . . . . . . . . 48
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 48
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 48
9.1. Normative References . . . . . . . . . . . . . . . . . . 48
9.2. Informative References . . . . . . . . . . . . . . . . . 49
Appendix A. Changes between revisions . . . . . . . . . . . . . 50
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 52
1. Introduction
Traditional approaches to remote visibility have been built on
polling. With polling, data is periodically requested and retrieved
by a client from a server to stay up-to-date. However, there are
issues associated with polling-based management:
o Polling incurs significant latency. This latency prohibits many
application types.
o Polling cycles may be missed, requests may be delayed or get lost,
often when the network is under stress and the need for the data
is the greatest.
o Polling requests may undergo slight fluctuations, resulting in
intervals of different lengths. The resulting data is difficult
to calibrate and compare.
o For applications that monitor for changes, many remote polling
cycles place ultimately fruitless load on the network, devices,
and applications.
A more effective alternative to polling is for an application to
receive automatic and continuous updates from a targeted subset of a
datastore. Accordingly, there is a need for a service that allows
applications to subscribe to updates from a datastore and that
enables the publisher to push and in effect stream those updates.
The requirements for such a service have been documented in
[RFC7923].
This document defines a corresponding solution that is built on top
of "Custom Subscription to Event Streams"
[I-D.draft-ietf-netconf-subscribed-notifications]. Supplementing
that work are YANG data model augmentations, extended RPCs, and new
datastore specific update notifications. Transport options for
[I-D.draft-ietf-netconf-subscribed-notifications] will work
seamlessly with this solution.
Clemm, et al. Expires June 10, 2018 [Page 3]
Internet-Draft YANG-Push December 2017
2. Definitions and Acronyms
The terms below supplement those defined in
[I-D.draft-ietf-netconf-subscribed-notifications]. In addition, the
term "datastore" is defined in
[I-D.draft-ietf-netmod-revised-datastores].
Datastore node: An instance of management information in a datastore.
Also known as "object".
Datastore node update: A data item containing the current value/
property of a datastore node at the time the datastore node update
was created.
Datastore subtree: An instantiated datastore node and the datastore
nodes that are hierarchically contained within it.
Update record: A representation datastore node update(s) resulting
from the application of a selection filter for a subscription. An
update record will include the value/property of one or more
datastore nodes at a point in time. It may contain the update type
for each datastore node (e.g., add, change, delete). Also included
may be metadata/headers such as a subscription identifier.
Selection filter: Evaluation and/or selection criteria, which may be
applied against a targeted set of objects.
Update trigger: A mechanism that determines when an update record
needs to be generated.
YANG-Push: The subscription and push mechanism for datastores that is
specified in this document.
3. Solution Overview
This document specifies a solution for a push update subscription
service. This solution supports the dynamic as well as configured
subscriptions to information updates from datastores. Subscriptions
specify when notification messages should be sent and what data to
include in update records. YANG objects are subsequently pushed from
the publisher to the receiver per the terms of the subscription.
3.1. Subscription Model
YANG-push subscriptions are defined using a data model that is itself
defined in YANG. This model enhances the subscription model defined
in [I-D.draft-ietf-netconf-subscribed-notifications] with
capabilities that allow subscribers to subscribe to datastore node
Clemm, et al. Expires June 10, 2018 [Page 4]
Internet-Draft YANG-Push December 2017
updates, specifically to specify the triggers defining when to
generate update records as well as what to include in an update
record. Key enhancements include:
o Specification of selection filters which identify targeted YANG
datastore nodes and/or subtrees within a datastore for which
updates are to be pushed.
o An encoding (using anydata) for the contents of periodic and on-
change push updates.
o Specification of update policies contain conditions which trigger
the generation and pushing of new update records. There are two
types of triggers for subscriptions: periodic and on-change.
* For periodic subscriptions, the trigger is specified by two
parameters that define when updates are to be pushed. These
parameters are the period interval with which to report
updates, and an anchor time which can be used to calculate at
which point in time updates need to be assembled and sent.
* For on-change subscriptions, a trigger occurs whenever a change
in the subscribed information is detected. Included are
additional parameters such as:
+ Dampening period: In an on-change subscription, detected
object changes should be sent as quickly as possible.
However it may be undesirable to send a rapid series of
object changes. Such behavior has the potential to exhaust
of resources in the publisher or receiver. In order to
protect against that, a dampening period MAY be used to
specify the interval which must pass before successive
update records for the same subscription are generated for a
receiver. The dampening period collectively applies to the
set of all datastore nodes selected by a single subscription
and sent to a single receiver. This means that when there
is a change to one or more subscribed objects, an update
record containing those objects is created either
immediately when no dampening period is in effect, or at the
end of a dampening period. If multiple changes to a single
object occur during a dampening period, only the value that
is in effect is included as part of the update record. The
dampening period goes into effect every time an update
record completes assembly.
+ Change type: This parameter can be used to reduce the types
of datastore changes for which updates are sent (e.g., you
Clemm, et al. Expires June 10, 2018 [Page 5]
Internet-Draft YANG-Push December 2017
might only send when an object is created or deleted, but
not when an object value changes).
+ No Synch on start: defines whether or not a complete push-
update of all subscribed data will be sent at the beginning
of a subscription. Such early synchronization establishes
the frame of reference for subsequent updates.
3.2. Negotiation of Subscription Policies
A dynamic subscription request SHOULD be declined if a publisher's
assessment is that it may be unable to provide update records meeting
the terms of the request. In this case, a subscriber may quickly
follow up with a new subscription request using different parameters.
Random guessing at different parameters by a subscriber is to be
discouraged. Therefore, in order to minimize the number of
subscription iterations between subscriber and publisher, dynamic
subscriptions supports a simple negotiation between subscribers and
publishers for subscription parameters. This negotiation is in the
form of a no-success response to a failed establish or modify
subscription request. The no-success message SHOULD include in the
returned error response information that, when considered, increases
the likelihood of success for subsequent requests. However, there
are no guarantees that subsequent requests for this subscriber will
be accepted.
[I-D.draft-ietf-netconf-subscribed-notifications] contains several
negotiable subscription parameters. Additional yang-push negotiation
information defined in this specification includes hints at
acceptable time intervals, size estimates for the number or objects
which would be returned from a filter, and the location of an error
in a provided filter.
3.3. On-Change Considerations
On-change subscriptions allow subscribers to receive updates whenever
changes to targeted objects occur. As such, on-change subscriptions
are particularly effective for data that changes infrequently, yet
for which applications need to be quickly notified whenever a change
does occur with minimal delay.
On-change subscriptions tend to be more difficult to implement than
periodic subscriptions. Accordingly, on-change subscriptions may not
be supported by all implementations or for every object.
Whether or not to accept or reject on-change subscription requests
when the scope of the subscription contains objects for which on-
Clemm, et al. Expires June 10, 2018 [Page 6]
Internet-Draft YANG-Push December 2017
change is not supported is up to the publisher implementation. A
publisher MAY accept an on-change subscription even when the scope of
the subscription contains objects for which on-change is not
supported. In that case, updates are sent only for those objects
within the scope that do support on-change updates whereas other
objects are excluded from update records, whether or not their values
actually change. In order for a subscriber to determine whether
objects support on-change subscriptions, objects are marked
accordingly on a publisher. Accordingly, when subscribing, it is the
responsibility of the subscriber to ensure it is aware of which
objects support on-change and which do not. For more on how objects
are so marked, see Section 3.10.
Alternatively, a publisher MAY decide to simply reject an on-change
subscription in case the scope of the subscription contains objects
for which on-change is not supported. In case of a configured
subscription, the subscription MAY be suspended.
To avoid flooding receivers with repeated updates for subscriptions
containing fast-changing objects, or objects with oscillating values,
an on-change subscription allows for the definition of a dampening
period. Once an update record for a given object is generated, no
other updates for this particular subscription will be created until
the end of the dampening period. Values sent at the end of the
dampening period are the current values of all changed objects which
are current at the time the dampening period expires. Changed
objects include those which were deleted or newly created during that
dampening period. If an object has returned to its original value
(or even has been created and then deleted) during the dampening-
period, the last change will still be sent. This will indicate churn
is occurring on that object.
On-change subscriptions can be refined to let users subscribe only to
certain types of changes. For example, a subscriber might only want
object creations and deletions, but not modifications of object
values.
Putting it all together, following is the conceptual process for
creating an push-change-update notification:
1. Just before a change, or at the start of a dampening period,
evaluate any filtering and any access control rules. The result
is a set "A" of datastore nodes and subtrees.
2. Just after a change, or at the end of a dampening period,
evaluate any filtering and any (possibly new) access control
rules. The result is a set "B" of datastore nodes and subtrees.
Clemm, et al. Expires June 10, 2018 [Page 7]
Internet-Draft YANG-Push December 2017
3. Construct a YANG patch record for going from A to B. If the
record is non-empty, send it to the receiver.
Note: In cases where a subscriber wants to have separate dampening
periods for different objects, multiple subscriptions with different
objects in a selection filter can be created.
3.4. Promise-Theory Considerations
A subscription to updates from a datastore is intended to obviate the
need for polling. However, in order to do so, it is critical that
subscribers can rely on the subscription and have confidence that
they will indeed receive the subscribed updates without having to
worry updates being silently dropped. In other words, a subscription
constitutes a promise on the side of the publisher to provide the
receivers with updates per the terms of the subscription.
Now, there are many reasons why a publisher may at some point no
longer be able to fulfill the terms of the subscription, even if the
subscription had been entered into with good faith. For example, the
volume of data objects may be larger than anticipated, the interval
may prove too short to send full updates in rapid succession, or an
internal problem may prevent objects from being collected. If for
some reason the publisher of a subscription is not able to keep its
promise, receivers MUST be notified immediately and reliably. The
publisher MAY also suspend the subscription.
A publisher SHOULD reject a request for a subscription if it is
unlikely that the publisher will be able fulfill the terms of that
subscription request. In such cases, it is preferable to have a
subscriber request a less resource intensive subscription than to
deal with frequently degraded behavior.
3.5. Data Encodings
3.5.1. Periodic Subscriptions
In a periodic subscription, the data included as part of an update
corresponds to data that could have been read using a retrieval
operation over that subscription's transport.
3.5.2. On-Change Subscriptions
In an on-change subscription, updates need to indicate not only
values of changed datastore nodes but also the types of changes that
occurred since the last update. Therefore encoding rules for data in
on-change updates will generally follow YANG-patch operation as
specified in [RFC8072]. The YANG-patch will describe what needs to
Clemm, et al. Expires June 10, 2018 [Page 8]
Internet-Draft YANG-Push December 2017
be applied to the earlier state reported by the preceding update, to
result in the now-current state. Note that contrary to [RFC8072],
objects encapsulated are not restricted to configuration objects
only.
However a patch must be able to do more than just describe the delta
from the previous state to the current state. As per Section 3.3, it
must also be able to identify if transient changes have occurred on
an object during a dampening period. To support this, it is valid to
encode a YANG patch operation so that its application would result in
a no change between the previous and current state. This indicates
that some churn has occured on the object. An example of this would
be a patch that does a "create" operation for a datastore node where
the receiver believes one already exists, or a "merge" operation
which replaces a previous value with the same value. Note that this
means that the "create" and "delete" errors described in [RFC8072]
section 2.5 are not errors, and are valid operations with YANG push.
3.6. Datastore Selection
A subscription must specify both the selection filters and the
datastore against which these selection filters will be applied.
This information is used to choose and subsequently push data from
the publisher's datastore to the receivers.
Only a single selection filter can be applied to a subscription at a
time. The following selection filter types are included in the yang-
push data model, and may be applied against a datastore:
o subtree: A subtree selection filter identifies one or more
datastore subtrees. When specified, update records will only come
from the datastore nodes of selected datastore subtree(s). The
syntax and semantics correspond to that specified for [RFC6241]
section 6.
o xpath: An xpath selection filter is an XPath expression that
returns a node set. When specified, updates will only come from
the selected data nodes.
These filters are intended to be used as selectors that define which
objects are within the scope of a subscription. A publisher MUST
support at least one type of selection filter.
Selection filters are not intended to be used for property value
filtering for non-key objects. Supporting non-key property value
filtering so would have a number of implications that would result in
significant complexity. While it is possible to define extensions in
the future that will support selection filtering based on values,
Clemm, et al. Expires June 10, 2018 [Page 9]
Internet-Draft YANG-Push December 2017
this is not supported in this version of yang-push and a publisher
MAY reject a subscription request that contains a filter for object
values.
Xpath itself provides powerful filtering constructs, and care must be
used in filter definition. As an example, consider an xpath filter
with a boolean result; such a result will not provide an easily
interpretable subset of a datastore. Beyond the boolean example, it
is quite possible to define an xpath filter where results are easy
for an application to mis-interpret. Consider an xpath filter which
only passes a datastore object when an interface is up. It is up to
the receiver to understand implications of the presence or absence of
objects in each update.
When the set of selection filtering criteria is applied for periodic
subscription, all selected datastore nodes for which a receiver has
access are provided to a receiver. If the same filtering criteria is
applied to an on-change subscription, only the subset of those
datastore nodes supporting on-change are provided. A datastore node
which doesn't support on-change is never sent as part of an on-change
subscription's "push-update" or "push-change-update".
3.7. Streaming Updates
Contrary to traditional data retrieval requests, datastore
subscription enables an unbounded series of update records to be
streamed over time. Two generic YANG notifications for update
records have been defined for this: "push-update" and "push-change-
update".
A "push-update" notification defines a complete, filtered update of
the datastore per the terms of a subscription. This type of YANG
notification is used for continuous updates of periodic
subscriptions. A "push-update" notification can also be used for the
on-change subscriptions in two cases. First it will be used as the
initial "push-update" if there is a need to synchronize the receiver
at the start of a new subscription. It also MAY be sent if the
publisher later chooses to resynch an on-change subscription. The
"push-update" update record contains a data snippet that contains an
instantiated datastore subtree with the subscribed contents. The
content of the update record is equivalent to the contents that would
be obtained had the same data been explicitly retrieved using e.g., a
NETCONF "get" operation, with the same filters applied.
A "push-change-update" notification is the most common type of update
for on-change subscriptions. The update record in this case contains
a data snippet that indicates the set of changes that datastore nodes
have undergone since the last notification message. In other words,
Clemm, et al. Expires June 10, 2018 [Page 10]
Internet-Draft YANG-Push December 2017
this indicates which datastore nodes have been created, deleted, or
have had changes to their values. In cases where multiple changes
have occurred and the object has not been deleted, the object's most
current value is reported. (In other words, for each object, only
one change is reported, not its entire history. Doing so would
defeat the purpose of the dampening period.)
These new "push-update" or "push-change-update" are encoded and
placed within notification messages, and ultimately queued for egress
over the specified transport.
The following is an example of a notification message for a
subscription tracking the operational status of a single Ethernet
port (per [RFC7223]). This notification message is encoded XML over
NETCONF as per [I-D.draft-ietf-netconf-netconf-event-notifications].
<notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<eventTime>2017-10-25T08:00:11.22Z</eventTime>
<push-update xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-push">
<subscription-id>1011</subscription-id>
<datastore-contents>
<interfaces-state xmlns="http://foo.com/ietf-interfaces">
<interface>
<name>eth0</name>
<oper-status>up</oper-status>
</interface>
</interfaces-state>
</datastore-contents>
</push-update>
</notification>
Figure 1: Push example
The following is an example of an on-change notification message for
the same subscription.
Clemm, et al. Expires June 10, 2018 [Page 11]
Internet-Draft YANG-Push December 2017
<notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<eventTime>2017-10-25T08:22:33.44Z</eventTime>
<push-change-update xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-push">
<subscription-id>89</subscription-id>
<datastore-changes>
<yang-patch xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-patch">
<patch-id>1</patch-id>
<edit>
<edit-id>edit1</edit-id>
<operation>merge</operation>
<target>/ietf-interfaces:interfaces-state</target>
<value>
<interfaces-state xmlns="http://foo.com/ietf-interfaces">
<interface>
<name>eth0</name>
<oper-status>down</oper-status>
</interface>
</interfaces-state>
</value>
</edit>
</yang-patch>
</datastore-changes>
</push-change-update>
</notification>
Figure 2: Push example for on change
Of Note in the above example is the 'patch-id' with a value of '1'.
Per [RFC8072], the 'patch-id' is an arbitrary string. With YANG
Push, the publisher SHOULD put into the 'patch-id' a counter starting
at '1' which increments with every 'push-change-update' generated for
a subscription. If used as a counter, this counter MUST be reset to
'1' anytime a resynchronization occurs (i.e., with the sending of a
'push-update'). Also if used as a counter, the counter MUST be reset
to '1' the after passing a maximum value of '99999'. Such a
mechanism allows easy identification of lost or out-of-sequence
update records.
3.8. Subscription Management
The RPCs defined within
[I-D.draft-ietf-netconf-subscribed-notifications] have been enhanced
to support datastore subscription negotiation. Included in these
enhancements are error codes which can indicate why a datastore
subscription attempt has failed.
A datastore subscription can be rejected for multiple reasons. This
includes a too large subtree request, or the inability of the
Clemm, et al. Expires June 10, 2018 [Page 12]
Internet-Draft YANG-Push December 2017
publisher push update records as frequently as requested. In such
cases, no subscription is established. Instead, the subscription-
result with the failure reason is returned as part of the RPC
response. As part of this response, a set of alternative
subscription parameters MAY be returned that would likely have
resulted in acceptance of the subscription request. The subscriber
may consider these as part of future subscription attempts.
For instance, for the following request:
<netconf:rpc message-id="101"
xmlns:netconf="urn:ietf:params:xml:ns:netconf:base:1.0">
<establish-subscription
xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications"
xmlns:yp="urn:ietf:params:xml:ns:yang:ietf-yang-push">
<yp:datastore>
<yp:source xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
ds:operational
</yp:source>
<yp:subtree-filter netconf:type="xpath"
xmlns:ex="http://example.com/sample-data/1.0"
select="/ex:foo"/>
</yp:datastore>
<yp:period>500</yp:period>
</establish-subscription>
</netconf:rpc>
Figure 3: Establish-Subscription example
the publisher might return:
<rpc-reply message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<subscription-result
xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications"
xmlns:yp="urn:ietf:params:xml:ns:yang:ietf-yang-push">
yp:period-unsupported
</subscription-result>
<period-hint xmlns:"urn:ietf:params:xml:ns:yang:ietf-yang-push">
2000
</period-hint>
</rpc-reply>
Figure 4: Error response example
Clemm, et al. Expires June 10, 2018 [Page 13]
Internet-Draft YANG-Push December 2017
As can be seen above the rejected subscription does not result in the
generation of an rpc-reply with an rpc-error element. YANG-push
specific errors and negotiation hints part are returned as part of
normal RPC operations.
3.9. Receiver Authorization
A receiver of subscription data MUST only be sent updates for which
they have proper authorization. A publisher MUST ensure that no non-
authorized data is included in push updates. To do so, it needs to
apply all corresponding checks applicable at the time of a specific
pushed update and if necessary silently remove any non-authorized
data from datastore subtrees. This enables YANG data pushed based on
subscriptions to be authorized equivalently to a regular data
retrieval (get) operation.
A publisher MUST allow for the possibility that a subscription's
selection filter references non-existent or access-protected data.
Such support permits a receiver the ability to monitor the entire
lifecyle of some datastore tree. In this case, all "push-update"
notifications must be sent empty, and no "push-change-update"
notifications will be sent until some data becomes visible for a
receiver.
A publisher MAY choose not to allow a particular subscription which
selects non-existent or access-protected data. Such a capability
enables the publisher to avoid having to perform filtering of
authorized content on each update. Relevant scenarios here include:
o the rejecting of a subscription request to access-protected
objects,
o the suspension of a subscription where new access-controlled
objects are selected mid-subscription for which the receiver does
not have the necessary authorization, or
o the authorization privileges of a receiver change over the course
of the subscription.
In all these cases, the error identity "data-unavailable" SHOULD be
returned. This reduces the possibility of access permission leakage.
The conceptual authorization model for datastores is the NETCONF
Access Control Model [RFC6536bis], Section 3.2.4. A clarification to
this is that each of the individual nodes in a resulting update
record MUST also have applied access control to resulting pushed
messages. This includes validating that read access is ok for any
nodes newly selected since the last update record for each receiver.
Clemm, et al. Expires June 10, 2018 [Page 14]
Internet-Draft YANG-Push December 2017
+-----------------+ +--------------------+
push-update or --> | datastore node | yes | add datastore node |
push-change-update | access allowed? | ---> | to update message |
+-----------------+ +--------------------+
Figure 5: Access control for push updates
If read access into previously accessible nodes has been lost due to
a receiver permissions change, this SHOULD be reported as a patch
"delete" operation for on-change subscriptions. If not capable of
handling such receiver permission changes with such a "delete",
publisher implementations MUST force dynamic subscription re-
establishment or configured subscription re-initialization so that
appropriate filtering is installed.
3.10. On-change Notifiable YANG objects
In some cases, a publisher supporting on-change notifications may not
be able to push updates for some object types on-change. Reasons for
this might be that the value of the datastore node changes frequently
(e.g., [RFC7223]'s in-octets counter), that small object changes are
frequent and meaningless (e.g., a temperature gauge changing 0.1
degrees), or that the implementation is not capable of on-change
notification for a particular object.
Support for on-change notification is usually specific to the
individual YANG model and/or implementation so it is possible to
define in design time. System integrators need this information
(without reading any data from a live node).
The default assumption is that no datastore nodes support on-change
notification. Schema nodes and subtrees that support on-change
notifications MUST be marked by accordingly with the YANG extension
"notifiable-on-change". This extension is defined in the data model
below.
When an on-change subscription is established, data-nodes are
automatically excluded unless they are marked with notifiable-on-
change as true. This also means that authorization checks SHALL NOT
be performed on them. A subscriber can identify which nodes may be
included in on-change updates by retrieving the datastore nodes in
the subscription's scope and checking for which notifiable-on-change
is marked as true.
In theory, adding "notifiable-on-change" markings can be done within
corresponding YANG models. But a more extensible way to avoid having
to modify existing module definitions is to add "notifiable-on-
change" markings within separate module deviations. This means that
Clemm, et al. Expires June 10, 2018 [Page 15]
Internet-Draft YANG-Push December 2017
when a YANG model designer wants to add a "notifiable-on-change"
marking to nodes of an existing module without modifying the module
definitions, a new module is introduced that contains deviation
statements which add "notifiable-on-change" statements as applicable.
deviation /sys:system/sys:system-time {
deviate add {
yp:notifiable-on-change false;
}
}
Figure 6: Deviation Example
3.11. Other Considerations
3.11.1. Robustness and reliability
Particularly in the case of on-change updates, it is important that
these updates do not get lost. Or in case the loss of an update is
unavoidable, it is critical that the receiver is notified
accordingly.
Update records for a single subscription MAY NOT be resequenced prior
to transport.
It is conceivable that under certain circumstances, a publisher will
recognize that it is unable to include within an update record the
full set of objects desired per the terms of a subscription. In this
case, the publisher MUST take one or more of the following actions.
o A publisher MUST set the "updates-not-sent" flag on any update
record which is known to be missing information.
o It MAY choose to suspend a subscription as per
[I-D.draft-ietf-netconf-subscribed-notifications].
o When resuming an on-change subscription, the publisher SHOULD
generate a complete patch from the previous update record. If
this is not possible and the "no-synch-on-start" option is not
present for the subscription, then the full datastore contents MAY
be sent via a "push-update" instead (effectively replacing the
previous contents). If neither of these are possible, then an
"updates-not-sent" flag MUST be included on the next "push-change-
update".
Note: It is perfectly acceptable to have a series of "push-change-
update" notifications (and even "push update" notifications) serially
queued at the transport layer awaiting transmission. It is not
Clemm, et al. Expires June 10, 2018 [Page 16]
Internet-Draft YANG-Push December 2017
required to merge pending update messages. I.e., the dampening
period applies to update record creation, not transmission.
3.11.2. Publisher capacity
It is far preferable to decline a subscription request than to accept
such a request when it cannot be met.
Whether or not a subscription can be supported will be determined by
a combination of several factors such as the subscription trigger
(on-change or periodic), the period in which to report changes (one
second periods will consume more resources than one hour periods),
the amount of data in the datastore subtree that is being subscribed
to, and the number and combination of other subscriptions that are
concurrently being serviced.
4. A YANG data model for management of datastore push subscriptions
4.1. Overview
The YANG data model for datastore push subscriptions is depicted in
the following figure. Following YANG tree convention in the
depiction, brackets enclose list keys, "rw" means configuration, "ro"
operational state data, "?" designates optional nodes, "*" designates
nodes that can have multiple instances. Parentheses with a name in
the middle enclose choice and case nodes. New schema objects defined
here (i.e., beyond those from
[I-D.draft-ietf-netconf-subscribed-notifications]) are identified
with "yp".
module: ietf-subscribed-notifications
+--ro streams
| +--ro stream* [name]
| +--ro name stream
| +--ro description string
| +--ro replay-support? empty {replay}?
| +--ro replay-log-creation-time? yang:date-and-time {replay}?
| +--ro replay-log-aged-time? yang:date-and-time {replay}?
+--rw filters
| +--rw stream-filter* [identifier]
| | +--rw identifier filter-id
| | +--rw (filter-spec)?
| | +--:(stream-subtree-filter)
| | | +--rw stream-subtree-filter? {subtree}?
| | +--:(stream-xpath-filter)
| | +--rw stream-xpath-filter? yang:xpath1.0 {xpath}?
| +--rw yp:selection-filter* [identifier]
| +--rw yp:identifier sn:filter-id
Clemm, et al. Expires June 10, 2018 [Page 17]
Internet-Draft YANG-Push December 2017
| +--rw (yp:filter-spec)?
| +--:(yp:datastore-subtree-filter)
| | +--rw yp:datastore-subtree-filter? {sn:subtree}?
| +--:(yp:datastore-xpath-filter)
| +--rw yp:datastore-xpath-filter?
| yang:xpath1.0 {sn:xpath}?
+--rw subscription-config {configured}?
| +--rw subscription* [identifier]
| +--rw identifier subscription-id
| +--rw purpose? string
| +--rw protocol transport {configured}?
| +--rw encoding encoding
| +--rw (target)
| | +--:(stream)
| | | +--rw (stream-filter)?
| | | | +--:(by-reference)
| | | | | +--rw stream-filter-ref stream-filter-ref
| | | | +--:(within-subscription)
| | | | +--rw (filter-spec)?
| | | | +--:(stream-subtree-filter)
| | | | | +--rw stream-subtree-filter? {subtree}?
| | | | +--:(stream-xpath-filter)
| | | | +--rw stream-xpath-filter?
| | | | yang:xpath1.0 {sn:xpath}?
| | | +--rw stream stream
| | | +--rw replay-start-time? yang:date-and-time {replay}?
| | +--:(yp:datastore)
| | +--rw yp:datastore identityref
| | +--rw (yp:selected-content)?
| | +--:(yp:by-reference)
| | | +--rw yp:selection-filter-ref selection-filter-ref
| | +--:(yp:within-subscription)
| | +--rw (yp:filter-spec)?
| | +--:(yp:datastore-subtree-filter)
| | | +--rw yp:datastore-subtree-filter?
| | {sn:subtree}?
| | +--:(yp:datastore-xpath-filter)
| | +--rw yp:datastore-xpath-filter?
| | yang:xpath1.0 {sn:xpath}?
| +--rw stop-time? yang:date-and-time
| +--rw dscp? inet:dscp {qos}?
| +--rw weighting? uint8 {qos}?
| +--rw dependency? sn:subscription-id {qos}?
| +--rw receivers