NETCONF Working Group | H. Birkholz |
Internet-Draft | Fraunhofer SIT |
Intended status: Standards Track | E. Voit |
Expires: January 3, 2019 | Cisco Systems |
July 02, 2018 |
Concise YANG Telemetry
draft-birkholz-yang-core-telemetry-00
This document defines CoAP operations that implement the capabilities of YANG Datastore Subscriptions and YANG Customized Subscriptions for the CoAP Management Interface (CoMI). The '/s' resource, as defined in CoMI, is extended analogously to include a set of sub-resources, each of them representing an observable resource identified by its subscription-id. Specific additions include but are not limited to new FETCH Body definitions and simplified subtree subscriptions to intermediate data nodes in YANG datastore modules using SID.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2019.
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The YANG management interface for constrained devices and networks, called CoAP Management Interface (CoMI), is defined in [I-D.ietf-core-comi] and covers the capabilities as defined by YANG 1.1 [RFC7950]. The most essential characteristics of CoMI are the use of:
This document defines additions to CoMI called Concise YANG Telemetry that:
Due to the utilization of CoAP, the interaction model of CoMI is quite similar to RESTCONF [RFC8040]. RESTCONF supports subscriptions to a YANG datastore via notification statements in YANG modules, which—when subscribed to via the base subscription YANG RPC defined in [RFC7950]—result in Series [I-D.bormann-t2trg-stp] of Server Sent Events [W3C.REC-eventsource-20150203]}. A corresponding Event Stream specification for NETCONF [RFC6241] Event Notifications is defined in section 3.2.3 of [RFC5277]. To simplify corresponding terminology (and especially consolidate the impedance mismatch of the terms Notifications and Events), this document defines the following new term:
Please note: while the focus of YANG is typically on management and operations, the scope of YANG Telemetry extends into the Security Area with respect to Security Events. Because of this, YANG Telemetry characteristics that address security requirements, such as Visibility and Resilient YANG Subscriptions, are addressed in this document.
The definition of YANG Telemetry is based on the following existing terminology:
In addition to the illustration of the scope of YANG Telemetry above, this section highlights the most important terms that are vital to the functionality of Concise YANG Telemetry with respect to the Constrained Application Protocol:
This documents defines the binding of YANG Datastore Subscriptions and YANG Customized Subscriptions to the CoAP Management Interface. In summary, these additions include:
The CoMI architecture (and YANG in general) assumes that both YANG client and YANG datastores (server) retain or have access to knowledge about the same YANG specification (see Figure 1 in [I-D.ietf-core-comi]). This is not necessarily true for a YANG Push capable CoMI server. Highly constrained nodes can emit Series of subscribed notifications without previous solicitation: this allows them to create well-formed YANG-modeled Telemetry from hard-coded building blocks of YANG-modeled data, which are in compliance to YANG modules. In consequence, while taking on the role of a YANG datastore, a YANG Subscription capable CoMI server SHOULD be capable to process YANG queries, but MAY not be due to the lack of corresponding functions or knowledge of a complete YANG module.
As these flavors of YANG datastores are not necessarily able to create CoMI responses based on client request, it is likely that highly constrained datastores initiate a Call-Home procedure (see [RFC8071]) acting as if a request was already received (see Configured Subscription above), enticing a very specific request they can fulfill (dynamic subscription) or rendezvous via a discoverable YANG Zero Touch entity. In all these usage scenarios, the datastore intends to create device specific YANG Telemetry to be conveyed to corresponding YANG clients.
In essence, incorporating a complete YANG module on a CoMI datastore that is capable of YANG Subscriptions is not required to enable the initiation of Concise YANG Telemetry within a very specific scope. This kin of Telemetry-Specific CoMI datastore is therefore not a fully YANG 1.1 compliant datastore, but able to create valid YANG modeled YANG Data Items.
Two generic YANG notification statements for Update Records are introduced by YANG Datastore Subscriptions [I-D.ietf-netconf-yang-push] augments to enable the following capabilities:
Every Update Record Notification (Bundle) Message in a Series that is generated in the context of a subscription is emitted per the characteristics of the subscription state maintained by the CoMI datastore. Subscription state can be created on the CoMI datastore during manufacturing, onboarding, enrollment, deployment, or maintenance of the CoMI datastore. Most typically, subscription state is created by a YANG Client (e.g. a Network Management System) via a dynamic subscription.
A vital part of the subscription state that defines the content of a YANG Telemetry stream is the filter expression associated with the subscription characteristics. A filter expression enables a CoMI datastore to emit only a subset of potential notification content; reducing the volume of data in motion, significantly.
Three types of Filter Expressions enable a CoMI datastore to emit filtered subsets of data node value updates:
Distinct YANG Telemetry streams are defined by the following three primary subscription characteristics:
These characteristics define how subscription state is created and how the resulting Telemetry streams behave. In general, corresponding subscription state can be created by a YANG client via the "establish-subscription" RPC as defined in [I-D.ietf-netconf-subscribed-notifications].
There are three options how to establish a YANG Telemetry stream via YANG Subscriptions:
CoAP defines a strict coupling of request and corresponding response messages via the CoAP Token. Every CoAP Request MUST include a CoAP Token that is generated by the CoAP requestor (client). Analogously, every CoAP response that is associated with that request MUST include the corresponding CoAP Token in order for the CoAP Request not to be discarded.
In order to enable this type of YANG Subscription, one or more CoMI Clients have to retain or gain knowledge about the corresponding CoAP Tokens (via declarative guidance, a distribution mechanism, or by inferring them via a Call Home procedure), for which they are intended to receive Concise YANG Telemetry by. This implies the existence of a deployed solution that enables a secure and resilient distribution of corresponding CoAP Tokens in a group of CoMI Clients. The exact architecture of this solution is—at the time of this writing—out-of-scope of this document.
This subscription trigger requires knowledge about potential YANG datastores to subscribe to by a YANG Client. This subscription characteristics have to be pre-configured or discoverable by the YANG Client. A typical procedure to facilitate a dynamic subscription is the Call Home discovery mechanism.
The subscription interval is a specific Subscription Characteristic that defines the events that trigger emission of an Update Record in the context of a YANG Subscription. There are two types of subscription interval: periodic subscription and on-change subscription.
A periodic subscription uses a timer in order to emit an Update Record in the context of a YANG Subscription. This type of Subscription Characteristic is intended to be used if Data Node Values change rapidly or continuously. A typically example of Data Node Values that benefit from this type of Subscription Characteristic is used are PDU Counters.
An on-change subscription uses the event of a Data Node Value change to emit an Update Record in the context of a YANG Subscription. This type of Subscription Characteristic is intended to be used if Data Node Values changes only occasionally, but conveyance of information about that change in a timely fashion is required. Typical examples are, deployment of a new IEEE 802.1AR LDevID, or the modification of an ACL by a logged in user.
An on-change subscription capability MUST be explicitly annotated in a YANG module definition in order to prevent a meaningless or harmful association of Subscription Characteristics to a YANG Subscription. E.g. it is advisable not to allow for on-change subscriptions to data definition statements that provide Data Node Values representing rapidly changing counters.
The actual syntax and corresponding semantics of data definition statements that are intended to allow for associating an on-change Subscription Characteristic with a YANG Datastore Subscription to a YANG module is out-of-scope of [I-D.ietf-netconf-yang-push] or [I-D.ietf-netconf-subscribed-notifications] and—in consequence—also out-of-scope of this document.
In usage scenarios that require a high level of assurance with respect to Visibility (most prominently security-related events) it is vital for a YANG Client to gain knowledge about a deterioration of Visibility of Update Records.
In order to request complete Visibility of every Data Node Value change via a corresponding Update Record, the dampening-period (see section 4.2. in [I-D.ietf-netconf-yang-push] MUST be set to 0. The use of YANG Notification Bundle Messages [I-D.ietf-netconf-notification-messages] can mitigate the deteriorating impact of a dampening-period higher than 0, but can still result in missed Update Records in an constrained-node environment.
If the conveyance of an Update Record (bundled or not) failed, the YANG datastore MUST include an "updates-not-sent" flag in the next Update Record.
There are usage scenarios, in which complete Visibility of every Change to Data Node Values, but only the information that there was a Data Node Values change occurred is appropriate. In these cases, a dampening-period higher than 0 should be used. A prominent example are "interface-flapping" events.
The YANG Push subscription trigger mechanisms illustrated above creates subscription state between a YANG client and a YANG datastore. As long as this subscription state between these two entities persists, a datastore can emit series of YANG notifications to a YANG client, if appropriate conditions are met, e.g. the YANG client expects solicited event notifications coming from the datastore due to a dynamic subscription.
YANG Push [I-D.ietf-netconf-yang-push] and YANG Subscribed Notifications [I-D.ietf-netconf-subscribed-notifications] extend this mechanism by enabling subscriptions to changes of YANG module data node state in a YANG datastore resulting in two types of sources - or two different types of YANG Notification Series [-cabo-series], respectively:
In usage scenarios with a group of more than one CoMI Client a CoMI datastore can potentially convey Concise YANG Telemetry to, a YANG Subscription can be maintained in a more resilient manner. Emitting a CoAP response in a confirmable message enables a CoMI datastore to detect that a corresponding CoMI Client became unavailable (due to missing confirmation messages). In order to create a Resilient Subscription, a detected loss of a CoMI Client MUST immediately re-trigger the CoAP Call Home procedure in order to discover an equivalent "new home" to send the corresponding Concise YANG Telemetry Stream to. The maximum interval between confirmable message as a part of the Concise YANG Telemetry stream is 24 hours. The interval can be chosen smaller and appropriate to the requirements of the usage scenario. Theoretically – but not necessarily advisable in a constrained-node environment – every CoAP response can be send in a confirmable message.
Every subscription-id is created by the YANG datastore and is used in the corresponding subscription state to provide the root identifier, by which dedicated subscription characteristics are associated with an established subscription. In consequence, the basic interaction model of Concise YANG Push is split into two operations that are initiated by the YANG client in sequence:
A standard CoMI datastore as defined in [I-D.ietf-core-comi] typically uses the datastore resource "/c" to provide the YANG datastore tree and the resource "/s" to provide the YANG notification stream. Sub-resources under "/c" are represented in the format of /c/sid.
Concise YANG Telemetry extends the scope of the "/s" resource. Sub-resources under "/s" are represented as /s/key, where key is a numeric string representation of the subscription identifier, e.g. "/s/65536/". The key representation reduces the ambiguity with respect to sid, which uses an URI safe base64 representation.
Each subscription identifier key is instantiated as a sub-resource of the "/c/subid" resource, a YANG tree instance of the subscription characteristics yang:ietf-subscribed-notifications/subscriptions (as defined in YANG Push [I-D.ietf-netconf-yang-push], which augments ietf-subscribed-notification defined in [I-D.ietf-netconf-subscribed-notifications]) is provided here for each active subscription.
YANG Customized Subscriptions provides augmented RPC for establishing, modifying, deleting, or killing a subscription. CoMI uses the same module as YANG Push and provides a corresponding interface to allow for a corresponding confirmable POST message to RPC resources (see [I-D.ietf-core-comi] Section 5.3.2.).
Concise YANG Telemetry also defines the capabilities to point confirmable FETCH messages – including the Observe option - to sub-resources provided by "/c". If the body of the FETCH message includes a CBOR modeled [I-D.ietf-core-yang-cbor] subtree filter expression, a new subscription is created and a corresponding subscription id is returned. Additionally, a corresponding subscription sub-resource under "/s" is created.
As usual in CoMI, iPATCH requests can be used to perform a number of operations on the datastore in one request, such as deleting, creating, and updating subscriptions.
This document includes no requests to IANA, but solutions drafts incubated via this document might.
This document includes no security considerations, but solution drafts incubated via this document will.
Carsten Bormann, Klaus Hartke, Michel Veillette
First version -00
[I-D.bormann-t2trg-stp] | Bormann, C. and K. Hartke, "The Series Transfer Pattern (STP)", Internet-Draft draft-bormann-t2trg-stp-01, July 2018. |
[I-D.ietf-core-comi] | Veillette, M., Stok, P., Pelov, A. and A. Bierman, "CoAP Management Interface", Internet-Draft draft-ietf-core-comi-03, June 2018. |
[I-D.ietf-core-yang-cbor] | Veillette, M., Pelov, A., Somaraju, A., Turner, R. and A. Minaburo, "CBOR Encoding of Data Modeled with YANG", Internet-Draft draft-ietf-core-yang-cbor-06, February 2018. |
[I-D.ietf-netconf-notification-messages] | Voit, E., Birkholz, H., Bierman, A., Clemm, A. and T. Jenkins, "Notification Message Headers and Bundles", Internet-Draft draft-ietf-netconf-notification-messages-03, February 2018. |
[I-D.ietf-netconf-subscribed-notifications] | Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E. and A. Tripathy, "Customized Subscriptions to a Publisher's Event Streams", Internet-Draft draft-ietf-netconf-subscribed-notifications-14, July 2018. |
[I-D.ietf-netconf-yang-push] | Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen-Nygaard, E., Bierman, A. and B. Lengyel, "YANG Datastore Subscription", Internet-Draft draft-ietf-netconf-yang-push-17, July 2018. |
[RFC5277] | Chisholm, S. and H. Trevino, "NETCONF Event Notifications", RFC 5277, DOI 10.17487/RFC5277, July 2008. |
[RFC6020] | Bjorklund, M., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010. |
[RFC6241] | Enns, R., Bjorklund, M., Schoenwaelder, J. and A. Bierman, "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011. |
[RFC7049] | Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, October 2013. |
[RFC7252] | Shelby, Z., Hartke, K. and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, DOI 10.17487/RFC7252, June 2014. |
[RFC7950] | Bjorklund, M., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016. |
[RFC8040] | Bierman, A., Bjorklund, M. and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017. |
[RFC8071] | Watsen, K., "NETCONF Call Home and RESTCONF Call Home", RFC 8071, DOI 10.17487/RFC8071, February 2017. |
[RFC8342] | Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K. and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018. |