| NETCONF | E. Voit |
| Internet-Draft | A. Tripathy |
| Intended status: Standards Track | E. Nilsen-Nygaard |
| Expires: August 4, 2018 | Cisco Systems |
| A. Clemm | |
| Huawei | |
| A. Gonzalez Prieto | |
| VMWare | |
| A. Bierman | |
| YumaWorks | |
| January 31, 2018 |
RESTCONF and HTTP Transport for Event Notifications
draft-ietf-netconf-restconf-notif-04
This document defines RESTCONF, HTTP2, and HTTP1.1 bindings for the transport of subscription requests and corresponding push updates. Being subscribed may be either publisher defined event streams or nodes/subtrees of YANG Datastores.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 4, 2018.
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Mechanisms to support event subscription and push are defined in [I-D.draft-ietf-netconf-subscribed-notifications]. Enhancements to [I-D.draft-ietf-netconf-subscribed-notifications] which enable YANG Datastore subscription and push are defined in [I-D.ietf-netconf-yang-push]. This document provides a transport specification for these protocols over RESTCONF and HTTP. Driving these requirements is [RFC7923].
The streaming of notifications encapsulating the resulting information push can be done with either HTTP1.1 and HTTP2. When using HTTP2 [RFC7540] benefits which can be realized include:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
The following terms use the definitions from [I-D.draft-ietf-netconf-subscribed-notifications]: configured subscription, dynamic subscription, notification message, publisher, receiver, subscriber, and subscription.
Subscribing to event streams is defined in [I-D.draft-ietf-netconf-subscribed-notifications], YANG Datastore subscription is defined in [I-D.ietf-netconf-yang-push]. This section specifies transport mechanisms applicable to both.
Dynamic subscriptions for both [I-D.draft-ietf-netconf-subscribed-notifications] and its [I-D.ietf-netconf-yang-push] augmentations are configured and managed via signaling messages transported over [RFC8040]. These interactions will be accomplished via a RESTCONF POST into RPCs located on the publisher. HTTP responses codes will indicate the results of the interaction with the publisher. An HTTP status code of 200 is the proper response to a successful <establish-subscription> RPC call. The successful <establish-subscription> will result in a HTTP message with returned subscription URI on a logically separate mechanism than was used for the original RESTCONF POST. This mechanism is via a parallel TCP connection in the case of HTTP 1.x, or in the case of HTTP2 via a separate HTTP stream within the HTTP connection. When a being returned by the publisher, failure will be indicated by 4xx range status codes transported in payload. Anytime hints are returned from the publisher status code 412 is used with the error-tag "operation-failed".
Once established, the resulting stream of notification messages are then delivered via SSE for HTTP1.1 and via an HTTP2 DATA frame for HTTP2.
Requests to [I-D.draft-ietf-netconf-subscribed-notifications] or [I-D.ietf-netconf-yang-push] augmented RPCs are sent on one or more HTTP2 streams indicated by (a) in Figure 2. Notification messages related to a single subscription are pushed on a unique logical channel (b). In the case below, a newly established subscription has its associated messages pushed over HTTP2 stream (7).
+------------+ +------------+
| Subscriber | | Publisher |
|HTTP2 Stream| |HTTP2 Stream|
| (a) (b) | | (a) (b) |
+------------+ +------------+
| RESTCONF POST (RPC:establish-subscription) |
|--------------------------------------------->|
| HTTP 200 OK (URI)|
|<---------------------------------------------|
| (7)HTTP POST (URI) (7)
| |--------------------------------------------->|
| | HTTP 200 OK|
| |<---------------------------------------------|
| | HTTP Data (event-notif)|
| |<---------------------------------------------|
| RESTCONF POST (RPC:modify-subscription) | |
|--------------------------------------------->| |
| | HTTP 200 OK| |
|<---------------------------------------------| |
| | HTTP Data (subscription-modified)|
| |<---------------------------------------------|
| | HTTP Data (event-notif)|
| |<---------------------------------------------|
| RESTCONF POST (RPC:delete-subscription) | |
|--------------------------------------------->| |
| | HTTP 200 OK| |
|<---------------------------------------------| |
| | HTTP Headers (end of stream)|
| (/7)<-----------------------------------------(/7)
|
Figure 1: Dynamic with HTTP2
Requests to [I-D.ietf-netconf-yang-push] RPCs are sent on the TCP connection indicated by (a). Notification messages are pushed on a separate connection (b). This connection (b) will be used for all notification messages across all subscriptions.
+--------------+ +--------------+
| Subscriber | | Publisher |
|TCP connection| |TCP connection|
| (a) (b) | | (a) (b) |
+--------------+ +--------------+
| RESTCONF POST (RPC:establish-subscription) |
|--------------------------------------------->|
| HTTP 200 OK (URI)|
|<---------------------------------------------|
| |HTTP GET (URI) |
| |--------------------------------------------->|
| | HTTP 200 OK|
| |<---------------------------------------------|
| | SSE (event-notif)|
| |<---------------------------------------------|
| RESTCONF POST (RPC:modify-subscription) | |
|--------------------------------------------->| |
| | HTTP 200 OK| |
|<---------------------------------------------| |
| | SSE (subscription-modified)|
| |<---------------------------------------------|
| | SSE (event-notif)|
| |<---------------------------------------------|
| RESTCONF POST (RPC:delete-subscription) | |
|--------------------------------------------->| |
| | HTTP 200 OK| |
|<---------------------------------------------| |
| | |
| |
Figure 2: Dynamic with HTTP1.1
With a configured subscription, all information needed to establish a secure relationship with that receiver is available on the publisher. With this information, the publisher will establish a secure transport connection with the receiver and then begin pushing notification messages to the receiver. Since RESTCONF might not exist on the receiver, it is not desirable to require that subscribed content be pushed with any dependency on RESTCONF. Therefore in place of RESTCONF, a TLS secured HTTP2 Client connection must be established with an HTTP2 Server located on the receiver. Notification messages will then be sent as part of an extended HTTP POST to the receiver.
POST messages will be addressed to HTTP augmentation code on the receiver capable of accepting and responding to state change notifications and subscribed content notification messages. The first POST message must be a subscription-started notification. Notifications which include any subscribed content must not be sent until the receipt of an HTTP 200 OK for this initial notification. The 200 OK will indicate that the receiver is ready for the delivery of subscribed content. At this point a subscription must be allocated its own HTTP2 stream. Figure 4 depicts this message flow.
+------------+ +------------+
| Receiver | | Publisher |
|HTTP2 Stream| |HTTP2 Stream|
| (a) (b) | | (a) (b) |
+------------+ +------------+
| HTTP Post Headers, Data (sub-start, SubID)|
|<---------------------------------------------|
| HTTP 200 OK |
|--------------------------------------------->|
| | HTTP Post Headers, Data (event-notif)|
| |<---------------------------------------------|
| | HTTP Data (event-notif)|
| |<---------------------------------------------|
| | HTTP Data (sub-terminate)|
| |<---------------------------------------------|
| |HTTP 200 OK |
| |--------------------------------------------->|
Figure 3: Configured over HTTP2
As the HTTP2 transport is available to the receiver, the publisher should:
A publisher MUST support JSON encoding of RPCs and Notifications.
A publisher supporting [I-D.ietf-netconf-yang-push] MUST support the "operational" datastore as defined by [I.D.draft-ietf-netmod-revised-datastores].
Notification messages transported over NETCONF will be identical in format and content to those encoded using one-way operations defined within [RFC5277], section 4.
One or more publishers of configured subscriptions could be used to overwhelm a receiver which doesn't even support subscriptions. There are two protections needing support on a publisher. First, notification messages for configured subscriptions MUST only be transmittable over encrypted transports. Clients which do not want pushed content need only terminate or refuse any transport sessions from the publisher. Second, the HTTP transport augmentation on the receiver must send an HTTP 200 OK to a subscription started notification before the publisher starts streaming any subscribed content.
One or more publishers could overwhelm a receiver which is unable to control or handle the volume of Event Notifications received. In deployments where this might be a concern, HTTP2 transport such as HTTP2) should be selected.
The NETCONF Authorization Control Model [RFC6536] SHOULD be used to control and restrict authorization of subscription configuration.
We wish to acknowledge the helpful contributions, comments, and suggestions that were received from: Susan Hares, Tim Jenkins, Balazs Lengyel, Kent Watsen, Michael Scharf, and Guangying Zheng.
| [I-D.draft-ietf-netconf-subscribed-notifications] | Voit, E., Clemm, A., Gonzalez Prieto, A., Tripathy, A. and E. Nilsen-Nygaard, "Custom Subscription to Event Streams", Internet-Draft draft-ietf-netconf-subscribed-notifications-06, January 2018. |
| [I.D.draft-ietf-netmod-revised-datastores] | Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K. and R. Wilton, "Network Management Datastore Architecture", Internet-Draft draft-ietf-netmod-revised-datastores-04, August 2017. |
| [RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
| [RFC5277] | Chisholm, S. and H. Trevino, "NETCONF Event Notifications", RFC 5277, DOI 10.17487/RFC5277, July 2008. |
| [RFC6520] | Seggelmann, R., Tuexen, M. and M. Williams, "Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension", RFC 6520, DOI 10.17487/RFC6520, February 2012. |
| [RFC6536] | Bierman, A. and M. Bjorklund, "Network Configuration Protocol (NETCONF) Access Control Model", RFC 6536, DOI 10.17487/RFC6536, March 2012. |
| [RFC7540] | Belshe, M., Peon, R. and M. Thomson, "Hypertext Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI 10.17487/RFC7540, May 2015. |
| [RFC8040] | Bierman, A., Bjorklund, M. and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017. |
| [GRPC] | "RPC framework that runs over HTTP2", August 2017. |
| [I-D.ietf-netconf-yang-push] | Clemm, A., Voit, E., Gonzalez Prieto, A., Prasad Tripathy, A., Nilsen-Nygaard, E., Bierman, A. and B. Lengyel, "Subscribing to YANG datastore push updates", March 2017. |
| [RFC7923] | Voit, E., Clemm, A. and A. Gonzalez Prieto, "Requirements for Subscription to YANG Datastores", RFC 7923, DOI 10.17487/RFC7923, June 2016. |
| [RFC7951] | Lhotka, L., "JSON Encoding of Data Modeled with YANG", RFC 7951, DOI 10.17487/RFC7951, August 2016. |
| [RFC8071] | Watsen, K., "NETCONF Call Home and RESTCONF Call Home", RFC 8071, DOI 10.17487/RFC8071, February 2017. |
| [W3C-20150203] | "Server-Sent Events, World Wide Web Consortium CR CR-eventsource-20121211", February 2015. |
Several technologies are expected to be seen within a deployment to achieve security and ease-of-use requirements. These are not necessary for an implementation of this specification, but will be useful to consider when considering the operational context.
Implementations should include the ability to transparently incorporate 'call home' [RFC8071] so that secure TLS connections can originate from the desired device.
HTTP sessions might not quickly allow a subscriber to recognize when the communication path has been lost from the publisher. To recognize this, it is possible for a receiver to establish a TLS heartbeat [RFC6520]. In the case where a TLS heartbeat is included, it should be sent just from receiver to publisher. Loss of the heartbeat should result in any subscription related TCP sessions between those endpoints being torn down. The subscription can then attempt to re-establish.
An initial goal for this document was to support [GRPC] transport seamlessly without any mapping or extra layering. However there is an incompatibility of RESTCONF and GRPC. RESTCONF uses HTTP GET, and GRPC uses HTTP2's POST rather than GET. As GET is used across RESTCONF for things like capabilities exchange, a seamless mapping depends on specification changes outside the scope of this document. If/when GRPC supports GET, or RESTCONF is updated to support POST, this should be revisited. It is hoped that the resulting fix will be transparent to this document.
(Note: examples in this section need significant updates)
Subscribers can dynamically learn whether a RESTCONF server supports various types of Event or Yang datastore subscription capabilities. This is done by issuing an HTTP request OPTIONS, HEAD, or GET on the stream. Some examples building upon the Call flow for HTTP1.1 from Section 3.2.2 are:
GET /restconf/data/ietf-restconf-monitoring:restconf-state/
streams/stream=yang-push HTTP/1.1
Host: example.com
Accept: application/yang.data+xml
If the server supports it, it may respond
HTTP/1.1 200 OK
Content-Type: application/yang.api+xml
<stream xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-monitoring">
<name>yang-push</name>
<description>Yang push stream</description>
<access>
<encoding>xml</encoding>
<location>https://example.com/streams/yang-push-xml
</location>
</access>
<access>
<encoding>json</encoding>
<location>https://example.com/streams/yang-push-json
</location>
</access>
</stream>
If the server does not support any form of subscription, it may respond
HTTP/1.1 404 Not Found Date: Mon, 25 Apr 2012 11:10:30 GMT Server: example-server
Subscribers can determine the URL to receive updates by sending an HTTP GET as a request for the "location" leaf with the stream list entry. The stream to use for may be selected from the Event Stream list provided in the capabilities exchange. Note that different encodings are supporting using different Event Stream locations. For example, the subscriber might send the following request:
GET /restconf/data/ietf-restconf-monitoring:restconf-state/
streams/stream=yang-push/access=xml/location HTTP/1.1
Host: example.com
Accept: application/yang.data+xml
The publisher might send the following response:
HTTP/1.1 200 OK
Content-Type: application/yang.api+xml
<location
xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-monitoring">
https://example.com/streams/yang-push-xml
</location>
To subscribe and start receiving updates, the subscriber can then send an HTTP GET request for the URL returned by the publisher in the request above. The accept header must be "text/event-stream". The publisher uses the Server Sent Events [W3C-20150203] transport strategy to push filtered events from the event stream.
The publisher MUST support individual parameters within the POST request body for all the parameters of a subscription. The only exception is the encoding, which is embedded in the URI. An example of this is:
// subtree filter = /foo
// periodic updates, every 5 seconds
POST /restconf/operations/ietf-subscribed-notifications:
establish-subscription HTTP/1.1
Host: example.com
Content-Type: application/yang-data+json
{
"ietf-subscribed-notifications:input" : {
"stream": "push-data"
"period" : 5,
"xpath-filter" : "/ex:foo[starts-with('bar'.'some']"
}
}
Should the publisher not support the requested subscription, it may reply:
HTTP/1.1 501 Not Implemented
Date: Mon, 23 Apr 2012 17:11:00 GMT
Server: example-server
Content-Type: application/yang.errors+xml
<errors xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf">
<error>
<error-type>application</error-type>
<error-tag>operation-not-supported</error-tag>
<error-severity>error</error-severity>
<error-message>Xpath filters not supported</error-message>
<error-info>
<supported-subscription xmlns="urn:ietf:params:xml:ns:
netconf:datastore-push:1.0">
<subtree-filter/>
</supported-subscription>
</error-info>
</error>
</errors>
with an equivalent JSON encoding representation of:
HTTP/1.1 501 Not Implemented
Date: Mon, 23 Apr 2012 17:11:00 GMT
Server: example-server
Content-Type: application/yang.errors+json
{
"ietf-restconf:errors": {
"error": {
"error-type": "protocol",
"error-tag": "operation-not-supported",
"error-message": "Xpath filters not supported."
"error-info": {
"datastore-push:supported-subscription": {
"subtree-filter": [null]
}
}
}
}
}
The following is an example of a pushed content for the subscription above. It contains a subtree with root foo that contains a leaf called bar:
XML encoding representation:
<?xml version="1.0" encoding="UTF-8"?>
<notification xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf">
<subscription-id xmlns="urn:ietf:params:xml:ns:restconf:
datastore-push:1.0">
my-sub
</subscription-id>
<eventTime>2015-03-09T19:14:56.233Z</eventTime>
<datastore-contents xmlns="urn:ietf:params:xml:ns:restconf:
datastore-push:1.0">
<foo xmlns="http://example.com/yang-push/1.0">
<bar>some_string</bar>
</foo>
</datastore-contents>
</notification>
Or with the equivalent YANG over JSON encoding representation as defined in [RFC7951]:
{
"ietf-restconf:notification": {
"datastore-push:subscription-id": "my-sub",
"eventTime": "2015-03-09T19:14:56.233Z",
"datastore-push:datastore-contents": {
"example-mod:foo": { "bar": "some_string" }
}
}
}
To modify a subscription, the subscriber issues another POST request on the provided URI using the same subscription-id as in the original request. For example, to modify the update period to 10 seconds, the subscriber may send:
POST /restconf/operations/ietf-subscribed-notifications:
modify-subscription HTTP/1.1
Host: example.com
Content-Type: application/yang-data+json
{
"ietf-subscribed-notifications:input" : {
"subscription-id": 100,
"period" : 10
}
}
To delete a subscription, the subscriber issues a DELETE request on the provided URI using the same subscription-id as in the original request
The basic encoding will look as below. It will consists of a JSON representation wrapped in an HTTP2 header.
HyperText Transfer Protocol 2
Stream: HEADERS, Stream ID: 5
Header: :method: POST
Stream: HEADERS, Stream ID: 5
{
"ietf-yangpush:notification": {
"datastore-push:subscription-id": "my-sub",
"eventTime": "2015-03-09T19:14:56.233Z",
"datastore-push:datastore-contents": {
"foo": { "bar": "some_string" }
}
}
}
(To be removed by RFC editor prior to publication)
v03 - v04
v02 - v03
v01 - v02
v00 - v01