Internet-Draft | Distributed Notifications | July 2022 |
Zhou, et al. | Expires 9 January 2023 | [Page] |
This document describes extensions to the YANG notifications subscription to allow metrics being published directly from processors on line cards to target receivers, while subscription is still maintained at the route processor in a distributed forwarding system.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 9 January 2023.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The mechanism to support a subscription of a continuous and customized stream of updates from a YANG datastore is defined in [RFC8639] and [RFC8641]. Requirements for Subscription to YANG Datastores are defined in [RFC7923]¶
By streaming data from publishers to receivers, much better performance and fine-grained sampling can be achieved than with polling. In a distributed forwarding system, the packet forwarding is delegated to multiple processors on line cards. To not to overwhelm the route processor resources, it is not uncommon that data records are published directly from processors on line cards to target Receivers to further increase efficiency on the routing system.¶
This document complement the general subscription requirements defined in section 4.2.1 of [RFC7923] by the paragraph: A Subscription Service MAY support the ability to export from multiple software processes on a single routing system and expose the information which software process produced which message to maintain data integrity.¶
The following terms are defined in [RFC8639] and are not redefined here:¶
Subscriber¶
Publisher¶
Receiver¶
Subscription¶
In addition, this document defines the following terms:¶
Global Subscription: is the Subscription requested by the subscriber. It may be decomposed into multiple Component Subscriptions.¶
Component Subscription: is the Subscription that defines a data source which is managed and controlled by a single Publisher.¶
Global Capability: is the overall subscription capability that the group of Publishers can expose to the Subscriber.¶
Component Capability: is the subscription capability that each Publisher can expose to the Subscriber.¶
Master: is the Publisher that interacts with the Subscriber to deal with the Global Subscription. It decomposes the Global Subscription to multiple Component Subscriptions and interacts with the Agents.¶
Agent: is the Publisher that interacts with the Master to deal with the Component Subscription and pushing the data to the Receiver.¶
Observation Domain: An Observation Domain is the largest set of Observation Points for which metrics can be collected by a metering process. For example, a router line card may be an Observation Domain if it is composed of several interfaces, each of which is an Observation Point. In the YANG notification messages it generates, the Observation Domain includes its Observation Domain ID, which is unique per publisher process. That way, the collecting process can identify the specific Observation Domain from the publisher that sends the YANG notification messages. Every Observation Point is associated with an Observation Domain.¶
Observation Domain ID: A 32-bit identifier of the Observation Domain that is locally unique to the publisher process. The publisher processes use the Observation Domain ID to uniquely identify the collecting process of the Observation Domain that meters the metrics. Receivers SHOULD use the transport session and the Observation Domain ID field to separate different publisher streams originating from the same publisher.¶
Lost and corrupt YANG notification messages need to be recognized at the receiver to ensure data integrity even when multiple publisher processes publishing from the same transport session.¶
To preserve data integrity down to the publisher process, the Observation Domain ID in the transport message header of the YANG notification message is introduced. In case of UDP transport, this is described in Section 3.2 of UDP based transport [I-D.ietf-netconf-udp-notif].¶
Figure 2 below shows the distributed data export framework.¶
A collector usually includes two components,¶
For one subscription, there can be one or more Receivers. And the Subscriber does not necessarily share the same IP address as the Receivers.¶
In this framework, the Publisher pushes data to the Receiver according to the subscription. The Publisher is either in the Master or Agent role. The Master knows all the capabilities that his Agents can provide and exposes the Global Capability to the collector. The Subscriber maintains the Global Subscription at the Master and disassembles the Global Subscription to multiple Component Subscriptions, depending which source data is needed. The Component Subscriptions are then distributed to the corresponding Publisher Agents on route and processors on line cards.¶
Publisher Agents collects metrics according to the Component Subscription, add its metadata, encapsulates and pushes data to the Receiver where packets are reassembled and decapsulated.¶
Master and Agents interact with each other in several ways:¶
The technical mechanisms or protocols used for the coordination of operational information between Master and Agent is out-of-scope of this document.¶
The Collector can only subscribe to the Master. This requires the Master to:¶
And the Agent to:¶
The Publisher Agent collects data and encapsulates the packets per Component Subscription. The format and structure of the data records are defined by the YANG schema, so that the decomposition at the Receiver can benefit from the structured and hierarchical data records.¶
The Receiver is able to associate the YANG data records with Subscription ID [RFC8639] to the subscribed subscription and with Message Observation Domain ID [I-D.ietf-netconf-notification-messages] to one of the Publisher Agents software processes to enable message integrity.¶
For the dynamic subscription, the output of the "establish-subscription" RPC defined in [RFC8639] MUST include a list of Message Observation Domain IDs to indicate how the Global Subscription is decomposed into several Component Subscriptions.¶
The "subscription-started" and "subscription-modified" notification defined in [RFC8639] MUST also include a list of Message Observation Domain IDs to notify the current Publishers for the corresponding Global Subscription.¶
In addition to sending event records to Receivers, the Master MUST also send subscription state change notifications [RFC8639] when events related to subscription management have occurred. All the subscription state change notifications MUST be delivered by the Master.¶
When the subscription decomposition result changed, the "subscription-modified" notification MUST be sent to indicate the new list of Publishers.¶
This document assumes that all Publisher Agents are preconfigured to push data. The actual working Publisher Agents are selected based on the subscription decomposition result.¶
All Publisher Agents share the same source IP address for data export. For connectionless data transport such as UDP based transport [I-D.ietf-netconf-udp-notif] the same Layer 4 source port for data export can be used. For connection based data transport such as HTTPS based transport [I-D.ietf-netconf-https-notif], each Publisher Agent MUST be able to acknowledge packet retrieval from Receivers, and therefore requires a dedicated Layer 4 source port per software process.¶
The specific configuration on transports is described in the responsible documents.¶
module: ietf-distributed-notif augment /sn:subscriptions/sn:subscription: +--ro message-observation-domain-id* string augment /sn:subscription-started: +--ro message-observation-domain-id* string augment /sn:subscription-modified: +--ro message-observation-domain-id* string augment /sn:establish-subscription/sn:output: +--ro message-observation-domain-id* string¶
<CODE BEGINS> file "ietf-distributed-notif@2021-05-07.yang" module ietf-distributed-notif { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-distributed-notif"; prefix dn; import ietf-subscribed-notifications { prefix sn; } organization "IETF NETCONF (Network Configuration) Working Group"; contact "WG Web: <http:/tools.ietf.org/wg/netconf/> WG List: <mailto:netconf@ietf.org> Editor: Tianran Zhou <mailto:zhoutianran@huawei.com> Editor: Guangying Zheng <mailto:zhengguangying@huawei.com>"; description "Defines augmentation for ietf-subscribed-notifications to enable the distributed publication with single subscription. Copyright (c) 2018 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision 2021-05-07 { description "Initial version"; reference "RFC XXXX: Subscription to Distributed Notifications"; } grouping message-observation-domain-ids { description "Provides a reusable list of message-observation-domain-ids."; leaf-list message-observation-domain-id { type string; config false; ordered-by user; description "Software process which created the message (e.g., processor 1 on line card 1). This field is used to notify the collector the working originator."; } } augment "/sn:subscriptions/sn:subscription" { description "This augmentation allows the message Observation Domain ID to be exposed for a subscription."; uses message-observation-domain-ids; } augment "/sn:subscription-started" { description "This augmentation allows MSO specific parameters to be exposed for a subscription."; uses message-observation-domain-ids; } augment "/sn:subscription-modified" { description "This augmentation allows MSO specific parameters to be exposed for a subscription."; uses message-observation-domain-ids; } augment "/sn:establish-subscription/sn:output" { description "This augmentation allows MSO specific parameters to be exposed for a subscription."; uses message-observation-domain-ids; } } <CODE ENDS>¶
This document registers the following namespace URI in the IETF XML Registry [RFC3688]:¶
This document registers the following YANG module in the YANG Module Names registry [RFC3688]:¶
The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC5246].¶
The NETCONF Access Control Model (NACM) [RFC6536] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.¶
The new data nodes introduced in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get-config or notification) to this data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:¶
The entries in the two lists above will show where subscribed resources might be located on the publishers. Access control MUST be set so that only someone with proper access permissions has the ability to access this resource.¶
Other Security Considerations is the same as those discussed in [RFC8639].¶
Alexander Clemm Futurewai 2330 Central Expressway Santa Clara California United States of America Email: ludwig@clemm.org¶
We thank Kent Watsen, Mahesh Jethanandani, Martin Bjorklund, Tim Carey and Qin Wu for their constructive suggestions for improving this document.¶
This appendix is non-normative.¶
Figure 3 shows a typical dynamic subscription to the device with distributed data export capability.¶
A "establish-subscription" RPC request as per [RFC8641] is sent to the Master with a successful response. An example of using NETCONF:¶
As the device is able to fully satisfy the request, the request is given a subscription ID of 22. The response as in Figure 5 indicates that the subscription is decomposed into two component subscriptions which will be published by two message Observation Domain ID: #1 and #2.¶
Then, both Publishers send notifications with the corresponding piece of data to the Receiver.¶
The subscriber may invoke the "modify-subscription" RPC for a subscription it previously established. The RPC has no difference to the single publisher case as in [RFC8641]. Figure 6 provides an example where a subscriber attempts to modify the period and datastore XPath filter of a subscription using NETCONF.¶
If the modification is successfully accepted, the "subscription-modified" subscription state notification is sent to the subscriber by the Master. The notification, Figure 7 for example, indicates the modified subscription is decomposed into one component subscription which will be published by message Observation Domain #1.¶
Figure 8 shows a typical configured subscription to the device with distributed data export capability.¶
Before starting to push data, the "subscription-started" subscription state notification is sent to the Receiver. The following example assumes the NETCONF transport has already established. The notification indicates that the configured subscription is decomposed into two component subscriptions which will be published by two message Observation Domain: #1 and #2.¶
Then, both Publishers send notifications with the corresponding data record to the Receiver.¶