| Internet-Draft | unyte-udp-notif | September 2022 |
| Zheng, et al. | Expires 16 March 2023 | [Page] |
This document describes an UDP-based notification mechanism to collect data from networking devices. A shim header is proposed to facilitate the data streaming directly from the publishing process on network processor of line cards to receivers. The objective is to provide a lightweight approach to enable higher frequency and less performance impact on publisher and receiver processes compared to already established notification mechanisms.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 16 March 2023.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Sub-Notif [RFC8639] defines a mechanism that lets a receiver subscribe to the publication of YANG-defined data maintained in a YANG [RFC7950] datastore. The mechanism separates the management and control of subscriptions from the transport used to deliver the data. Three transport mechanisms, namely NETCONF transport [RFC8640], RESTCONF transport [RFC8650], and HTTPS transport [I-D.ietf-netconf-https-notif] have been defined so far for such notification messages.¶
While powerful in their features and general in their architecture, the currently available transport mechanisms need to be complemented to support data publications at high velocity from devices that feature a distributed architecture. The currently available transports are based on TCP and lack the efficiency needed to continuously send notifications at high velocity.¶
This document specifies a transport option for Sub-Notif that leverages UDP. Specifically, it facilitates the distributed data collection mechanism described in [I-D.ietf-netconf-distributed-notif]. In the case of publishing from multiple network processors on multiple line cards, centralized designs require data to be internally forwarded from those network processors to the push server, presumably on a route processor, which then combines the individual data items into a single consolidated stream. The centralized data collection mechanism can result in a performance bottleneck, especially when large amounts of data are involved.¶
What is needed is a mechanism that allows for directly publishing from multiple network processors on line cards, without passing them through an additional processing stage for internal consolidation. The proposed UDP-based transport allows for such a distributed data publishing approach.¶
The transport described in this document can be used for transmitting notification messages over both IPv4 and IPv6.¶
This document describes the notification mechanism. It is intended to be used in conjunction with [RFC8639], extended by [I-D.ietf-netconf-distributed-notif].¶
Section 2 describes the control of the proposed transport mechanism. Section 3 details the notification mechanism and message format. Section 4 describes the use of options in the notification message header. Section 5 covers the applicability of the proposed mechanism. Section 6 describes a mechanism to secure the protocol in open networks.¶
This section describes how the proposed mechanism can be controlled using subscription channels based on NETCONF or RESTCONF.¶
Following the usual approach of Sub-Notif, configured subscriptions contain the location information of all the receivers, including the IP address and the port number, so that the publisher can actively send UDP-Notif messages to the corresponding receivers.¶
Note that receivers MAY NOT be already up and running when the configuration of the subscription takes effect on the monitored device. The first message MUST be a separate subscription-started notification to indicate the Receiver that the stream has started flowing. Then, the notifications can be sent immediately without delay. All the subscription state notifications, as defined in [RFC8639], MUST be encapsulated in separate notification messages.¶
In this section, we specify the UDP-Notif Transport behavior. Section 3.1 describes the general design of the solution. Section 3.2 specifies the UDP-Notif message format. Section 4 describes a generic optional sub TLV format. Section 4.1 uses such options to provide a segmentation solution for large UDP-Notif message payloads. Section 3.3 describes the encoding of the message payload.¶
As specified in Sub-Notif, the telemetry data is encapsulated in the NETCONF/RESTCONF notification message, which is then encapsulated and carried using transport protocols such as TLS or HTTP2. This document defines a UDP based transport. Figure 1 illustrates the structure of an UDP-Notif message.¶
+-------+ +--------------+ +--------------+ | UDP | | Message | | Notification | | | | Header | | Message | +-------+ +--------------+ +--------------+
The UDP-Notif Message Header contains information that facilitate the message transmission before deserializing the notification message. The data format is shown in Figure 2.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-----+-+-------+---------------+-------------------------------+ | Ver |S| MT | Header Len | Message Length | +-----+-+-------+---------------+-------------------------------+ | Observation-Domain-ID | +---------------------------------------------------------------+ | Message-ID | +---------------------------------------------------------------+ ~ Options ~ +---------------------------------------------------------------+
The Message Header contains the following field:¶
MT is a 4 bit identifier to indicate the media type used for the Notification Message. 16 types of encoding can be expressed. When the S bit is unset, the following values apply:¶
UDP-Notif message data can be encoded in CBOR, XML or JSON format. It is conceivable that additional encodings may be supported in the future. This can be accomplished by augmenting the subscription data model with additional identity statements used to refer to requested encodings.¶
Private encodings can be supported through the use of the S bit of the header. When the S bit is set, the value of the MT field is left to be defined and agreed upon by the users of the private encoding. An option is defined in Section 4.2 for more verbose encoding descriptions than what can be described with the MT field.¶
Implementation MAY support multiple encoding methods per subscription. When bundled notifications are supported between the publisher and the receiver, only subscribed notifications with the same encoding can be bundled in a given message.¶
All the options are defined with the following format, illustrated in Figure 3.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+-------------------------------- | Type | Length | Variable-length data +---------------+---------------+--------------------------------
When more than one option are used in the UDP-notif header, options MUST be ordered by the Type value.¶
The UDP payload length is limited to 65535. Application level headers will make the actual payload shorter. Even though binary encodings such as CBOR may not require more space than what is left, more voluminous encodings such as JSON and XML may suffer from this size limitation. Although IPv4 and IPv6 publishers can fragment outgoing packets exceeding their Maximum Transmission Unit(MTU), fragmented IP packets may not be desired for operational and performance reasons.¶
Consequently, implementations of the mechanism SHOULD provide a configurable max-segment-size option to control the maximum size of a payload.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+-----------------------------+-+ | Type | Length | Segment Number |L| +---------------+---------------+-----------------------------+-+
The Segmentation Option is to be included when the message content is segmented into multiple pieces. Different segments of one message share the same Message ID. An illustration is provided in Figure 4. The fields of this TLV are:¶
An implementation of this specification MUST NOT rely on IP fragmentation by default to carry large messages. An implementation of this specification MUST either restrict the size of individual messages carried over this protocol, or support the segmentation option.¶
When a message has multiple options and is segmented using the described mechanism, all the options MUST be present on the first segment ordered by the options Type. The rest of segmented messages MAY include all the options ordered by options type.¶
The space to describe private encodings in the MT field of the UDP-Notif header being limited, an option is provided to describe custom encodings. The fields of this option are as follows.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+-------------------------------- | Type | Length | Variable length enc. descr. +---------------+---------------+--------------------------------
This option SHOULD only be used when the S bit of the header is set, as providing a private encoding description for standard encodings is meaningless.¶
In this section, we provide an applicability statement for the proposed mechanism, following the recommendations of [RFC8085].¶
The proposed mechanism falls in the category of UDP applications "designed for use within the network of a single network operator or on networks of an adjacent set of cooperating network operators, to be deployed in controlled environments", as defined in [RFC8085]. Implementations of the proposed mechanism SHOULD thus follow the recommendations in place for such specific applications. In the following, we discuss recommendations on congestion control, message size guidelines, reliability considerations and security considerations.¶
The proposed application falls into the category of applications performing transfer of large amounts of data. It is expected that the operator using the solution configures QoS on its related flows. As per [RFC8085], such applications MAY choose not to implement any form of congestion control, but follow the following principles.¶
It is NOT RECOMMENDED to use the proposed mechanism over congestion-sensitive network paths. The only environments where UDP-Notif is expected to be used are managed networks. The deployments require that the network path has been explicitly provisioned to handle the traffic through traffic engineering mechanisms, such as rate limiting or capacity reservations.¶
Implementation of the proposal SHOULD NOT push unlimited amounts of traffic by default, and SHOULD require the users to explicitly configure such a mode of operation.¶
Burst mitigation through packet pacing is RECOMMENDED. Disabling burst mitigation SHOULD require the users to explicitly configure such a mode of operation.¶
Applications SHOULD monitor packet losses and provide means to the user for retrieving information on such losses. The UDP-Notif Message ID can be used to deduce congestion based on packet loss detection. Hence the receiver can notify the device to use a lower streaming rate. The interaction to control the streaming rate on the device is out of the scope of this document.¶
[RFC8085] recommends not to rely on IP fragmentation for messages whose size result in IP packets exceeding the MTU along the path. The segmentation option of the current specification permits segmentation of the UDP Notif message content without relying on IP fragmentation. Implementation of the current specification SHOULD allow for the configuration of the MTU.¶
The target application for UDP-Notif is the collection of data-plane information. The lack of reliability of the data streaming mechanism is thus considered acceptable as the mechanism is to be used in controlled environments, mitigating the risk of information loss, while allowing for publication of very large amounts of data. Moreover, in this context, sporadic events when incomplete data collection is provided is not critical for the proper management of the network, as information collected for the devices through the means of the proposed mechanism is to be often refreshed.¶
A receiver implementation for this protocol SHOULD deal with potential loss of packets carrying a part of segmented payload, by discarding packets that were received, but cannot be re-assembled as a complete message within a given amount of time. This time SHOULD be configurable.¶
In open or unsecured networks, UDP-notif messages MUST be secured or encrypted. In this section, a mechanism using DTLS 1.3 to secure UDP-notif protocol is presented. The following sections defines the requirements for the implementation of the secured layer of DTLS for UDP-notif. No DTLS 1.3 extensions are defined nor needed.¶
The DTLS 1.3 protocol [RFC9147] is designed to meet the requirements of applications that need to secure datagram transport. Implementations using DTLS to secure UDP-notif messages MUST use DTLS 1.3 protocol as defined in [RFC9147] without any new extensions.¶
When this security layer is used, the Publisher MUST always be a DTLS client, and the Receiver MUST always be a DTLS server. The Receivers MUST support accepting UDP-notif Messages on the specified UDP port, but MAY be configurable to listen on a different port. The Publisher MUST support sending UDP-notif messages to the specified UDP port, but MAY be configurable to send messages to a different port. The Publisher MAY use any source UDP port for transmitting messages.¶
The Publisher initiates a DTLS connection by sending a DTLS ClientHello to the Receiver. Implementations MAY support the denial of service countermeasures defined by DTLS 1.3. When these countermeasures are used, the Receiver responds with a DTLS HelloRetryRequest containing a stateless cookie. The Publisher MUST send a new DTLS ClientHello message containing the received cookie, which initiates the DTLS handshake.¶
When DTLS is implemented, the Publisher MUST NOT send any UDP-notif messages before the DTLS handshake has successfully completed. Early data mechanism (also known as 0-RTT data) as defined in [RFC9147] MUST NOT be used.¶
Implementations of this security layer MUST support DTLS 1.3 [RFC9147] and MUST support the mandatory to implement cipher suite TLS_AES_128_GCM_SHA256 and SHOULD implement TLS_AES_256_GCM_SHA384 and TLS_CHACHA20_POLY1305_SHA256 cipher suites, as specified in TLS 1.3 [RFC8446]. If additional cipher suites are supported, then implementations MUST NOT negotiate a cipher suite that employs NULL integrity or authentication algorithms.¶
Where privacy is REQUIRED, then implementations must either negotiate a cipher suite that employs a non-NULL encryption algorithm or otherwise achieve privacy by other means, such as a physically secured network.¶
When DTLS is used, all UDP-notif messages MUST be published as DTLS "application_data". It is possible that multiple UDP-notif messages are contained in one DTLS record, or that a publication message is transferred in multiple DTLS records. The application data is defined with the following ABNF [RFC5234] expression:¶
APPLICATION-DATA = 1*UDP-NOTIF-FRAME¶
UDP-NOTIF-FRAME = MSG-LEN SP UDP-NOTIF-MSG¶
MSG-LEN = NONZERO-DIGIT *DIGIT¶
SP = %d32¶
NONZERO-DIGIT = %d49-57¶
DIGIT = %d48 / NONZERO-DIGIT¶
UDP-NOTIF-MSG is defined in Section 3.¶
The Publisher SHOULD attempt to avoid IP fragmentation by using the Segmentation Option in the UDP-notif message.¶
A Publisher MUST close the associated DTLS connection if the connection is not expected to deliver any UDP-notif Messages later. It MUST send a DTLS close_notify alert before closing the connection. A Publisher (DTLS client) MAY choose to not wait for the Receiver's close_notify alert and simply close the DTLS connection. Once the Receiver gets a close_notify from the Publisher, it MUST reply with a close_notify.¶
When no data is received from a DTLS connection for a long time, the Receiver MAY close the connection. Implementations SHOULD set the timeout value to 10 minutes but application specific profiles MAY recommend shorter or longer values. The Receiver (DTLS server) MUST attempt to initiate an exchange of close_notify alerts with the Publisher before closing the connection. Receivers that are unprepared to receive any more data MAY close the connection after sending the close_notify alert.¶
Although closure alerts are a component of TLS and so of DTLS, they, like all alerts, are not retransmitted by DTLS and so may be lost over an unreliable network.¶
The YANG model defined in Section 8 has four leaves augmenting the model of Sub-Notif [RFC8639], and one presence container to configure DTLS1.3 encryption parameters.¶
module: ietf-udp-notif
augment /sn:subscriptions/sn:subscription/sn:receivers/sn:receiver:
+--rw address inet:ip-address
+--rw port inet:port-number
+--rw enable-segmentation? boolean {segmentation}?
+--rw max-segment-size? uint32 {segmentation}?
+--rw dtls! {dtls-supported}?
+--rw client-identity!
| +--rw (auth-type)
| +--:(certificate) {client-ident-x509-cert}?
| | ...
| +--:(raw-public-key) {client-ident-raw-public-key}?
| | ...
| +--:(tls13-epsk) {client-ident-tls13-epsk}?
| ...
+--rw server-authentication
| +--rw ca-certs! {server-auth-x509-cert}?
| | +--rw (local-or-truststore)
| | ...
| +--rw ee-certs! {server-auth-x509-cert}?
| | +--rw (local-or-truststore)
| | ...
| +--rw raw-public-keys! {server-auth-raw-public-key}?
| | +--rw (local-or-truststore)
| | ...
| +--rw tls13-epsks? empty {server-auth-tls13-epsk}?
+--rw hello-params {tlscmn:hello-params}?
| +--rw tls-versions
| | +--rw tls-version* identityref
| +--rw cipher-suites
| +--rw cipher-suite* identityref
+--rw keepalives {tls-client-keepalives}?
+--rw peer-allowed-to-send? empty
+--rw test-peer-aliveness!
+--rw max-wait? uint16
+--rw max-attempts? uint8
¶
This YANG module is used to configure, on a publisher, a receiver willing to consume notification messages. This module augments the "ietf-subscribed-notifications" module to define a transport specific receiver and uses tls-client-grouping defined in [I-D.ietf-netconf-tls-client-server] to add DTLS 1.3 parameters.¶
<CODE BEGINS> file "ietf-udp-notif@2022-08-29.yang"
module ietf-udp-notif {
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-udp-notif";
prefix un;
import ietf-subscribed-notifications {
prefix sn;
reference
"RFC 8639: Subscription to YANG Notifications";
}
import ietf-inet-types {
prefix inet;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-tls-client {
prefix tlsc;
reference
"RFC YYYY: YANG Groupings for TLS Clients and TLS Servers";
}
organization "IETF NETCONF (Network Configuration) Working Group";
contact
"WG Web: <http:/tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org>
Authors: Guangying Zheng
<mailto:zhengguangying@huawei.com>
Tianran Zhou
<mailto:zhoutianran@huawei.com>
Thomas Graf
<mailto:thomas.graf@swisscom.com>
Pierre Francois
<mailto:pierre.francois@insa-lyon.fr>
Alex Huang Feng
<mailto:alex.huang-feng@insa-lyon.fr>
Paolo Lucente
<mailto:paolo@ntt.net>";
description
"Defines UDP-Notif as a supported transport for subscribed
event notifications.
Copyright (c) 2022 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, is permitted pursuant to, and subject to the license
terms contained in, the Revised BSD License set forth in Section
4.c of the IETF Trust's Legal Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see the RFC
itself for full legal notices.";
revision 2022-08-29 {
description
"Removed enable-dtls leaf and changed container dtls to presence container.
Removed TLS1.2 references from tls-client-grouping";
reference
"RFC XXXX: UDP-based Transport for Configured Subscriptions";
}
/*
* FEATURES
*/
feature encode-cbor {
description
"This feature indicates that CBOR encoding of notification
messages is supported.";
}
feature dtls-supported {
description
"This feature indicates that DTLS encryption of notification
messages is supported.";
}
feature segmentation {
description
"This feature indicates segmentation of notification messages
is supported.";
}
/*
* IDENTITIES
*/
identity udp-notif {
base sn:transport;
description
"UDP-Notif is used as transport for notification messages
and state change notifications.";
}
identity encode-cbor {
base sn:encoding;
description
"Encode data using CBOR as described in RFC 9254.";
reference
"RFC 9254: CBOR Encoding of Data Modeled with YANG";
}
grouping udp-receiver-grouping {
description
"Provides a reusable description of a UDP-Notif target
receiver.";
leaf address {
type inet:ip-address;
mandatory true;
description
"IP address of target UDP-Notif receiver, which can be an
IPv4 address or an IPV6 address.";
}
leaf port {
type inet:port-number;
mandatory true;
description
"Port number of target UDP-Notif receiver.";
}
leaf enable-segmentation {
if-feature segmentation;
type boolean;
default false;
description
"The switch for the segmentation feature. When disabled, the
publisher will not allow fragment for a very large data";
}
leaf max-segment-size {
when "../enable-segmentation = 'true'";
if-feature segmentation;
type uint32;
description
"UDP-Notif provides a configurable max-segment-size to
control the size of each segment (UDP-Notif header, with
options, included).";
}
container dtls {
if-feature dtls-supported;
presence dtls;
uses tlsc:tls-client-grouping {
// Using tls-client-grouping without TLS1.2 parameters
// allowing only DTLS 1.3
refine "client-identity/auth-type/tls12-psk" {
// create the logical impossibility of enabling TLS1.2
if-feature "not tlsc:client-ident-tls12-psk";
}
refine "server-authentication/tls12-psks" {
// create the logical impossibility of enabling TLS1.2
if-feature "not tlsc:server-auth-tls12-psk";
}
}
description
"Container for configuring DTLS 1.3 parameters if DTLS is enabled.";
}
}
augment "/sn:subscriptions/sn:subscription/sn:receivers/sn:receiver" {
when "derived-from(../../transport, 'un:udp-notif')";
description
"This augmentation allows UDP-Notif specific parameters to be
exposed for a subscription.";
uses udp-receiver-grouping;
}
}
<CODE ENDS>¶
This document describes a number of new registries, the URI from IETF XML Registry and the registration of a new YANG module name.¶
This document is creating 3 registries called "UDP-notif media types", "UDP-notif option types", and "UDP-notif header version" under the new group "UDP-notif protocol". The registration procedure is made using the Standards Action process defined in [RFC8126].¶
The first requested registry is the following:¶
Registry Name: UDP-notif media types Registry Category: UDP-notif protocol. Registration Procedure: Standard Action as defined in RFC8126 Maximum value: 15¶
These are the initial registrations for "UDP-notif media types":¶
Value: 0 Description: Reserved Reference: this document¶
Value: 1 Description: media type application/yang-data+json Reference: <xref target="RFC8040"/>¶
Value: 2 Description: media type application/yang-data+xml Reference: <xref target="RFC8040"/>¶
Value: 3 Description: media type application/yang-data+cbor Reference: <xref target="RFC9254"/>¶
The second requested registry is the following:¶
Registry Name: UDP-notif option types Registry Category: UDP-notif protocol. Registration Procedure: Standard Action as defined in RFC8126 Maximum value: 255¶
These are the initial registrations for "UDP-notif options types":¶
Value: 0 Description: Reserved Reference: this document¶
Value: TBD1 (suggested value: 1) Description: Segmentation Option Reference: this document¶
Value: TBD2 (suggested value: 2) Description: Private Encoding Option Reference: this document¶
The third requested registry is the following:¶
Registry Name: UDP-notif header version Registry Category: UDP-notif protocol. Registration Procedure: Standard Action as defined in RFC8126 Maximum value: 7¶
These are the initial registrations for "UDP-notif header version":¶
Value: 0 Description: First version Reference: draft-ietf-netconf-udp-pub-channel-05¶
Value: 1 Description: RFCXXXX, current version. Reference: this document¶
IANA is also requested to assign a new URI from the IETF XML Registry [RFC3688]. The following URI is suggested:¶
URI: urn:ietf:params:xml:ns:yang:ietf-udp-notif Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace.¶
This document also requests a new YANG module name in the YANG Module Names registry [RFC7950] with the following suggestion:¶
name: ietf-udp-notif namespace: urn:ietf:params:xml:ns:yang:ietf-udp-notif prefix: un reference: RFC XXXX¶
[RFC8085] states that "UDP applications that need to protect their communications againts eavesdropping, tampering, or message forgery SHOULD employ end-to-end security services provided by other IETF protocols". As mentioned above, the proposed mechanism is designed to be used in controlled environments, as defined in [RFC8085] also known as "limited domains", as defined in [RFC8799]. Thus, a security layer is not necessary required. Nevertheless, a DTLS layer MUST be implemented in open or unsecured networks. A specification of udp-notif using DTLS is presented in Section 6.¶
The authors of this documents would like to thank Alexander Clemm, Eric Voit, Huiyang Yang, Kent Watsen, Mahesh Jethanandani, Marco Tollini, Stephane Frenot, Timothy Carey, Tim Jenkins and Yunan Gu for their constructive suggestions for improving this document.¶