Re: Thoughts on NetConf Requirements

[Eliot Lear <lear@cisco.com>]

Juergen Schoenwaelder wrote:
> Having another TCP connections for this would not kill me... I am also
> not sure that you really need another channel. The primary reason I
> think is that netconf assumes that _all_ exchanges over a single
> channel form a valid XML document. If you consider each protocol
> message a single XML document (similar to EPP), then you can probably
> get away with just one channel.
First, I think the channels are important because the abstraction also 
assists connections from either direction (element connects or server 
connects).  This is important to deal with firewalls, a problem that 
SNMP has be dogged by.

> Eliot> 2.  The security profiles are well specified.
>
> I remember operators telling us that they love ssh and to some extend
> tls/ssl. EPP for example runs over tls/tcp.
Right.  BEEP is tls-based, as well as SASL based.  TLS/TCP is probably 
insufficient, because the existing operating model of the devices in 
question is username-based.  The protocol will need to be tied into an 
device's radius/TACACS+/{diameter in the future?} implementation.

> Eliot> 3.  Proper framing of XML channels within a channel.  You don't
> Eliot> have to have parsed the entire page in line to know that
> Eliot> there's more coming.  In fact you don't have to parse anything-
> Eliot> it's byte counts.
>
> See <draft-ietf-provreg-epp-tcp-06.txt> for a nice simple way to
> achieve framing.
I will do this.

> Eliot> 4.  It was pretty much designed with XML in mind as well as
> Eliot> HTTP's shortcomings.  In essence, it was meant to address
> Eliot> things that HTTPng started to tackle.
>
> Yes, and BEEP is really a nice thing from that perspective. But I fail
> to see how that relates to netconf since our starting point is not
> HTTP.
Yes it is.  We're not looking to replace the console interface.  We're 
looking to provide a programmatic interface.  Many *many* vendors have a 
way to do this with HTTP today.  In fact that's as much a problem as it 
is a good thing, since there's no interoprability.

> Just be clear: I am concerned about the combination of netconf with
> beep as it is currently defined. My thinking is:
>
> a) If a decision is made to rely on beep services, I think the
>    requiremens for the transport should just be more demanding and
>    thus at least some of the rpc stuff in netconf can can just go
>    away.
>
> b) On the other hand, if a decision is made to keep netconf self
>    contained, then we have reduced requirements for the transport
>    and in this case I believe using beep is a bit too heavy.
I would agree that BEEP is about 110% of what you need for XMLCONF.  On 
the other hand, it covers the 100% that needs covering.

Eliot



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>