[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue 6.1) SOAP Proxy

To: Ted Goddard <ted.goddard@windriver.com>
Subject: Re: Issue 6.1) SOAP Proxy
From: Scott Lawrence <scott-xmlconf@skrb.org>
Date: Thu, 18 Dec 2003 18:05:28 -0500
Cc: netconf@ops.ietf.org
In-reply-to: <F73CC66F-31A2-11D8-9C0E-003065C0229A@windriver.com> (Ted Goddard's message of "Thu, 18 Dec 2003 14:41:40 -0700")
Organization: http://skrb.org/
References: <4.3.2.7.2.20031202160207.029dc460@fedex.cisco.com> <4.3.2.7.2.20031202160207.029dc460@fedex.cisco.com> <4.3.2.7.2.20031205090616.0271bf00@fedex.cisco.com> <F73CC66F-31A2-11D8-9C0E-003065C0229A@windriver.com>
User-agent: Gnus/5.1001 (Gnus v5.10.1) Emacs/21.2 (windows-nt)

Ted Goddard <ted.goddard@windriver.com> writes:

> The NETCONF/SOAP draft contains the following text:
>
> 3.6 Managing Multiple Devices
>
>     When a server is acting as a proxy for multiple devices, the URL for
>     the HTTP POST can be used to indicate which device is the target.  It
>     may also be desirable to use the HTTP POST URL as a means for
>     selecting from multiple virtual devices on a single device.

First, that's not a change from HTTP anyway - to traverse a proxy, you
send it a URL that refers to some other system.

> There are other ways to deal with this, however -- my impression
> is that there is some desire to remove the idea of "session" from
> NETCONF/SOAP, and the above paragraph is compatible with that.

Either that, or make the session explict rather associating it with
the connection.  Any message within a session carries the session
identifier.  If you're going to support more than one transport, then
this removes a required service from the lower layer.

> However, if we keep sessions, then an HTTP proxy will appear somewhat
> like an unreliable connection -- the proxy may cause you to lose your
> lock, but on the next operation the NETCONF agent will notice that
> it is requested on an expired session and respond with an error.
> With this you should be able to function in an HTTP proxied environment
> as long as you handle errors gracefully and work quickly enough to
> avoid the proxy timeouts.

Timeouts are not the only reasons a proxy might close connections, so
I wouldn't bet too heavily on them.

For standard HTTP proxies, you should be able to tunnel through using
CONNECT; and if you keep sessions, then that would be a very good
idea.  How to do this is described in RFC 2817 (the title implies that
it's about HTTP security, but everything it says is applicable to any
use of HTTP that requires an end-to-end transport).

-- 
Scott Lawrence        
  http://skrb.org/scott/

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Issue 6.1) SOAP Proxy
  - From: Ted Goddard <ted.goddard@windriver.com>

References:
- Issue 6.1) SOAP Proxy
  - From: Andy Bierman <abierman@cisco.com>
- Re: Issue 6.1) SOAP Proxy
  - From: Andy Bierman <abierman@cisco.com>
- Re: Issue 6.1) SOAP Proxy
  - From: Ted Goddard <ted.goddard@windriver.com>

Prev by Date: Re: Issue 6.1) SOAP Proxy
Next by Date: Re: DRAFT minutes from IETF 58 NETCONF sessions
Previous by thread: Re: Issue 6.1) SOAP Proxy
Next by thread: Re: Issue 6.1) SOAP Proxy
Index(es):
- Date
- Thread