-----Original Message-----
From: Andy Bierman [mailto:ietf@andybierman.com]
Sent: Thursday, June 01, 2006 10:44 PM
To: Pooja Malhotra
Cc: netconf@ops.ietf.org
Subject: Re: SOAP/HTTP over SSH
Pooja Malhotra wrote:
Hi...
We are planning to implement NetConf.And I am very new to this standard.
In this effort I went thro' the initial draft
"NETCONF Configuration Protocol draft-ietf-netconf-prot-12" proposed by
IETF.
After going through it , I understood the architecture
as shown below in the figure:
You have misunderstood the document.
The RPC layer is 'SOAP over HTTP'.
The transport protocol SOAP over HTTPS (HTTP over TLS)
is supported. You would use this instead of SSH.
Andy
Layer Example
+-------------+ +-----------------------------+
(4) | Content | | Configuration data |
+-------------+ +-----------------------------+
| |
+-------------+ +-----------------------------+
(3) | Operations | | NETCONF operation |
+-------------+ +-----------------------------+
| |
+-------------+ +-----------------------------+
(2) | RPC | | SOAP over HTTP |
+-------------+ +-----------------------------+
| |
+-------------+ +-----------------------------+
(1) | Transport | | SSH |
| Protocol | | |
+-------------+ +-----------------------------+
As you can see, our proposed solution indicated that the SSH would
be used as Transport Protocol.This choice was made because it
is mentioned in section 2.4.(Mandatory Transport Protocol )
that SSH is mandatory for NetConf. Now we
are stuck with the RPC layer protocol. Intially we thought of
SOAP over HTTP (as RPC layer implementation), But if this the case,
we fail to understand how the SSH layer will communicate with
the RPC layer.
How the SSH layer will interact with the RPC layer over HTTP as it is not
secure.
Also,once the SSH session is opened between the remote machine,
how can we ensure that the data transfer is secured through SOAP/HTTP?
What is the nature of the SSH connection?Is it socket connection like SSL?
We tried implementing SSH using opensource Library from JSch
(for client)and OpenSSH (for SSH Server).
Other tool we tried was Corkscrew(tool for tunneling SSH
through HTTP proxies.)
Also Is it mandatory to implement SSH.Instead can we use SOAP
over HTTPS.
I would be highly obliged if you could please throw some light on
the queries I have and tell us some tools which can help us in
implementation.
Thanks,
Pooja Malhotra
Senior Software Engineer,
MASCON Global ltd.
Bangalore
Karnatka (India)
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>