[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]

Versions: 00

SACM Working Group                                           H. Birkholz
Internet-Draft                                            Fraunhofer SIT
Intended status: Informational                                   T. Zhou
Expires: April 21, 2018                                           Huawei
                                                                  X. Liu
                                                                 E. Voit
                                                           Cisco Systems
                                                        October 18, 2017

                     YANG Push Operations for CoMI


   This document provides a problem statement, derives an initial gap
   analysis and illustrates a first set of solution approaches in regard
   to augmenting YANG data stores based on the CoAP Management Interface
   with YANG Push capabilities.  A binary transfer mechanism for YANG
   Subscribed Notifications addresses both the requirements of
   constrained-node networks and the need for semantic interoperability
   via self-descriptiveness of the corresponding data in motion.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 21, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents

Birkholz, et al.         Expires April 21, 2018                 [Page 1]

Internet-Draft                  CoMI Push                   October 2017

   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Context of the Problem  . . . . . . . . . . . . . . . . . . .   2
     1.1.  Binary YANG transfer protocol . . . . . . . . . . . . . .   3
     1.2.  Device-Type Scope . . . . . . . . . . . . . . . . . . . .   3
     1.3.  Subscriptions via CoAP  . . . . . . . . . . . . . . . . .   3
     1.4.  Configured Subscriptions and Call-Home  . . . . . . . . .   4
     1.5.  Bootstrapping of Drop-Shipped Pledges . . . . . . . . . .   4
   2.  Summary of the Problem Statement  . . . . . . . . . . . . . .   5
   3.  Potential Approaches and Solutions  . . . . . . . . . . . . .   6
     3.1.  YANG subscription variants  . . . . . . . . . . . . . . .   6
     3.2.  YANG Push via CoAP  . . . . . . . . . . . . . . . . . . .   6
     3.3.  Dynamic Subscriptions . . . . . . . . . . . . . . . . . .   7
       3.3.1.  YANG Push via GET . . . . . . . . . . . . . . . . . .   7
       3.3.2.  YANG Push via FETCH . . . . . . . . . . . . . . . . .   7
     3.4.  Configured Subscriptions  . . . . . . . . . . . . . . . .   7
       3.4.1.  Retaining the Content of a GET Operation as
               Configuration . . . . . . . . . . . . . . . . . . . .   7
       3.4.2.  Call Home via CoAP  . . . . . . . . . . . . . . . . .   8
       3.4.3.  Dynamic Home Discovery  . . . . . . . . . . . . . . .   8
   4.  IANA considerations . . . . . . . . . . . . . . . . . . . . .   8
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
   7.  Change Log  . . . . . . . . . . . . . . . . . . . . . . . . .   8
   8.  Normative References  . . . . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Context of the Problem

   A binary transfer capability for YANG Subscribed Notifications
   [I-D.ietf-netconf-subscribed-notifications] based on YANG Push
   [I-D.ietf-netconf-yang-push] can be realized by using existing RFC
   and I-D work as building blocks.  This section is intended to provide
   a corresponding overview of the existing ecosystem in order to
   identify gaps and therefore provide a problem statement.

Birkholz, et al.         Expires April 21, 2018                 [Page 2]

Internet-Draft                  CoMI Push                   October 2017

1.1.  Binary YANG transfer protocol

   The CoAP Management Interface I-D (CoMI [I-D.ietf-core-comi]) defines
   operations for a YANG data store based on the Constrained Application
   Protocol (CoAP [RFC7252]).  CoAP uses a request/response interaction
   model that is based on HTTP (similar to RESTCONF [RFC8040]) and
   allows for multiple transports, including UDP or TCP (see
   [I-D.ietf-core-coap-tcp-tls]).  The Concise Binary Object
   Representation (CBOR [RFC7049]) is used for the serialization of data
   in motion in respect to CoAP operations and the data modeled with
   YANG [I-D.ietf-core-yang-cbor].

1.2.  Device-Type Scope

   [I-D.ietf-core-comi] states that CoAP "is designed for Machine to
   Machine (M2M) applications such as smart energy, smart city and
   building control.  Constrained devices need to be managed in an
   automatic fashion to handle the large quantities of devices that are
   expected in future installations.  Messages between devices need to
   be as small and infrequent as possible.  The implementation
   complexity and runtime resources need to be as small as possible."

   In addition, [I-D.ietf-core-comi] highlights that "CoMI and RESTCONF
   are intended to work in a stateless client-server fashion.  They use
   a single round-trip to complete a single editing transaction, where
   NETCONF needs up to 10 round trips.  To promote small messages, CoMI
   uses a YANG to CBOR mapping [I-D.ietf-core-yang-cbor] and numeric
   identifiers [I-D.ietf-core-sid] to minimize CBOR payloads and URI

   In essence, via CoMI, a small sensor can emit a set of measurements
   as binary encoded YANG notifications, which would only add a minimal
   overhead to the data in motion, but would increase interoperability
   significantly due to the powerful and widely used semantics enabled
   by YANG (in contrast to a set of raw values that always require
   additional context information and imperative guidance to be managed
   and post-processed appropriately).

1.3.  Subscriptions via CoAP

   The CoAP pub/sub I-D defines a CoAP Subscribe operation
   [I-D.ietf-core-coap-pubsub] that is based on observing resources via
   the Observe option for the GET operation as defined in [RFC7641].
   The CoAP pub/sub draft is intended to provide the capabilities and
   characteristics of MQTT via a CoAP based protocol.  The only other
   CoAP operation that supports the Observe option is the FETCH
   operation defined in [RFC8132].

Birkholz, et al.         Expires April 21, 2018                 [Page 3]

Internet-Draft                  CoMI Push                   October 2017

   The Observe option creates a small corresponding state on the server
   side that eliminates the need for continuous polling of a resource
   via subsequent requests.  Instead, subsequent responses including
   both the Observe option and using the token of the request that
   initiated the observation are returned when the observed resource
   changes.  A subscription (i.e. the observe state retained on the
   server) can be discarded by the client by sending a correspond CoAP
   GET with Observe using an Observe parameter of 1 or simply by
   "forgeting" the observation and return a CoAP Reset after receiving a
   notification in the context of the subscription.  A subscription can
   also be discarded by the server by sending a corresponding response
   that does not contain an Observe option.

   The subscription used in CoAP pub/sub are used to subscribe to a
   topic provided by a CoAP broker REST API.  YANG Push
   [I-D.ietf-netconf-yang-push] and corresponding YANG Subscribed
   Notifications are used to subscribe to data node updates provided by
   a YANG management interface.  YANG subscriptions can include a filter
   expression (either a subtree expression or an XPATH expression).  The
   encoding rules of XPATH expressions in CBOR are covered by

1.4.  Configured Subscriptions and Call-Home

   Configured subscriptions are basically static configuration that
   creates subscription state on the YANG data store when it is started
   and persists between boot-cycles without the need of a client to
   create that subscription state.  In consequence, a configured
   subscription can result in unsolicited pushed notifications in
   respect to a YANG client.

   A popular variant of the configured subscription as defined in
   [I-D.ietf-netconf-yang-push] is the Call Home procedure defined in
   [RFC8071].  In this approach, a Transport Layer application
   association with the YANG client is initiated by the YANG data store.
   After this "initial phase, in which the YANG server is acting like a
   client", the existing Transport Layer connection (or session, in case
   of, for example, TLS) is then used to the YANG client to initiate a
   subscription (i.e.  the YANG client is initiating a dynamic
   subscription based on a pre-configured request retained and issued by
   the YANG data store).

1.5.  Bootstrapping of Drop-Shipped Pledges

   [I-D.ietf-anima-bootstrapping-keyinfra] highlights that effectively
   "to literally 'pull yourself up by the bootstraps' is an impossible
   action.  Similarly, the secure establishment of a key infrastructure
   without external help is also an impossibility."

Birkholz, et al.         Expires April 21, 2018                 [Page 4]

Internet-Draft                  CoMI Push                   October 2017

   According to [I-D.ietf-anima-bootstrapping-keyinfra] the
   bootstrapping approach Call-Home has problems and limitations, which
   (amongst others) the draft itself is trying to address:

   o  the pledge requires realtime connectivity to the vendor service

   o  the domain identity is exposed to the vendor service (this is a
      privacy concern)

   o  the vendor is responsible for making the authorization decisions
      (this is a liability concern)

   A Pledge in the context of [I-D.ietf-anima-bootstrapping-keyinfra] is
   "the prospective device, which has an identity installed by a third-
   party (e.g., vendor, manufacturer or integrator)."

   A Pledge can be "drop-shipped", which refers to "the physical
   distribution of equipment containing the 'factory default'
   configuration to a final destination.  In zero-touch scenarios there
   is no staging or pre-configuration during drop-ship."

   In the scope of Call-Home as a part of YANG Push, either the factory
   default configuration of a drop-shipped Pledge that is a YANG data
   store would require to include the "home to Call Home" configuration
   or it has to be configured locally.

   [I-D.ietf-netconf-zerotouch] is intended to provide more flexibility
   to the Call-Home procedure already - by allowing to stage connection
   attempts to a locally administered network and if that fails fall
   back to connecting to a remotely administered network.  Alas,
   [I-D.ietf-netconf-zerotouch] is either prone to the same limitations
   as cited above or requires local configuration in order to find the
   home to Call-Home.

   The "Join Registrar" defined by
   [I-D.ietf-anima-bootstrapping-keyinfra] mitigates the cited problems
   and limitation by introducing "a representative of the domain that is
   configured, perhaps autonomically, to decide whether a new device is
   allowed to join the domain.  The administrator of the domain
   interfaces with a Join Registrar (and Coordinator) to control this
   process.  Typically a Join Registrar is "inside" its domain."

2.  Summary of the Problem Statement

   Currently, the following gaps are identified:

   o  no CoAP Subscribe procedure for dynamic YANG subscriptions is
      standardized that is able to convey a filter expression and

Birkholz, et al.         Expires April 21, 2018                 [Page 5]

Internet-Draft                  CoMI Push                   October 2017

      potentially other metadata required in the context of a YANG
      Subscribed Notifications application association.  Analogously,
      new payload types (e.g. a FETCH payload media-type) have to be

   o  no CoAP Call Home feature is standardized to support a popular
      variant of configured YANG subscriptions.

   o  no general Call Home mechanism is standardized that enables the
      discovery of "a home to Call Home" or that would be able to deal
      with "changing homes" in a dynamic but secure manner.

   In addition to the identified gaps, the semantics of metadata - if
   there are any - that have to be conveyed to or from a YANG data store
   in order to subscribe to a (filtered) YANG module or data node are
   not identified.

   The problem statement could be summarized as follows:

   "There is no complete solution based on CoAP to enable a freshly
   unpacked YANG data store ("drop-shipped pledge", e.g. the cliche
   light bulb) to discover an appropriate home it can than Call-Home to
   in a secure and trusted manner in order to push (un-)solicited
   subscribed notifications."

3.  Potential Approaches and Solutions

   There are multiple approaches that could lead to viable solutions
   that address the identified gaps.  The following sections illustrate
   the general solution context and some of the most promising

3.1.  YANG subscription variants

   A YANG Push update subscription service both provides support for
   dynamic subscription (i.e. subscription state created by a client
   request, allowing for solicited push notifications in the context of
   an up-time cycle of the server) and configured subscription (i.e.
   subscription configuration retained on the server, allowing for
   unsolicited push notifications across up-time cycles of the server).

3.2.  YANG Push via CoAP

   The two CoAP operations that enable a subscription mechanism are GET
   and FETCH (i.e. by supporting the Observe option).  Both operations
   are viable candidates for creating a CoAP-based YANG Push mechanism
   for CoMI.

Birkholz, et al.         Expires April 21, 2018                 [Page 6]

Internet-Draft                  CoMI Push                   October 2017

3.3.  Dynamic Subscriptions

   Using CoAP, the client issuing the initial subscription request
   creates the subscription state.  Examples are the GET or FETCH
   operation including an Observe option using an Observe parameter of 0

3.3.1.  YANG Push via GET

   This usage scenario requires two consecutive operations.  It is not
   possible to transfer a filter expression included in a GET operation.
   In consequence, a POST operation on a collection resource has to be
   conducted in order to convey a filter expression to the YANG data
   store, allowing it to return an URI that contains the data node
   information filtered in respect to the posted filter expression
   (encoded in CBOR).

   This variant allows for multiple clients to observe a specific
   filtered data node without conducting a POST operation, if the
   corresponding URI is made known to other clients that did not conduct
   the POST operation or, for example, is canonically linked to/
   derivable from a filter expression.

3.3.2.  YANG Push via FETCH

   This usage scenario requires only one operation.  A FETCH operation
   can include a body that is capable to contain a filter expression and
   potentially other metadata that might be required to establish a
   suitable subscription state on the YANG data store.

   It might be possible that this variant could introduce a slight delay
   in respect to response time if providing a filtered resource requires
   a lot of computation time on a constrained device.  I.e. the resource
   cannot be prepared "beforehand".

3.4.  Configured Subscriptions

   Using CoAP, the server retains configuration that creates
   subscription state when the YANG data store is started.  The client
   has to have or gain knowledge of the CoAP tokens that are included in
   the responses created in the context of the subscription state create
   from server configuration.

3.4.1.  Retaining the Content of a GET Operation as Configuration

   This usage scenario "mimics" the receiving of a subscription request
   by storing the corresponding information that are relevant for
   creating a subscription state as configuration on the YANG data

Birkholz, et al.         Expires April 21, 2018                 [Page 7]

Internet-Draft                  CoMI Push                   October 2017

   store.  I.e. the configuration would be including the YANG client IP
   address and the CoAP token to be used in the responses that convey
   the subscribed notifications.

   This variant requires that the client also knows or gains knowledge
   of the corresponding CoAP token in order to not discard the incoming

3.4.2.  Call Home via CoAP

   This usage scenario defines the Call Home procedure standardized in
   [RFC8071] as an additional capability of CoAP.  DTLS or TLS state is
   initiated by the YANG data store and triggers a dynamic subscription
   procedure of the YANG client using the session initiated by the YANG
   data store.

3.4.3.  Dynamic Home Discovery

   This usage scenario is based on the Bootstrapping Remote Secure Key
   Infrastructures I-D [I-D.ietf-anima-bootstrapping-keyinfra] and EST
   over secure CoAP I-D [I-D.vanderstok-ace-coap-est] and requires the
   standardization of a general use of Join Registrars in the context of
   YANG data stores that support YANG Push via static subscriptions.

4.  IANA considerations

   This document includes no requests to IANA, but solutions drafts
   incubated via this document might.

5.  Security Considerations

   This document includes no security considerations, but solution
   drafts incubated via this document will.

6.  Acknowledgements

   Carsten Bormann, Klaus Hartke, Michel Veillette

7.  Change Log

   First version -00

8.  Normative References

Birkholz, et al.         Expires April 21, 2018                 [Page 8]

Internet-Draft                  CoMI Push                   October 2017

              Pritikin, M., Richardson, M., Behringer, M., Bjarnason,
              S., and K. Watsen, "Bootstrapping Remote Secure Key
              Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
              keyinfra-08 (work in progress), October 2017.

              Koster, M., Keranen, A., and J. Jimenez, "Publish-
              Subscribe Broker for the Constrained Application Protocol
              (CoAP)", draft-ietf-core-coap-pubsub-02 (work in
              progress), July 2017.

              Bormann, C., Lemay, S., Tschofenig, H., Hartke, K.,
              Silverajan, B., and B. Raymor, "CoAP (Constrained
              Application Protocol) over TCP, TLS, and WebSockets",
              draft-ietf-core-coap-tcp-tls-09 (work in progress), May

              Veillette, M., Stok, P., Pelov, A., and A. Bierman, "CoAP
              Management Interface", draft-ietf-core-comi-01 (work in
              progress), July 2017.

              Veillette, M., Pelov, A., Turner, R., Minaburo, A., and A.
              Somaraju, "YANG Schema Item iDentifier (SID)", draft-ietf-
              core-sid-01 (work in progress), May 2017.

              Veillette, M., Pelov, A., Somaraju, A., Turner, R., and A.
              Minaburo, "CBOR Encoding of Data Modeled with YANG",
              draft-ietf-core-yang-cbor-05 (work in progress), August

              Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and
              A. Tripathy, "Custom Subscription to Event Notifications",
              draft-ietf-netconf-subscribed-notifications-05 (work in
              progress), October 2017.

              Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen-
              Nygaard, E., Bierman, A., and B. Lengyel, "Subscribing to
              YANG datastore push updates", draft-ietf-netconf-yang-
              push-10 (work in progress), October 2017.

Birkholz, et al.         Expires April 21, 2018                 [Page 9]

Internet-Draft                  CoMI Push                   October 2017

              Watsen, K., Abrahamsson, M., and I. Farrer, "Zero Touch
              Provisioning for NETCONF or RESTCONF based Management",
              draft-ietf-netconf-zerotouch-17 (work in progress),
              September 2017.

              Kumar, S., Stok, P., Kampanakis, P., Furuhed, M., and S.
              Raza, "EST over secure CoAP (EST-coaps)", draft-
              vanderstok-ace-coap-est-02 (work in progress), June 2017.

   [RFC7049]  Bormann, C. and P. Hoffman, "Concise Binary Object
              Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
              October 2013, <https://www.rfc-editor.org/info/rfc7049>.

   [RFC7252]  Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
              Application Protocol (CoAP)", RFC 7252,
              DOI 10.17487/RFC7252, June 2014,

   [RFC7641]  Hartke, K., "Observing Resources in the Constrained
              Application Protocol (CoAP)", RFC 7641,
              DOI 10.17487/RFC7641, September 2015,

   [RFC8040]  Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
              Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,

   [RFC8071]  Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
              RFC 8071, DOI 10.17487/RFC8071, February 2017,

   [RFC8132]  van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and
              FETCH Methods for the Constrained Application Protocol
              (CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017,

Authors' Addresses

   Henk Birkholz
   Fraunhofer SIT
   Rheinstrasse 75
   Darmstadt  64295

   Email: henk.birkholz@sit.fraunhofer.de

Birkholz, et al.         Expires April 21, 2018                [Page 10]

Internet-Draft                  CoMI Push                   October 2017

   Tianran Zhou
   156 Beiqing Rd.
   Beijing, Haidian District

   Email: zhoutianran@huawei.com

   Xufeng Liu
   8281 Greensboro Drive, Suite 200
   McLean VA  22102

   Email: Xufeng_Liu@jabil.com

   Eric Voit
   Cisco Systems

   Email: evoit@cisco.com

Birkholz, et al.         Expires April 21, 2018                [Page 11]

Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/