Restconf and HTTP Transport for Event NotificationsCisco Systemsevoit@cisco.comCisco Systemsalbertgo@cisco.comCisco Systemsambtripa@cisco.comCisco Systemseinarnn@cisco.comHuaweiludwig@clemm.orgYumaWorksandy@yumaworks.com
Operations & Management
NETCONFDraftThis document defines Restconf, HTTP2, and HTTP1.1 bindings for the transport of Subscription requests and corresponding push updates. Being subscribed may be either Event Notifications or objects or subtress of YANG Datastores.Mechanisms to support Event subscription and push are defined in . Enhancements to which enable YANG Datastore subscription and push are defined in . This document provides a transport specification for these protocols over Restconf and HTTP. Driving these requirements is .The streaming of Subscription Event Notifications has synergies with HTTP2 streams. Benefits which can be realized when transporting events directly HTTP2 include:Elimination of head-of-line blockingWeighting and proportional dequeuing of Events from different subscriptionsExplicit precedence in subscriptions so that events from one subscription must be sent before another dequeuesThe key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.The following terms use the defintions from : Configured Subscription, Dynamic Subscription, Event Notification, Publisher, Receiver, Subscriber, Subscription.Event subscription is defined in , YANG Datastore subscription is defined in . This section specifies transport mechanisms applicable to both.Dynamic Subscriptions for both and its augmentations are configured and managed via signaling messages transported over . These interactions will be accomplished via a Restconf POST into RPCs located on the Publisher. HTTP responses codes will indicate the results of the interaction with the Publisher. An HTTP status code of 200 is the proper response to a successful <establish-subscription> RPC call. The successful <establish-subscription> will result in a HTTP message with returned subscription URI on a logically separate mechanism than was used for the original Restconf POST. This mechanism is via a parallel TCP connection in the case of HTTP 1.x, or in the case of HTTP2 via a separate HTTP stream within the HTTP connection. When a being returned by the Publisher, failure will be indicated by error codes transported in payload.Once established, the resulting stream of Event Notifications are then delivered via SSE for HTTP1.1 and via HTTP Data for HTTP2.Requests to [yang-push] augmented RPCs are sent on one or more HTTP2 streams indicated by (a) in Figure 2. Event Notifications related to a single subscription are pushed on a unique logical channel (b). In the case below, a newly established subscription has its events pushed over HTTP2 stream (7).Requests to [yang-push] RPCs are sent on the TCP connection indicated by (a). Event Notifications are pushed on a separate connection (b). This connection (b) will be used for all Event Notifications across all subscriptions.With a Configured Subscription, all information needed to establish a secure relationship with that Receiver is available on the Publisher. With this information, the Publisher will establish a secure transport connection with the Receiver and then begin pushing the Event Notifications to the Receiver. Since Restconf might not exist on the Receiver, it is not desirable to require that such Event Notifications be pushed with any dependency on Restconf. Nor is there value which Restconf provides on top of HTTP. Therefore in place of Restconf, a TLS secured HTTP2 Client connection must be established with an HTTP2 Server located on the Receiver. Event Notifications will then be sent as part of an extended HTTP POST to the Receiver.POST messages will be addressed to HTTP augmentation code on the Receiver capable of accepting and responding to Event Notifications. The first POST message must be a subscription-started notification. Push update notifications must not be sent until the receipt of an HTTP 200 OK for this initial notification. The 200 OK will indicate that the Receiver is ready for Event Notifications. At this point a Subscription must be allocated its own HTTP2 stream. Figure 4 depicts this message flow.As the HTTP2 transport is available to the Receiver, the Publisher should:take any subscription-priority and copy it into the HTTP2 stream priority, andtake a subscription-dependency if it has been provided and map the HTTP2 stream for the parent subscription into the HTTP2 stream dependency.It is possible that updates might be delivered in a different sequence than generated. Reasons for this might include (but are not limited to):replay of pushed updatestemporary loss of transport connectivity, with update buffering and different dequeuing priorities per Subscriptionpopulation, marshalling and bundling of independent Subscription Updates, andTherefore each Event Notification will include a timestamp to ensure that a Receiver understands the time when a that update was generated. Use of this timestamp can give an indication of the state of objects at a Publisher when state-entangled information is received across different subscriptions. The use of the latest Event Notification timestamp for a particular object update can introduce errors. So when state-entangled updates have inconsistent object values and temporally close timestamps, a Receiver might consider performing a GET to validate the current state of a Publisher.Transported updates will contain context data for one or more Event Notifications. Each transported Event Notification will contain several parameters:Subscribers can dynamically learn whether a RESTCONF server supports various types of Event or Yang datastore subscription capabilities. This is done by issuing an HTTP request OPTIONS, HEAD, or GET on the stream. Some examples building upon the Call flow for HTTP1.1 from Section 3.2.2 are:If the server supports it, it may respondIf the server does not support any form of subscription, it may respondSubscribers can determine the URL to receive updates by sending an HTTP GET as a request for the "location" leaf with the stream list entry. The stream to use for may be selected from the Event Stream list provided in the capabilities exchange. Note that different encodings are supporting using different Event Stream locations. For example, the Subscriber might send the following request:The Publisher might send the following response:To subscribe and start receiving updates, the subscriber can then send an HTTP GET request for the URL returned by the Publisher in the request above. The accept header must be "text/event-stream". The Publisher uses the Server Sent Events transport strategy to push filtered Event Notifications from the Event stream.The Publisher MUST support individual parameters within the POST request body for all the parameters of a subscription. The only exception is the encoding, which is embedded in the URI. An example of this is:Should the publisher not support the requested subscription, it may reply:The following is an example of a pushed Event Notification data for the Subscription above. It contains a subtree with root foo that contains a leaf called bar:Or with the equivalent YANG over JSON encoding representation as defined in :To modify a Subscription, the subscriber issues another POST request on the provided URI using the same subscription-id as in the original request. For example, to modify the update period to 10 seconds, the subscriber may send:To delete a Subscription, the Subscriber issues a DELETE request on the provided URI using the same subscription-id as in the original requestThe basic encoding will look as below. It will consists of a JSON representation wrapped in an HTTP2 header.Subscriptions could be used to intentionally or accidentally overload the resources of a Publisher. For this reason, it is important that the Publisher has the ability to prioritize the establishment and push of Event Notifications where there might be resource exhaust potential. In addition, a server needs to be able to suspend existing Subscriptions when needed. When this occurs, the subscription status must be updated accordingly and the Receivers notified.A Subscription could be used to attempt retrieve information for which a Receiver has no authorized access. Therefore it is important that data pushed via a Subscription is authorized equivalently with regular data retrieval operations. Data being pushed to a Receiver needs therefore to be filtered accordingly, just like if the data were being retrieved on-demand. The Netconf Authorization Control Model applies even though the transport is not NETCONF.One or more Publishers of Configured Subscriptions could be used to overwhelm a Receiver which doesn't even support Subscriptions. There are two protections here. First Event Notifications for Configured Subscriptions MUST only be transmittable over Encrypted transports. Clients which do not want pushed Event Notifications need only terminate or refuse any transport sessions from the Publisher. Second, the HTTP transport augmentation on the Receiver must send an HTTP 200 OK to a subscription started notification before the Publisher starts streaming any events.One or more Publishers could overwhelm a Receiver which is unable to control or handle the volume of Event Notifications received. In deployments where this might be a concern, HTTP2 transport such as HTTP2) should be selected.We wish to acknowledge the helpful contributions, comments, and suggestions that were received from: Susan Hares, Tim Jenkins, Balazs Lengyel, Kent Watsen, Michael Scharf, and Guangying Zheng.Subscribing to Event NotificationsCiscoHuaweiCiscoCiscoCiscoSubscribing to YANG datastore push updatesHuaweiCiscoCiscoCiscoCiscoYumaWorksEricssonServer-Sent Events, World Wide Web Consortium CR
CR-eventsource-20121211Several technologies are expected to be seen within a deployment to achieve security and ease-of-use requirements. These are not necessary for an implementation of this specification, but will be useful to consider when considering the operational context.Pub/Sub implementations should have the ability to transparently incorporate 'call home' so that secure TLS connections can originate from the desired device.HTTP sessions might not quickly allow a Subscriber to recognize when the communication path has been lost from the Publisher. To recognize this, it is possible for a Receiver to establish a TLS heartbeat . In the case where a TLS heartbeat is included, it should be sent just from Receiver to Publisher. Loss of the heartbeat should result in any Subscription related TCP sessions between those endpoints being torn down. The subscription can then attempt to re-establish. (To be removed by RFC editor prior to publication)GRPC compatibility 1: Mechanisms for HTTP2 to GRPC mapping need to be considered. There is a good start there as this draft only uses POST, not GET. As GET is used in RESTCONF for capabilities discovery, we have some backwards compatibility issues with existing IETF drafts. Possible options to address are (1) provide a POST method for anything done by GET in RESTCONF, (2) await support of GET by GRPC, or (3) tunnel RESTCONF's GET messages within a GRPC POST.GRPC compatibility 2: We need to expose a method against which POST is done as events begin on a stream. See Stream 7 in figure 2. Can only send traffic to a method, not a URI. URI points to a method, not a resource. Need to add into document examples of Event streams. Document only includes yang-push examples at this point.We need to reference the viable encodings of notifications.(To be removed by RFC editor prior to publication)v01 - v02Removed sections now redundant with [sn] and [yang-push] such as: mechanisms for subscription maintenance, terminology definitions, stream discovery.3rd party subscriptions are out-of-scope.SSE only used with Restconf and HTTP1.1 Dynamic SubscriptionsTimeframes for event tagging are self-defined.Clean-up of wording, references to terminology, section numbers.v00 - v01Removed the ability for more than one subscription to go to a single HTTP2 stream.Updated call flows. Extensively.SSE only used with Restconf and HTTP1.1 Dynamic SubscriptionsHTTP is not used to determine that a Receiver has gone silent and is not Receiving Event NotificationsMany clean-ups of wording and terminology