<?xml version='1.0' encoding='utf-8'?> <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent"><!-- [rfced] converted to v3 by Jean (xml2rfc 2.32.0) /10/04/19 --><rfc xmlns:xi="http://www.w3.org/2001/XInclude" number="8650" docName="draft-ietf-netconf-restconf-notif-15" updates="" obsoletes="" category="std" consensus="true" submissionType="IETF" ipr="trust200902" tocInclude="true" symRefs="true" sortRefs="true" xml:lang="en" version="3"> <front> <title abbrev="RESTCONF Transport for Event Notifications">Dynamic Subscription to YANG Events and Datastores over RESTCONF</title> <seriesInfo name="RFC" value="8650"/> <author fullname="Eric Voit" initials="E." surname="Voit"> <organization>Cisco Systems</organization> <address> <email>evoit@cisco.com</email> </address> </author> <author fullname="Reshad Rahman" initials="R." surname="Rahman"> <organization>Cisco Systems</organization> <address> <email>rrahman@cisco.com</email> </address> </author> <author fullname="Einar Nilsen-Nygaard" initials="E." surname="Nilsen-Nygaard"> <organization>Cisco Systems</organization> <address> <email>einarnn@cisco.com</email> </address> </author> <author fullname="Alexander Clemm" initials="A." surname="Clemm"> <organization>Futurewei</organization> <address> <email>ludwig@clemm.org</email> </address> </author> <author fullname="Andy Bierman" initials="A." surname="Bierman"> <organization>YumaWorks</organization> <address> <email>andy@yumaworks.com</email> </address> </author> <datemonth="October"month="November" year="2019"/> <area>Operations & Management</area> <workgroup>NETCONF</workgroup> <keyword>YANG-Push</keyword> <abstract> <t>This document provides a RESTCONF binding to the dynamic subscription capability of both subscribed notifications and YANG-Push.</t> </abstract> </front> <middle> <section numbered="true" toc="default"> <name>Introduction</name> <t>Mechanisms to support event subscription and YANG-Push are defined in <xref target="RFC8639" format="default"/>. Enhancements to <xref target="RFC8639" format="default"/> that enable YANG datastore subscription and YANG-Push are defined in <xref target="RFC8641" format="default"/>. This document provides a transport specification for dynamic subscriptions over RESTCONF <xref target="RFC8040" format="default"/>. Requirements for these mechanisms are captured in <xref target="RFC7923" format="default"/>.</t> <t>The streaming of notifications that encapsulate the resulting information push is done via the mechanism described in <xref target="RFC8040" sectionFormat="of" section="6.3" format="default"/>. </t> </section> <section numbered="true" toc="default"> <name>Terminology</name> <t> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here. </t> <t>The following terms use the definitions from <xref target="RFC8639" format="default"/>: dynamic subscription, event stream, notification message, publisher, receiver, subscriber, and subscription.</t> <t>Other terms reused include datastore, which is defined in <xref target="RFC8342" format="default"/>, and HTTP/2 stream, which maps to the definition of "stream" within <xref target="RFC7540" sectionFormat="comma" section="2" format="default"/>.</t> </section> <section anchor="dyn-subs" numbered="true" toc="default"> <name>Dynamic Subscriptions</name> <t>This section provides specifics on how to establish and maintain dynamic subscriptions over RESTCONF <xref target="RFC8040" format="default"/>. Subscribing to event streams is accomplished in this way via RPCs defined within <xref target="RFC8639" sectionFormat="comma" section="2.4" format="default"/>. The RPCs are done via RESTCONF POSTs. YANG datastore subscription is accomplished via augmentations to <xref target="RFC8639" format="default"/> as described within <xref target="RFC8641" sectionFormat="comma" section="4.4" format="default"/>.</t> <t>As described in <xref target="RFC8040" sectionFormat="of" section="6.3" format="default"/>, a GET needs to be performed on a specific URI on the publisher. Subscribers cannot predetermine the URI against which a subscription might exist on a publisher, as the URI will only exist after the "establish-subscription" RPC has been accepted. Therefore, the POST for the "establish-subscription" RPC replaces the GET request for the "location" leaf that is used in <xref target="RFC8040" format="default"/> to obtain the URI. The subscription URI will be determined and sent as part of the response to the "establish-subscription" RPC, and a subsequent GET to this URI will be done in order to start the flow of notification messages back to the subscriber. As specified in <xref target="RFC8639" sectionFormat="of" section="2.4.1" format="default"/>, a subscription does not move to the active state until the GET is received.</t> <section numbered="true" toc="default"> <name>Transport Connectivity</name> <t>For a dynamic subscription, when a RESTCONF session doesn't already exist, a new RESTCONF session is initiated from the subscriber.</t> <t>As stated in <xref target="RFC8040" sectionFormat="of" section="2.1" format="default"/>, a subscriber <bcp14>MUST</bcp14> establish the HTTP session over TLS <xref target="RFC8446" format="default"/> in order to secure the content in transit.</t> <t>Without the involvement of additional protocols, HTTP sessions by themselves do not support quick recognition of the loss of the communication path to the publisher. Where quick recognition of the loss of a publisher is required, a subscriber <bcp14>SHOULD</bcp14> use a TLS heartbeat <xref target="RFC6520" format="default"/>, just from subscriber to publisher, to track HTTP session continuity.</t> <t>Loss of the heartbeat <bcp14>MUST</bcp14> result in the teardown of any subscription-related TCP sessions between those endpoints. A subscriber can then attempt to re-establish the dynamic subscription by using the procedure described in <xref target="SSE" format="default"/>.</t> </section> <section numbered="true" toc="default"> <name>Discovery</name> <t>Subscribers can learn which event streams a RESTCONF server supports by querying the "streams" container of ietf-subscribed-notifications.yang in <xref target="RFC8639" format="default"/>. Support for the "streams" container of ietf-restconf-monitoring.yang in <xref target="RFC8040" format="default"/> is not required. In the case when the RESTCONF binding specified by this document is used to convey the "streams" container from ietf-restconf-monitoring.yang (i.e., that feature is supported), any event streams contained therein are also expected to be present in the "streams" container of ietf-restconf-monitoring.yang.</t> <t>Subscribers can learn which datastores a RESTCONF server supports by following <xref target="RFC8527" sectionFormat="of" section="2" format="default"/>. </t> </section> <section numbered="true" toc="default"> <name>RESTCONF RPCs and HTTP Status Codes</name> <t>Specific HTTP response codes as defined in <xref target="RFC7231" sectionFormat="of" section="6" format="default"/> will indicate the result of RESTCONF RPC requests with the publisher. An HTTP status code of 200 is the proper response to any successful RPC defined within <xref target="RFC8639" format="default"/> or <xref target="RFC8641" format="default"/>.</t> <t>If a publisher fails to serve the RPC request for one of the reasons indicated in <xref target="RFC8639" sectionFormat="of" section="2.4.6" format="default"/> or <xref target="RFC8641" sectionFormat="of" section="A" format="default"/>, this will be indicated by an appropriate error code, as shown below, transported in the HTTP response.</t> <t>When an HTTP error code is returned, the RPC reply <bcp14>MUST</bcp14> include an <rpc-error> element per <xref target="RFC8040" sectionFormat="of" section="7.1" format="default"/> with the following parameter values: </t> <ul spacing="normal"> <li>an "error-type" node of "application".</li> <li>an "error-tag" node whose value is a string that corresponds to an identity associated with the error. This "error-tag" will come from one of two places and will correspond to the error identities either within <xref target="RFC8639" sectionFormat="of" section="2.4.6" format="default"/> for general subscription errors (<xref target="gen-sub-errors" format="default"/>) or within <xref target="RFC8641" sectionFormat="of" section="A.1" format="default"/> for subscription errors specific to YANG datastores (<xref target="datastore-specific-errors" format="default"/>).</li> <li>an "error-app-tag" node whose value is a string that corresponds to an identity associated with the error, as defined in <xref target="RFC8639" sectionFormat="of" section="2.4.6" format="default"/> for general subscriptions or <xref target="RFC8641" sectionFormat="of" section="A.1" format="default"/> for subscription errors specific to YANG datastores. The tag to use depends on the RPC for which the error occurred. Viable errors for different RPCs are found in <xref target="rpc-errors" format="default"/>.</li> </ul> <table anchor="gen-sub-errors"> <name>General Subscription Error Identities and Associated "error-tag" Use</name> <thead> <tr> <th>Error identity</th> <th>Uses "error-tag"</th> <th>HTTP code</th> </tr> </thead> <tbody> <tr> <td>dscp-unavailable</td> <td>invalid-value</td> <td>400</td> </tr> <tr> <td>encoding-unsupported</td> <td>invalid-value</td> <td>400</td> </tr> <tr> <td>filter-unsupported</td> <td>invalid-value</td> <td>400</td> </tr> <tr> <td>insufficient-resources</td> <td>resource-denied</td> <td>409</td> </tr> <tr> <td>no-such-subscription</td> <td>invalid-value</td> <td>404</td> </tr> <tr> <td>replay-unsupported</td> <td>operation-not-supported</td> <td>501</td> </tr> </tbody> </table> <table anchor="datastore-specific-errors"> <name>Datastore-Specific Error Identities and Associated "error-tag" Use</name> <thead> <tr> <th>Error identity</th> <th>Uses "error-tag"</th> <th>HTTP code</th> </tr> </thead> <tbody> <tr> <td>cant-include</td> <td>operation-not-supported</td> <td>501</td> </tr> <tr> <td>datastore-not-subscribable</td> <td>invalid-value</td> <td>400</td> </tr> <tr> <td>no-such-subscription-resync</td> <td>invalid-value</td> <td>404</td> </tr> <tr> <td>on-change-unsupported</td> <td>operation-not-supported</td> <td>501</td> </tr> <tr> <td>on-change-sync-unsupported</td> <td>operation-not-supported</td> <td>501</td> </tr> <tr> <td>period-unsupported</td> <td>invalid-value</td> <td>400</td> </tr> <tr> <td>update-too-big</td> <td>too-big</td> <td>400</td> </tr> <tr> <td>sync-too-big</td> <td>too-big</td> <td>400</td> </tr> <tr> <td>unchanging-selection</td> <td>operation-failed</td> <td>500</td> </tr> </tbody> </table> <table anchor="rpc-errors"> <name>RPC Errors and Associated Error Identities</name> <thead> <tr> <th>RPC</th> <th>Select an identity with a base</th> </tr> </thead> <tbody> <tr> <td>establish-subscription</td> <td>establish-subscription-error</td> </tr> <tr> <td>modify-subscription</td> <td>modify-subscription-error</td> </tr> <tr> <td>delete-subscription</td> <td>delete-subscription-error</td> </tr> <tr> <td>kill-subscription</td> <td>delete-subscription-error</td> </tr> <tr> <td>resync-subscription</td> <td>resync-subscription-error</td> </tr> </tbody> </table> <t>Each error identity will be inserted as the "error-app-tag" using JSON encoding following the form <modulename>:<identityname>. An example of such a valid encoding would be "ietf-subscribed-notifications:no-such-subscription".</t> <t>In the case of error responses to an "establish-subscription" or "modify-subscription" request, there is the option to include an "error-info" node. This node may contain hints for parameter settings that might lead to successful RPC requests in the future. Tables <xref target="error-info-estab-sub" format="counter"/> and <xref target="error-info-mod-sub" format="counter"/> show the yang-data structures that may be returned.</t> <table anchor="error-info-estab-sub"> <name>Optional "error-info" Node Hints for an "establish-subscription" Request</name> <thead> <tr> <th>Target:</th> <th>Return hints in yang-data structure</th> </tr> </thead> <tbody> <tr> <td>event stream</td> <td>establish-subscription-stream-error-info</td> </tr> <tr> <td>datastore</td> <td>establish-subscription-datastore-error-info</td> </tr> </tbody> </table> <table anchor="error-info-mod-sub"> <name>Optional "error-info" Node Hints for an "modify-subscription" Request</name> <thead> <tr> <th>Target:</th> <th>Returns hints in yang-data structure</th> </tr> </thead> <tbody> <tr> <td>event stream</td> <td>modify-subscription-stream-error-info</td> </tr> <tr> <td>datastore</td> <td>modify-subscription-datastore-error-info</td> </tr> </tbody> </table> <t>The yang-data included within "error-info" <bcp14>SHOULD NOT</bcp14> include the optional leaf "reason", as such a leaf would be redundant with information that is already placed within the "error-app-tag". </t> <t>In case of an <rpc-error> as a result of a "delete-subscription", a "kill-subscription", or a "resync-subscription" request, no "error-info" needs to be included, as the "subscription-id" is the only RPC input parameter, and no hints regarding this RPC input parameters need to be provided. </t> <t>Note that "error-path" <xref target="RFC8040" format="default"/> does not need to be included with the <rpc-error> element, as subscription errors are generally associated with the choice of RPC input parameters. </t> </section> <section anchor="SSE" numbered="true" toc="default"> <name>Call Flow for Server-Sent Events</name> <t>The call flow for Server-Sent Events (SSE) is defined in <xref target="dyn-sse" format="default"/>. The logical connections denoted by (a) and (b) can be a TCP connection or an HTTP/2 stream (if HTTP/2 is used, multiple HTTP/2 streams can be carried in one TCP connection). Requests to RPCs as defined in <xref target="RFC8639" format="default"/> or <xref target="RFC8641" format="default"/> are sent on a connection indicated by (a). A successful "establish-subscription" will result in an RPC response returned with both a subscription identifier that uniquely identifies a subscription, as well as a URI that uniquely identifies the location of subscription on the publisher (b). This URI is defined via the "uri" leaf in the data model in <xref target="YANG-module" format="default"/>. </t> <t>An HTTP GET is then sent on a separate logical connection (b) to the URI on the publisher. This signals the publisher to initiate the flow of notification messages that are sent in SSE <xref target="W3C-20150203" format="default"/> as a response to the GET. There cannot be two or more simultaneous GET requests on a subscription URI: any GET request received while there is a current GET request on the same URI <bcp14>MUST</bcp14> be rejected with HTTP error code 409.</t> <t>As described in <xref target="RFC8040" sectionFormat="of" section="6.4" format="default"/>, RESTCONF servers <bcp14>SHOULD NOT</bcp14> send the "event" or "id" fields in the SSE event notifications.</t> <figure anchor="dyn-sse"> <name>Dynamic Subscriptions with Server-Sent Events</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +--------------+ +--------------+ | Subscriber | | Publisher | | | | | | Logical | | Logical | | Connection | | Connection | | (a) (b) | | (a) (b) | +--------------+ +--------------+ | RESTCONF POST (RPC:establish-subscription) | |--------------------------------------------->| | HTTP 200 OK (ID,URI)| |<---------------------------------------------| | |HTTP GET (URI) | | |--------------------------------------------->| | | HTTP 200 OK| | |<---------------------------------------------| | | SSE (notif-message)| | |<---------------------------------------------| | RESTCONF POST (RPC:modify-subscription) | | |--------------------------------------------->| | | | HTTP 200 OK| | |<---------------------------------------------| | | | SSE (subscription-modified)| | |<------------------------------------------(c)| | | SSE (notif-message)| | |<---------------------------------------------| | RESTCONF POST (RPC:delete-subscription) | | |--------------------------------------------->| | | | HTTP 200 OK| | |<---------------------------------------------| | | | | | | | | | (a) (b) (a) (b) ]]></artwork> </figure> <t>Additional requirements for dynamic subscriptions over SSE include:</t> <ul spacing="normal"> <li> A publisher <bcp14>MUST</bcp14> return all subscription state notifications in a separate SSE message used by the subscription to which the state change refers. </li> <li>Subscription RPCs <bcp14>MUST NOT</bcp14> use the connection currently providing notification messages for that subscription.</li> <li>In addition to an RPC response for a "modify-subscription" RPC traveling over (a), a "subscription-modified" state change notification <bcp14>MUST</bcp14> be sent within (b). This allows the receiver to know exactly when, within the stream of events, the new terms of the subscription have been applied to the notification messages. See arrow (c).</li> <li>In addition to any required access permissions (e.g., Network Configuration Access Control Model (NACM)), the RPCs "modify-subscription", "resync-subscription", and "delete-subscription" <bcp14>SHOULD</bcp14> only be allowed by the same RESTCONF username <xref target="RFC8040" format="default"/> that invoked "establish-subscription". Such a restriction generally serves to preserve users' privacy, but exceptions might be made for administrators that may need to modify or delete other users' subscriptions.</li> <li>The "kill-subscription" RPC can be invoked by any RESTCONF username with the required administrative permissions.</li> </ul> <t>A publisher <bcp14>MUST</bcp14> terminate a subscription in the following cases:</t> <ul spacing="normal"> <li>Receipt of a "delete-subscription" or a "kill-subscription" RPC for that subscription</li> <li>Loss of TLS heartbeat</li> </ul> <t>A publisher <bcp14>MAY</bcp14> terminate a subscription at any time as stated in <xref target="RFC8639" sectionFormat="of" section="1.3" format="default"/>.</t> </section> </section> <section numbered="true" toc="default"> <name>QoS Treatment</name> <t>Qos treatment for event streams is described in <xref target="RFC8639" sectionFormat="of" section="2.3" format="default"/>. In addition, if HTTP/2 is used, the publisher <bcp14>MUST</bcp14>:</t> <ul spacing="normal"> <li>Take the "weighting" leaf node in <xref target="RFC8639" format="default"/> and copy it into the HTTP/2 stream weight, <xref target="RFC7540" sectionFormat="of" section="5.3" format="default"/>, and </li> <li>Take any existing subscription "dependency", as specified by the "dependency" leaf node in <xref target="RFC8639" format="default"/>, and use the HTTP/2 stream for the parent subscription as the HTTP/2 stream dependency (as described in <xref target="RFC7540" sectionFormat="of" section="5.3.1" format="default"/>) of the dependent subscription.</li> <li>Set the exclusive flag (<xref target="RFC7540" sectionFormat="of" section="5.3.1" format="default"/>) to 0.</li> </ul> <t>For dynamic subscriptions with the same Differentiated Services Code Point (DSCP) value to a specific publisher, it is recommended that the subscriber sends all URI GET requests on a common HTTP/2 session (if HTTP/2 is used). Conversely, a subscriber cannot use a common HTTP/2 session for subscriptions with different DSCP values.</t> </section> <section numbered="true" toc="default"> <name>Notification Messages</name> <t>Notification messages transported over RESTCONF will be encoded according to <xref target="RFC8040" sectionFormat="comma" section="6.4" format="default"/>.</t> </section> <section anchor="YANG-tree" numbered="true" toc="default"> <name>YANG Tree</name> <t> The YANG module defined in <xref target="YANG-module" format="default"/> has one leaf that augments three nodes of <xref target="RFC8639" format="default"/>.</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="yangtree"><![CDATA[ module: ietf-restconf-subscribed-notifications augment /sn:establish-subscription/sn:output: +--ro uri? inet:uri augment /sn:subscriptions/sn:subscription: +--ro uri? inet:uri augment /sn:subscription-modified: +--ro uri? inet:uri]]></artwork>]]></sourcecode> </section> <section anchor="YANG-module" numbered="true" toc="default"> <name>YANG Module</name> <t>This module references <xref target="RFC8639" format="default"/>.</t> <sourcecode name="ietf-restconf-subscribed-notifications@2019-10-15.yang"type=""type="yang" markers="true"><![CDATA[ module ietf-restconf-subscribed-notifications { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:" + "ietf-restconf-subscribed-notifications"; prefix rsn; import ietf-subscribed-notifications { prefix sn; } import ietf-inet-types { prefix inet; } organization "IETF NETCONF (Network Configuration) Working Group"; contact "WG Web: <https://datatracker.ietf.org/wg/netconf/> WG List: <mailto:netconf@ietf.org> Editor: Eric Voit <mailto:evoit@cisco.com> Editor: Alexander Clemm <mailto:ludwig@clemm.org> Editor: Reshad Rahman <mailto:rrahman@cisco.com>"; description "Defines RESTCONF as a supported transport for subscribed event notifications. Copyright (c) 2019 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 8650; see the RFC itself for full legal notices."; revision 2019-10-15 { description "Initial version"; reference "RFC 8650: Dynamic Subscription to YANG Events and Datastores over RESTCONF"; } grouping uri { description "Provides a reusable description of a URI."; leaf uri { type inet:uri; config false; description "Location of a subscription-specific URI on the publisher."; } } augment "/sn:establish-subscription/sn:output" { description "This augmentation allows RESTCONF-specific parameters for a response to a publisher's subscription request."; uses uri; } augment "/sn:subscriptions/sn:subscription" { description "This augmentation allows RESTCONF-specific parameters to be exposed for a subscription."; uses uri; } augment "/sn:subscription-modified" { description "This augmentation allows RESTCONF-specific parameters to be included as part of the notification that a subscription has been modified."; uses uri; } } ]]></sourcecode> </section> <section numbered="true" toc="default"> <name>IANA Considerations</name> <t> This document registers the following namespace URI in the "ns" subregistry of the "IETF XML Registry" <xref target="RFC3688" format="default"/>: </t> <dl> <dt>URI:</dt> <dd>urn:ietf:params:xml:ns:yang:ietf-restconf-subscribed-notifications</dd> <dt>Registrant Contact:</dt> <dd>The IESG.</dd> <dt>XML:</dt> <dd>N/A; the requested URI is an XML namespace.</dd> </dl> <t> This document registers the following YANG module in the "YANG Module Names" registry <xref target="RFC6020" format="default"/>: </t> <dl> <dt>Name:</dt> <dd>ietf-restconf-subscribed-notifications</dd> <dt>Namespace:</dt> <dd>urn:ietf:params:xml:ns:yang:ietf-restconf-subscribed-notifications</dd> <dt>Prefix:</dt> <dd>rsn</dd> <dt>Reference:</dt> <dd>RFC 8650</dd> </dl> </section> <section anchor="security" numbered="true" toc="default"> <name>Security Considerations</name> <t>The YANG module specified in this document defines a schema for data that is designed to be accessed via network management transports such as NETCONF <xref target="RFC6241" format="default"/> or RESTCONF <xref target="RFC8040" format="default"/>. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) <xref target="RFC6242" format="default"/>. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS <xref target="RFC8446" format="default"/>.</t> <t>The Network Configuration Access Control Model (NACM) <xref target="RFC8341" format="default"/> provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.</t> <t>The one new data node introduced in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to this data node. These are the subtrees and data nodes and their sensitivity/vulnerability:</t> <t>Container: "/subscriptions"</t> <ul spacing="normal"> <li>"uri": leaf will show where subscribed resources might be located on a publisher. Access control must be set so that only someone with proper access permissions, i.e., the same RESTCONF <xref target="RFC8040" format="default"/> user credentials that invoked the corresponding "establish-subscription", has the ability to access this resource.</li> </ul> <t>The subscription URI is implementation specific and is encrypted via the use of TLS. Therefore, even if an attacker succeeds in guessing the subscription URI, a RESTCONF username <xref target="RFC8040" format="default"/> with the required administrative permissions must be used to be able to access or modify that subscription. It is recommended that the subscription URI values not be easily predictable.</t> <t>The access permission considerations for the RPCs "modify-subscription", "resync-subscription", "delete-subscription", and "kill-subscription" are described in <xref target="SSE" format="default"/>.</t> <t>If a buggy or compromised RESTCONF subscriber sends a number of "establish-subscription" requests, then these subscriptions accumulate and may use up system resources. In such a situation, the publisher <bcp14>MAY</bcp14> also suspend or terminate a subset of the active subscriptions from that RESTCONF subscriber in order to reclaim resources and preserve normal operation for the other subscriptions. </t> </section> </middle> <back> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3688.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6020.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6241.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6242.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6520.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7540.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8040.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8341.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8342.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8639.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8641.xml"/> <reference anchor="W3C-20150203" target="https://www.w3.org/TR/2015/REC-eventsource-20150203/"> <front> <title>Server-Sent Events</title> <author fullname="I Hickson" initials="I" surname="Hickson"> <organization/> </author> <date day="03" month="February" year="2015"/> </front> <seriesInfo name="W3C" value="Recommendation"/> <annotation>Latest version available at <<eref target="https://www.w3.org/TR/eventsource/" />>.</annotation> </reference> </references> <references> <name>Informative References</name> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7231.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7923.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7951.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8347.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8527.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8640.xml"/> <reference anchor="XPATH" target="http://www.w3.org/TR/1999/REC-xpath-19991116"> <front> <title>XML Path Language (XPath) Version 1.0</title> <author fullname="J Clark" initials="J" surname="Clark"/> <author fullname="S DeRose" initials="S" surname="DeRose"/> <date day="16" month="November" year="1999"/> </front> <seriesInfo name="W3C" value="Recommendation"/> <annotation>Latest version available at <<eref target="https://www.w3.org/TR/xpath/" />>.</annotation> </reference> </references> </references> <section numbered="true" toc="default"> <name>Examples</name> <t>This section is non-normative. To allow easy comparison, this section mirrors the functional examples shown with NETCONF over XML within <xref target="RFC8640" format="default"/>. In addition, HTTP/2 vs HTTP/1.1 headers are not shown as the contents of the JSON encoded objects are identical within.</t> <t>The subscription URI values used in the examples in this section are purely illustrative, and are not indicative of the expected usage that is described in <xref target="security" format="default"/>.</t> <t>The DSCP values are only for example purposes and are all indicated in decimal since the encoding is JSON <xref target="RFC7951" format="default"/>.</t> <section numbered="true" toc="default"> <name>Dynamic Subscriptions</name> <section numbered="true" toc="default"> <name>Establishing Dynamic Subscriptions</name> <t>The following figure shows two successful "establish-subscription" RPC requests as per <xref target="RFC8639" format="default"/>. The first request is given a subscription identifier of 22, and the second, an identifier of 23.</t> <figure anchor="mess-flow-establishment"> <name>Multiple Subscriptions over RESTCONF/HTTP</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +------------+ +-----------+ | Subscriber | | Publisher | +------------+ +-----------+ | | |establish-subscription | |------------------------------>| (a) | HTTP 200 OK, id#22, URI#1 | |<------------------------------| (b) |GET (URI#1) | |------------------------------>| (c) | HTTP 200 OK,notif-mesg (id#22)| |<------------------------------| | | | | |establish-subscription | |------------------------------>| | HTTP 200 OK, id#23, URI#2| |<------------------------------| |GET (URI#2) | |------------------------------>| | | | | | notif-mesg (id#22)| |<------------------------------| | HTTP 200 OK,notif-mesg (id#23)| |<------------------------------| | | ]]></artwork> </figure> <t>To provide examples of the information being transported, example messages for interactions in <xref target="mess-flow-establishment" format="default"/> are detailed below:</t> <figure anchor="establish-subs"> <name>"establish-subscription" Request (a)</name> <artwork name="ex-establish-subscription.json" type="" align="left" alt=""><![CDATA[ POST /restconf/operations /ietf-subscribed-notifications:establish-subscription { "ietf-subscribed-notifications:input": { "stream-xpath-filter": "/example-module:foo/", "stream": "NETCONF", "dscp": 10 } } ]]></artwork> </figure> <t>As the publisher was able to fully satisfy the request, the publisher sends the subscription identifier of the accepted subscription and the URI:</t> <figure anchor="positive-establish-subs"> <name>"establish-subscription" Success (b)</name> <artwork name="" type="" align="left" alt=""><![CDATA[ HTTP status code - 200 { "id": 22, "uri": "https://example.com/restconf/subscriptions/22" } ]]></artwork> </figure> <t>Upon receipt of the successful response, the subscriber does a GET to the provided URI to start the flow of notification messages. When the publisher receives this, the subscription is moved to the active state (c).</t> <figure anchor="positive-establish-post"> <name>"establish-subscription" Subsequent POST</name> <artwork name="" type="" align="left" alt=""><![CDATA[ GET /restconf/subscriptions/22 ]]></artwork> </figure> <t>While not shown in <xref target="mess-flow-establishment" format="default"/>, if the publisher had not been able to fully satisfy the request, or the subscriber has no authorization to establish the subscription, the publisher would have sent an RPC error response. For instance, if the "dscp" value of 10 asserted by the subscriber in <xref target="establish-subs" format="default"/> proved unacceptable, the publisher may have returned:</t> <figure anchor="negative-establish-subs"> <name>An Unsuccessful "establish-subscription"</name> <artwork name="" type="" align="left" alt=""><![CDATA[ HTTP status code - 400 { "ietf-restconf:errors" : { "error" : [ { "error-type": "application", "error-tag": "invalid-value", "error-severity": "error", "error-app-tag": "ietf-subscribed-notifications:dscp-unavailable" } ] } } ]]></artwork> </figure> <t>The subscriber can use this information in future attempts to establish a subscription.</t> </section> <section numbered="true" toc="default"> <name>Modifying Dynamic Subscriptions</name> <t>An existing subscription may be modified. The following exchange shows a negotiation of such a modification via several exchanges between a subscriber and a publisher. This negotiation consists of a failed RPC modification request/response followed by a successful one.</t> <figure anchor="mess-flow-subs-modification"> <name>Interaction Model for Successful Subscription Modification</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +------------+ +-----------+ | Subscriber | | Publisher | +------------+ +-----------+ | | | notification message (id#23)| |<-----------------------------| | | |modify-subscription (id#23) | |----------------------------->| (d) | HTTP 400 error (with hint)| |<-----------------------------| (e) | | |modify-subscription (id#23) | |----------------------------->| | HTTP 200 OK | |<-----------------------------| | | | notif-mesg (id#23)| |<-----------------------------| | | ]]></artwork> </figure> <t>If the subscription being modified in <xref target="mess-flow-subs-modification" format="default"/> is a datastore subscription as per <xref target="RFC8641" format="default"/>, the modification request made in (d) may look like that shown in <xref target="simple-modify-subs" format="default"/>. As can be seen, the modifications being attempted are the application of a new XML Path Language (XPath) filter as well as the setting of a new periodic time interval.</t> <figure anchor="simple-modify-subs"> <name>Subscription Modification Request (c)</name> <artwork name="ex-modify-subscription.json" type="" align="left" alt=""><![CDATA[ POST /restconf/operations /ietf-subscribed-notifications:modify-subscription { "ietf-subscribed-notifications:input": { "id": 23, "ietf-yang-push:datastore-xpath-filter": "/example-module:foo/example-module:bar", "ietf-yang-push:periodic": { "ietf-yang-push:period": 500 } } } ]]></artwork> </figure> <t>If the publisher can satisfy both changes, the publisher sends a positive result for the RPC. If the publisher cannot satisfy either of the proposed changes, the publisher sends an RPC error response (e). The following is an example RPC error response for (e) that includes a hint. This hint is an alternative time period value that might have resulted in a successful modification:</t> <figure anchor="negative-modify-subs"> <name>"modify-subscription" Failure with Hint (e)</name> <artwork name="" type="" align="left" alt=""><![CDATA[ HTTP status code - 400 { "ietf-restconf:errors" : { "error" : [ "error-type": "application", "error-tag": "invalid-value", "error-severity": "error", "error-app-tag": "ietf-yang-push:period-unsupported", "error-info": { "ietf-yang-push": "modify-subscription-datastore-error-info": { "period-hint": 3000 } } ] } } ]]></artwork> </figure> </section> <section numbered="true" toc="default"> <name>Deleting Dynamic Subscriptions</name> <t>The following demonstrates deleting a subscription. This subscription may have been to either a stream or a datastore.</t> <figure anchor="simple-delete-subs"> <name>"delete-subscription" Request</name> <artwork name="ex-delete-subscription.json" type="" align="left" alt=""><![CDATA[ POST /restconf/operations /ietf-subscribed-notifications:delete-subscription { "delete-subscription": { "id": "22" } } ]]></artwork> </figure> <t>If the publisher can satisfy the request, the publisher replies with success to the RPC request.</t> <t>If the publisher cannot satisfy the request, the publisher sends an <rpc-error> element indicating the modification didn't work. <xref target="negative-delete-subs" format="default"/> shows a valid response for an existing valid subscription identifier, but that subscription identifier was created on a different transport session:</t> <figure anchor="negative-delete-subs"> <name>Unsuccessful "delete-subscription"</name> <artwork name="" type="" align="left" alt=""><![CDATA[ HTTP status code - 404 { "ietf-restconf:errors" : { "error" : [ "error-type": "application", "error-tag": "invalid-value", "error-severity": "error", "error-app-tag": "ietf-subscribed-notifications:no-such-subscription" ] } } ]]></artwork> </figure> </section> </section> <section numbered="true" toc="default"> <name>Subscription State Notifications</name> <t>A publisher will send subscription state notifications according to the definitions within <xref target="RFC8639" format="default"/>.</t> <section numbered="true" toc="default"> <name>"subscription-modified"</name> <t>A "subscription-modified" encoded in JSON would look like:</t> <figure anchor="subscription-modified-ctrl-plane-notif"> <name>"subscription-modified" Subscription State Notification</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="json"><![CDATA[ { "ietf-restconf:notification" : { "eventTime": "2007-09-01T10:00:00Z", "ietf-subscribed-notifications:subscription-modified": { "id": 39, "uri": "https://example.com/restconf/subscriptions/22" "stream-xpath-filter": "/example-module:foo", "stream": { "ietf-netconf-subscribed-notifications" : "NETCONF" } } } }]]></artwork>]]></sourcecode> </figure> </section> <section numbered="true" toc="default"> <name>"subscription-completed", "subscription-resumed", and "replay-completed"</name> <t>A "subscription-completed" notification would look like:</t> <figure anchor="subscription-completed"> <name>"subscription-completed" Notification in JSON</name><artwork<sourcecode name="ex-subscription-completed.json"type="" align="left" alt=""><![CDATA[type="json"><![CDATA[ { "ietf-restconf:notification" : { "eventTime": "2007-09-01T10:00:00Z", "ietf-subscribed-notifications:subscription-completed": { "id": 39, } } }]]></artwork>]]></sourcecode> </figure> <t>The "subscription-resumed" and "replay-complete" are virtually identical, with "subscription-completed" simply being replaced by "subscription-resumed" and "replay-complete".</t> </section> <section numbered="true" toc="default"> <name>"subscription-terminated" and "subscription-suspended"</name> <t>A "subscription-terminated" would look like:</t> <figure anchor="subscription-terminated"> <name>"subscription-terminated" Subscription State Notification</name><artwork<sourcecode name="ex-subscription-terminated.json"type="" align="left" alt=""><![CDATA[type="json"><![CDATA[ { "ietf-restconf:notification" : { "eventTime": "2007-09-01T10:00:00Z", "ietf-subscribed-notifications:subscription-terminated": { "id": 39, "error-id": "suspension-timeout" } } }]]></artwork>]]></sourcecode> </figure> <t>The "subscription-suspended" is virtually identical, with "subscription-terminated" simply being replaced by "subscription-suspended".</t> </section> </section> <section numbered="true" toc="default"> <name>Filter Example</name> <t>This section provides an example that illustrates the method of filtering event record contents. The example is based on the YANG notification "vrrp-protocol-error-event" as defined per the ietf-vrrp.yang module within <xref target="RFC8347" format="default"/>. Event records based on this specification that are generated by the publisher might appear as:</t> <figure anchor="VRRP-notification"> <name>RFC 8347 (VRRP) - Example Notification</name> <artwork name="" type="" align="left" alt=""><![CDATA[ data: { data: "ietf-restconf:notification" : { data: "eventTime" : "2018-09-14T08:22:33.44Z", data: "ietf-vrrp:vrrp-protocol-error-event" : { data: "protocol-error-reason" : "checksum-error" data: } data: } data: } ]]></artwork> </figure> <t>Suppose a subscriber wanted to establish a subscription that only passes instances of event records where there is a "checksum-error" as part of a Virtual Router Redundancy Protocol (VRRP) protocol event. Also assume the publisher places such event records into the NETCONF stream. To get a continuous series of matching event records, the subscriber might request the application of an XPath filter against the NETCONF stream. An "establish-subscription" RPC to meet this objective might be:</t> <figure anchor="VRRP-XPATH"> <name>Establishing a Subscription Error Reason via XPath</name> <artwork name="ex-establish-subscription-filter-xpath.json" type="" align="left" alt=""><![CDATA[ POST /restconf/operations /ietf-subscribed-notifications:establish-subscription { "ietf-subscribed-notifications:input": { "stream": "NETCONF", "stream-xpath-filter": "/ietf-vrrp:vrrp-protocol-error-event[ protocol-error-reason='checksum-error']/", } } ]]></artwork> </figure> <t>For more examples of XPath filters, see <xref target="XPATH" format="default"/>.</t> <t>Suppose the "establish-subscription" in <xref target="VRRP-XPATH" format="default"/> was accepted. And suppose later a subscriber decided they wanted to broaden this subscription cover to all VRRP protocol events (i.e., not just those with a "checksum error"). The subscriber might attempt to modify the subscription in a way that replaces the XPath filter with a subtree filter that sends all VRRP protocol events to a subscriber. Such a "modify-subscription" RPC might look like:</t> <figure anchor="VRRP-Subtree"> <name>Example "modify-subscription" RPC</name> <artwork name="ex-modify-subscription-filter-subtree.json" type="" align="left" alt=""><![CDATA[ POST /restconf/operations /ietf-subscribed-notifications:modify-subscription { "ietf-subscribed-notifications:input": { "stream": "NETCONF", "stream-subtree-filter": { "/ietf-vrrp:vrrp-protocol-error-event" : {} } } } ]]></artwork> </figure> <t>For more examples of subtree filters, see <xref target="RFC6241" sectionFormat="comma" section="6.4" format="default"/>.</t> </section> </section> <section numbered="false" toc="default"> <name>Acknowledgments</name> <t>We wish to acknowledge the helpful contributions, comments, and suggestions that were received from Ambika Prasad Tripathy, Alberto Gonzalez Prieto, Susan Hares, Tim Jenkins, Balazs Lengyel, Kent Watsen, Michael Scharf, Guangying Zheng, Martin Bjorklund, Qin Wu, and Robert Wilton.</t> </section> </back> </rfc>