Internet-Draft Adaptive Subscription June 2024
Wu, et al. Expires 15 December 2024 [Page]
Workgroup:
NETCONF Working Group
Internet-Draft:
draft-ietf-netconf-adaptive-subscription-05
Published:
Intended Status:
Experimental
Expires:
Authors:
Q. Wu
Huawei
W. Song
Huawei
P. Liu
China Mobile
Q. Ma
Huawei
W. Wang
China Telecom
Z. Niu
Microsoft

Adaptive Subscription to YANG Notification

Abstract

This document defines a YANG data model and associated mechanism that enable adaptive subscription to YANG notifications. The periodic update interval for the stream can be set adaptively. Applying adaptive subscription allows publishers to automatically adjust the period and volume of telemetry data sent to receivers.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 15 December 2024.

1. Introduction

YANG-Push subscriptions [RFC8641] allow subscriber applications to request a continuous customized stream of updates from a YANG datastore without needing to poll. It defines a mechanism (i.e., update trigger) to determine when an update record needs to be generated. Two types of subscription are introduced in [RFC8641], distinguished by how updates are triggered: periodic and on-change.

  • Periodic subscription allows subscribed data to be streamed to the destination at a configured fixed time interval;

  • On-change subscription allows update to be triggered whenever a change in the subscribed information is detected.

However, in some deployments where an increased data collection rate is used, it becomes more likely that both clients and servers could be temporarily overwhelmed with a burst of streamed data, and network and computation resources could be excessively consumed. Therefore, it may be expensive to continuously monitor operational data at a high collection rate. Conversely, if a stream of data is collected at a lower rate or some low priority data is allowed to be dropped, insufficient data might not be able to detect and diagnose service problems.

A client might choose to monitor the operational state and send a request to modify the data collection rate on the server as needed. But how often the client evaluates if the modification of the data collection rate is required highly depends on the current collection rate, collecting a stream of data at a low rate prevents the subscriber from capturing sufficient data for timely decision-making. In addition, when tens of thousands of network devices need to be managed, frequent follow-up modification requests are prone to errors.

This document defines a YANG data model and associated mechanism that enable adaptive subscription to YANG notifications. Servers can be configured with multiple different period intervals and corresponding period update conditions which allow servers/publishers to automatically switch to different period intervals according to the network condition changes without the interaction with the client for policy update instructions. Applying adaptive subscription allows publishers to automatically adjust the period and volume of telemetry data sent to receivers.

1.1. Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

The following terms are defined in [RFC5277], [RFC7950], [RFC8342], [RFC8639], [RFC8641] and are not redefined here:

  • Event

  • Client

  • Configuration

  • Configured subscription

  • Configuration datastore

  • Notification message

  • Publisher

  • Receiver

  • Subscriber

  • Subscription

  • On-change subscription

  • Periodic subscription

  • Selection filter

This document defines the following term:

Adaptive Subscription:
A subscription that specifies subscription period update policy on the servers when the subscription is initialized and allows servers/publishers to automatically switch to different period intervals according to network condition changes without interacting with the client for update policy instructions.

2. Model Overview

2.1. YANG Data Model Tree Diagrams

This document defines a YANG data model named "ietf-adapt-subscription" which augments the "update-trigger" choice defined in the "ietf-yang-push" module [RFC8641] with subscription configuration parameters that are specific to a subscriber's adaptive subscription.

In addition to subscription state notifications defined in [RFC8639] and notifications for subscribed content defined in [RFC8641], "ietf-adapt-subscription" module also defines "adaptive-period-update" notification to report the update interval change.

The following tree diagrams [RFC8340] provide an overview of the data model for "ietf-adapt-subscription" module.

 module: ietf-adapt-subscription
   augment /sn:subscriptions/sn:subscription/yp:update-trigger:
     +--:(adaptive-periodic)
        +--rw adaptive-periods
           +--rw adaptive-period* [name]
              +--rw name                   yang:yang-identifier
              +--rw xpath-eval-criterion   yang:xpath1.0
              +--rw period                 yp:centiseconds
              +--rw anchor-time?           yang:date-and-time
   augment /sn:establish-subscription/sn:input/yp:update-trigger:
     +--:(adaptive-periodic)
        +-- adaptive-periods
           +-- adaptive-period* [name]
              +-- name                   yang:yang-identifier
              +-- xpath-eval-criterion   yang:xpath1.0
              +-- period                 yp:centiseconds
              +-- anchor-time?           yang:date-and-time
   augment /sn:modify-subscription/sn:input/yp:update-trigger:
     +--:(adaptive-periodic)
        +-- adaptive-periods
           +-- adaptive-period* [name]
              +-- name                   yang:yang-identifier
              +-- xpath-eval-criterion   yang:xpath1.0
              +-- period                 yp:centiseconds
              +-- anchor-time?           yang:date-and-time
   augment /sn:subscription-started/yp:update-trigger:
     +--:(adaptive-periodic)
        +-- adaptive-periods
           +-- adaptive-period* [name]
              +-- name                   yang:yang-identifier
              +-- xpath-eval-criterion   yang:xpath1.0
              +-- period                 yp:centiseconds
              +-- anchor-time?           yang:date-and-time
   augment /sn:subscription-modified/yp:update-trigger:
     +--:(adaptive-periodic)
        +-- adaptive-periods
           +-- adaptive-period* [name]
              +-- name                   yang:yang-identifier
              +-- xpath-eval-criterion   yang:xpath1.0
              +-- period                 yp:centiseconds
              +-- anchor-time?           yang:date-and-time

   notifications:
     +---n adaptive-period-update
        +--ro id?                                     sn:subscription-id
        +--ro period                                  yp:centiseconds
        +--ro period-update-time?                     yang:date-and-time
        +--ro datastore                               identityref
        +--ro (selection-filter)?
           +--:(by-reference)
           |  +--ro selection-filter-ref
                      selection-filter-ref
           +--:(within-subscription)
              +--ro (filter-spec)?
                 +--:(datastore-subtree-filter)
                 |  +--ro datastore-subtree-filter?
                            <anydata> {sn:subtree}?
                 +--:(datastore-xpath-filter)
                    +--ro datastore-xpath-filter?
                            yang:xpath1.0 {sn:xpath}?

2.2. Adaptive Subscription Configuration

For adaptive subscriptions, triggered updates will occur at the boundaries of specified time intervals when the corresponding trigger condition is satisfied. These boundaries can be calculated from the following adaptive periodic parameters:

  • "name": represents the name of each adaptive period;

  • "xpath-eval-criterion": represents a standard XPath evaluation expression (Section 6.4 of [RFC7950]) that is applied against the targeted data node, which is used to trigger/control the update interval switching within the server. It follows the rules defined in section 3.4 of [XPATH1.0] and contains a comparison of a targeted node instance to the specific threshold in the XPath format. Different from selection filter defined in [RFC8641], it monitors a specific data node instance change and evaluates the trigger condition associated with the specified threshold value to be true or false using XPath rules and does not affect the even/update record output generation from a publisher. The updates are only pushed as the corresponding period interval when the XPath expression is evaluated to "true".

    It is not always trivial for a subscriber to determine the threshold used in an XPath expression criterion. Sometimes the threshold needs to be adjusted during the lifecycle of an adaptive subscription, depending on historical fluctuation range and how rapid the targeted value of the node changes, distribution characteristics of the targeted node value or even the generated volume of telemetry traffic.

    How often the XPath expression criterion is evaluated to decide whether to switch to another period interval is up to the publisher's implementation. With minimal delay, the expression can be evaluated whenever changes to targeted data node occur, or at the end of each shortest streaming update period. To reduce the frequency of evaluation, the server can choose to check targeted node change at every multiple (e.g.,2 or 3) high-frequency streaming update periods.

    The represented expression defined in "xpath-eval-criterion" is evaluated in the following XPath context:

    • The set of namespace declarations is the set of prefix and namespace pairs for all YANG modules implemented by the server, where the prefix is the YANG module name and the namespace is as defined by the "namespace" statement in the YANG module.

    • If the leaf is encoded in XML, all namespace declarations in scope on the "xpath-eval-criterion" leaf element are added to the set of namespace declarations. If a prefix found in the XML is already present in the set of namespace declarations, the namespace in the XML is used.

    • The set of variable bindings is empty.

    • The function library is the core function library defined in [XPATH1.0] and the function defined in Section 10 in RFC 7950.

    • The context node is the root node in the accessible tree which is the operational state data in the server.

    For the cases where the "xpath-eval-criterion" parameter refers to multiple list/leaf-list instances, XPath abbreviated syntax can be used to identify a particular instance, e.g., to represent a comparison for a leaf in a list entry:

    /if:interfaces/if:interface[if:name="eth0"]/if:in-errors>1000.

    The server MUST convert the XPath evaluation expression defined in "xpath-eval-criterion" to a boolean value and internally apply the "boolean" function defined in Section 4.3 in [XPATH1.0] if the evaluated result is not a boolean value. It MUST evaluates to "false" if the target node instance to be compared is deleted. Only if the XPath expression is evaluated to "true", does the publisher switch to the corresponding period with which push updates are reported.

  • "period": defines the duration between push updates, in units of 0.01 seconds. The "period" has the same definition as the yp:period for periodic subscription defined in [RFC8641], while it must be present with an "xpath-eval-criterion" parameter so that update interval can be switched based on trigger conditions indicated by the "xpath-eval-criterion" parameter;

  • "anchor-time": update intervals fall on the points in time that are a multiple of a "period" from an "anchor-time". If an "anchor-time" is not provided, then the "anchor-time" MUST be set with the creation time of the initial update record inside each periodic timeframe.

Note that the adaptive subscription may not be supported by every YANG datastore node. A publisher MAY decide to simply reject an adaptive subscription with "adaptive-unsupported" (defined in Section 2.3.1) if the scope of the subscription contains selected data nodes for which adaptive subscription is not supported.

2.3. YANG RPCs

Adaptive Subscriptions are established, modified, and deleted using RPCs from [RFC8639] and [RFC8641]. RPCs "establish-subscription" and "modify-subscription" have been augmented to include the adaptive subscription specific parameters, those parameters are the same as the ones defined in Section 2.2.

2.3.1. RPC Failures

RPC error responses from the publisher are used to indicate a rejection of an RPC for any reason. In addition to the RPC failures defined in [RFC8639] and [RFC8641], this document introduces following RPC errors for "establish-subscription" and "modify-subscription" RPCs.

establish-subscription
-----------------------------
adaptive-unsupported
xpath-evaluation-unsupported
multi-xpath-criteria-conflict

modify-subscription
-----------------------------
xpath-evaluation-unsupported
multi-xpath-criteria-conflict

The "adaptive-unsupported" RPC error is used to indicate that the adaptive subscription is not supported for the targeted set of data nodes that are selected by the filter.

The "xpath-evaluation-unsupported" RPC error is used to indicate that a server failed to parse syntax defined in "xpath-eval-criterion". The failure can be caused by either a syntax error or some XPath 1.0 syntax not supported against the specific data node.

When specified, multiple XPath evaluation criteria inside "adaptive-periods" container MUST be mutually exclusive. The "multi-xpath-criteria-conflict" error is used to indicate that the multiple XPath evaluation criteria represented by "xpath-eval-criterion" are evaluated as conflicting, i.e., more than one condition expressions may be evaluated to "true" at the same time.

For an example of how the above RPC errors can be returned, see the "xpath-evaluation-unsupported" error response illustrated in Appendix C.3.

Note that existing RPC errors defined in [RFC8639] and [RFC8641] are still supported by this document. For example, if any configured period for adaptive subscription is not supported by the publisher, a "period-unsupported" error response could be used.

2.4. Subscription State Change Notifications

Subscription state change notifications and mechanisms are reused from [RFC8639] and [RFC8641]. Notifications "subscription-started" and "subscription-modified" have been augmented to include the adaptive subscription specific parameters.

2.5. Notifications for Adaptive Subscribed Content

The adaptive update notification is similar to subscription state change notifications defined in [RFC8639]. It is inserted into the sequence of notification messages sent to a particular receiver. As stated in Section 2.7 of [RFC8639], the adaptive update notification cannot be dropped or filtered out, it cannot be stored in replay buffers, and it is delivered only to impacted receivers of a subscription. The identification of the adaptive update notification is easy to separate from other notification messages through the use of the YANG extension "subscription-state-notification" defined in [RFC8639]. This extension tags a notification as a subscription state change notification.

The elements in the "adaptive-period-update" notification include:

  • a "period" that defines the duration between push updates, the period can be changed based on trigger conditions.

  • a "period-update-time" that designates a timestamp when the server starts to switch to another period interval because the evaluated "xpath-eval-criterion" expression result changed.

  • A selection filter to identify YANG nodes of interest in a datastore. Filter contents are specified via a reference to an existing filter or via an in-line definition for only that subscription based on XPath Section 6.4 of [RFC7950] evaluation criteria. Referenced filters allow an implementation to avoid evaluating filter acceptability during a dynamic subscription request. The "case" statement differentiates the options. Note that filter contents are not affected by the "xpath-eval-criterion" parameter defined by the update trigger.

3. XPath Complexity Evaluation

YANG-Push subscriptions [RFC8641] specify selection filters to identify targeted YANG datastore nodes and/or datastore subtrees for which updates are to be pushed. In addition, it specifies update policies which contain conditions that trigger generation and pushing of new update records. To support a subscriber's adaptive subscription defined in this document, the trigger condition also uses similar selection filters to express a standard XPath evaluation criterion that is applied against the targeted data node(s).

The following complex implementation and use choices need to be cautious, although they have already been well supported by the section 3.4 of [XPATH1.0]:

  • Support XPath evaluation criteria for all "config true" and "config false" data nodes;

  • Support more than one target data node selection and operation (e.g., addition, subtraction, division and multiplication) in a single XPath evaluation criterion;

  • Support any type of node value in the XPath evaluation criterion, e.g., string, int64, uint64, and decimal64 types;

  • Both objects in the XPath evaluation criterion to be compared are node-sets;

  • Targeted data to be compared are in different data types, e.g., one is an integer, the other is a string.

As described in Section 6.4 of [RFC7950], Numbers in XPath 1.0 are IEEE 754 [IEEE754-2008] double-precision floating-point values; some values of int64, uint64, and decimal64 types cannot be exactly represented in XPath expressions.

If targeted data to be compared are in different data types, a conversion function is needed to convert different data types into numbers.

If both objects in XPath evaluation criteria to be compared are node-sets, more computation resources are required which add complexity.

To reduce these complexities, the following implementation and use principles are recommended:

  • XPath evaluation criteria are applied against a minimal set of data nodes in the data model, the minimal set of data nodes can be advertised using "ietf-notification-capabilities" module defined in [RFC9196];

  • Both targets in the XPath evaluation criterion to be compared are in the same data type;

  • One target to be compared in the XPath evaluation criterion is a leaf/leaf-list data node with numerical data type (e.g., signed/unsigned integer) and the other is a numerical threshold value.

If a server receives an XPath evaluation criterion with some XPath syntax unsupported against the specific targeted data node, an RPC error with "xpath-evaluation-unsupported" MUST be returned.

4. Adaptive Subscription YANG Module

This YANG module imports modules from [RFC8639], [RFC8641] and [I-D.ietf-netmod-rfc6991-bis].

<CODE BEGINS> file "ietf-adapt-subscription@2024-06-13.yang"

   module ietf-adapt-subscription {
     yang-version 1.1;
     namespace "urn:ietf:params:xml:ns:yang:ietf-adapt-subscription";
     prefix as;

     import ietf-subscribed-notifications {
       prefix sn;
       reference
         "RFC 8639: Subscription to YANG Notifications";
     }
     import ietf-yang-push {
       prefix yp;
       reference
         "RFC 8641: Subscription to YANG Notifications for Datastore
          Updates";
     }
     import ietf-yang-types {
       prefix yang;
       reference
         "RFC YYYY: Common YANG Data Types";
     }

     organization
       "IETF NETCONF (Network Configuration) Working Group";
     contact
       "WG Web:   <http://tools.ietf.org/wg/netconf>
        WG List:  <netconf@ietf.org>

        Editor: Qin Wu
              <mailto:bill.wu@huawei.com>

        Editor: Wei Song
              <mailto: songwei80@huawei.com>

        Editor: Peng Liu
              <mailto: liupengyjy@chinamobile.com>

        Editor: Qiufang Ma
              <mailto: maqiufang1@huawei.com>

        Editor: Wei Wang
             <mailto: wangw36@chinatelecom.cn>

        Editor: Zhixiong Niu
             <mailto: Zhixiong.Niu@microsoft.com>";

     description
       "This module extends the YANG data module defined in
        YANG-push to enable the subscriber's adaptive
        subscriptions to a publisher's event streams with various
        different period intervals to report updates.

        Copyright (c) 2024 IETF Trust and the persons identified
        as authors of the code. All rights reserved.

        Redistribution and use in source and binary forms, with
        or without modification, is permitted pursuant to, and
        subject to the license terms contained in, the Revised
        BSD License set forth in Section 4.c of the IETF Trust's
        Legal Provisions Relating to IETF Documents
        (https://trustee.ietf.org/license-info).

        This version of this YANG module is part of RFC xxxx
        (https://www.rfc-editor.org/info/rfcxxxx); see the RFC
        itself for full legal notices.

        The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
        'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
        'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
        are to be interpreted as described in BCP 14 (RFC 2119)
        (RFC 8174) when, and only when, they appear in all
        capitals, as shown here.";

     revision 2024-06-13 {
       description
         "Initial revision";
       reference
         "RFC xxxx: Adaptive Subscription to YANG Notification.";
     }

     identity adaptive-unsupported {
       base sn:establish-subscription-error;
       description
         "Adaptive-subscription is not supported for the targeted set
          of objects that are selectable by the filter.";
     }

     identity xpath-evaluation-unsupported {
       base sn:establish-subscription-error;
       base sn:modify-subscription-error;
       description
         "Unable to parse the xpath evaluation criteria defined in
          'xpath-eval-criterion' because of a syntax error or some
          XPath 1.0 syntax not supported against the specific
          data node.";
     }

     identity multi-xpath-criteria-conflict {
       base sn:establish-subscription-error;
       base sn:modify-subscription-error;
       description
         "Multiple Xpath evaluation criteria represented by
          'xpath-eval-criterion' are evaluated as a conflict. I.e.,
          more than one condition expression is evaluated to
          'true'.";
     }

     grouping adaptive-subscription-modifiable {
       description
         "This grouping describes the datastore-specific adaptive
          subscription conditions that can be changed during the
          lifetime of the subscription.";
       container adaptive-periods {
         list adaptive-period {
           key "name";
           description
             "An entry in this list represents an adaptive period
              which defines a push update interval and trigger
              conditions to switch to the update interval for
              sending an event record to the subscriber.";
           leaf name {
             type yang:yang-identifier;
             description
               "The name of adaptive period.";
           }
           leaf xpath-eval-criterion {
             type yang:xpath1.0;
             mandatory true;
             description
               "An XPath string, representing a logical expression,
                which can contain comparisons of datastore values
                and logical operations in the XPath format.";
           }
           leaf period {
             type yp:centiseconds;
             mandatory true;
             description
               "Duration of time that should occur between periodic
                push updates, in units of 0.01 seconds.";
           }
           leaf anchor-time {
             type yang:date-and-time;
             description
               "Designates a timestamp before or after which a series
                of periodic push updates is determined.  The next
                update will take place at a point in time that is a
                multiple of a period from the 'anchor-time'.
                For example, for an 'anchor-time' that is set for the
                top of a particular minute and a period interval of a
                minute, updates will be sent at the top of every
                minute that this subscription is active.";
           }
         }
         description
           "Container for adaptively periodic subscription.";
       }
     }

     augment "/sn:subscriptions/sn:subscription/yp:update-trigger" {
       description
         "This augmentation adds additional subscription parameters
          that apply specifically to adaptive subscription.";
       case adaptive-periodic {
         description
           "Defines adaptively periodic case for sending an event
            record to the subscriber.";
         uses adaptive-subscription-modifiable;
       }
     }

     augment
       "/sn:establish-subscription/sn:input/yp:update-trigger" {
       description
         "This augmentation adds additional establish-subscription
          parameters that apply specifically to datastore updates to
          RPC input.";
       case adaptive-periodic {
         description
           "Defines adaptively periodic case for sending an event
            record to the subscriber.";
         uses adaptive-subscription-modifiable;
       }
     }

     augment "/sn:modify-subscription/sn:input/yp:update-trigger" {
       description
         "This augmentation adds additional modify-subscription
          parameters that apply specifically to datastore updates to
          RPC input.";
       case adaptive-periodic {
         description
           "Defines adaptively periodic case for sending an event
            record to the subscriber.";
         uses adaptive-subscription-modifiable;
       }
     }

     augment "/sn:subscription-started/yp:update-trigger" {
       description
         "This augmentation adds additional adaptive subscription
          parameters to the notification that a subscription has
          started.";
       case adaptive-periodic {
         description
           "Defines adaptively periodic case for sending an event
            record to the subscriber.";
         uses adaptive-subscription-modifiable;
       }
     }

     augment "/sn:subscription-modified/yp:update-trigger" {
       description
         "This augmentation adds additional adaptive subscription
          parameters to the notification that a subscription has been
          modified.";
       case adaptive-periodic {
         description
           "Defines adaptively periodic case for sending an event
            record to the subscriber.";
         uses adaptive-subscription-modifiable;
       }
     }

     notification adaptive-period-update {
       sn:subscription-state-notification;
       description
         "This notification contains a push update that in turn
          contains data subscribed to via a subscription.  In the
          case of a periodic subscription, this notification is sent
          for periodic updates.  It can also be used for
          synchronization updates of an on-change subscription.
          This notification shall only be sent to receivers of a
          subscription.  It does not constitute a general-purpose
          notification that would be subscribable as part of the
          NETCONF event stream by any receiver.";
       leaf id {
         type sn:subscription-id;
         description
           "This references the subscription that drove the
            notification to be sent.";
       }
       leaf period {
         type yp:centiseconds;
         mandatory true;
         description
           "New duration of time that should occur between periodic
            push updates, in units of 0.01 seconds.";
       }
       leaf period-update-time {
         type yang:date-and-time;
         description
           "Designates a timestamp when the server starts to switch
            to another period interval because the evaluated 'xpath-
            external-eval' expression result changed.";
       }
       uses yp:datastore-criteria {
         refine "selection-filter/within-subscription" {
           description
             "Specifies the selection filter and where it originated
              from.  If the 'selection-filter-ref' is populated, the
              filter in the subscription came from the 'filters'
              container.  Otherwise, it is populated in-line as part
              of the subscription itself.";
         }
       }
     }
   }

<CODE ENDS>

5. IANA Considerations

5.1. Updates to the IETF XML Registry

This document registers one URI in the IETF XML registry [RFC3688]. Following the format in [RFC3688], the following registration is requested to be made:

   ---------------------------------------------------------------------
      URI: urn:ietf:params:xml:ns:yang:ietf-adapt-subscription
      Registrant Contact: The IESG.
      XML: N/A, the requested URI is an XML namespace.
   ---------------------------------------------------------------------

5.2. Updates to the YANG Module Names Registry

This document registers one YANG module in the YANG Module Names registry [RFC7950]. Following the format in [RFC6020], the following registration is requested to be made:

   ---------------------------------------------------------------------
      Name:         ietf-adapt-subscription
      Namespace:    urn:ietf:params:xml:ns:yang:ietf-adapt-subscription
      Prefix:       as
      Reference:    RFC xxxx
   ---------------------------------------------------------------------

6. Security Considerations

This section uses the template described in Section 3.7 of [I-D.ietf-netmod-rfc8407bis].

The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. These network management protocols are required to use a secure transport layer and mutual authentication, e.g., SSH [RFC6242] without the "none" authentication option, Transport Layer Security (TLS) [RFC8446] with mutual X.509 authentication, and HTTPS with HTTP authentication (Section 11 of [RFC9110]).

The NETCONF Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.

There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., "config true", which is the default). These data nodes may be considered sensitive in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. Specifically, the following subtrees and data nodes have particular sensitivities/vulnerabilities:

  • "adaptive-period": By modifying this list, an attacker might alter the upates that are being sent in order to confuse a receiver, withhold certain updates to be sent to the receiver, and/or overwhelm a receiver. For example, an attacker might modify the period with which updates are reported and/or the XPath evaluation expression, resulting in certain updates not being published or a high volume of updates being published to exhaust receiver resources.

7. Contributors

Thanks Michael Wang, Liang Geng for their major contributions to the initial modeling and use cases.

   Michael Wang
   Email: wangzitao@huawei.com

   Liang Geng
   China Mobile
   32 Xuanwumen West St, Xicheng District
   Beijing  10053

   Email: gengliang@chinamobile.com

8. Acknowledges

We would like to thank Rob Wilton, Thomas Graf, Andy Bierman, Michael Richardson, Henk Birkholz, Chong Feng, Adrian Farrel for valuable review on this document, special thanks to Thomas and Michael for organizing the discussion on several relevant drafts and reach the common understanding on the concept and ideas. Thanks Michael for providing CHIP/Matter WIFI statistics reference.

9. References

9.1. Normative References

[I-D.ietf-netmod-rfc6991-bis]
Schönwälder, J., "Common YANG Data Types", Work in Progress, Internet-Draft, draft-ietf-netmod-rfc6991-bis-15, , <https://datatracker.ietf.org/doc/html/draft-ietf-netmod-rfc6991-bis-15>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC5277]
Chisholm, S. and H. Trevino, "NETCONF Event Notifications", RFC 5277, DOI 10.17487/RFC5277, , <https://www.rfc-editor.org/info/rfc5277>.
[RFC7950]
Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, , <https://www.rfc-editor.org/info/rfc7950>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC8341]
Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, , <https://www.rfc-editor.org/info/rfc8341>.
[RFC8342]
Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10.17487/RFC8342, , <https://www.rfc-editor.org/info/rfc8342>.
[RFC8639]
Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard, E., and A. Tripathy, "Subscription to YANG Notifications", RFC 8639, DOI 10.17487/RFC8639, , <https://www.rfc-editor.org/info/rfc8639>.
[RFC8641]
Clemm, A. and E. Voit, "Subscription to YANG Notifications for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641, , <https://www.rfc-editor.org/info/rfc8641>.
[RFC9196]
Lengyel, B., Clemm, A., and B. Claise, "YANG Modules Describing Capabilities for Systems and Datastore Update Notifications", RFC 9196, DOI 10.17487/RFC9196, , <https://www.rfc-editor.org/info/rfc9196>.

9.2. Informative References

[CHIP]
CSA, "Connected Home over IP Specification", .
[I-D.ietf-netmod-rfc8407bis]
Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for Authors and Reviewers of Documents Containing YANG Data Models", Work in Progress, Internet-Draft, draft-ietf-netmod-rfc8407bis-11, , <https://datatracker.ietf.org/doc/html/draft-ietf-netmod-rfc8407bis-11>.
[IEEE754-2008]
IEEE, "IEEE Standard for Floating-Point Arithmetic", DOI 10.1109/IEEESTD.2008.4610935, , <http://standards.ieee.org/findstds/standard/754-2008.html>.
[RFC3688]
Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, , <https://www.rfc-editor.org/info/rfc3688>.
[RFC6020]
Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, , <https://www.rfc-editor.org/info/rfc6020>.
[RFC6241]
Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, , <https://www.rfc-editor.org/info/rfc6241>.
[RFC6242]
Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, , <https://www.rfc-editor.org/info/rfc6242>.
[RFC8040]
Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, , <https://www.rfc-editor.org/info/rfc8040>.
[RFC8340]
Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, , <https://www.rfc-editor.org/info/rfc8340>.
[RFC8446]
Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, , <https://www.rfc-editor.org/info/rfc8446>.
[RFC9110]
Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP Semantics", STD 97, RFC 9110, DOI 10.17487/RFC9110, , <https://www.rfc-editor.org/info/rfc9110>.
[XPATH1.0]
W3C, "https://www.w3.org/TR/1999/REC-xpath-19991116/", .

Appendix A. Use Cases

A.1. Wireless Network Performance Monitoring

Wireless signal strength determines the quality of wireless network connection. When the wireless signal strength falls below a configured threshold, the subscribed data can be streamed at a higher rate to capture potentially important data and events (e.g., continuous service degeneration); while when the wireless signal strength crosses a configured threshold, the subscribed data can be streamed at a lower rate.

A.2. Reducing Impact on High CPU Utilization

Frequent monitoring of some metrics could affect the CPU utilization of the device. When the CPU utilization on the device exceeds a certain high-level value, it might be desired for the monitoring service to specify a less rapid period interval for some less-important statistics to make room and save more resources. Conversely, When the CPU usage is lower than the specified threshold, a shorter period interval may be used without exhausting the CPU resources at the same time.

Appendix B. Example YANG Module

This section presents an example YANG module so that Appendix C can give examples of how the YANG module defined in Section 4 is used to perform adaptive subscription. The example YANG module used in this section represents a Wi-Fi Network Diagnostics data specified in [CHIP] which can be used by a Node to assist a user or Administrative Node in diagnosing potential problems.

YANG tree diagram for the "example-wifi-network-diagnostic" module:

module: example-wifi-network-diagnostic
  +--ro server
  |  +--ro bssid?                       yang:mac-address
  |  +--ro security-type?               enumeration
  |  +--ro wifi-version?                enumeration
  |  +--ro channel-num?                 int8
  |  +--ro rssi?                        int8
  |  +--ro beacon-lost-count?           int8
  |  +--ro beacon-rx-count?             int8
  |  +--ro packet-multicast-rx-count?   int8
  |  +--ro packet-multicast-tx-count?   int8
  |  +--ro packet-unicast-rx-count?     int8
  |  +--ro packet-unicast-tx-count?     int8
  |  +--ro current-max-rate?            int8
  |  +--ro overrun-count?               int8
  +--ro events
     +--ro event* [name]
        +--ro name                   string
        +--ro disconnection?         enumeration
        +--ro association-failure?   enumeration
        +--ro connection-status?     enumeration

B.1. "example-wifi-network-diagnostic" YANG Module

module example-wifi-network-diagnostic {
  yang-version 1;
  namespace "http://example.com/yang/wifi-network-diagnostic";
  prefix wnd;

  import ietf-yang-types {
    prefix yang;
  }

  container server {
    config false;
    description
      "Configuration of the WiFi Server logical entity.";
    leaf bssid {
      type yang:mac-address;
      description
        "The MAC address of a wireless access point.";
    }
    leaf security-type {
      type enumeration {
        enum unspecified {
          value 0;
        }
        enum none {
          value 1;
        }
        enum wep {
          value 2;
        }
        enum wpa {
          value 3;
        }
        enum wpa2 {
          value 4;
        }
        enum wpa3 {
          value 5;
        }
      }
      description
        "The type of Wi-Fi security used. A value of 0
         indicate that the interface is not currently
         configured or operational.";
    }
    leaf wifi-version {
      type enumeration {
        enum 80211a {
          value 0;
        }
        enum 80211b {
          value 1;
        }
        enum 80211g {
          value 2;
        }
        enum 80211n {
          value 3;
        }
        enum 80211ac {
          value 4;
        }
        enum 80211ax {
          value 5;
        }
      }
      description
        "The highest 802.11 standard version usable
         by the Node.";
    }
    leaf channel-num {
      type int8;
      description
        "The channel that Wi-Fi communication is currently
         operating on. A value of 0indicates that the interface
         is not currently configured or operational.";
    }
    leaf rssi {
      type int8;
      description
        "The RSSI of the Node's Wi-Fi radio in dBm.";
    }
    leaf beacon-lost-count {
      type int8;
      description
        "The count of the number of missed beacons the
         Node has detected.";
    }
    leaf beacon-rx-count {
      type int8;
      description
        "The count of the number of received beacons. The
         total number of expected beacons that could have been
         received during the interval since association SHOULD
         match the sum of BeaconRxCount and BeaconLostCount. ";
    }
    leaf packet-multicast-rx-count {
      type int8;
      description
        "The number of multicast packets received by
         the Node.";
    }
    leaf packet-multicast-tx-count {
      type int8;
      description
        "The number of multicast packets transmitted by
         the Node.";
    }
    leaf packet-unicast-rx-count {
      type int8;
      description
        "The number of multicast packets received by
         the Node.";
    }
    leaf packet-unicast-tx-count {
      type int8;
      description
        "The number of multicast packets transmitted by
         the Node.";
    }
    leaf current-max-rate {
      type int8;
      description
        "The current maximum PHY rate of transfer of
         data in bytes-per-second.";
    }
    leaf overrun-count {
      type int8;
      description
        "The number of packets dropped either at ingress or
         egress, due to lack of buffer memory to retain all
         packets on the ethernet network interface. The
         OverrunCount attribute SHALL be reset to 0 upon a
         reboot of the Node..";
    }
  }
  container events {
    config false;
    description
      "Configuration of WIFI Network Diagnostic events.";
    list event {
      key "name";
      description
        "The list of event sources configured on the
         server.";
      leaf name {
        type string;
        description
          "The unique name of an event source.";
      }
      leaf disconnection {
        type enumeration {
          enum de-authenticated {
            value 1;
          }
          enum dis-association {
            value 2;
          }
        }
        description
          "A Node's Wi-Fi connection has been disconnected as a
           result of de-authenticated or dis-association and
           indicates the reason.";
      }
      leaf association-failure {
        type enumeration {
          enum unknown {
            value 0;
          }
          enum association-failed {
            value 1;
          }
          enum authentication-failed {
            value 2;
          }
          enum ssid-not-found {
            value 3;
          }
        }
        description
          "A Node has attempted to connect, or reconnect, to
           a Wi-Fi access point, but is unable to successfully
           associate or authenticate, after exhausting all
           internal retries of its supplicant.";
      }
      leaf connection-status {
        type enumeration {
          enum connected {
            value 1;
          }
          enum notconnected {
            value 2;
          }
        }
        description
          "A Node's connection status to a Wi-Fi network has
           changed. Connected, in this context, SHALL mean that
           a Node acting as a Wi-Fi station is successfully
           associated to a Wi-Fi Access Point.";
      }
    }
  }
}

Appendix C. Adaptive Subscription and Notification Example

The examples within this document use the normative YANG module "ietf-adapt-subscription" defined in Section 4 and the non-normative example YANG module "example-wifi-network-diagnostic" defined in Appendix A.1.

This section shows some typical adaptive subscription and notification message exchanges.

C.1. "edit-config" Example

The client configures adaptive subscription policy parameters on the server. The adaptive subscription configuration parameters require the server to support two update intervals (i.e., 5 seconds, 60 seconds) and report updates every 60 seconds if the rssi value is greater than or equal to -65dB; If the rssi value is less than -65dB, switch to 5 seconds period value to report updates.

<rpc message-id="101"
  xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
   <target>
    <running/>
   </target>
   <config>
    <subscriptions
     xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications"
     xmlns:yp="urn:ietf:params:xml:ns:yang:ietf-yang-push">
     <subscription>
     <id>1011</id>
     <yp:datastore
      xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
              ds:operational
     </yp:datastore>
     <yp:datastore-xpath-filter
      xmlns:wnd="http://example.com/yang/wifi-network-diagnostic">
             /wnd:server
     </yp:datastore-xpath-filter>
     <as:adaptive-periods
      xmlns:as="urn:ietf:params:xml:ns:yang:ietf-adapt-subscription">
      <as:adaptive-period>
       <as:name>adaptive-period-1</as:name>
       <as:xpath-eval-criterion>
        /wnd:server/wnd:rssi&lt;-65
       </as:xpath-eval-criterion>
       <as:period>5</as:period>
      </as:adaptive-period>
      <as:adaptive-period>
       <as:name>adaptive-period-2</as:name>
       <as:xpath-eval-criterion>
        /wnd:server/wnd:rssi&gt;=-65
       </as:xpath-eval-criterion>
       <as:period>60</as:period>
     </as:adaptive-period>
     </as:adaptive-periods>
     <receivers>
       <receiver>
        <name>host.example.com</name>
       </receiver>
     </receivers>
     </subscription>
    </subscriptions>
   </config>
  </edit-config>
 </rpc>

C.2. Create Adaptive Subscription Example

The subscriber sends an "establish-subscription" RPC with the parameters listed in Section 2 to request the creation of an adaptive subscription. The adaptive subscription configuration parameters require the server to report updates every 5 seconds if the rssi value is less than -65dB; If the rssi value is greater than or equal to -65dB, switch to 60 seconds period value.

 <netconf:rpc message-id="101"
  xmlns:netconf="urn:ietf:params:xml:ns:netconf:base:1.0">
  <establish-subscription
   xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications"
   xmlns:yp="urn:ietf:params:xml:ns:yang:ietf-yang-push">
   <yp:datastore
    xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
           ds:operational
   </yp:datastore>
   <yp:datastore-xpath-filter
    xmlns:wnd="http://example.com/yang/wifi-network-diagnostic">
        /wnd:server
   </yp:datastore-xpath-filter>
   <as:adaptive-periods
    xmlns:as="urn:ietf:params:xml:ns:yang:ietf-adapt-subscription">
    <as:adaptive-period>
     <as:name>adaptive-period-1</as:name>
     <as:xpath-eval-criterion>
      /wnd:server/wnd:rssi&lt;-65
     </as:xpath-eval-criterion>
     <as:period>5</as:period>
    </as:adaptive-period>
    <as:adaptive-period>
     <as:name>adaptive-period-2</as:name>
     <as:xpath-eval-criterion>
      /wnd:server/wnd:rssi&gt;=-65
     </as:xpath-eval-criterion>
     <as:period>60</as:period>
    </as:adaptive-period>
   </as:adaptive-periods>
  </establish-subscription>
 </netconf:rpc>

C.3. "xpath-evaluation-unsupported" error response example

If the subscriber has authorization to establish the subscription with a server, but the server had not been able to fully satisfy the request from the subscriber, the server should send an RPC error response.

For instance, if the XPATH 1.0 syntax against the targeted data node defined in "xpath-eval-criterion" is not supported by the server' s implementation, the server returns a reply indicating a failure. The following <rpc-reply> illustrates an example:

<?xml version="1.0" encoding="utf-8"?>
<rpc-reply message-id="101"
 xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <rpc-error>
    <error-type>application</error-type>
    <error-tag>invalid-value</error-tag>
    <error-severity>error</error-severity>
    <error-app-tag>
      ietf-adapt-subscription:xpath-evaluation-unsupported
    </error-app-tag>
    <error-path
      xmlns:wnd="http://example.com/yang/wifi-network-diagnostic">
      /wnd:server/wnd:rssi
    </error-path>
  </rpc-error>
</rpc-reply>

Since adaptive subscription allows a server to be configured with multiple different period intervals and corresponding XPath evaluation criteria to trigger update interval switch in the server, it may be possible for the server to return multiple <rpc-error> elements with "xpath-evaluation-unsupported" failure specified by different error paths. The subscriber can use this information in future attempts to establish a subscription.

C.4. "adaptive-period-update" notification example

Upon the server switches from the update interval 5 seconds to the new update interval 60 seconds, before sending event records to receivers, the "adaptive-period-update" notification should be generated and sent to the receivers to inform the receivers that the update interval value is switched to the new value.

<notification
 xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"
 xmlns:yp="urn:ietf:params:xml:ns:yang:ietf-yang-push">
 <eventTime>2016-11-21T13:51:00Z</eventTime>
 <adaptive-period-update
  xmlns="urn:ietf:params:xml:ns:yang:ietf-adapt-subscription">
  <id>1011</id>
  <period>60</period>
  <yp:datastore
   xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
       ds:operational
  </yp:datastore>
  <yp:datastore-xpath-filter
   xmlns:wnd="http://example.com/yang/wifi-network-diagnostic">
       /wnd:server
  </yp:datastore-xpath-filter>
 </adaptive-period-update>
</notification>

Appendix D. Changes between Revisions

This section is to be removed before publishing as an RFC.

v03 -v04

  • Add CPU utilization case in introduction section;

  • Change the Xpath expression parameter "xpath-external-eval" to "xpath-eval-criterion";

  • Some tweaks to the XPath Complexity Evaluation section;

  • Editorial updates (e.g., fix long lines);

v02 -v03

  • Augment "modify-subscription", "subscription-started", "subscription-modified" to also support adaptive-subscription parameters;

  • Replace the "anchor-time" parameter defined in adaptive-period-update notification with "period-update-time";

  • Fix the YANG module and XML snippet errors in Appendix sections.

v01 -v02

  • Editorial changes to improve readability

  • Clarify that "period" and "xpath-external-eval" parameters must be co-exist so that the period can be switched based on trigger conditions indicated by "xpath-external-eval"

v00 -v01

  • Clarify what if multiple Xpath condition expressions conflict with each other during the lifecycle of an adaptive subscription

  • Clarify that existing RPC errors defined in RFC 8639 and 8641 are still supported by this document

  • Refine the YANG module: add contact information, fix IETF Trust Copyright statement, fix yanglint validation error

v09 -v10

  • Change the draft intended status to "experimental"

  • Problem statement refinement

v08 -v09

  • Define two new RPC errors to report when adaptive subscription unsupported or multiple XPath criteria conflict.

  • Remove the "watermark" parameter.

  • Add clarification about how to evaluate the XPath expression defined in "xpath-external-eval".

  • Add clarification about how to compare a targeted data object in a specific list entry.

v07 -v08

  • Define a new RPC error to report when an XPath syntax defined in "xpath-external-eval" is unsupported by a server.

  • Add a new example showing how the RPC error being returned by a publisher.

  • The usage examples fixed in the Appendix.

  • Grammatical errors correction(missing articles, plurality mismatches, etc).

v06 -v07

  • The usage examples typo fixed in the Appendix.

  • Add reference to RFC7950 XPATH Evaluation section and XPATH 1.0

  • Clarify the definitions of 'xpath-external-eval' and 'selection-filter' by reusing XPATH Evaluation rules in RFC7950.

  • Add a new terminology "adaptive subscription".

  • Add one section to discuss Arbitrary XPath Complexity.

v05 -v06

  • Replace example-wifi-mac module with example-wifi-network-diagnostic using WIFI statistics specified in CHIP specification.

  • Update adaptive subscription Example to align with WIFI example module change.

  • Add one more reference to CHIP Specification.

v04 -v05

  • Remove "modify-subscption" RPC usage.

  • Module update to fix the nits.

  • Update adaptive subscription Example.

  • Other Editorial changes.

v03 - v04

  • Add missing subtrees and data nodes in the security section;

  • Change "adaptive-update" notification into "adaptive-period-update" notification;

  • Other Editorial changes.

v02 - v03

  • Clarify the difference between low priority telemetry data dropping and collection rate switching in the introduction section;

  • Update the abstract and introduction section to focus on collection rate switching in the server without interaction with the remote client;

  • Format usage example and change ssid into rssi in the appendix;

  • Use boilerplate and reuse the terms in the terminology section.

Authors' Addresses

Qin Wu
Huawei
101 Software Avenue, Yuhua District
Nanjing
Jiangsu, 210012
China
Wei Song
Huawei
101 Software Avenue, Yuhua District
Nanjing
Jiangsu, 210012
China
Peng Liu
China Mobile
32 Xuanwumen West St, Xicheng District
Beijing
Qiufang Ma
Huawei
101 Software Avenue, Yuhua District
Nanjing
Jiangsu, 210012
China
Wei Wang
China Telecom
32 Xuanwumen West St, Xicheng District
Beijing
Zhixiong Niu
Microsoft