IETF Last Call Review of draft-ietf-netconf-distributed-notif-18
review-ietf-netconf-distributed-notif-18-tsvart-lc-westerlund-2026-04-01-00
| Request | Review of | draft-ietf-netconf-distributed-notif |
|---|---|---|
| Requested revision | No specific revision (document currently at 19) | |
| Type | IETF Last Call Review | |
| Team | Transport Area Review Team (tsvart) | |
| Deadline | 2026-03-08 | |
| Requested | 2026-02-22 | |
| Requested by | Mahesh Jethanandani | |
| Authors | Tianran Zhou , Guangying Zheng , Eric Voit , Thomas Graf , Pierre Francois | |
| I-D last updated | 2026-04-21 (Latest revision 2026-04-13) | |
| Completed reviews |
Yangdoctors Early review of -13
by Martin Björklund
(diff)
Opsdir Early review of -14 by Jürgen Schönwälder (diff) Opsdir IETF Last Call review of -19 by Yingzhen Qu Yangdoctors IETF Last Call review of -17 by Martin Björklund (diff) Genart IETF Last Call review of -18 by Joel M. Halpern (diff) Secdir IETF Last Call review of -19 by Daniel Migault Tsvart IETF Last Call review of -18 by Magnus Westerlund (diff) Intdir IETF Last Call review of -18 by Florian Obser (diff) |
|
| Comments |
The SEDDIR review should look for any security implications as far as sending traffic from the Component (a.k.a. line cards) to an entity outside the chassis. Similarly, the INTDIR review should examine the implications of establishing an IP network inside and outside the box. The transport experts should examine the use of UDP and any possible issues with sending data over it. Finally, the YANG doctors should (re)examine any changes to the YANG module and OPSDIR on any operational considerations that were not obvious before. |
|
| Assignment | Reviewer | Magnus Westerlund |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-netconf-distributed-notif by Transport Area Review Team Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/tsv-art/jp7plOa0Lt8vL04rIRFVRVcb5AQ | |
| Reviewed revision | 18 (document currently at 19) | |
| Result | Ready w/issues | |
| Completed | 2026-04-01 |
review-ietf-netconf-distributed-notif-18-tsvart-lc-westerlund-2026-04-01-00
This document has been reviewed as part of the transport area review team's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors and WG to allow them to address any issues raised and also to the IETF discussion list for information. When done at the time of IETF Last Call, the authors should consider this review as part of the last-call comments they receive. Please always CC tsv-art@ietf.org if you reply to or forward this review. So there are one major issue I found here that is not sufficiently handled. From Section 4: "For one subscription, there can be one or more Receivers. And the Subscriber does not necessarily share the same IP address as the Receivers." So based on this a subscriber can request a subscription to target another IP address and port. Especially combined with the publishing mechanism being defined in https://datatracker.ietf.org/doc/html/draft-ietf-netconf-udp-notif-25 where one uses UDP to send the data. That draft is clear that it primarily intended to be used in managed networks. However it does not appear to contain an Applicability statement that it MUST only be used in managed networks. Secondly, I think one should ask one self how does the publisher know that the receiver is within the managed network and the traffic never goes outside of the managed network path. Thus, I would suggest a couple of fixes to address the threat that one can use the combination of the this document and UDP Notif draft as DoS hose towards any, even if just by accidental misconfiguration. First UDP Notif should specify a mandatory to use mechanism to determine that the receiver is present and willing to receive this traffic. I think this can be solved with a basic return routability check where the publisher before sending anything more sends a UDP packet with a token. The receiver must echo this token back to enable the subscription to deliver any more data. If one uses DTLS security then that handshake is a better such check. Secondly, I think both draft needs to include in its security consideration the risk involved due to malicious or accidental misconfiguration of pointing the subscription at some target/non-intended receiver. And make clear that this need to be protected against. Which is handled when using connection oriented or preferably handshake based security mechanism which can identity the receiver to the publisher to avoid these risks. If the above return routability and security considerations are provided I think this document is fine and do not necessarily need an applicability statement. When it comes to UDP Notif I would like to have a bit more concrete requirement on how to deal with congestion control. For managed networks I think one need to consider what QoS settings and how to ensure that congestion actually result in detectable packet losses. I do think this document do need an applicability statement as this really shouldn't be run over Internet. However, as I noted above it is not clear how an endpoint actually can determine that this is the case. It is likely that the proposed mechanism at with a sufficient frequent reviewing of sent versus received one can determine the amount of packet loss and if one are above threshold so that one can cancel the subscription. This appears to have a reasonable promise of a circuit breaker mechanism (See Section 3.1.10 of RFC 8085: https://www.rfc-editor.org/rfc/rfc8085.html#section-3.1.10). Cheers Magnus Westerlund