-
Notifications
You must be signed in to change notification settings - Fork 0
/
draft-ietf-netconf-restconf-trace-ctx-headers.txt
410 lines (309 loc) · 15.1 KB
/
draft-ietf-netconf-restconf-trace-ctx-headers.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
NETCONF R. Gagliano
Internet-Draft Cisco Systems
Intended status: Standards Track K. Larsson
Expires: 9 January 2025 Deutsche Telekom AG
J. Lindblad
Cisco Systems
8 July 2024
RESTCONF Extension to support Trace Context Headers
draft-ietf-netconf-restconf-trace-ctx-headers-latest
Abstract
This document extends the RESTCONF protocol in order to support trace
context propagation as defined by the W3C.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at https://github.com/
netconf-wg/restconf-trace-ctx-headers/blob/gh-pages/draft-ietf-
netconf-restconf-trace-ctx-headers.txt. Status information for this
document may be found at https://datatracker.ietf.org/doc/draft-ietf-
netconf-restconf-trace-ctx-headers/.
Discussion of this document takes place on the NETCONF Working Group
mailing list (mailto:netconf@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/browse/netconf/. Subscribe at
https://www.ietf.org/mailman/listinfo/netconf/.
Source for this draft and an issue tracker can be found at
https://github.com/netconf-wg/restconf-trace-ctx-headers.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 9 January 2025.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction
1.1. Terminology
2. RESTCONF Extensions
2.1. Error Handling
2.2. Trace Context header versionning
3. Security Considerations
4. IANA Considerations
5. Acknowledgments
6. References
6.1. Normative References
6.2. Informative References
Appendix A. Example RESTCONF calls
A.1. Successful creation New Data Resources (from section B.2.1
in RFC8040)
A.2. Unsuccessful creation New Data Resources (from section
B.2.1 in RFC8040)
Appendix B. Changes (to be deleted by RFC Editor)
B.1. From version 00 to -01
B.2. From version 00 to
draft-ietf-netconf-restconf-trace-ctx-headers-00
Authors' Addresses
1. Introduction
Network automation and management systems commonly consist of
multiple sub-systems and together with the network devices they
manage, they effectively form a distributed system. Distributed
tracing is a methodology implemented by tracing tools to follow,
analyze and debug operations, such as configuration transactions,
across multiple distributed systems. An operation is uniquely
identified by a trace-id and through a trace context, carries some
metadata about the operation. Propagating this "trace context"
between systems enables forming a coherent view of the entire
operation as carried out by all involved systems.
The W3C has defined two HTTP headers (_traceparent_ and _tracestate_)
for context propagation that are useful for distributed systems like
the ones defined in [RFC8309]. The goal of this document is to adopt
this W3C specification for the RESTCONF protocol.
This document does not define new HTTP extensions but makes those
defined in [W3C-Trace-Context] optional headers for the RESTCONF
protocol.
In [I-D.draft-ietf-netconf-trace-ctx-extension-01], the NETCONF
protocol extension is defined and we will re-use several of the YANG
and XML objects defined in that document for RESTCONF. Please refer
to that document for additional context and example applications.
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT","SHOULD","SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. RESTCONF Extensions
A RESTCONF server MUST support the trace context _traceparent_ header
as defined in [W3C-Trace-Context].
A RESTCONF server SHOULD support the trace context _tracestate_
header as defined in [W3C-Trace-Context].
2.1. Error Handling
The RESTCONF server SHOULD follow the "Processing Model for Working
with Trace Context" as specified in [W3C-Trace-Context]. Based on
this processing model, it is NOT RECOMMENDED to reject an RPC because
of the trace context header values.
If the server still decides to reject the RPC because of the trace
context header values, the server MUST return a RESTCONF rpc-error
with the following values:
error-tag: operation-failed
error-type: protocol
error-severity: error
Additionally, the error-info tag MUST contain relevant details about
the error in the form of an sx:structure otlp-trace-context-error-
info defined in ietf-netconf-otlp-context.yang from
[I-D.draft-ietf-netconf-trace-ctx-extension-01].
2.2. Trace Context header versionning
This extension refers to the [W3C-Trace-Context] trace context
capability. The W3C _traceparent_ and _tracestate_ headers include
the notion of versions. It would be desirable for a RESTCONF client
to be able to discover the one or multiple versions of these headers
supported by a server. We would like to achieve this goal avoiding
the definition of new RESTCONF capabilities for each headers'
version.
[I-D.draft-ietf-netconf-trace-ctx-extension-01] defines a pair of
YANG modules that MUST be included in the YANG library per [RFC8525]
of the RESTCONF server supporting the RESTCONF Trace Context
extension that will refer to the headers' supported versions. Future
updates of this document could include additional YANG modules for
new headers' versions.
3. Security Considerations
There are two YANG modules specified in this document. These modules
are completely empty, and therefore have very limited security
considerations. Their purpose is only to indicate which trace
context header versions the server supports using YANG Library
[RFC8525].
Even though both YANG modules are empty, there are still some
security considerations worth mentioning, however. This is because
the functionality described in this document is in the form of
additional HTTP headers (which cannot be described using YANG)
relating to the network management protocol RESTCONF [RFC8040].
The _traceparent_ and _tracestate_ headers make it easier to track
the flow of requests and their downstream effect on other systems.
This is indeed the whole point with these headers. This knowledge
could also be of use to bad actors that are working to build a map of
the managed network.
All advice mentioned in the [W3C-Trace-Context] under the Privacy
Considerations and Security Considerations also apply to this
document.
The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement
secure transport is TLS [RFC8446].
The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF or
RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content.
4. IANA Considerations
This document has no IANA actions.
5. Acknowledgments
The authors would like to acknowledge the valuable implementation
feedback from Christian Rennerskog and Per Andersson. Many thanks to
Raul Rivas Felix, Alexander Stoklasa, Luca Relandini and Erwin
Vrolijk for their help with the demos regarding integrations. The
help and support from Jean Quilbeuf and Benoît Claise has also been
invaluable to this work.
6. References
6.1. Normative References
[I-D.draft-ietf-netconf-trace-ctx-extension-01]
Gagliano, R., Larsson, K., and J. Lindblad, "NETCONF
Extension to support Trace Context propagation", Work in
Progress, Internet-Draft, draft-ietf-netconf-trace-ctx-
extension-01, 8 July 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-netconf-
trace-ctx-extension-01>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/rfc/rfc8040>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/rfc/rfc8341>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/rfc/rfc8446>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", RFC 8525,
DOI 10.17487/RFC8525, March 2019,
<https://www.rfc-editor.org/rfc/rfc8525>.
[W3C-Trace-Context]
"W3C Recommendation on Trace Context", 23 November 2021,
<https://www.w3.org/TR/2021/REC-trace-context-
1-20211123/>.
6.2. Informative References
[RFC8309] Wu, Q., Liu, W., and A. Farrel, "Service Models
Explained", RFC 8309, DOI 10.17487/RFC8309, January 2018,
<https://www.rfc-editor.org/rfc/rfc8309>.
Appendix A. Example RESTCONF calls
All examples from [RFC8040] Appendix B could be recreated in this
seciton by adding the new header described in this document. We
selected one example from that document as reference.
A.1. Successful creation New Data Resources (from section B.2.1 in
[RFC8040])
To create a new "artist" resource within the "library" resource, the
client might send the following request:
POST /restconf/data/example-jukebox:jukebox/library HTTP/1.1
Host: example.com
Content-Type: application/yang-data+json
traceparent: 00-405062f633be64ee006089dfca95a153-e021f9e263aad8e2-01
tracestate: vendorname1=opaqueValue1,vendorname2=opaqueValue2
{
"example-jukebox:artist" : [
{
"name" : "Foo Fighters"
}
]
}
If the resource is created, the server might respond as follows:
HTTP/1.1 201 Created
Date: Thu, 26 Jan 2017 20:56:30 GMT
Server: example-server
Location: https://example.com/restconf/data/\
example-jukebox:jukebox/library/artist=Foo%20Fighters
Last-Modified: Thu, 26 Jan 2017 20:56:30 GMT
ETag: "b3830f23a4c"
traceparent: 00-405062f633be64ee006089dfca95a153-e021f9e263aad8e2-01
tracestate: vendorname1=opaqueValue1,vendorname2=opaqueValue2
A.2. Unsuccessful creation New Data Resources (from section B.2.1 in
[RFC8040])
[W3C-Trace-Context] specifies that vendor MAY validate the
_tracestate_ header and that invalid headers MAY be discarded. In
the section about Error handling (Section 2.1), it is stated that
servers MAY return an error. Let's assume that is our
implementation.
Example of a badly formated _tracestate_ header using [RFC8040]
example B.2.1, which by following :
POST /restconf/data/example-jukebox:jukebox/library HTTP/1.1
Host: example.com
Content-Type: application/yang-data+json
traceparent: 00-405062f633be64ee006089dfca95a153-e021f9e263aad8e2-01
tracestate: SomeBadFormatHere
{
"example-jukebox:artist" : [
{
"name" : "Foo Fighters"
}
]
}
And the expected error message:
HTTP/1.1 400 Bad Request
Date: Tue, 20 Jun 2023 20:56:30 GMT
Server: example-server
Content-Type: application/yang-data+json
{ "ietf-restconf:errors" : {
"error" : [
{
"error-type" : "protocol",
"error-tag" : "operation-failed",
"error-severity" : "error",
"error-message" :
"OTLP traceparent attribute incorrectly formatted",
"error-info": {
"ietf-netconf-otlp-context:meta-name" : "tracestate",
"ietf-netconf-otlp-context:meta-value" :
"SomeBadFormatHere",
"ietf-netconf-otlp-context:error-type" :
"ietf-netconf-otlp-context:bad-format"
}
}
]
}
}
Appendix B. Changes (to be deleted by RFC Editor)
B.1. From version 00 to -01
* Added Security considerations
* Added Acknowledgements
* Added several Normative references
* Added links to latest document on github
* Added RESTCONF example for success and error
* Modified Error Handling to reflect better W3C alignment based on
implementation feedback
* Firmed up error handling and YANG-library to MUST-requirements
B.2. From version 00 to draft-ietf-netconf-restconf-trace-ctx-
headers-00
* Adopted by NETCONF WG
* Moved repository to NETCONF WG
* Changed build system to use martinthomson's excellent framework
* Ran make fix-lint to remove white space at EOL etc.
* Added this change note. No other content changes
Authors' Addresses
Roque Gagliano
Cisco Systems
Avenue des Uttins 5
CH-1180 Rolle
Switzerland
Email: rogaglia@cisco.com
Kristian Larsson
Deutsche Telekom AG
Email: kll@dev.terastrm.net
Jan Lindblad
Cisco Systems
Email: jlindbla@cisco.com