-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdraft-ietf-netconf-subscribed-notifications-13.xml
2661 lines (2283 loc) · 146 KB
/
draft-ietf-netconf-subscribed-notifications-13.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="2"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" docName="draft-ietf-netconf-subscribed-notifications-13" ipr="trust200902">
<front>
<title abbrev="Subscribed Notifications">Customized Subscriptions to a Publisher's Event Streams</title>
<author fullname="Eric Voit" initials="E." surname="Voit">
<organization>Cisco Systems</organization>
<address>
<email>evoit@cisco.com</email>
</address>
</author>
<author fullname="Alexander Clemm" initials="A" surname="Clemm">
<organization>Huawei</organization>
<address>
<email>ludwig@clemm.org</email>
</address>
</author>
<author fullname="Alberto Gonzalez Prieto" initials="A"
surname="Gonzalez Prieto">
<organization>VMWare</organization>
<address>
<email>agonzalezpri@vmware.com</email>
</address>
</author>
<author fullname="Einar Nilsen-Nygaard" initials="E"
surname="Nilsen-Nygaard">
<organization>Cisco Systems</organization>
<address>
<email>einarnn@cisco.com</email>
</address>
</author>
<author fullname="Ambika Prasad Tripathy" initials="A" surname="Tripathy">
<organization>Cisco Systems</organization>
<address>
<email>ambtripa@cisco.com</email>
</address>
</author>
<date day="18" month="June" year="2018"/>
<area>Operations & Management</area>
<workgroup>NETCONF</workgroup>
<keyword>Draft</keyword>
<abstract>
<t>This document defines a YANG data model and associated mechanisms enabling subscriber-specific subscriptions to a publisher's event streams. Applying these elements allows a subscriber to request for and receive a continuous, custom feed of publisher generated information.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>This document defines a YANG data model and associated mechanisms enabling subscriber-specific subscriptions to a publisher's event streams. Effectively this enables a 'subscribe then publish' capability where the customized information needs and access permissions of each target receiver are understood by the publisher before subscribed event records are marshaled and pushed. The receiver then gets a continuous, custom feed of publisher generated information.</t>
<t>While the functionality defined in this document is transport-agnostic, transports like NETCONF <xref target="RFC6241"/> or RESTCONF <xref target="RFC8040"/> can be used to configure or dynamically signal subscriptions, and there are bindings defined for subscribed event record delivery for NETCONF within <xref target="I-D.draft-ietf-netconf-netconf-event-notifications"/>, and for HTTP2 or HTTP1.1 within <xref target="I-D.draft-ietf-netconf-restconf-notif"/>.</t>
<t>The YANG model in this document conforms to the Network Management Datastore Architecture defined in <xref target="RFC8342"/>.</t>
<section title="Motivation">
<t>Various limitations in <xref target="RFC5277"/> are discussed in <xref target="RFC7923"/>. Resolving these issues is the primary motivation for this work. Key capabilities supported by this document include:</t>
<t><list style="symbols">
<t>multiple subscriptions on a single transport session</t>
<t>support for dynamic and configured subscriptions</t>
<t>modification of an existing subscription in progress</t>
<t>per-subscription operational counters</t>
<t>negotiation of subscription parameters (through the use of hints returned as part of declined subscription requests)</t>
<t>subscription state change notifications (e.g., publisher driven suspension, parameter modification)</t>
<t>independence from transport</t>
</list></t>
</section>
<section title="Terminology">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t>
<t>Client: defined in <xref target="RFC8342"/>.</t>
<t>Configuration: defined in <xref target="RFC8342"/>.</t>
<t>Configuration datastore: defined in <xref target="RFC8342"/>.</t>
<t>Configured subscription: A subscription installed via configuration into a configuration datastore.</t>
<t>Dynamic subscription: A subscription created dynamically by a subscriber via a remote procedure call.</t>
<t>Event: An occurrence of something that may be of interest. Examples include a configuration change, a fault, a change in status, crossing a threshold, or an external input to the system.</t>
<t>Event occurrence time: a timestamp matching the time an originating process identified as when an event happened.</t>
<t>Event record: A set of information detailing an event.</t>
<t>Event stream: A continuous, chronologically ordered set of events aggregated under some context.</t>
<t>Event stream filter: Evaluation criteria which may be applied against event records within an event stream. Event records pass the filter when specified criteria are met.</t>
<t>Notification message: Information intended for a receiver indicating that one or more event(s) have occurred.</t>
<t>Publisher: An entity responsible for streaming notification messages per the terms of a subscription.</t>
<t>Receiver: A target to which a publisher pushes subscribed event records. For dynamic subscriptions, the receiver and subscriber are the same entity.</t>
<t>Subscriber: A client able to request and negotiate a contract for the generation and push of event records from a publisher. For dynamic subscriptions, the receiver and subscriber are the same entity.</t>
<t>Subscription: A contract with a publisher, stipulating which information one or more receivers wish to have pushed from the publisher without the need for further solicitation.</t>
<t>All YANG tree diagrams used in this document follow the notation defined in <xref target="I-D.ietf-netmod-yang-tree-diagrams"/>.</t>
</section>
<section title="Solution Overview" anchor="overview">
<t>This document describes a transport agnostic mechanism for subscribing to and receiving content from an event stream within a publisher. This mechanism is through the use of a subscription.</t>
<t>Two types of subscriptions are supported:</t>
<t><list style="numbers">
<t>Dynamic subscriptions, where a subscriber initiates a subscription negotiation with a publisher via an RPC. If the publisher is able to serve this request, it accepts it, and then starts pushing notification messages back to the subscriber. If the publisher is not able to serve it as requested, then an error response is returned. This response MAY include hints at subscription parameters that, had they been present, would have enabled the dynamic subscription request to be accepted.</t>
<t>Configured subscriptions, which allow the management of subscriptions via a configuration so that a publisher can send notification messages to a receiver of a configured subscription. Support for configured subscriptions is optional, with its availability advertised via a YANG feature.</t>
</list></t>
<t>Additional characteristics differentiating configured from dynamic subscriptions include:</t>
<t><list style="symbols">
<t>The lifetime of a dynamic subscription is bound by the transport session used to establish it. For connection-oriented stateful transports like NETCONF, the loss of the transport session will result in the immediate termination of any associated dynamic subscriptions. For connectionless or stateless transports like HTTP, a lack of receipt acknowledgment of a sequential set of notification messages and/or keep-alives can be used to trigger a termination of a dynamic subscription. Contrast this to the lifetime of a configured subscription. This lifetime is driven by relevant configuration being present within the publisher's applied configuration. Being tied to configuration operations implies configured subscriptions can be configured to persist across reboots, and implies a configured subscription can persist even when its publisher is fully disconnected from any network.</t>
<t>Configured subscriptions can be modified by any configuration client with write permission on the configuration of the subscription. Dynamic subscriptions can only be modified via an RPC request made by the original subscriber, or a change to configuration data referenced by the subscription.</t>
</list></t>
<t>Note that there is no mixing-and-matching of dynamic and configured operations on a single subscription. Specifically, a configured subscription cannot be modified or deleted using RPCs defined in this document. Similarly, a subscription established via RPC cannot be modified through configuration operations. Also note that transport specific transport drafts based on this specification MUST detail the life cycles of both dynamic and configured subscriptions.</t>
<t>A publisher MAY terminate a dynamic subscription at any time. Similarly, it MAY decide to temporarily suspend the sending of notification messages for any dynamic subscription, or for one or more receivers of a configured subscription. Such termination or suspension is driven by internal considerations of the publisher.</t>
</section>
<section title="Relationship to RFC-5277">
<t>This document is intended to provide a superset of the subscription capabilities initially defined within <xref target="RFC5277"/>. Especially when extending an existing <xref target="RFC5277"/> implementation, it is important to understand what has been reused and what has been replaced. Key relationships between these two documents include:
<list style="symbols">
<t>this document defines a transport independent capability, <xref target="RFC5277"/> is specific to NETCONF.</t>
<t>the data model in this document is used instead of the data model in Section 3.4 of <xref target="RFC5277"/> for the new operations.</t>
<t>the RPC operations in this draft replaces the operation "create-subscription" defined in <xref target="RFC5277"/>, section 4.</t>
<t>the <notification> message of <xref target="RFC5277"/>, Section 4 is used.</t>
<t>the included contents of the "NETCONF" event stream are identical between this document and <xref target="RFC5277"/>.</t>
<t>a publisher MAY implement both the Notification Management Schema and RPCs defined in <xref target="RFC5277"/> and this new document concurrently.</t>
<t>unlike <xref target="RFC5277"/>, this document enables a single transport session to intermix of notification messages and RPCs for different subscriptions.</t>
</list>
</t>
</section>
</section>
<section title="Solution">
<t>Per the overview provided in <xref target="overview"/>, this section details the overall context, state machines, and subsystems which may be assembled to allow the subscription of events from a publisher.</t>
<section title="Event Streams">
<t>An event stream is a named entity on a publisher which exposes a continuously updating set of event records. Each event stream is available for subscription. It is out of the scope of this document to identify a) how streams are defined (other than the NETCONF stream), b) how event records are defined/generated, and c) how event records are assigned to streams.</t>
<t>There is only one reserved event stream name within this document: "NETCONF". The "NETCONF" event stream contains all NETCONF XML event record information supported by the publisher, except for the subscription state notifications described in <xref target="state_notif"/>. Among these included NETCONF XML event records are individual YANG 1.1 notifications described in section 7.16 of <xref target="RFC7950"/>. Each of these YANG 1.1 notifications will be treated as a distinct event record. Beyond the "NETCONF" stream, implementations MAY define additional event streams.</t>
<t>As event records are created by a system, they may be assigned to one or more streams. The event record is distributed to a subscription's receiver(s) where: (1) a subscription includes the identified stream, and (2) subscription filtering does not exclude the event record from that receiver.</t>
<t>Access control permissions may be used to silently exclude event records from within an event stream for which the receiver has no read access. As an example of how this might be accomplished, see <xref target="RFC8341"/> section 3.4.6. Note that per <xref target="state_notif"/> of this document, subscription state change notifications are never filtered out.</t>
<t>If no access control permissions are in place for event records on an event stream, then a receiver MUST be allowed access to all the event records. If subscriber permissions change during the lifecycle of a subscription and event stream access is no longer permitted, then the subscription MUST be terminated.</t>
<t>Event records MUST NOT be delivered to a receiver in a different order than they were placed onto an event stream.</t>
</section>
<section title="Event Stream Filters">
<t>This document defines an extensible filtering mechanism. The filter itself is a boolean test which is placed on the content of an event record. A 'false' filtering result causes the event message to be excluded from delivery to a receiver. A filter never results in information being stripped from within an event record prior to that event record being encapsulated within a notification message. The two optional event stream filtering syntaxes supported are <xref target="XPATH"/> and subtree <xref target="RFC6241"/>.</t>
<t>If no event stream filter is provided within a subscription, all event records on an event stream are to be sent.</t>
</section>
<section title="QoS">
<t>This document provide for several QoS parameters. These parameters indicate the treatment of a subscription relative to other traffic between publisher and receiver. Included are:
<list style="symbols">
<t>A "dscp" marking to differentiate prioritization of notification messages during network transit.</t>
<t>A "weighting" so that bandwidth proportional to this weighting can be allocated to this subscription relative to other subscriptions destined for that receiver.</t>
<t>a "dependency" upon another subscription. </t>
</list>
</t>
<t>If the publisher supports the "dscp" feature, then a subscription with a "dscp" leaf MUST result in a corresponding <xref target="RFC2474"/> DSCP marking being placed within the IP header of any resulting notification messages and subscription state change notifications.</t>
<t>For the "weighting" parameter, when concurrently dequeuing notification messages from multiple subscriptions to a receiver, the publisher MUST allocate bandwidth to each subscription proportionally to the weights assigned to those subscriptions. "Weighting" is an optional capability of the publisher; support for it is identified via the "qos" feature.</t>
<t>If a subscription has the "dependency" parameter set, then any buffered notification messages containing event records selected by the parent subscription MUST be dequeued prior to the notification messages of the dependent subscription. If notification messages have dependencies on each other, the notification message queued the longest MUST go first. If a "dependency" included within an RPC references a subscription which does not exist or is no longer accessible to that subscriber, that "dependency" MUST be silently removed. "Dependency" is an optional capability of the publisher; support for it is identified via the "qos" feature.</t>
</section>
<section title="Dynamic Subscriptions" anchor="dynamic_subs">
<t>Dynamic subscriptions are managed via protocol operations (in the form of <xref target="RFC7950"/>, Section 7.14 RPCs) made against targets located within the publisher. These RPCs have been designed extensibly so that they may be augmented for subscription targets beyond event streams. For examples of such augmentations, see the RPC augmentations within <xref target="I-D.ietf-netconf-yang-push"/>'s YANG model.</t>
<section title="Dynamic Subscription State Model">
<t>Below is the publisher's state machine for a dynamic subscription. Each state is shown in its own box. It is important to note that such a subscription doesn't exist at the publisher until an "establish-subscription" RPC is accepted. The mere request by a subscriber to establish a subscription is insufficient for that subscription to be externally visible. Start and end states are depicted to reflect subscription creation and deletion events.</t>
<figure align="center" title="Publisher's state for a dynamic subscription" anchor="dynamic_state">
<artwork align="left"><![CDATA[
.........
: start :
:.......:
|
establish-subscription
|
| .-------modify-subscription--------.
v v |
.-----------. .-----------.
.--------. | receiver |--insufficient CPU, b/w-->| receiver |
modify- '| active | | suspended |
subscription | |<----CPU, b/w sufficient--| |
---------->'-----------' '-----------'
| |
delete/kill-subscription delete/kill-
| subscription
v |
......... |
: end :<---------------------------------'
:.......:
]]></artwork> </figure>
<t>Of interest in this state machine are the following:
<list style="symbols">
<t>Successful "establish-subscription" or "modify-subscription" RPCs put the subscription into the active state.</t>
<t>Failed "modify-subscription" RPCs will leave the subscription in its previous state, with no visible change to any streaming updates.</t>
<t>A delete or kill RPC will end the subscription, as will the reaching of a "stop-time".</t>
<t>A publisher may choose to suspend a subscription when there is insufficient CPU or bandwidth available to service the subscription. This is notified to a subscriber with a "subscription-suspended" state change notification.</t>
<t>A suspended subscription may be modified by the subscriber (for example in an attempt to use fewer resources). Successful modification returns the subscription to an active state.</t>
<t>Even without a "modify-subscription" request, a publisher may return a subscription to the active state should the resource constraints become sufficient again. This is announced to the subscriber via the "subscription-resumed" subscription state change notification.</t>
</list></t>
</section>
<section title="Establishing a Dynamic Subscription" anchor="sec_establish_subs">
<t>The "establish-subscription" RPC allows a subscriber to request the creation of a subscription. The transport selected by the subscriber to reach the publisher MUST be able to support multiple "establish-subscription" requests made within the same transport session.</t>
<t>The input parameters of the operation are:
<list style="symbols">
<t>A "stream" name which identifies the targeted event stream against which the subscription is applied.</t>
<t>An event stream filter which may reduce the set of event records pushed.</t>
<t>Where the transport used by the RPC supports multiple encodings, an optional "encoding" for the event records pushed. Note: If no "encoding" is included, the encoding of the RPC MUST be used.</t>
<t>An optional "stop-time" for the subscription. If no "stop-time" is present, notification messages will continue to be sent until the subscription is terminated.</t>
<t>An optional "start-time" for the subscription. The "start-time" MUST be in the past and indicates that the subscription is requesting a replay of previously generated information from the event stream. For more on replay, see <xref target="replay_subs"/>. Where there is no "start-time", the subscription starts immediately.</t>
</list>
</t>
<t>If the publisher can satisfy the "establish-subscription" request, it replies with an identifier for the subscription, and then immediately starts streaming notification messages. </t>
<t>Below is a tree diagram for "establish-subscription". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="establish-subscription RPC tree diagram"
anchor="establish-subscription-RPC">
<artwork align="left"><![CDATA[
+---x establish-subscription
+---w input
| +---w (target)
| | +--:(stream)
| | +---w (stream-filter)?
| | | +--:(by-reference)
| | | | +---w stream-filter-ref
| | | | stream-filter-ref
| | | +--:(within-subscription)
| | | +---w (filter-spec)?
| | | +--:(stream-subtree-filter)
| | | | +---w stream-subtree-filter? <anydata>
| | | | {subtree}?
| | | +--:(stream-xpath-filter)
| | | +---w stream-xpath-filter?
| | | yang:xpath1.0 {xpath}?
| | +---w stream stream-ref
| | +---w replay-start-time? yang:date-and-time
| | {replay}?
| +---w stop-time? yang:date-and-time
| +---w dscp? inet:dscp {dscp}?
| +---w weighting? uint8 {qos}?
| +---w dependency? subscription-id {qos}?
| +---w encoding? encoding
+--ro output
+--ro identifier subscription-id
+--ro replay-start-time-revision? yang:date-and-time
{replay}?
]]></artwork>
</figure>
<t>A publisher MAY reject the "establish-subscription" RPC for many reasons as described in <xref target="rpc_errors"/>. The contents of the resulting RPC error response MAY include details on input parameters which if considered in a subsequent "establish-subscription" RPC, may result in a successful subscription establishment. Any such hints MUST be transported within a yang-data "establish-subscription-stream-error-info" container included within the RPC error response.</t>
<figure align="left" title="establish-subscription RPC yang-data tree diagram"
anchor="establish-subscription-RPC-yang-data">
<artwork align="left"><![CDATA[
yang-data establish-subscription-stream-error-info
+--ro establish-subscription-stream-error-info
+--ro reason? identityref
+--ro filter-failure-hint? string
]]></artwork>
</figure>
<section title="Requesting a replay of event records" anchor="replay_subs">
<t>Replay provides the ability to establish a subscription which is also capable of passing recently generated event records. In other words, as the subscription initializes itself, it sends any previously generated content from within the target event stream which meets the filter and timeframe criteria. The end of these historical event records is identified via a "replay-completed" state change notification. Any event records generated since the subscription establishment may then follow. For a particular subscription, all event records will be delivered in the order they are placed into the stream.</t>
<t>Replay is an optional feature which is dependent on an event stream supporting some form of logging. This document puts no restrictions on the size or form of the log, where it resides within the publisher, or when event record entries in the log are purged.</t>
<t>The inclusion of a "replay-start-time" within an "establish-subscription" RPC indicates a replay request. If the "replay-start-time" contains a value that is earlier than what a publisher's retained history supports, then if the subscription is accepted, the actual publisher's revised start time MUST be set in the returned "replay-start-time-revision" object.</t>
<t>A "stop-time" parameter may be included in a replay subscription. For a replay subscription, the "stop-time" MAY be earlier than the current time, but MUST be later than the "replay-start-time".</t>
<t>If the time the replay starts is later than the time marked within any event records retained within the replay buffer, then the publisher MUST send a "replay-completed" notification immediately after a successful establish-subscription RPC response.</t>
<t>If an event stream supports replay, the "replay-support" leaf is present in the "/streams/stream" list entry for the stream. An event stream that does support replay is not expected to have an unlimited supply of saved notifications available to accommodate any given replay request. To assess the timeframe available for replay, subscribers can read the leafs "replay-log-creation-time" and "replay-log-aged-time". See <xref target="stream-tree"/> for the YANG tree, and <xref target="data_model"/> for the YANG model describing these elements. The actual size of the replay log at any given time is a publisher specific matter. Control parameters for the replay log are outside the scope of this document.</t>
</section>
</section>
<section title="Modifying a Dynamic Subscription">
<t>The "modify-subscription" operation permits changing the terms of an existing dynamic subscription. Dynamic subscriptions can be modified any number of times. If the publisher accepts the requested modifications, it acknowledges success to the subscriber, then immediately starts sending event records based on the new terms.</t>
<t>Subscriptions created by configuration cannot be modified via this RPC. However configuration may be used to modify objects referenced by the subscription (such as a referenced filter).</t>
<t>Below is a tree diagram for "modify-subscription". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="modify-subscription RPC tree diagram"
anchor="modify-subscription-RPC">
<artwork align="left"><![CDATA[
+---x modify-subscription
+---w input
+---w identifier subscription-id
+---w (target)
| +--:(stream)
| +---w (stream-filter)?
| +--:(by-reference)
| | +---w stream-filter-ref
| | stream-filter-ref
| +--:(within-subscription)
| +---w (filter-spec)?
| +--:(stream-subtree-filter)
| | +---w stream-subtree-filter? <anydata>
| | {subtree}?
| +--:(stream-xpath-filter)
| +---w stream-xpath-filter?
| yang:xpath1.0 {xpath}?
+---w stop-time? yang:date-and-time
]]></artwork>
</figure>
<t>If the publisher accepts the requested modifications on a currently suspended subscription, the subscription will immediately be resumed (i.e., the modified subscription is returned to the active state.) The publisher MAY immediately suspend this newly modified subscription through the "subscription-suspended" notification before any event records are sent.</t>
<t>If the publisher rejects the RPC request, the subscription remains as prior to the request. That is, the request has no impact whatsoever. Rejection of the RPC for any reason is indicated by via RPC error as described in <xref target="rpc_errors"/>. The contents of such a rejected RPC MAY include hints on inputs which (if considered) may result in a successfully modified subscription. These hints MUST be transported within a yang-data "modify-subscription-stream-error-info" container inserted into the RPC error response.</t>
<t>Below is a tree diagram for "modify-subscription-RPC-yang-data". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="modify-subscription RPC yang-data tree diagram"
anchor="modify-subscription-RPC-yang-data">
<artwork align="left"><![CDATA[
yang-data modify-subscription-stream-error-info
+--ro modify-subscription-stream-error-info
+--ro reason? identityref
+--ro filter-failure-hint? string
]]></artwork>
</figure>
</section>
<section title="Deleting a Dynamic Subscription">
<t>The "delete-subscription" operation permits canceling an existing subscription. If the publisher accepts the request, and the publisher has indicated success, the publisher MUST NOT send any more notification messages for this subscription. If the delete request matches a known subscription established on the same transport session, then it MUST be deleted; otherwise it MUST be rejected with no changes to the publisher.</t>
<t>Below is a tree diagram for "delete-subscription". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="delete-subscription RPC tree diagram"
anchor="delete-subscription-RPC">
<artwork align="left"><![CDATA[
+---x delete-subscription
+---w input
+---w identifier subscription-id
]]></artwork>
</figure>
<t>Dynamic subscriptions can only be deleted via this RPC using the same transport session previously used for subscription establishment. Configured subscriptions cannot be deleted using RPCs.</t>
</section>
<section title="Killing a Dynamic Subscription">
<t>The "kill-subscription" operation permits an operator to end a dynamic subscription which is not associated with the transport session used for the RPC. A publisher MUST terminate any dynamic subscription identified by RPC request. An operator may find subscription identifiers which may be used with "kill-subscription" by searching for the IP address of a receiver within "/subscriptions/subscription/receivers/receiver/address".</t>
<t>Configured subscriptions cannot be killed using this RPC. Instead, configured subscriptions are deleted as part of regular configuration operations. Publishers MUST reject any RPC attempt to kill a configured subscription.</t>
<t>Below is a tree diagram for "kill-subscription". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="kill-subscription RPC tree diagram"
anchor="kill-subscription-RPC">
<artwork align="left"><![CDATA[
+---x kill-subscription
+---w input
+---w identifier subscription-id
]]></artwork>
</figure>
</section>
<section title="RPC Failures" anchor="rpc_errors">
<t>Whenever an RPC is unsuccessful, the publisher returns relevant information as part of the RPC error response. Transport level error processing MUST be done before RPC error processing described in this section. In all cases, RPC error information returned will use existing transport layer RPC structures, such as those seen with NETCONF in <xref target="RFC6241"/> Appendix A, or with RESTCONF in <xref target="RFC8040"/> Section 7.1. These structures MUST be able to encode subscription specific errors identified below and defined within this document's YANG model. </t>
<t>As a result of this mixture, how subscription errors are encoded within an RPC error response is transport dependent. Following are valid errors which can occur for each RPC:</t>
<figure>
<artwork align="left"><![CDATA[
establish-subscription modify-subscription
---------------------- -------------------
dscp-unavailable filter-unsupported
encoding-unsupported insufficient-resources
filter-unsupported no-such-subscription
history-unavailable
insufficient-resources
replay-unsupported
delete-subscription kill-subscription
---------------------- ----------------------
no-such-subscription no-such-subscription
]]></artwork>
</figure>
<t>To see a NETCONF based example of an error response from above, see <xref target="I-D.draft-ietf-netconf-netconf-event-notifications"/>, Figure 10.</t>
<t>There is one final set of transport independent RPC error elements included in the YANG model. These are the following three yang-data structures for failed event stream subscriptions:
<list style="numbers">
<t>"establish-subscription-stream-error-info": This MUST be returned if an RPC error reason has not been placed elsewhere within the transport portion of a failed "establish-subscription" RPC response. This MUST be sent if hints on how to overcome the RPC error are included.</t>
<t>"modify-subscription-stream-error-info": This MUST be returned if an RPC error reason has not been placed elsewhere within the transport portion of a failed "modify-subscription" RPC response. This MUST be sent if hints on how to overcome the RPC error are included.</t>
<t>"delete-subscription-error-info": This MUST be returned if an RPC error reason has not been placed elsewhere within the transport portion of a failed "delete-subscription" or "kill-subscription" RPC response.</t>
</list></t>
</section>
</section>
<section title="Configured Subscriptions">
<t>A configured subscription is a subscription installed via configuration. Configured subscriptions may be modified by any configuration client with the proper permissions. Subscriptions can be modified or terminated via configuration at any point of their lifetime.</t>
<t>Configured subscriptions have several characteristics distinguishing them from dynamic subscriptions:
<list style="symbols">
<t>persistence across publisher reboots,</t>
<t>persistence even when transport is unavailable, and</t>
<t>an ability to send notification messages to more than one receiver (note that receivers are unaware of the existence of any other receivers.)</t>
</list>
</t>
<t>On the publisher, supporting configured subscriptions is optional and advertised using the "configured" feature. On a receiver of a configured subscription, support for dynamic subscriptions is optional except where replaying missed event records is required.</t>
<t>In addition to the subscription parameters available to dynamic subscriptions described in <xref target="sec_establish_subs"/>, the following additional parameters are also available to configured subscriptions:
<list style="symbols">
<t>A "transport" which identifies the transport protocol to use to connect with all subscription receivers.</t>
<t>One or more receivers, each with an "address", where each address is intended as the destination for event records.</t>
<t>Optional parameters to identify where traffic should egress a publisher:
<list style="symbols">
<t>A "source-interface" which identifies the egress interface to use from the publisher. Publisher support for this is optional and advertised using the "interface-designation" feature.</t>
<t>A "source-address" address, which identifies the IP address to stamp on notification messages destined for the receiver.</t>
<t>A "source-vrf" which identifies the VRF on which to reach receivers. This VRF is a network instance as defined within <xref target="I-D.draft-ietf-rtgwg-ni-model"/>. Publisher support for VRFs is optional and advertised using the "supports-vrf" feature.</t>
</list>
If none of the above parameters are set, notification messages MUST egress the publisher's default interface.</t>
</list></t>
<t>A tree diagram describing these parameters is shown in <xref target="subscriptions-container"/> within <xref target="subscriptions-container-section"/>. All parameters are described within the YANG model in <xref target="data_model"/>.</t>
<section title="Configured Subscription State Model">
<t>Below is the state machine for a configured subscription on the publisher. This state machine describes the three states (valid, invalid, and concluded), as well as the transitions between these states. Start and end states are depicted to reflect configured subscription creation and deletion events. The creation or modification of a configured subscription initiates an evaluation by the publisher to determine if the subscription is in valid or invalid states. The publisher uses its own criteria in making this determination. If in the valid state, the subscription becomes operational. See (1) in the diagram below.</t>
<figure align="center"
title="Publisher state model for a configured subscription" anchor="config_state_model">
<artwork align="left"><![CDATA[
.........
: start :-.
:.......: |
create .---modify-----.----------------------------------.
| | | |
V V .-------. ....... .---------.
.----[evaluate]--no--->|invalid|-delete->: end :<-delete-|concluded|
| '-------' :.....: '---------'
|-[evaluate]--no-(2). ^ ^ ^
| ^ | | | |
yes | '->unsupportable delete stop-time
| modify (subscription- (subscription- (subscription-
| | terminated*) terminated*) concluded*)
| | | | |
(1) | (3) (4) (5)
| .---------------------------------------------------------------.
'-->| valid |
'---------------------------------------------------------------'
Legend:
dotted boxes: subscription added or removed via configuration
dashed boxes: states for a subscription
[evaluate]: decision point on whether the subscription is supportable
(*): resulting subscription state change notification
]]></artwork>
</figure>
<t>A subscription in the valid state may move to the invalid state in one of two ways. First, it may be modified in a way which fails a re-evaluation. See (2) in the diagram. Second, the publisher might determine that the subscription is no longer supportable. This could be for reasons of an unexpected but sustained increase in an event stream's event records, degraded CPU capacity, a more complex referenced filter, or other higher priority subscriptions which have usurped resources. See (3) in the diagram. No matter the case, a "subscription-terminated" notification is sent to any receivers in an active or suspended state. A subscription in the valid state may also transition to the concluded state via (5) if a configured stop time has been reached. In this case, a "subscription-concluded" notification is sent to any receivers in active or suspended states. Finally, a subscription may be deleted by configuration (4).</t>
<t>When a subscription is in the valid state, a publisher will attempt to connect with all receivers of a configured subscription and deliver notification messages. Below is the state machine for each receiver of a configured subscription. This receiver state machine is fully contained within the state machine of the configured subscription, and is only relevant when the configured subscription is in the valid state.</t>
<figure align="center"
title="Receiver state for a configured subscription on a Publisher" anchor="configured_recvr_state_model">
<artwork align="left"><![CDATA[
.-----------------------------------------------------------------.
| valid |
| .----------. .--------. |
| | receiver |---timeout---------------->|receiver| |
| |connecting|<----------------reset--(c)|timeout | |
| | |<-transport '--------' |
| '----------' loss,reset------------------------------. |
| (a) | | |
| subscription- (b) (b) |
| started* .--------. .---------. |
| '----->| |(d)-insufficient CPU,------->| | |
| |receiver| buffer overflow |receiver | |
| subscription-| active | |suspended| |
| modified* | |<----CPU, b/w sufficient,-(e)| | |
| '---->'--------' subscription-modified* '---------' |
'-----------------------------------------------------------------'
Legend:
dashed boxes which include the word 'receiver' show the possible
states for an individual receiver of a valid configured subscription.
* indicates a state change notification
]]></artwork>
</figure>
<t>When a configured subscription first moves to the valid state, the "state" leaf of each receiver is initialized to "connecting". If transport connectivity is not available to any receiver and there are any notification messages to deliver, a transport session is established (e.g., through <xref target="RFC8071"/>). Individual receivers are moved to the active state when a "subscription-started" state change notification is successfully passed to that receiver (a). Event records are only sent to active receivers. Receivers of a configured subscription remain active if both transport connectivity can be verified to the receiver, and event records are not being dropped due to a publisher buffer overflow. The result is that a receiver will remain active on the publisher as long as events aren't being lost, or the receiver cannot be reached. In addition, a configured subscription's receiver MUST be moved to connecting if transport connectivity cannot be achieved, or if the receiver is reset via the "reset" action (b), (c). For more on reset, see <xref target="reset"/>.</t>
<t>A configured subscription's receiver MUST be moved to the suspended state if there is transport connectivity between the publisher and receiver, but notification messages are failing to be delivered due to publisher buffer overflow, or notification messages are not able to be generated for that receiver due to insufficient CPU (d). This is indicated to the receiver by the "subscription-suspended" state change notification.</t>
<t>A configured subscription receiver MUST be returned to the active state from the suspended state when notification messages are able to be generated, bandwidth is sufficient to handle the notification messages, and a receiver has successfully been sent a "subscription-resumed" or "subscription-modified" state change notification (e). The choice as to which of these two state change notifications is sent is determined by whether the subscription was modified during the period of suspension.</t>
<t>Modification of a configured subscription is possible at any time. A "subscription-modified" state change notification will be sent to all active receivers, immediately followed by notification messages conforming to the new parameters. Suspended receivers will also be informed of the modification. However this notification will await the end of the suspension for that receiver (e).</t>
<t>The mechanisms described above are mirrored in the RPCs and notifications within the document. It should be noted that these RPCs and notifications have been designed to be extensible and allow subscriptions into targets other than event streams. For instance, the YANG module defined in Section 5 of <xref target="I-D.ietf-netconf-yang-push"/> augments "/sn:modify-subscription/sn:input/sn:target".</t>
</section>
<section title="Creating a Configured Subscription" anchor="sec_create_config_subs">
<t>Configured subscriptions are established using configuration operations against the top-level "subscriptions" subtree.</t>
<t>Because there is no explicit association with an existing transport session, configuration operations require additional parameters beyond those of dynamic subscriptions to indicate receivers, and possibly whether the notification messages need to come from a specific egress interface on the publisher.</t>
<t>After a subscription is successfully established, the publisher immediately sends a "subscription-started" state change notification to each receiver. It is quite possible that upon configuration, reboot, or even steady-state operations, a transport session may not be currently available to the receiver. In this case, when there is something to transport for an active subscription, transport specific call-home operations will be used to establish the connection. When transport connectivity is available, notification messages may then be pushed.</t>
<t>With active configured subscriptions, it is allowable to buffer event records even after a "subscription-started" has been sent. However if events are lost (rather than just delayed) due to replay buffer overflow, a new "subscription-started" must be sent. This new "subscription-started" indicates an event record discontinuity.</t>
<t>To see an example of subscription creation using configuration operations over NETCONF, see Appendix A of <xref target="I-D.draft-ietf-netconf-netconf-event-notifications"/>.</t>
<t>Note that is possible to configure replay on a configured subscription. This capability is to allow a configured subscription to exist on a system so that event records generated during boot can be buffered and pushed as soon as the transport session is established.</t>
</section>
<section title="Modifying a Configured Subscription">
<t>Configured subscriptions can be modified using configuration operations against the top-level "subscriptions" subtree.</t>
<t>If the modification involves adding receivers, added receivers are placed in the connecting state. If a receiver is removed, the state change notification "subscription-terminated" is sent to that receiver if that receiver is active or suspended.</t>
<t>If the modification involves changing the policies for the subscription, the publisher sends to currently active receivers a "subscription-modified" notification. For any suspended receivers, a "subscription-modified" notification will be delayed until the receiver is resumed. (Note: in this case, the "subscription-modified" notification informs the receiver that the subscription has been resumed, so no additional "subscription-resumed" need be sent. Also note that if multiple modifications have occurred during the suspension, only the latest one need be sent to the receiver.)</t>
</section>
<section title="Deleting a Configured Subscription">
<t>Subscriptions can be deleted through configuration against the top-level "subscriptions" subtree.</t>
<t>Immediately after a subscription is successfully deleted, the publisher sends to all receivers of that subscription a state change notification stating the subscription has ended (i.e., "subscription-terminated").</t>
</section>
<section title="Resetting a Configured Subscription Receiver" anchor="reset">
<t>It is possible that a configured subscription to a receiver needs to be reset. This is accomplished via the "reset" action within the YANG model at "/subscriptions/subscription/receivers/receiver/reset". This re-initialization may be useful in cases where a publisher has timed out trying to reach a receiver. When such a reset occurs, a transport session will be initiated if necessary, and a new "subscription-started" notification will be sent. This action does not have any effect on transport connectivity if the needed connectivity already exists.</t>
</section>
<section title="Replay for a Configured Subscription" anchor="replay_conf">
<t>It is possible to place a start time on a configured subscription. This enables streaming of logged information immediately after restart.</t>
<t>Replay of events records created since restart can be quite useful. This allows event records generated before transport connectivity was supportable by a publisher to be passed to a receiver. In addition, event records logged before restart are not sent. This avoids the potential for accidental event record duplication. Such duplication might otherwise be likely as a configured subscription's identifier before and after the reboot is the same, and there may be not be evidence to a receiver that a restart has occurred. By establishing restart as the earliest potential time for event records to be included in notification messages, a well-understood timeframe for replay is defined.</t>
<t>Therefore, when any such configured subscription receivers become active, buffered event records (if any) will be sent immediately after the "subscription-started" notification. The leading event record sent will be the first event record subsequent to the latest of four different times: the "replay-log-creation-time", "replay-log-aged-time", "replay-start-time", or the most recent publisher boot time. The "replay-log-creation-time" and "replay-log-aged-time" are discussed in <xref target="replay_subs"/>, and "replay-start-time" in <xref target="sub-start-sec"/>. The most recent publisher boot time ensures that duplicate event records are not replayed from a previous time the publisher was booted.</t>
<t>It is quite possible that a receiver might want to retrieve event records from a stream prior to the latest boot. If such records exist, on a configured replay, the publisher MUST send the time of the event record immediately preceding the "replay-start-time" within the "replay-previous-event-time" leaf. With the "replay-previous-event-time", the receiver will know that earlier events exist, and if it was previously receiving event records with the same subscription id, it can determine if there was a timegap where records generated on the publisher were not successully received. With this information, the receiver can dynamically subscribe to the stream to retrieve any event records placed into the stream before the most recent boot time.</t>
<t>All other replay functionality remains the same as with dynamic subscriptions as described in <xref target="replay_subs"/>.</t>
</section>
</section>
<section title="Event Record Delivery">
<t>Whether dynamic or configured, once a subscription has been set up, the publisher streams event records via notification messages per the terms of the subscription. For dynamic subscriptions, notification messages are sent over the session used to establish the subscription. For configured subscriptions, notification messages are sent over the connections specified by the transport and each receiver of a configured subscription.</t>
<t>A notification message is sent to a receiver when an event record is not blocked by either the specified filter criteria or receiver permissions. This notification message MUST be encoded in a <notification> message as defined within <xref target="RFC5277"/>, Section 4. And per <xref target="RFC5277"/>'s "eventTime" object definition, the "eventTime" is populated with the event occurrence time.</t>
<t>The following example within <xref target="RFC7950"/> section 7.16.3 is an example of a compliant message:</t>
<figure align="center" anchor="simple-data-plane-notif" title="subscribed notification message">
<artwork align="left"><![CDATA[
<notification
xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<eventTime>2007-09-01T10:00:00Z</eventTime>
<link-failure xmlns="http://acme.example.com/system">
<if-name>so-1/2/3.0</if-name>
<if-admin-status>up</if-admin-status>
<if-oper-status>down</if-oper-status>
</link-failure>
</notification>
]]></artwork>
</figure>
<t>When a dynamic subscription has been started or modified, with "establish-subscription" or "modify-subscription" respectively, event records matching the newly applied filter criteria MUST NOT be sent until after the RPC reply has been sent.</t>
<t>When a configured subscription has been started or modified, event records matching the newly applied filter criteria MUST NOT be sent until after the "subscription-started" or "subscription-modified" notifications has been sent, respectively.</t>
</section>
<section title="Subscription State Notifications" anchor="state_notif">
<t>In addition to sending event records to receivers, a publisher MUST also send subscription state notifications when events related to subscription management have occurred.</t>
<t>Subscription state notifications are unlike other notifications in that they are never included in any stream. Instead, they are inserted (as defined in this section) within the sequence of notification messages sent to a particular receiver. Subscription state notifications cannot be filtered out, they cannot be stored in replay buffers, and they are delivered only to impacted receivers of a subscription. The identification of subscription state notifications is easy to separate from other notification messages through the use of the YANG extension "subscription-state-notif". This extension tags a notification as a subscription state notification. </t>
<t>The complete set of subscription state notifications is described in the following subsections.</t>
<section title="subscription-started" anchor="sub-start-sec">
<t>This notification indicates that a configured subscription has started, and event records may be sent. Included in this state change notification are all the parameters of the subscription, except for the receiver(s) addressing information and origin information indicating where notification messages will egress the publisher. Note that if a referenced filter from the "filters" container has been used within the subscription, the notification still provides the contents of that referenced filter under the "within-subscription" subtree.</t>
<t>Note that for dynamic subscriptions, no "subscription-started" notifications are ever sent.</t>
<t>Below is a tree diagram for "subscription-started". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="subscription-started notification tree diagram"
anchor="subscription-started-notification">
<artwork align="left"><![CDATA[
+---n subscription-started {configured}?
+--ro identifier
| subscription-id
+--ro (target)
| +--:(stream)
| +--ro (stream-filter)?
| | +--:(by-reference)
| | | +--ro stream-filter-ref
| | | stream-filter-ref
| | +--:(within-subscription)
| | +--ro (filter-spec)?
| | +--:(stream-subtree-filter)
| | | +--ro stream-subtree-filter? <anydata>
| | | {subtree}?
| | +--:(stream-xpath-filter)
| | +--ro stream-xpath-filter? yang:xpath1.0
| | {xpath}?
| +--ro stream stream-ref
| +--ro replay-start-time?
| | yang:date-and-time {replay}?
| +--ro replay-previous-event-time?
| yang:date-and-time {replay}?
+--ro stop-time?
| yang:date-and-time
+--ro dscp? inet:dscp
| {dscp}?
+--ro weighting? uint8 {qos}?
+--ro dependency?
| subscription-id {qos}?
+--ro transport transport
| {configured}?
+--ro encoding? encoding
+--ro purpose? string
{configured}?
]]></artwork>
</figure>
</section>
<section title="subscription-modified">
<t>This notification indicates that a subscription has been modified by configuration operations. It is delivered directly after the last event records processed using the previous subscription parameters, and before any event records processed after the modification. </t>
<t>Below is a tree diagram for "subscription-modified". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="subscription-modified notification tree diagram"
anchor="subscription-modified-notification">
<artwork align="left"><![CDATA[
+---n subscription-modified
+--ro identifier subscription-id
+--ro (target)
| +--:(stream)
| +--ro (stream-filter)?
| | +--:(by-reference)
| | | +--ro stream-filter-ref stream-filter-ref
| | +--:(within-subscription)
| | +--ro (filter-spec)?
| | +--:(stream-subtree-filter)
| | | +--ro stream-subtree-filter? <anydata>
| | | {subtree}?
| | +--:(stream-xpath-filter)
| | +--ro stream-xpath-filter? yang:xpath1.0
| | {xpath}?
| +--ro stream stream-ref
| +--ro replay-start-time? yang:date-and-time
| {replay}?
+--ro stop-time? yang:date-and-time
+--ro dscp? inet:dscp {dscp}?
+--ro weighting? uint8 {qos}?
+--ro dependency? subscription-id {qos}?
+--ro transport transport {configured}?
+--ro encoding? encoding
+--ro purpose? string {configured}?
]]></artwork>
</figure>
<t>A publisher most often sends this notification directly after the modification of any configuration parameters impacting a configured subscription. But it may also be sent at two other times:
<list style="numbers">
<t>Where a configured subscription has been modified during the suspension of a receiver, the notification will be delayed until the receiver's suspension is lifted. In this situation, the notification indicates that the subscription has been both modified and resumed.</t>
<t>While this state change will most commonly be used with configured subscriptions, with dynamic subscriptions, there is also one time this notification will be sent. A "subscription-modified" state change notification MUST be sent if the contents of the filter identified by the subscription's "stream-filter-ref" leaf has changed.</t>
</list></t>
</section>
<section title="subscription-terminated">
<t>This notification indicates that no further event records for this subscription should be expected from the publisher. A publisher may terminate the sending event records to a receiver for the following reasons:
<list style="numbers">
<t>Configuration which removes a configured subscription, or a "kill-subscription" RPC which ends a dynamic subscription. These are identified via the reason "no-such-subscription".</t>
<t>A referenced filter is no longer accessible. This is identified by "filter-unavailable".</t>
<t>The event stream referenced by a subscription is no longer accessible by the receiver. This is identified by "stream-unavailable".</t>
<t>A suspended subscription has exceeded some timeout. This is identified by "suspension-timeout".</t>
</list></t>
<t>Each of the reasons above correspond one-to-one with a "reason" identityref specified within the YANG model.</t>
<t>Below is a tree diagram for "subscription-terminated". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="subscription-terminated notification tree diagram"
anchor="subscription-terminated-notification">
<artwork align="left"><![CDATA[
+---n subscription-terminated
+--ro identifier subscription-id
+--ro reason identityref
]]></artwork>
</figure>
<t>Note: this state change notification MUST be sent to a dynamic subscription's receiver when the subscription ends unexpectedly. The cases when this might happen are when a "kill-subscription" RPC is successful, or when some other event not including the reaching the subscription's "stop-time" results in a publisher choosing to end the subscription. </t>
</section>
<section title="subscription-suspended">
<t>This notification indicates that a publisher has suspended the sending of event records to a receiver, and also indicates the possible loss of events. Suspension happens when capacity constraints stop a publisher from serving a valid subscription. The two conditions where is this possible are:
<list style="numbers">
<t>"insufficient-resources" when a publisher is unable to produce the requested event stream of notification messages, and</t>
<t>"unsupportable-volume" when the bandwidth needed to get generated notification messages to a receiver exceeds a threshold. </t>
</list></t>
<t>These conditions are encoded within the "reason" object. No further notification will be sent until the subscription resumes or is terminated. </t>
<t>Below is a tree diagram for "subscription-suspended". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="subscription-suspended notification tree diagram"
anchor="subscription-suspended-notification">
<artwork align="left"><![CDATA[
+---n subscription-suspended
+--ro identifier subscription-id
+--ro reason identityref
]]></artwork>
</figure>
</section>
<section title="subscription-resumed">
<t>This notification indicates that a previously suspended subscription has been resumed under the unmodified terms previously in place. Subscribed event records generated after the issuance of this state change notification may now be sent.</t>
<t>Below is the tree diagram for "subscription-resumed". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="subscription-resumed notification tree diagram"
anchor="subscription-resumed-notification">
<artwork align="left"><![CDATA[
+---n subscription-resumed
+--ro identifier subscription-id
]]></artwork>
</figure>
</section>
<section title="subscription-completed">
<t>This notification indicates that a subscription that includes a "stop-time" has successfully finished passing event records upon the reaching of that time.</t>
<t>Below is a tree diagram for "subscription-completed". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="subscription-completed notification tree diagram"
anchor="subscription-completed-notification">
<artwork align="left"><![CDATA[
+---n subscription-completed
+--ro identifier subscription-id
]]></artwork>
</figure>
</section>
<section title="replay-completed">
<t>This notification indicates that all of the event records prior to the current time have been passed to a receiver. It is sent before any notification message containing an event record with a timestamp later than (1) the "stop-time" or (2) the subscription's start time.</t>
<t>If a subscription contains no "stop-time", or has a "stop-time" that has not been reached, then after the "replay-completed" notification has been sent, additional event records will be sent in sequence as they arise naturally on the publisher.</t>
<t>Below is a tree diagram for "replay-completed". All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
<figure align="left" title="replay-completed notification tree diagram"
anchor="replay-completed-notification">
<artwork align="left"><![CDATA[
+---n replay-completed
+--ro identifier subscription-id
]]></artwork>
</figure>
</section>
</section>
<section title="Subscription Monitoring">
<t>In the operational datastore, the container "subscriptions" maintains the state of all dynamic subscriptions, as well as all configured subscriptions. Using datastore retrieval operations, or subscribing to the "subscriptions" container <xref target="I-D.ietf-netconf-yang-push"/> allows the state of subscriptions and their connectivity to receivers to be monitored.</t>
<t>Each subscription in the operational datastore is represented as a list element. Included in this list are event counters for each receiver, the state of each receiver, as well as the subscription parameters currently in effect. The appearance of the leaf "configured-subscription-state" indicates that a particular subscription came into being via configuration. This leaf also indicates if current state of that subscription is valid, invalid, and concluded.</t>
<t>To understand the flow of event records within a subscription, there are two counters available for each configured and dynamic receiver. The first counter is "count-sent" which shows the quantity of events actually identified for sending to a receiver. The second counter is "count-excluded" which shows event records not sent to receiver. "count-excluded" shows the combined results of both access control and per-subscription filtering. For configured subscriptions, counters are reset whenever the subscription is evaluated to valid (see (1) in <xref target="config_state_model"/>).</t>
<t>Dynamic subscriptions are removed from the operational datastore once they expire (reaching stop-time) or when they are terminated. While many subscription objects are shown as configurable, dynamic subscriptions are only included within the operational datastore and as a result are not configurable.</t>
</section>
<section title="Advertisement">
<t>Publishers supporting this document MUST indicate support of the YANG model "ietf-subscribed-notifications" within the YANG library of the publisher. In addition support for optional features "encode-xml", "encode-json", "configured" "supports-vrf", "qos", "xpath", "subtree", "interface-designation", "dscp", and "replay" MUST be indicated if supported.</t>
</section>
</section>
<section title="YANG Data Model Trees">
<t>This section contains tree diagrams for nodes defined in <xref target="data_model"/>. For tree diagrams of state change notifications, see <xref target="state_notif"/>. Or for the tree diagrams for the RPCs, see <xref target="dynamic_subs"/>.</t>
<section title="Event Streams Container" anchor="stream-tree-section">
<t>A publisher maintains a list of available event streams as operational data. This list contains both standardized and vendor-specific event streams. This enables subscribers to discover what streams a publisher supports.</t>
<figure align="left" anchor="stream-tree"
title="Stream Container tree diagram">
<artwork align="left"><![CDATA[
+--ro streams
+--ro stream* [name]
+--ro name string
+--ro description string
+--ro replay-support? empty {replay}?
+--ro replay-log-creation-time yang:date-and-time {replay}?
+--ro replay-log-aged-time? yang:date-and-time {replay}?
]]></artwork>
</figure>
<t>Above is a tree diagram for the streams container. All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
</section>
<section title="Filters Container">
<t>The "filters" container maintains a list of all subscription filters that persist outside the life-cycle of a single subscription. This enables pre-defined filters which may be referenced by more than one subscription.</t>
<figure align="left" anchor="filter-tree"
title="Filter Container tree diagram">
<artwork align="left"><![CDATA[
+--rw filters
+--rw stream-filter* [identifier]
+--rw identifier filter-id
+--rw (filter-spec)?
+--:(stream-subtree-filter)
| +--rw stream-subtree-filter? <anydata> {subtree}?
+--:(stream-xpath-filter)
+--rw stream-xpath-filter? yang:xpath1.0 {xpath}?
]]></artwork>
</figure>
<t>Above is a tree diagram for the filters container. All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
</section>
<section title="Subscriptions Container" anchor="subscriptions-container-section">
<t>The "subscriptions" container maintains a list of all subscriptions on a publisher, both configured and dynamic. It can be used to retrieve information about the subscriptions which a publisher is serving.</t>
<figure align="left" title="Subscriptions tree diagram" anchor="subscriptions-container">
<artwork align="left" xml:space="preserve"><![CDATA[
+--rw subscriptions
+--rw subscription* [identifier]
+--rw identifier
| subscription-id
+--rw (target)
| +--:(stream)
| +--rw (stream-filter)?
| | +--:(by-reference)
| | | +--rw stream-filter-ref
| | | stream-filter-ref
| | +--:(within-subscription)
| | +--rw (filter-spec)?
| | +--:(stream-subtree-filter)
| | | +--rw stream-subtree-filter? <anydata>
| | | {subtree}?
| | +--:(stream-xpath-filter)
| | +--rw stream-xpath-filter? yang:xpath1.0
| | {xpath}?
| +--rw stream stream-ref
| +--rw replay-start-time?
| yang:date-and-time {replay}?
+--rw stop-time?
| yang:date-and-time
+--rw dscp? inet:dscp
| {dscp}?
+--rw weighting? uint8 {qos}?
+--rw dependency?
| subscription-id {qos}?
+--rw transport transport
| {configured}?
+--rw encoding? encoding
+--rw purpose? string
| {configured}?
+--rw (notification-message-origin)? {configured}?
| +--:(interface-originated)
| | +--rw source-interface?
| | if:interface-ref {interface-designation}?
| +--:(address-originated)
| +--rw source-vrf?
| | -> /ni:network-instances/network-instance/name
| | {supports-vrf}?
| +--rw source-address?
| inet:ip-address-no-zone
+--ro configured-subscription-state? enumeration
| {configured}?
+--rw receivers
+--rw receiver* [name]
+--rw name string
+--rw address? inet:host
+--ro count-sent? yang:zero-based-counter64
+--ro count-excluded? yang:zero-based-counter64
+--ro state enumeration
+---x reset {configured}?
+--ro output
+--ro time yang:date-and-time
]]></artwork>
</figure>
<t>Above is a tree diagram for the subscriptions container. All objects contained in this tree are described within the included YANG model within <xref target="data_model"/>.</t>
</section>
</section>
<section title="Data Model" anchor="data_model">
<t>This module imports typedefs from <xref target="RFC6991"/>, <xref target="RFC8343"/>, and <xref target="RFC8040"/>, and it references <xref target="I-D.draft-ietf-rtgwg-ni-model"/>, <xref target="XPATH"/>, <xref target="RFC6241"/>, <xref target="RFC7540"/>, <xref target="RFC7951"/> and <xref target="RFC7950"/>.</t>
<t>[ note to the RFC Editor - please replace XXXX within this YANG model with the number of this document, and XXXY with the number of <xref target="I-D.draft-ietf-rtgwg-ni-model"/> ]</t>
<t>[ note to the RFC Editor - please replace the two dates within the YANG module with the date of publication ]</t>
<figure>
<artwork align="left"><![CDATA[
<CODE BEGINS> file "ietf-subscribed-notifications@2018-06-15.yang"
module ietf-subscribed-notifications {
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications";
prefix sn;
import ietf-inet-types {
prefix inet;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-interfaces {
prefix if;
reference
"RFC 8343: A YANG Data Model for Interface Management";
}
import ietf-network-instance {
prefix ni;
reference
"draft-ietf-rtgwg-ni-model-11: YANG Model for Network Instances";
}
import ietf-restconf {
prefix rc;
reference
"RFC 8040 - RESTCONF Protocol";
}
import ietf-yang-types {
prefix yang;
reference
"RFC 6991: Common YANG Data Types";
}
organization "IETF NETCONF (Network Configuration) Working Group";
contact
"WG Web: <http:/tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org>