Скачать презентацию 84 th IETF meeting NETCONF over Web Socket Скачать презентацию 84 th IETF meeting NETCONF over Web Socket

67861dec0e1621cc6ce3b8e713b2e33e.ppt

  • Количество слайдов: 6

84 th IETF meeting NETCONF over Web. Socket (http: //tools. ietf. org/html/draft-iijima-netconf-websocket-ps-03) Tomoyuki Iijima, 84 th IETF meeting NETCONF over Web. Socket (http: //tools. ietf. org/html/draft-iijima-netconf-websocket-ps-03) Tomoyuki Iijima, (Hitachi) Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi (Alaxala Networks) 1

Objective of this I-D • To propose a way of sending NETCONF over Web. Objective of this I-D • To propose a way of sending NETCONF over Web. Socket protocol. • But, we do not intend to make this proposal as mandatory. 2

Changes since the last IETF meeting • As per comments received at the last Changes since the last IETF meeting • As per comments received at the last IETF meeting, we’ve made following changes. – Changed description about NETCONF username. • We propose extracting information about NETCONF username from TLS. Web. Socket needs TLS for ensuring security. Thus, using information in TLS is necessary in order to ensure that NETCONF user is the very person who is authenticated by TLS (certificate). • We think, for this purpose, complying with Mr. Badra’s I-D is the best approach since reinventing the wheel is not welcomed. 3

NETCONF username from TLS • I haven’t implemented all of the Mr. Badra’s algorithms NETCONF username from TLS • I haven’t implemented all of the Mr. Badra’s algorithms yet. But I’ve confirmed that it’s possible for a NETCONF server supporting Web. Socket to get TLS Certificate during TLS handshake by, for example, using HTTP server’s API, or seeing SSL_context through SSL_socket. • NETCONF server example. public class Netconf. Web. Socket. Servlet extends Web. Socket. Servlet{ @Override void do. Get(Http. Servlet. Request req, Http. Servlet. Response res){ X 509 Certificate[ ] certificates = (X 509 Certificate[ ])req. get. Attribute(“…X 509 Certificate”); // NETCONF server can see client’s TLS certificate sent during TLS handshake here. } @Override public Web. Socket do. Web. Socket. Connect(Http. Servlet. Request req, String protocol){ // NETCONF server can see messages sent over Web. Socket here. } 4 }

NETCONF message NETCONF Client WS Client Load html file WS Server NETCONF Server TLS NETCONF message NETCONF Client WS Client Load html file WS Server NETCONF Server TLS handshake NETCONF (HTTP server) username GET Start Web. Socket (API) Web. Socket handshake GET upgrade: Web. Socket protocol: NETCONF HTTP/1. 1 101 upgrade: Web. Socket protocol: NETCONF NETCONF messages on a single session 5

Conclusions • We proposed a way of sending NETCONF over Web. Socket protocol. • Conclusions • We proposed a way of sending NETCONF over Web. Socket protocol. • We proposed extracting NETCONF username from TLS, that is complying with Mr. Badra’s algorithms. • Does WG have interests? • If YES, should this I-D move forward as an Experimental I-D? 6