System-defined Configuration
draft-ietf-netmod-system-config-07
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
|
|
|---|---|---|---|
| Authors | Qiufang Ma , Qin Wu , Chong Feng | ||
| Last updated | 2024-06-17 (Latest revision 2024-05-31) | ||
| Replaces | draft-ma-netmod-with-system | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | In WG Last Call | |
| Document shepherd | Kent Watsen | ||
| IESG | IESG state | I-D Exists | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | kent+ietf@watsen.net |
draft-ietf-netmod-system-config-07
NETMOD Q. Ma, Ed.
Internet-Draft Q. Wu
Updates: 8342, 6241, 8526, 8040 (if approved) Huawei
Intended status: Standards Track C. Feng
Expires: 19 December 2024 17 June 2024
System-defined Configuration
draft-ietf-netmod-system-config-07
Abstract
This document defines how a management client and server handle YANG-
modeled configuration data that is instantiated by the server itself.
The system-defined configuration can be referenced (e.g., leafref) by
configuration explicitly created by a client.
The Network Management Datastore Architecture (NMDA) defined in RFC
8342 is updated with a read-only conventional configuration datastore
called "system" to expose system-defined configuration.
This document updates RFC 8342, RFC 6241, RFC 8526 and RFC 8040.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 19 December 2024.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Ma, et al. Expires 19 December 2024 [Page 1]
Internet-Draft System-defined Configuration June 2024
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Requirements Language . . . . . . . . . . . . . . . . . . 5
1.3. Updates to RFC 8342 . . . . . . . . . . . . . . . . . . . 5
1.4. Updates to RFC 6241 and RFC 8526 . . . . . . . . . . . . 6
1.5. Updates to RFC 8040 . . . . . . . . . . . . . . . . . . . 6
2. Kinds of System Configuration . . . . . . . . . . . . . . . . 6
2.1. Immediately-Present . . . . . . . . . . . . . . . . . . . 6
2.2. Conditionally-Present . . . . . . . . . . . . . . . . . . 6
3. The System Configuration Datastore (<system>) . . . . . . . . 7
4. Static Characteristics of <system> . . . . . . . . . . . . . 7
4.1. Read-only to Clients . . . . . . . . . . . . . . . . . . 7
4.2. May Change via Software Upgrades or Resource Changes . . 7
4.3. No Impact to <operational> . . . . . . . . . . . . . . . 8
5. Dynamic Behaviors . . . . . . . . . . . . . . . . . . . . . . 8
5.1. Conceptual Model of Datastores . . . . . . . . . . . . . 8
5.1.1. Origin Metadata Annotation . . . . . . . . . . . . . 10
5.2. Explicit Declaration of System Configuration . . . . . . 10
5.3. Servers Auto-configuring System Configuration
("resolve-system" parameter) . . . . . . . . . . . . . . 11
5.3.1. NETCONF Support for "resolve-system" Parameter . . . 12
5.3.2. RESTCONF Support for "resolve-system" Parameter . . . 12
5.3.2.1. Query Parameter . . . . . . . . . . . . . . . . . 12
5.3.2.2. Query Parameter URI . . . . . . . . . . . . . . . 12
5.4. Modifying (Overriding) System Configuration . . . . . . . 13
5.5. Examples . . . . . . . . . . . . . . . . . . . . . . . . 13
5.5.1. Declaring a System-defined Node in <running>
Explicitly . . . . . . . . . . . . . . . . . . . . . 13
5.5.2. Server Configuring of <running> Automatically . . . . 19
5.5.3. Modifying a System-instantiated Leaf's Value . . . . 21
5.5.4. Configuring Descendant Nodes of a System-defined
Node . . . . . . . . . . . . . . . . . . . . . . . . 23
6. Default Interactions . . . . . . . . . . . . . . . . . . . . 24
7. Relation to Other Datastores . . . . . . . . . . . . . . . . 24
7.1. The "factory-default" Datastore . . . . . . . . . . . . . 24
7.2. The "candidate" Datastore . . . . . . . . . . . . . . . . 24
8. The "ietf-system-datastore" Module . . . . . . . . . . . . . 25
8.1. Data Model Overview . . . . . . . . . . . . . . . . . . . 25
8.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 25
8.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 28
Ma, et al. Expires 19 December 2024 [Page 2]
Internet-Draft System-defined Configuration June 2024
9. The "ietf-netconf-resolve-system" Module . . . . . . . . . . 29
9.1. Data Model Overview . . . . . . . . . . . . . . . . . . . 29
9.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 30
9.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 30
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
10.1. The "IETF XML" Registry . . . . . . . . . . . . . . . . 32
10.2. The "YANG Module Names" Registry . . . . . . . . . . . . 33
10.3. NETCONF Capability URN Registry . . . . . . . . . . . . 33
10.4. RESTCONF Capability URN Registry . . . . . . . . . . . . 33
11. Security Considerations . . . . . . . . . . . . . . . . . . . 33
11.1. Considerations for the "ietf-system-datastore" YANG
Module . . . . . . . . . . . . . . . . . . . . . . . . . 33
11.2. Considerations for the "ietf-netconf-resolve-system" YANG
Module . . . . . . . . . . . . . . . . . . . . . . . . . 34
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 35
12.1. Normative References . . . . . . . . . . . . . . . . . . 35
12.2. Informative References . . . . . . . . . . . . . . . . . 35
Appendix A. Key Use Cases . . . . . . . . . . . . . . . . . . . 37
A.1. Device Powers On . . . . . . . . . . . . . . . . . . . . 39
A.2. Client Commits Configuration . . . . . . . . . . . . . . 39
A.3. Operator Installs Card into a Chassis . . . . . . . . . . 41
A.4. Client further Commits Configuration . . . . . . . . . . 42
Appendix B. Changes between Revisions . . . . . . . . . . . . . 44
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 46
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 47
1. Introduction
The Network Management Datastore Architecture (NMDA) [RFC8342]
defines system configuration as the configuration that is supplied by
the device itself and appears in <operational> when it is in use
(Figure 2 in [RFC8342]).
However, there is a desire to enable a server to better structure and
expose the system configuration. NETCONF/RESTCONF clients can
benefit from a standard mechanism to retrieve what system
configuration is available on a server.
Some servers allow clients to reference a system-defined node which
is not present in the datastore. The absence of the system
configuration in the datastore can render the datastore invalid from
the perspective of a client or offline tools (e.g., missing leafref
targets). This document describes several approaches to bring the
datastore to a valid state and satisfy referential integrity
constraints.
Ma, et al. Expires 19 December 2024 [Page 3]
Internet-Draft System-defined Configuration June 2024
Some servers allow the descendant nodes of system-defined
configuration to be configured or modified. For example, the system
configuration may contain an almost empty physical interface, while
the client needs to be able to add, modify, or remove a number of
descendant nodes. Some descendant nodes may not be modifiable (e.g.,
the interface "type" set by the system).
This document updates the Network Management Datastore Architecture
(NMDA) defined in [RFC8342] with a read-only conventional
configuration datastore called "system" to expose system-defined
configuration.
As an alternative to clients explicitly copying referenced system-
defined configuration so that the datastore is valid, a "resolve-
system" parameter is defined to allow the server to copy referenced
system nodes automatically. This solution enables clients to
reference nodes defined in <system>, override system-provided values,
and configure descendant nodes of system-defined configuration.
If a system-defined node is referenced, it refers to one of the
following cases throughout this document:
* It is present in a leafref "path" statement and referred as the
leafref value.
* It is used as an "instance-identifier" type value.
* It is present in an XPath expression of "when" constraints.
* It is present in an XPath expression of "must" constraints.
* It is defined to satisfy the "mandatory true" constraints.
* It is defined to satisfy the "min-elements" constraints.
Conformance to this document requires the NMDA servers to implement
the "ietf-system-datastore" YANG module (Section 8).
1.1. Terminology
This document assumes that the reader is familiar with the contents
of [RFC6241], [RFC7950], [RFC8342], [RFC8407], and [RFC8525] and uses
terminologies from those documents.
The following terms are defined in this document:
System configuration: Configuration that is provided by the system
Ma, et al. Expires 19 December 2024 [Page 4]
Internet-Draft System-defined Configuration June 2024
itself. System configuration is present in the system
configuration datastore (regardless of whether it is applied or
referenced). It is a different and separate concept from factory
default configuration defined in [RFC8808] (which represents a
preset initial configuration that is used to initialize the
configuration of a server).
System configuration datastore: A configuration datastore holding
configuration provided by the system itself. This datastore is
referred to as "<system>".
This document redefines the term "conventional configuration
datastore" in Section 3 of [RFC8342] to add "system" to the list of
conventional configuration datastores:
Conventional configuration datastore: One of the following set of
configuration datastores: <running>, <startup>, <candidate>,
<system>, and <intended>. These datastores share a common
datastore schema, and protocol operations allow copying data
between these datastores. The term "conventional" is chosen as a
generic umbrella term for these datastores.
1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
1.3. Updates to RFC 8342
This document updates RFC 8342 to define a configuration datastore
called "system" to hold system configuration (Section 3), it also
redefines the term "conventional configuration datastore" from
[RFC8342] to add "system" to the list of conventional configuration
datastores.
Configuration in <running> is merged with <system> to create the
contents of <intended> after the configuration transformations to
<running> (e.g., template expansion, removal of inactive
configuration defined in [RFC8342]) have been performed
(Section 5.1).
The definition of "intended" origin metadata annotation identity is
also updated (Section 5.1.1).
Ma, et al. Expires 19 December 2024 [Page 5]
Internet-Draft System-defined Configuration June 2024
1.4. Updates to RFC 6241 and RFC 8526
This document updates RFC 6241 to augment the NETCONF <edit-config>,
<copy-config>, <validate>, and <commit> operations with an additional
input parameter named "resolve-system", as specified in Section 5.3.
This document also updates RFC 8526 to augment the NETCONF <edit-
data> operation with the "resolve-system" parameter, as specified in
Section 5.3.
1.5. Updates to RFC 8040
This document extends sections 4.8 and 9.1.1 in [RFC8040] to add a
new query parameter "resolve-system" and corresponding query
parameter capability URI (Section 5.3.2).
2. Kinds of System Configuration
This document defines two types of system configuration:
configuration that is generated in <system> immediately when the
device boots and configuration that is generated in <system> only
when specific conditions being met on a device, they are described in
Section 2.1 and Section 2.2, respectively.
2.1. Immediately-Present
Immediately-present refers to system configuration which is generated
in <system> when the device is powered on, irrespective of physical
resource present or not, a special functionality enabled or not. An
example of immediately-present system configuration is an always-
existing loopback interface.
2.2. Conditionally-Present
Conditionally-present refers to system configuration which is
generated in <system> based on specific conditions being met in a
system. For example, if a physical resource is present (e.g., an
interface card is inserted), the system automatically detects it and
loads associated configuration; when the physical resource is not
present (an interface card is removed), the system configuration will
be automatically cleared. Another example is when a special
functionality is enabled, e.g., when a license or feature is enabled,
specific configuration may be created by the system.
Ma, et al. Expires 19 December 2024 [Page 6]
Internet-Draft System-defined Configuration June 2024
3. The System Configuration Datastore (<system>)
Following guidelines for defining datastores in the Appendix A of
[RFC8342], this document introduces a new datastore resource named
"system" that represents the system configuration. NMDA servers
compliant with this document MUST implement a system configuration
datastore, and they SHOULD also implement <intended>.
* Name: "system"
* YANG modules: all
* YANG nodes: all "config true" data nodes up to the root of the
tree, generated by the system
* Management operations: The datastore can be read using network
management protocols such as NETCONF and RESTCONF, but its
contents cannot be changed by manage operations via NETCONF and
RESTCONF protocols.
* Origin: This document does not define any new origin identity.
The "system" origin Metadata Annotation [RFC7952] is used to
indicate the origin of a data item in system (Section 5.1.1).
* Protocols: YANG-driven management protocols, such as NETCONF and
RESTCONF.
* Defining YANG module: "ietf-system-datastore" (Section 8).
The system configuration datastore doesn't persist across reboots.
4. Static Characteristics of <system>
4.1. Read-only to Clients
The system datastore is read-only (i.e., edits towards <system>
directly MUST be denied), though the client may be allowed to
override the value of a system-initialized node (see Section 5.4).
4.2. May Change via Software Upgrades or Resource Changes
The contents of <system> MAY change dynamically under various
conditions, such as license change, software upgrade, and system-
controlled resources change (see Section 2.2). The updates of system
configuration may be obtained through YANG notifications (e.g., on-
change notification) [RFC8639][RFC8641].
Ma, et al. Expires 19 December 2024 [Page 7]
Internet-Draft System-defined Configuration June 2024
Generally speaking, any update of <system> should not cause the
automatic update of <running> to not surprise clients with unexpected
changes. In particular, the behavior of system data migration during
software upgrade is outside the scope of this document. That said,
here are some examples of how a server might handle this scenario
ensuring <running> remains accurate:
* Servers migrate system configuration update in <running>.
* Servers reject the operation to change system configuration (e.g.,
software upgrade fails) and needs the client to update the
configuration in <running> as a prerequisite. Servers are
recommended to include some hints in error responses to help
clients understand how <running> should be updated.
4.3. No Impact to <operational>
This work intends to have no impact to <operational> and does not
define any new origin identity beyond Section 5.3.4 of [RFC8342].
The existence of <system> enables a subset of those system-generated
nodes to be defined like configuration, i.e., made visible to clients
in order for being referenced or configurable prior to present in
<operational>. "config false" nodes are out of scope, hence existing
"config false" nodes are not impacted by this work.
5. Dynamic Behaviors
5.1. Conceptual Model of Datastores
Clients MAY reference nodes defined in <system>, override system-
provided values, and configure descendant nodes of system-defined
configuration in <running>, as detailed in Section 5.2, Section 5.3,
and Section 5.4.
To ensure the validity of <intended>, configuration in <running> is
merged with <system> to become <intended>, in which process,
configuration appearing in <running> takes precedence over the same
node in <system>. If <running> includes configuration that requires
further transformation (e.g., template expansion, removal of inactive
configuration defined in [RFC8342]) before it can be applied,
configuration transformations MUST be performed before <running> is
merged with <system>.
Whenever configuration in <system> changes, the server MUST also
immediately update and validate <intended>.
Ma, et al. Expires 19 December 2024 [Page 8]
Internet-Draft System-defined Configuration June 2024
As a result, Figure 2 in Section 5 of [RFC8342] is updated with the
below conceptual model of datastores which incorporates the system
configuration datastore.
+-------------+ +-----------+
| <candidate> | | <startup> |
| (ct, rw) |<---+ +---->| (ct, rw) |
+-------------+ | | +-----------+
| | | |
+-----------+ | +-----------+ |
| <system> | +------->| <running> |<--------+
| (ct, ro) | | (ct, rw) |
+-----------+ +-----------+
| | // configuration transformations,
| | // e.g., removal of nodes marked
| // merge | // as "inactive", expansion of
+--------------+---------------+ // templates
|
|
v
+------------+
| <intended> | // subject to validation
| (ct, ro) |
+------------+
| // changes applied, subject to
| // local factors, e.g., missing
| // resources, delays
dynamic |
configuration | +-------- learned configuration
datastores -----+ | +-------- default configuration
| | |
v v v
+---------------+
| <operational> | <-- system state
| (ct + cf, ro) |
+---------------+
ct = config true; cf = config false
rw = read-write; ro = read-only
boxes denote named datastores
Figure 1: Architectural Model of Datastores
Configuration in <system> is non-deletable to clients (e.g., a
system-defined list entry can never be removed), even though a client
may override or delete a copied system node from <running>. If
system initializes a value for a particular leaf which is overridden
by the client with a different value in <running> (Section 5.4), the
Ma, et al. Expires 19 December 2024 [Page 9]
Internet-Draft System-defined Configuration June 2024
client may delete it in <running>, in which case system-initialized
value defined in <system> may still be in use and appear in
<operational>.
5.1.1. Origin Metadata Annotation
This document does not define any new origin identity when <system>
interacts with <intended> and flows into <operational>.
The "intended" identity of origin value defined in [RFC8342] to
represent the origin of configuration provided by <intended>, this
document updates its definition as origin source of configuration
explicitly provided by <running>, and allows a subset of
configuration in <intended> that flows from <system> yet is not
configured or overridden explicitly in <running> to use "system" as
its origin value.
Configuration copied from <system> into <running> has its origin
value reported as "intended" when it flows into <operational>.
5.2. Explicit Declaration of System Configuration
It is possible for a client to explicitly declare system
configuration nodes with the same values as in <system>, by
configuring a node (list/leaf-list entry, leaf, etc.) in the target
datastore (e.g., <candidate> and <running>) that matches the same
node and value in <system>.
The explicit declaration of system-defined nodes that are referenced
elsewhere can be useful, for example, when the client does not
support the "resolve-system" parameter (Section 5.3) but needs the
datastore to be referentially complete. Clients MUST declare the
system configuration that are required to make the datastore appear
valid, which may include:
* any targets of leafrefs with "require-instance true".
* any targets of instance-identifiers with "require-instance true".
* any nodes referenced by any "when" expressions.
* any nodes referenced by any "must" expressions.
* any nodes needed to satisfy the "min-elements" statement with a
value greater than zero.
Ma, et al. Expires 19 December 2024 [Page 10]
Internet-Draft System-defined Configuration June 2024
When declaring a node having descendants, clients MUST also declare
all descendant nodes, including any leafs, leaf-lists, lists,
presence containers, non-presence containers that have any child
nodes.
5.3. Servers Auto-configuring System Configuration ("resolve-system"
parameter)
This document defines a new parameter "resolve-system" to the input
for some of the NETCONF and RESTCONF operations. Clients that are
aware of the "resolve-system" parameter MAY use this parameter to
avoid the requirement to provide a referentially complete
configuration.
The "resolve-system" parameter is optional and has no value. If it
is present, and the server supports this capability, similar to
Section 5.2, the server MUST copy the entire referenced system
configuration, including all descendants into the target datastore
(e.g., <candidate> and <running>) without the client doing the copy/
paste explicitly, to resolve any references not resolved by the
client. The copy operation MUST NOT override any explicit
configuration in the target datastore. The server copies the
referenced system-defined nodes only when triggered by the "resolve-
system" parameter. Legacy clients don't see any changes in the
server behaviors.
There is no distinction between the configuration automatically
configured by the server and the one explicitly declared by the
client, e.g., a read back of the datastore (e.g., NETCONF <get>/<get-
config>/<get-data> operation, or RESTCONF GET method) returns
automatically configured nodes.
Note that even though an auto-configured node is allowed to be
deleted from the target datastore by the client, the system may
automatically recreate the deleted node to make configuration valid,
when a "resolve-system" parameter is carried. It is also possible
that the operation request (e.g., <edit-config>) may not succeed due
to incomplete referential integrity.
Ma, et al. Expires 19 December 2024 [Page 11]
Internet-Draft System-defined Configuration June 2024
Support for the "resolve-system" parameter is OPTIONAL. Servers not
supporting NMDA [RFC8342] MAY also implement this parameter without
implementing the system configuration datastore, which would only
eliminate the ability to retrieve the system configuration via
protocol operations. If a server implements <system>, referenced
system configuration is copied from <system> into the target
datastore when the "resolve-system" parameter is used. If a server
does not implement <system>, it is up to the implementation to
determine how the "resolve-system" mechanism fills in the missing
configuration items in the target datastore, e.g., <candidate> or
<running>.
5.3.1. NETCONF Support for "resolve-system" Parameter
This document defines a NETCONF protocol capability to indicate
support for this parameter. NETCONF server that supports "resolve-
system" parameter MUST advertise the following capability identifier:
urn:ietf:params:netconf:capability:resolve-system:1.0
5.3.2. RESTCONF Support for "resolve-system" Parameter
5.3.2.1. Query Parameter
The "resolve-system" parameter may be present in the request URI of
some RESTCONF operations as shown in Figure 2. This parameter is
only allowed with no values carried. If this parameter has any
unexpected value, then a "400 Bad Request" status-line is returned.
+----------------+---------+----------------------------------------+
| Name | Methods | Description |
+----------------+---------+----------------------------------------+
|resolve-system | POST, | Request the server to copy any system |
| | PUT | configuration that are required to make|
| | PATCH | the datastore valid, as well as any |
| | | descendant nodes of the copied system |
| | | configuration. This parameter can be |
| | | given in any order. |
+----------------+---------+----------------------------------------+
Figure 2: RESTCONF "resolve-system" Query Parameter
5.3.2.2. Query Parameter URI
To enable a RESTCONF client to discover if the "resolve-system" query
parameter is supported by the server, the following capability URI is
defined, which is advertised by the server if supported, using the
"ietf-restconf-monitoring" module defined in [RFC8040]:
Ma, et al. Expires 19 December 2024 [Page 12]
Internet-Draft System-defined Configuration June 2024
urn:ietf:params:restconf:capability:resolve-system:1.0
5.4. Modifying (Overriding) System Configuration
In some cases, a server may allow some parts of system configuration
(e.g., a leaf's value) to be modified. Modification of system
configuration is achieved by the client writing configuration to
<running> that overrides the system configuration. Configurations
defined in <running> take precedence over system configuration nodes
in <system> if the server allows the nodes to be modified.
For instance, descendant nodes in a system-defined list entry may be
modifiable or not, even if some system configuration has been copied
into <running> earlier. If a system node is non-modifiable, then
writing a different value for that node MUST return an error during a
<edit-config>, <validate> or <commit> operation, depending on the
target datastore. The immutability of system configuration is
defined in [I-D.ietf-netmod-immutable-flag].
5.5. Examples
This section presents some sample data models and corresponding
contents of various datastores with different dynamic behaviors
described above. The XML snippets are used only for illustration
purposes.
5.5.1. Declaring a System-defined Node in <running> Explicitly
In this subsection, the following fictional module is used:
Ma, et al. Expires 19 December 2024 [Page 13]
Internet-Draft System-defined Configuration June 2024
module example-application {
yang-version 1.1;
namespace "urn:example:application";
prefix "app";
import ietf-inet-types {
prefix "inet";
}
container applications {
list application {
key "name";
leaf name {
type string;
}
leaf app-id {
type string;
}
leaf protocol {
type enumeration {
enum tcp;
enum udp;
}
mandatory true;
}
leaf destination-port {
default "0";
type inet:port-number;
}
leaf description {
type string;
}
container security-protection {
presence "Indicates that security protection is enabled.";
leaf risk-level {
type enumeration {
enum high;
enum low;
}
}
//additional leafs for security-specific configuration...
}
}
}
}
A fictional ACL YANG module is used as follows, which defines a
leafref for the leaf-list "application" data node to refer to an
existing application name.
Ma, et al. Expires 19 December 2024 [Page 14]
Internet-Draft System-defined Configuration June 2024
module example-acl {
yang-version 1.1;
namespace "urn:example:acl";
prefix "acl";
import example-application {
prefix "app";
}
import ietf-inet-types {
prefix "inet";
}
container acl {
list acl-rule {
key "name";
leaf name {
type string;
}
container matches {
choice l3 {
container ipv4 {
leaf src-address {
type inet:ipv4-prefix;
}
leaf dst-address {
type inet:ipv4-prefix;
}
}
}
choice applications {
leaf-list application {
type leafref {
path "/app:applications/app:application/app:name";
}
}
}
}
leaf packet-action {
type enumeration {
enum forward;
enum drop;
enum redirect;
}
}
}
}
}
Ma, et al. Expires 19 December 2024 [Page 15]
Internet-Draft System-defined Configuration June 2024
The server may predefine some applications as a convenience for
clients. The system-instantiated application entries may be present
in <system> as follows:
<applications xmlns="urn:example:application">
<application>
<name>ftp</name>
<app-id>001</app-id>
<protocol>tcp</protocol>
<destination-port>21</destination-port>
<security-protection>
<risk-level>low</risk-level>
</security-protection>
</application>
<application>
<name>tftp</name>
<app-id>002</app-id>
<protocol>udp</protocol>
<destination-port>69</destination-port>
<security-protection>
<risk-level>low</risk-level>
</security-protection>
</application>
<application>
<name>smtp</name>
<app-id>003</app-id>
<protocol>tcp</protocol>
<destination-port>25</destination-port>
<security-protection>
<risk-level>low</risk-level>
</security-protection>
</application>
</applications>
The client may also define its customized applications. Suppose the
configuration of applications is present in <running> as follows:
Ma, et al. Expires 19 December 2024 [Page 16]
Internet-Draft System-defined Configuration June 2024
<applications xmlns="urn:example:application">
<application>
<name>my-app-1</name>
<app-id>101</app-id>
<protocol>tcp</protocol>
<destination-port>2345</destination-port>
<description>customized application</description>
<security-protection>
<risk-level>high</risk-level>
</security-protection>
</application>
<application>
<name>my-app-2</name>
<app-id>102</app-id>
<protocol>udp</protocol>
<destination-port>69</destination-port>
<description>customized application</description>
</application>
</applications>
If a client configures an ACL rule referencing system-provided
applications which are not present in <running>, it is possible for
the client to explicitly declare the referenced system configuration.
For instance, the client explicitly configuring the entire
application entries named "ftp" and "tftp" are as follows:
<applications xmlns="urn:example:application">
<application>
<name>ftp</name>
<app-id>001</app-id>
<protocol>tcp</protocol>
<destination-port>21</destination-port>
<security-protection>
<risk-level>low</risk-level>
</security-protection>
</application>
<application>
<name>tftp</name>
<app-id>002</app-id>
<protocol>udp</protocol>
<destination-port>69</destination-port>
<security-protection>
<risk-level>low</risk-level>
</security-protection>
</application>
</applications>
Ma, et al. Expires 19 December 2024 [Page 17]
Internet-Draft System-defined Configuration June 2024
And the configuration of ACL rules referencing application "ftp" and
"tftp":
<acl xmlns="urn:example:acl">
<acl-rule>
<name>allow-access-to-ftp-tftp</name>
<matches>
<ipv4>
<src-address>198.51.100.0/24</src-address>
<dst-address>192.0.2.0/24</dst-address>
</ipv4>
<application>ftp</application>
<application>tftp</application>
<application>my-app-1</application>
</matches>
<packet-action>forward</packet-action>
</acl-rule>
</acl>
And <operational> might contain the following:
<applications xmlns="urn:example:application"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<application>
<name>my-app-1</name>
<app-id>101</app-id>
<protocol>tcp</protocol>
<destination-port>2345</destination-port>
<description>customized application</description>
<security-protection>
<risk-level>high</risk-level>
</security-protection>
</application>
<application>
<name>my-app-2</name>
<app-id>102</app-id>
<protocol>udp</protocol>
<destination-port>69</destination-port>
<description>customized application</description>
</application>
<application>
<name>ftp</name>
<app-id>001</app-id>
<protocol>tcp</protocol>
<destination-port>21</destination-port>
<security-protection>
<risk-level>low</risk-level>
Ma, et al. Expires 19 December 2024 [Page 18]
Internet-Draft System-defined Configuration June 2024
</security-protection>
</application>
<application>
<name>tftp</name>
<app-id>002</app-id>
<protocol>udp</protocol>
<destination-port>69</destination-port>
<security-protection>
<risk-level>low</risk-level>
</security-protection>
</application>
<application or:origin="or:system">
<name>smtp</name>
<app-id>003</app-id>
<protocol>tcp</protocol>
<destination-port>25</destination-port>
<security-protection>
<risk-level>low</risk-level>
</security-protection>
</application>
</applications>
5.5.2. Server Configuring of <running> Automatically
In the above example, a client configures an ACL rule referencing
system-provided applications which are not present in <running>, the
client may also issue an <edit-config> operation with the parameter
"resolve-system" to the NETCONF server as follows:
Ma, et al. Expires 19 December 2024 [Page 19]
Internet-Draft System-defined Configuration June 2024
=============== NOTE: '\' line wrapping per RFC 8792 ================
<rpc message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
xmlns:ncrs="urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-s\
ystem">
<edit-config>
<target>
<running/>
</target>
<config>
<acl xmlns="urn:example:acl">
<acl-rule>
<name>allow-access-to-ftp-tftp</name>
<matches>
<ipv4>
<src-address>198.51.100.0/24</src-address>
<dst-address>192.0.2.0/24</dst-address>
</ipv4>
<application>ftp</application>
<application>tftp</application>
<application>my-app-1</application>
</matches>
<packet-action>forward</packet-action>
</acl-rule>
</acl>
</config>
<ncrs:resolve-system/>
</edit-config>
</rpc>
The server receiving the "resolve-system" parameter copies the entire
application list entries named "ftp" and "tftp" per Section 5.3. The
following shows the configuration of applications in <running> which
is returned in the response to a follow-up retrieval operation:
Ma, et al. Expires 19 December 2024 [Page 20]
Internet-Draft System-defined Configuration June 2024
<applications xmlns="urn:example:application">
<application>
<name>my-app-1</name>
<app-id>101</app-id>
<protocol>tcp</protocol>
<destination-port>2345</destination-port>
<description>customized application</description>
<security-protection>
<risk-level>high</risk-level>
</security-protection>
</application>
<application>
<name>my-app-2</name>
<app-id>102</app-id>
<protocol>udp</protocol>
<destination-port>69</destination-port>
<description>customized application</description>
</application>
<application>
<name>ftp</name>
<app-id>001</app-id>
<protocol>tcp</protocol>
<destination-port>21</destination-port>
<security-protection>
<risk-level>low</risk-level>
</security-protection>
</application>
<application>
<name>tftp</name>
<app-id>002</app-id>
<protocol>udp</protocol>
<destination-port>69</destination-port>
<security-protection>
<risk-level>low</risk-level>
</security-protection>
</application>
</applications>
Once the data is written into <running>, it makes no difference
whether it is explicitly declared by the client or automatically
copied by the server. The configuration for applications in
<running> and <operational> would be identical to the ones in
Section 5.5.1.
5.5.3. Modifying a System-instantiated Leaf's Value
This subsection uses the following fictional interface YANG module:
Ma, et al. Expires 19 December 2024 [Page 21]
Internet-Draft System-defined Configuration June 2024
module example-interface {
yang-version 1.1;
namespace "urn:example:interface";
prefix "exif";
import ietf-inet-types {
prefix "inet";
}
container interfaces {
list interface {
key name;
leaf name {
type string;
}
leaf description {
type string;
}
leaf mtu {
type uint32;
}
leaf-list ip-address {
type inet:ip-address;
}
}
}
}
Suppose the system provides a loopback interface (named "lo0") with a
MTU value "65536", a default IPv4 address of "127.0.0.1", and a
default IPv6 address of "::1". The configuration of "lo0" interface
is present in <system> as follows:
<interfaces xmlns="urn:example:interface">
<interface>
<name>lo0</name>
<mtu>65536</mtu>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
</interfaces>
A client modifies the value of MTU to 9216 and adds the following
configuration into <running> using a "merge" operation:
Ma, et al. Expires 19 December 2024 [Page 22]
Internet-Draft System-defined Configuration June 2024
<interfaces xmlns="urn:example:interface">
<interface>
<name>lo0</name>
<mtu>9216</mtu>
</interface>
</interfaces>
Then the configuration of interfaces is present in <operational> as
follows:
<interfaces xmlns="urn:example:interface"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<interface>
<name>lo0</name>
<mtu>9216</mtu>
<ip-address or:origin="or:system">127.0.0.1</ip-address>
<ip-address or:origin="or:system">::1</ip-address>
</interface>
</interfaces>
5.5.4. Configuring Descendant Nodes of a System-defined Node
In the above example, imagine the client further configures the
description node of a "lo0" interface in <running> using a "merge"
operation as follows:
<interfaces xmlns="urn:example:interface">
<interface>
<name>lo0</name>
<description>loopback</description>
</interface>
</interfaces>
The configuration of interface "lo0" is present in <operational> as
follows:
<interfaces xmlns="urn:example:interface"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<interface>
<name>lo0</name>
<description>loopback</description>
<mtu>9216</mtu>
<ip-address or:origin="or:system">127.0.0.1</ip-address>
<ip-address or:origin="or:system">::1</ip-address>
</interface>
</interfaces>
Ma, et al. Expires 19 December 2024 [Page 23]
Internet-Draft System-defined Configuration June 2024
6. Default Interactions
<system> should not contain the configuration using the schema
default value, either specified in the "default" statement or
described in the "description" statement.
Any value provided by the system that is not the schema default value
MUST be contained in <system>. If system provides a value that is
not the schema default value, and the node is not explicitly set by
the client, it MUST be copied into the target datastore when its
closest ancestor node needs to be copied to satisfy referential
integrity constraints, when triggered by the "resolve-system"
parameter.
7. Relation to Other Datastores
7.1. The "factory-default" Datastore
Any deletable system-provided configuration that is populated as part
of <running> by the system at boot up, without being part of the
contents of a <startup> datastore, must be defined in <factory-
default> [RFC8808], which is used to initialize <running> when the
device is first-time powered on or reset to its factory default
condition. Deletable system configuration must not be defined in
<system>.
The <factory-reset> RPC operation can reset <system> to its factory
default contents.
7.2. The "candidate" Datastore
If the device supports the :candidate or :private-candidate
[I-D.ietf-netconf-privcand] capability, a client may edit the
candidate or private-candidate datastore without expecting it to be
valid until a <commit> or <validate> operation takes place. The
client may use the "resolve-system" parameter in one of the following
situations:
* The client makes an edit (e.g., NETCONF <edit-config>/<edit-data>,
or RESTCONF edit operation) to the candidate/private-candidate
datastore. This is possible, though may not be required.
* The client issues a <validate> operation.
* The client issues a <commit> operation.
Ma, et al. Expires 19 December 2024 [Page 24]
Internet-Draft System-defined Configuration June 2024
In particular, [I-D.ietf-netconf-privcand] defines the concept of
conflict, the server's copy referenced system nodes triggered by
"resolve-system" parameter might conflict with the contents of
<running>, the conflict resolution is no different than the
resolution of conflict caused by configuration explicitly provided by
the client.
8. The "ietf-system-datastore" Module
8.1. Data Model Overview
This YANG module defines a new YANG identity named "system" that uses
the "ds:datastore" identity defined in [RFC8342]. A client can
discover the system configuration datastore support on the server by
reading the YANG library information from the operational state
datastore.
The system datastore is defined as a conventional configuration
datastore and shares a common datastore schema with other
conventional datastores.
The following diagram illustrates the relationship amongst the
"identity" statements defined in the "ietf-system-datastore" and
"ietf-datastores" YANG modules:
Identities:
+--- datastore
| +--- conventional
| | +--- running
| | +--- candidate
| | +--- startup
| | +--- system
| | +--- intended
| +--- dynamic
| +--- operational
The diagram above uses syntax that is similar to but not defined in
[RFC8340].
8.2. Example Usage
This section gives an example of data retrieval from <system>. The
fictional YANG module which imports type defined in [RFC6991] is used
as follows:
Ma, et al. Expires 19 December 2024 [Page 25]
Internet-Draft System-defined Configuration June 2024
module example-bgp {
yang-version 1.1;
namespace "urn:example:bgp";
prefix exbgp;
import ietf-inet-types {
prefix inet;
}
container bgp {
leaf local-as {
type inet:as-number;
}
leaf peer-as {
type inet:as-number;
}
list peer {
key "address";
leaf address {
type inet:ip-address;
}
leaf local-as {
type inet:as-number;
description
"... Defaults to ../local-as.";
}
leaf peer-as {
type inet:as-number;
description
"... Defaults to ../peer-as.";
}
leaf local-port {
type inet:port-number;
}
leaf remote-port {
type inet:port-number;
default "179";
}
leaf state {
config false;
type enumeration {
enum init;
enum established;
enum closing;
}
}
}
}
Ma, et al. Expires 19 December 2024 [Page 26]
Internet-Draft System-defined Configuration June 2024
}
Suppose the following BGP peer configuration is added to <running> (
The message is presented in a protocol-independent manner. JSON is
used to not imply a preferred encoding in this document):
{
"example-bgp:bgp": {
"local-as": 64501,
"peer-as": 64502,
"peer": [
{
"address": "2001:db8::2:3",
"local-as": 64501,
"peer-as": 64502
}
]
}
}
Since both the "local-port" and "remote-port" nodes are not provided
in <running>, and there is a default value specified for "remote-
port", the system will select a value for "local-port". Note that
per Section 6, the configuration using the schema default value
described in the "description" statement will not be included in
<system>.
The following example shows the <get-data> RPC towards <system>:
<rpc message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<datastore>ds:system</datastore>
<subtree-filter>
<bgp xmlns="urn:example:bgp"/>
</subtree-filter>
</get-data>
</rpc>
Ma, et al. Expires 19 December 2024 [Page 27]
Internet-Draft System-defined Configuration June 2024
<rpc-reply message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda">
<bgp xmlns="urn:example:bgp">
<peer>
<address>2001:db8::2:3</address>
<local-port>60794</local-port>
</peer>
</bgp>
</data>
</rpc-reply>
8.3. YANG Module
<CODE BEGINS> file "ietf-system-datastore@2024-06-17.yang"
module ietf-system-datastore {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-system-datastore";
prefix sysds;
import ietf-datastores {
prefix ds;
reference
"RFC 8342: Network Management Datastore Architecture(NMDA)";
}
organization
"IETF NETMOD (Network Modeling) Working Group";
contact
"WG Web: https://datatracker.ietf.org/wg/netmod/
WG List: NETMOD WG list <mailto:netmod@ietf.org>
Author: Qiufang Ma
<mailto:maqiufang1@huawei.com>
Author: Qin Wu
<mailto:bill.wu@huawei.com>
Author: Chong Feng
<mailto:fengchongllly@gmail.com>";
description
"This module defines a new YANG identity that uses the
ds:datastore identity defined in [RFC8342].
Copyright (c) 2024 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and
Ma, et al. Expires 19 December 2024 [Page 28]
Internet-Draft System-defined Configuration June 2024
subject to the license terms contained in, the Revised
BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC
itself for full legal notices.";
revision 2024-06-17 {
description
"Initial version.";
reference
"RFC XXXX: System-defined Configuration";
}
identity system {
base ds:conventional;
description
"This read-only datastore contains the configuration
provided by the system itself.";
}
}
<CODE ENDS>
9. The "ietf-netconf-resolve-system" Module
This YANG module is optional to implement.
9.1. Data Model Overview
The following tree diagram [RFC8340] illustrates the "ietf-netconf-
resolve-system" module:
module: ietf-netconf-resolve-system
augment /nc:edit-config/nc:input:
+---w resolve-system? empty
augment /nc:copy-config/nc:input:
+---w resolve-system? empty
augment /nc:validate/nc:input:
+---w resolve-system? empty
augment /nc:commit/nc:input:
+---w resolve-system? empty
augment /ncds:edit-data/ncds:input:
+---w resolve-system? empty
Ma, et al. Expires 19 December 2024 [Page 29]
Internet-Draft System-defined Configuration June 2024
9.2. Example Usage
Please refer to Section 5.5.2 for example usage of the "resolve-
system" parameter.
9.3. YANG Module
This module imports modules "ietf-netconf" and "ietf-netconf-nmda",
defined in [RFC6241] and [RFC8526], respectively.
<CODE BEGINS> file "ietf-netconf-resolve-system@2024-06-17.yang"
module ietf-netconf-resolve-system {
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system";
prefix ncrs;
import ietf-netconf {
prefix nc;
reference
"RFC 6241: Network Configuration Protocol (NETCONF)";
}
import ietf-netconf-nmda {
prefix ncds;
reference
"RFC 8526: NETCONF Extensions to Support the Network
Management Datastore Architecture";
}
organization
"IETF NETMOD (Network Modeling) Working Group";
contact
"WG Web: <https://datatracker.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
Author: Qiufang Ma
<mailto:maqiufang1@huawei.com>
Author: Qin Wu
<mailto:bill.wu@huawei.com>
Author: Chong Feng
<mailto:fengchongllly@gmail.com>";
description
"This module defines an extension to the NETCONF protocol
that allows the NETCONF client to control whether the server
is allowed to copy referenced system configuration
automatically without the client doing so explicitly.
Ma, et al. Expires 19 December 2024 [Page 30]
Internet-Draft System-defined Configuration June 2024
Copyright (c) 2024 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Revised
BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC
itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
are to be interpreted as described in BCP 14 (RFC 2119)
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
revision 2024-06-17 {
description
"Initial version.";
reference
"RFC XXXX: System-defined Configuration";
}
grouping resolve-system-grouping {
description
"Define the resolve-system parameter grouping.";
leaf resolve-system {
type empty;
description
"When present, and the server supports this capability,
the server MUST copy the entire referenced system
configuration, including all descendants into the target
datastore (e.g., <candidate> and <running>) without the
client doing the copy/paste explicitly, to resolve any
references not resolved by the client. The copy operation
MUST NOT override any explicit configuration in the target
datastore.";
}
}
augment "/nc:edit-config/nc:input" {
description
"Adds the 'resolve-system' parameter to the input of the
Ma, et al. Expires 19 December 2024 [Page 31]
Internet-Draft System-defined Configuration June 2024
NETCONF <edit-config> operation.";
uses resolve-system-grouping;
}
augment "/nc:copy-config/nc:input" {
description
"Adds the 'resolve-system' parameter to the input of the
NETCONF <copy-config> operation.";
uses resolve-system-grouping;
}
augment "/nc:validate/nc:input" {
description
"Adds the 'resolve-system' parameter to the input of the
NETCONF <validate> operation.";
uses resolve-system-grouping;
}
augment "/nc:commit/nc:input" {
description
"Adds the 'resolve-system' parameter to the input of the
NETCONF <commit> operation.";
uses resolve-system-grouping;
}
augment "/ncds:edit-data/ncds:input" {
description
"Adds the 'resolve-system' parameter to the input of the
NETCONF <edit-data> operation.";
uses resolve-system-grouping;
}
}
<CODE ENDS>
10. IANA Considerations
10.1. The "IETF XML" Registry
This document registers two XML namespace URNs in the 'IETF XML
registry', following the format defined in [RFC3688].
URI: urn:ietf:params:xml:ns:yang:ietf-system-datastore
Registrant Contact: The IESG.
XML: N/A, the requested URIs are XML namespaces.
URI: urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system
Registrant Contact: The IESG.
XML: N/A, the requested URIs are XML namespaces.
Ma, et al. Expires 19 December 2024 [Page 32]
Internet-Draft System-defined Configuration June 2024
10.2. The "YANG Module Names" Registry
This document registers two module names in the 'YANG Module Names'
registry, defined in [RFC6020].
name: ietf-system-datastore
prefix: sysds
namespace: urn:ietf:params:xml:ns:yang:ietf-system-datatstore
maintained by IANA? N
RFC: XXXX // RFC Ed.: replace XXXX and remove this comment
name: ietf-netconf-resolve-system
prefix: ncrs
namespace: urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system
maintained by IANA? N
RFC: XXXX // RFC Ed.: replace XXXX and remove this comment
10.3. NETCONF Capability URN Registry
This document registers the following capability identifier URN in
the 'Network Configuration Protocol (NETCONF) Capability URNs'
registry:
urn:ietf:params:netconf:capability:resolve-system:1.0
10.4. RESTCONF Capability URN Registry
This document registers a capability in the 'RESTCONF Capability
URNs' registry [RFC8040]:
Index Capability Identifier
-----------------------------------------------------------------------
:resolve-system urn:ietf:params:restconf:capability:resolve-system:1.0
11. Security Considerations
11.1. Considerations for the "ietf-system-datastore" YANG Module
This section uses the template described in Section 3.7 of
[I-D.ietf-netmod-rfc8407bis].
Ma, et al. Expires 19 December 2024 [Page 33]
Internet-Draft System-defined Configuration June 2024
The "ietf-system-datastore" YANG module defines a schema for data
that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. These network management
protocols are required to use a secure transport layer and mutual
authentication, e.g., SSH [RFC6242] without the "none" authentication
option, Transport Layer Security (TLS) [RFC8446] with mutual X.509
authentication, and HTTPS with HTTP authentication (Section 11 of
[RFC9110]).
The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF or
RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content.
The YANG module only defines a identity that uses the
"ds:conventional" identity as its base. The module by itself does
not expose any data nodes that are writable, date nodes that contain
read-only state, or RPCs. As such, there are no additional security
issues related to the YANG module that need to be considered.
11.2. Considerations for the "ietf-netconf-resolve-system" YANG Module
This section uses the template described in Section 3.7 of
[I-D.ietf-netmod-rfc8407bis].
The "ietf-netconf-resolve-system" YANG module defines a schema for
data that is designed to be accessed via network management protocols
such as NETCONF [RFC6241] or RESTCONF [RFC8040]. These network
management protocols are required to use a secure transport layer and
mutual authentication, e.g., SSH [RFC6242] without the "none"
authentication option, Transport Layer Security (TLS) [RFC8446] with
mutual X.509 authentication, and HTTPS with HTTP authentication
(Section 11 of [RFC9110]).
The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF or
RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content.
The "ietf-netconf-resolve-system" YANG module extends the base
operations of NETCONF protocol in [RFC6241] and [RFC8526]. The
security considerations for the NETCONF protocol operations (see
Section 9 of [RFC6241] and Section 6 of [RFC8526]) apply to the
extended RPC operations defined in this document. There is not any
beyond the potential performance impacts of implementing the
"resolve-system" parameter defined in the YANG module, which may mean
employing some form of rate limiting or adapting the rate threshold
for limiting might be a good idea to avoid DoS attacks.
Ma, et al. Expires 19 December 2024 [Page 34]
Internet-Draft System-defined Configuration June 2024
12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>.
[RFC8526] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "NETCONF Extensions to Support the Network
Management Datastore Architecture", RFC 8526,
DOI 10.17487/RFC8526, March 2019,
<https://www.rfc-editor.org/info/rfc8526>.
[RFC8639] Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard,
E., and A. Tripathy, "Subscription to YANG Notifications",
RFC 8639, DOI 10.17487/RFC8639, September 2019,
<https://www.rfc-editor.org/info/rfc8639>.
[RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications
for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641,
September 2019, <https://www.rfc-editor.org/info/rfc8641>.
12.2. Informative References
Ma, et al. Expires 19 December 2024 [Page 35]
Internet-Draft System-defined Configuration June 2024
[I-D.ietf-netconf-privcand]
Cumming, J. and R. Wills, "NETCONF Private Candidates",
Work in Progress, Internet-Draft, draft-ietf-netconf-
privcand-03, 30 May 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-netconf-
privcand-03>.
[I-D.ietf-netmod-immutable-flag]
Ma, Q., Wu, Q., Lengyel, B., and H. Li, "YANG Metadata
Annotation for Immutable Flag", Work in Progress,
Internet-Draft, draft-ietf-netmod-immutable-flag-00, 18
March 2024, <https://datatracker.ietf.org/doc/html/draft-
ietf-netmod-immutable-flag-00>.
[I-D.ietf-netmod-rfc8407bis]
Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for
Authors and Reviewers of Documents Containing YANG Data
Models", Work in Progress, Internet-Draft, draft-ietf-
netmod-rfc8407bis-11, 18 April 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-netmod-
rfc8407bis-11>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
RFC 6991, DOI 10.17487/RFC6991, July 2013,
<https://www.rfc-editor.org/info/rfc6991>.
[RFC7952] Lhotka, L., "Defining and Using Metadata with YANG",
RFC 7952, DOI 10.17487/RFC7952, August 2016,
<https://www.rfc-editor.org/info/rfc7952>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Ma, et al. Expires 19 December 2024 [Page 36]
Internet-Draft System-defined Configuration June 2024
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>.
[RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of
Documents Containing YANG Data Models", BCP 216, RFC 8407,
DOI 10.17487/RFC8407, October 2018,
<https://www.rfc-editor.org/info/rfc8407>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", RFC 8525,
DOI 10.17487/RFC8525, March 2019,
<https://www.rfc-editor.org/info/rfc8525>.
[RFC8808] Wu, Q., Lengyel, B., and Y. Niu, "A YANG Data Model for
Factory Default Settings", RFC 8808, DOI 10.17487/RFC8808,
August 2020, <https://www.rfc-editor.org/info/rfc8808>.
[RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "HTTP Semantics", STD 97, RFC 9110,
DOI 10.17487/RFC9110, June 2022,
<https://www.rfc-editor.org/info/rfc9110>.
Appendix A. Key Use Cases
This section provides three use cases related to how <system>
interacts with other datastores (e.g., <candidate>, <running>,
<intended>, and <operational>). The following fictional interface
data model is used:
Ma, et al. Expires 19 December 2024 [Page 37]
Internet-Draft System-defined Configuration June 2024
module example-interface-management {
yang-version 1.1;
namespace "urn:example:interfacemgmt";
prefix exifm;
import ietf-inet-types {
prefix inet;
}
container interfaces {
list interface {
key "name";
leaf name {
type string;
}
leaf type {
type enumeration {
enum ethernet;
enum atm;
enum loopback;
}
}
leaf enabled {
type boolean;
default "false";
}
leaf mtu {
type uint32;
}
leaf-list ip-address {
type inet:ip-address;
}
leaf speed {
when "../type = 'ethernet'";
type enumeration {
enum 10Mb;
enum 100Mb;
}
}
leaf description {
type string;
}
}
}
}
Ma, et al. Expires 19 December 2024 [Page 38]
Internet-Draft System-defined Configuration June 2024
For each use case, corresponding sample configuration in <running>,
<system>, <intended> and <operational> are shown. The XML snippets
are used only for illustration purposes.
A.1. Device Powers On
When the device is powered on, suppose the system provides a loopback
interface (named "lo0") which is not explicitly configured in
<running>. Thus, no configuration for interfaces appears in
<running>;
And the contents of <system> are:
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
</interfaces>
In this case, the configuration of loopback interface is only present
in <system>, the configuration of interface in <intended> would be
identical to the one in <system> shown above.
And <operational> will show the system-provided loopback interface:
<interfaces xmlns="urn:example:interfacemgmt"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:system">
<interface>
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
</interfaces>
A.2. Client Commits Configuration
If a client creates an interface "et-0/0/0" but the interface does
not physically exist at this point, what is in <running> appears as
follows:
Ma, et al. Expires 19 December 2024 [Page 39]
Internet-Draft System-defined Configuration June 2024
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<description>pre-provisioned interface</description>
</interface>
</interfaces>
And the contents of <system> keep unchanged since the interface is
not physically present:
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
</interfaces>
The contents of <intended> represent the merged data of <system> and
<running>:
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<description>pre-provisioned interface</description>
</interface>
</interfaces>
Since the interface named "eth-0/0/0" does not exist, the associated
configuration is not present in <operational>, which appears as
follows:
Ma, et al. Expires 19 December 2024 [Page 40]
Internet-Draft System-defined Configuration June 2024
<interfaces xmlns="urn:example:interfacemgmt"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<interface or:origin="or:system">
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
</interfaces>
A.3. Operator Installs Card into a Chassis
When the interface is installed by the operator, the system will
detect it and generate the associated configuration in <system>. The
contents of <running> keep unchanged:
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<description>pre-provisioned interface</description>
</interface>
</interfaces>
And <system> might appear as follows:
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<mtu>1500</mtu>
<speed>100Mb</speed>
</interface>
</interfaces>
Then <intended> contains the merged configuration of <system> and
<running>:
Ma, et al. Expires 19 December 2024 [Page 41]
Internet-Draft System-defined Configuration June 2024
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<mtu>1500</mtu>
<speed>100Mb</speed>
<description>pre-provisioned interface</description>
</interface>
</interfaces>
And the contents of <operational> appear as follows:
<interfaces xmlns="urn:example:interfacemgmt"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<interface or:origin="or:system">
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<enabled or:origin="or:default">false</enabled>
<mtu or:origin="or:system">1500</mtu>
<speed or:origin="or:system">100Mb</speed>
<description>pre-provisioned interface</description>
</interface>
</interfaces>
A.4. Client further Commits Configuration
If the client further sets the speed of interface "eth-0/0/0" to a
lower rate in <running> using a "merge" operation with the referenced
node "type" being explicitly declared and enables this interface:
Ma, et al. Expires 19 December 2024 [Page 42]
Internet-Draft System-defined Configuration June 2024
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<enabled>false</enabled>
<mtu>1500</mtu>
<speed>10Mb</speed>
<description>pre-provisioned interface</description>
</interface>
</interfaces>
The contents of <system> keep unchanged:
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<mtu>1500</mtu>
<speed>100Mb</speed>
</interface>
</interfaces>
And the contents of <intended> which represents a merged results of
<running> and <system> are as follows:
Ma, et al. Expires 19 December 2024 [Page 43]
Internet-Draft System-defined Configuration June 2024
<interfaces xmlns="urn:example:interfacemgmt">
<interface>
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<enabled>true</enabled>
<mtu>1500</mtu>
<speed>10Mb</speed>
<description>pre-provisioned interface</description>
</interface>
</interfaces>
And <operational> would appear as follows:
<interfaces xmlns="urn:example:interfacemgmt"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<interface or:origin="or:system">
<name>lo0</name>
<type>loopback</type>
<enabled>true</enabled>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
<description>predefined interface</description>
</interface>
<interface>
<name>et-0/0/0</name>
<type>ethernet</type>
<enabled>true</enabled>
<mtu or:origin="or:system">1500</mtu>
<speed>10Mb</speed>
<description>pre-provisioned interface</description>
</interface>
</interfaces>
Appendix B. Changes between Revisions
v05 - v06
* remove inactive-until-referenced system config
Ma, et al. Expires 19 December 2024 [Page 44]
Internet-Draft System-defined Configuration June 2024
* add a new section (sec.6) to clarify the interplay between system
config and defaults
* add a new section (sec.7) to clarify relation to other datastores,
which includes <factory-default> and <candidate>/<priv-candidate>
* leave the merge behavior of <system> and <running> unspecified
* augment <validate> and <commit> PRC operation to support "resolve-
system" parameter
* editorial updates
v04 - v05
* Explicitly state that system configuration copied from <system>
into <running> have its origin value being reported as "intended"
and update the examples accordingly to reflect it
* Update the definition of "intended" origin identity in 8342 to
allow a subset of configuration in <intended> to use "system" as
origin value
* State server behaviors of migrating updated system data into
<running> is beyond the scope of this document, and give a couple
of implementation examples
* Remove the related statement which mandates referenced system
configuration must be copied into <running>
* Refine usage examples (e.g., fix validation errors, remove
redundancy)
v03 - v04
* Add some implementation consideration for "resolve-system"
parameter
* Define a NETCONF capability identifier for "resolve-system"
parameter so that the client can discover if it is supported by
the server.
* state servers may upgrade copied system configuration in <running>
as well during device upgrade or licensing change.
v02 - v03
Ma, et al. Expires 19 December 2024 [Page 45]
Internet-Draft System-defined Configuration June 2024
* remove the merge mechanism related comments, as discussed in
https://github.com/netconf-wg/netconf-next/issues/19
* Editorial changes
v01 - v02
* Define referenced system configuration
* better clarify "resolve-system" parameter
* update Figure 2 in NMDA RFC
* Editorial changes
v00 - v01
* Clarify why client's explicit copy is not preferred but cannot be
avoided if resolve-system parameter is not defined
* Clarify active system configuration
* Update the timing when the server's auto copy should be enforced
if a resolve-system parameter is used
* Editorial changes
Acknowledgements
The authors would like to thank for following for discussions and
providing input to this document: Balazs Lengyel, Robert Wilton,
Juergen Schoenwaelder, Andy Bierman, Martin Bjorklund, Mohamed
Boucadair, Alexander Clemm, and Timothy Carey.
Contributors
Ma, et al. Expires 19 December 2024 [Page 46]
Internet-Draft System-defined Configuration June 2024
Kent Watsen
Watsen Networks
Email: kent+ietf@watsen.net
Jan Lindblad
Cisco Systems
Email: jlindbla@cisco.com
Chongfeng Xie
China Telecom
Beijing
China
Email: xiechf@chinatelecom.cn
Jason Sterne
Nokia
Email: jason.sterne@nokia.com
Authors' Addresses
Qiufang Ma (editor)
Huawei
101 Software Avenue, Yuhua District
Nanjing
Jiangsu, 210012
China
Email: maqiufang1@huawei.com
Qin Wu
Huawei
101 Software Avenue, Yuhua District
Nanjing
Jiangsu, 210012
China
Email: bill.wu@huawei.com
Chong Feng
Email: fengchongllly@gmail.com
Ma, et al. Expires 19 December 2024 [Page 47]