Technical Summary
NETCONF Configuration Protocol
The NETCONF configuration protocol defined in this document provides
mechanisms to install, manipulate, and delete the configuration of
network devices. It uses an Extensible Markup Language (XML) based
data encoding for the configuration data as well as the protocol
messages. The NETCONF protocol operations are realized on top of a
simple Remote Procedure Call (RPC) layer.
Using the NETCONF Configuration Protocol over Secure Shell (SSH)
This document describes a method for invoking and running the NETCONF
configuration protocol within a Secure Shell (SSH) session as an SSH
subsystem.
Note: The WG could not decide on a single transport mapping for
NETCONF, because different types of programmers want to use the
protocol. Therefore, NETCONF defines three transport mappings:
SSH, BEEP, and SOAP, where SSH is the mandatory-to-implement
protocol.
Working Group Summary
The NETCONF Working Group has consensus to publish these documents
as a Proposed Standard.
Protocol Quality
It is likely that there are several implementations of these
documents in various stages of completion at this time.
Several major equipment vendors have indicated interest in
supporting this document, and some non-commercial
implementations are also expected.
An interoperability event (just prior to Paris IETF) was held
in which 4 implementations participated and feedback was
considered in revisions of these documents.
Bert Wijnen reviewed these documents for the IESG.
Note to RFC Editor
I appologize for the pretty extensive changes, but this was the
only way to get this document approved before I am stepping down
as AD (thanks, Bert)
Please make the following changes:
------ for the draft-ietf-netconf-ssh-06.txt document ----------
- In section 3, page 3 (last line) and 4:
OLD:
SSHv1. Running NETCONF as an SSH subsystem avoids the need for the
script to recognize shell prompts or skip over extraneous
information, such as a system message that is sent at shell start-up.
However, if a subsystem cannot be used, it should be possible for a
client to skip over any system messages that are sent at shell
start-up by searching for a NETCONF <hello> element. Note that this
may not avoid problems if system messages are recieved later in the
session.
NEW:
SSHv1. Running NETCONF as an SSH subsystem avoids the need for the
script to recognize shell prompts or skip over extraneous
information, such as a system message that is sent at shell start-up.
However, even when a subsystem is used, some extraneous messages may
be printed by the user's start-up scripts. Implementations MUST
skip over these messages by searching for an 'xml' start directive,
which MUST be followed by a <hello> element in the 'NETCONF' namespace.
- In section 5, page 6, line 4 in 1st para:
OLD:
...and terminate the SSH session.
NEW:
...and close the SSH session channel.
----- in the draft-ietf-netconf-prot-12.txt document ----------
Page 16:
OLD:
The following <rpc-reply> illustrates the case of returning
multiple <rpc-error> elements.
NEW:
The following <rpc-reply> illustrates the case of returning
multiple <rpc-error> elements.
Note that the data models used in the examples in this section use
the <name> element to distinguish between multiple instances of
the <interface> element.
On page 34:
OLD:
If the NETCONF peer supports the :xpath capability
(Section 8.9), the value "xpath" may be used to indicate that
the filter element contains an XPath expression.
NEW:
If the NETCONF peer supports the :xpath capability
(Section 8.9), the value "xpath" may be used to indicate that
the select attribute on the filter element contains an XPath
expression.
Page 39, bottom:
OLD:
Example:
Set the MTU to 1500 on an interface named "Ethernet0/0" in the
running configuration:
NEW:
Example:
The <edit-config> examples in this section utilize a simple
data model, in which multiple instances of the 'interface'
element may be present, and an instance is distinguished
by the 'name' element within each 'interface' element.
Set the MTU to 1500 on an interface named "Ethernet0/0" in the
running configuration:
On page 46:
OLD:
A lock MUST not be granted if any of the following conditions are
true:
* a lock is already held by another NETCONF session or another
^^^^^^^
entity
NEW:
A lock MUST not be granted if any of the following conditions are
true:
* a lock is already held by any NETCONF session or another
entity
On page 50:
OLD:
If the NETCONF peer supports the :xpath capability
(Section 8.9), the value 'xpath' may be used to indicate that
the filter element contains an XPath expression.
NEW:
If the NETCONF peer supports the :xpath capability
(Section 8.9), the value "xpath" may be used to indicate that
the select attribute on the filter element contains an XPath
expression.
On page 67:
OLD:
The :xpath capability modifies the <get> and <get-config> operations
to accept the value "xpath" in the type attribute of the filter
element. When the type attribute is set to "xpath", the contents of
the filter element will be treated as an xpath expression and used to
filter the returned data.
NEW:
The :xpath capability modifies the <get> and <get-config> operations
to accept the value "xpath" in the type attribute of the filter
element. When the type attribute is set to "xpath", a select
attribute MUST be present on the filter element. The select
attribute will be treated as an XPath expression and used to filter
the returned data. The filter element itself MUST be empty in this
case.
On page 67:
OLD:
<filter type="xpath"> <!-- get the user named fred -->
top/users/user[name="fred"]
</filter>
NEW:
<!-- get the user named fred -->
<filter type="xpath" select="top/users/user[name='fred']"/>
On page 81:
OLD:
<xs:attribute name="type"
type="FilterType" default="subtree"/>
NEW:
<xs:attribute name="type"
type="FilterType" default="subtree"/>
<!-- if type="xpath", the xpath expression
appears in the select element -->
<xs:attribute name="select"/>
IANA Note
-----Original Message-----
From: Andy Bierman [mailto:ietf@andybierman.com]
Sent: Thursday, March 23, 2006 14:39
To: Bert Wijnen; iana@iana.org
Subject: Port request for draft-ietf-netconf-ssh-06.txt
Hi,
Please assign a port number < 1024 for the NETCONF
protocol over the Secure Shell protocol, as specified
in section 7 of this document.
thanks,
Andy