System-defined Configuration
draft-ietf-netmod-system-config-05
| Document | Type | Active Internet-Draft (netmod WG) | |
|---|---|---|---|
| Authors | Qiufang Ma , Qin Wu , Chong Feng | ||
| Last updated | 2024-02-21 | ||
| Replaces | draft-ma-netmod-with-system | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Yang Validation | 0 errors, 0 warnings | ||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | I-D Exists | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-ietf-netmod-system-config-05
NETMOD Q. Ma, Ed.
Internet-Draft Q. Wu
Updates: 8342, 6241, 8526, 8040 (if approved) Huawei
Intended status: Standards Track C. Feng
Expires: 24 August 2024 21 February 2024
System-defined Configuration
draft-ietf-netmod-system-config-05
Abstract
This document defines how a management client and server handle YANG-
modeled configuration data that is defined by the server itself. The
system-defined configuration can be referenced (e.g. leafref) by
configuration explicitly created by a client.
The Network Management Datastore Architecture (NMDA) defined in RFC
8342 is updated with a read-only conventional configuration datastore
called "system" to hold system-defined configuration.
As an alternative to clients explicitly copying referenced system-
defined configuration into the target configuration datastore (e.g.,
<running>) so that the datastore is valid, a "resolve-system"
parameter is defined to allow the server acting as a "system client"
to copy referenced system nodes automatically. This solution enables
clients manipulating the target configuration datastore (e.g.,
<running>) to reference nodes defined in <system>, override system-
provided values, and configure descendant nodes of system-defined
configuration.
This document updates RFC 8342, RFC 6241, RFC 8526 and RFC 8040.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
Ma, et al. Expires 24 August 2024 [Page 1]
Internet-Draft System-defined Configuration February 2024
This Internet-Draft will expire on 24 August 2024.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Requirements Language . . . . . . . . . . . . . . . . . . 5
1.3. Updates to RFC 8342 . . . . . . . . . . . . . . . . . . . 5
1.4. Updates to RFC 6241 and RFC 8526 . . . . . . . . . . . . 6
1.5. Updates to RFC 8040 . . . . . . . . . . . . . . . . . . . 6
1.5.1. Query Parameter . . . . . . . . . . . . . . . . . . . 6
1.5.2. Query Parameter URI . . . . . . . . . . . . . . . . . 7
2. Kinds of System Configuration . . . . . . . . . . . . . . . . 7
2.1. Immediately-Active . . . . . . . . . . . . . . . . . . . 7
2.2. Conditionally-Active . . . . . . . . . . . . . . . . . . 7
2.3. Inactive-Until-Referenced . . . . . . . . . . . . . . . . 8
3. The System Configuration Datastore (<system>) . . . . . . . . 8
4. Static Characteristics of <system> . . . . . . . . . . . . . 9
4.1. Read-only to Clients . . . . . . . . . . . . . . . . . . 9
4.2. May Change via Software Upgrades or Resource Changes . . 9
4.3. No Impact to <operational> . . . . . . . . . . . . . . . 10
5. Dynamic Behaviors . . . . . . . . . . . . . . . . . . . . . . 10
5.1. Conceptual Model of Datastores . . . . . . . . . . . . . 10
5.2. Explicit Declaration of System Configuration . . . . . . 12
5.3. Servers Auto-configuring Referenced System Configuration
("resolve-system" parameter) . . . . . . . . . . . . . . 12
5.4. Modifying (Overriding) System Configuration . . . . . . . 14
5.5. Examples . . . . . . . . . . . . . . . . . . . . . . . . 14
5.5.1. Server Configuring of <running> Automatically . . . . 14
5.5.2. Declaring a System-defined Node in <running>
Explicitly . . . . . . . . . . . . . . . . . . . . . 20
5.5.3. Modifying a System-instantiated Leaf's Value . . . . 21
5.5.4. Configuring Descendant Nodes of a System-defined
Node . . . . . . . . . . . . . . . . . . . . . . . . 22
Ma, et al. Expires 24 August 2024 [Page 2]
Internet-Draft System-defined Configuration February 2024
6. The "ietf-system-datastore" Module . . . . . . . . . . . . . 23
6.1. Data Model Overview . . . . . . . . . . . . . . . . . . . 23
6.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 24
6.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 25
7. The "ietf-netconf-resolve-system" Module . . . . . . . . . . 27
7.1. Data Model Overview . . . . . . . . . . . . . . . . . . . 27
7.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 28
7.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 28
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31
8.1. The "IETF XML" Registry . . . . . . . . . . . . . . . . . 31
8.2. The "YANG Module Names" Registry . . . . . . . . . . . . 31
8.3. NETCONF Capability URN Registry . . . . . . . . . . . . . 31
8.4. RESTCONF Capability URN Registry . . . . . . . . . . . . 32
9. Security Considerations . . . . . . . . . . . . . . . . . . . 32
9.1. Regarding the "ietf-system-datastore" YANG Module . . . . 32
9.2. Regarding the "ietf-netconf-resolve-system" YANG
Module . . . . . . . . . . . . . . . . . . . . . . . . . 32
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 32
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 33
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Normative References . . . . . . . . . . . . . . . . . . . . . 33
Informative References . . . . . . . . . . . . . . . . . . . . 34
Appendix A. Key Use Cases . . . . . . . . . . . . . . . . . . . 36
A.1. Device Powers On . . . . . . . . . . . . . . . . . . . . 36
A.2. Client Commits Configuration . . . . . . . . . . . . . . 37
A.3. Operator Installs Card into a Chassis . . . . . . . . . . 38
Appendix B. Changes between Revisions . . . . . . . . . . . . . 39
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40
1. Introduction
The Network Management Datastore Architecture (NMDA) [RFC8342]
defines system configuration as the configuration that is supplied by
the device itself and appears in <operational> when it is in use
(Figure 2 in [RFC8342]).
However, there is a desire to enable a server to better structure and
expose the system configuration. NETCONF/RESTCONF clients can
benefit from a standard mechanism to retrieve what system
configuration is available on a server.
Some servers allow the NETCONF/RESTCONF client to reference a system-
defined node which isn't present in the target datastore (e.g.,
<running>). The absence of the system configuration in the datastore
can render the datastore invalid from the perspective of a client or
offline tools (e.g., missing leafref targets). This document
describes several approaches to bring the datastore to a valid state
and satisfy referential integrity constraints.
Ma, et al. Expires 24 August 2024 [Page 3]
Internet-Draft System-defined Configuration February 2024
Some servers allow the descendant nodes of system-defined
configuration to be configured or modified. For example, the system
configuration may contain an almost empty physical interface, while
the client needs to be able to add, modify, or remove a number of
descendant nodes. Some descendant nodes may not be modifiable (e.g.,
the interface "type" set by the system).
This document updates the Network Management Datastore Architecture
(NMDA) defined in RFC 8342 with a read-only conventional
configuration datastore called "system" to hold system-defined
configuration.
As an alternative to clients explicitly copying referenced system-
defined configuration into the target configuration datastore (e.g.,
<running>) so that the datastore is valid, a "resolve-system"
parameter is defined to allow the server acting as a "system client"
to copy referenced system nodes automatically. This solution enables
clients manipulating the target configuration datastore (e.g.,
<running>) to reference nodes defined in <system>, override system-
provided values, and configure descendant nodes of system-defined
configuration.
If a system-defined node is referenced, it refers to one of the
following cases throughout this document:
* It is present in a leafref "path" statement and referred as the
leafref value
* It is used as an "instance-identifier" type value
* It is present in an XPath expression of "when" or "must"
constraints
* It is defined to satisfy the "mandatory" constraints
* It is defined to exactly satisfy the "min-element" constraints
Conformance to this document requires the NMDA servers to implement
the "ietf-system-datastore" YANG module (Section 6).
1.1. Terminology
This document assumes that the reader is familiar with the contents
of [RFC6241], [RFC7950], [RFC8342], [RFC8407], and [RFC8525] and uses
terminologies from those documents.
The following terms are defined in this document:
Ma, et al. Expires 24 August 2024 [Page 4]
Internet-Draft System-defined Configuration February 2024
System configuration: Configuration that is provided by the system
itself. System configuration is present in the system
configuration datastore (regardless of whether it is applied or
referenced) and appears in <intended> unless explicitly
overridden. System configuration that is considered active
appears in <operational> with origin="system". It is a different
and separate concept from factory default configuration defined in
RFC 8808 (which represents a preset initial configuration that is
used to initialize the configuration of a server).
System configuration datastore: A configuration datastore holding
configuration provided by the system itself. This datastore is
referred to as "<system>".
This document redefines the term "conventional configuration
datastore" in Section 3 of [RFC8342] to add "system" to the list of
conventional configuration datastores:
Conventional configuration datastore: One of the following set of
configuration datastores: <running>, <startup>, <candidate>,
<system>, and <intended>. These datastores share a common
datastore schema, and protocol operations allow copying data
between these datastores. The term "conventional" is chosen as a
generic umbrella term for these datastores.
1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
1.3. Updates to RFC 8342
This document updates RFC 8342 to define a configuration datastore
called "system" to hold system configuration (Section 3), it also
redefines the term "conventional configuration datastore" from
[RFC8342] to add "system" to the list of conventional configuration
datastores.
Configuration in <running> is merged into <system> to create the
contents of <intended> after the configuration transformations to
<running> (e.g., template expansion, removal of inactive
configuration defined in [RFC8342]) have been performed. This
document updates the definition of "intended" origin metadata
Ma, et al. Expires 24 August 2024 [Page 5]
Internet-Draft System-defined Configuration February 2024
annotation identity to allow a subset of configuration provided by
<intended> to use "system" as origin value as it flows into
<operational>. Applied system configuration appears in <operational>
with origin value being reported as "system" (Section 5.1).
1.4. Updates to RFC 6241 and RFC 8526
This document augments <edit-config> and <edit-data> RPC operations
defined in [RFC6241] and [RFC8526] respectively, with a new
additional input parameter "resolve-system" to allow the server to
copy referenced system nodes into target datastore automatically
without the client doing so explicitly. The <copy-config> RPC
operation defined in [RFC6241] is also augmented to support "resolve-
system" parameter (Section 5.3).
This document defines a NETCONF protocol capability to indicate
support for this parameter. NETCONF server that supports "resolve-
system" parameter MUST advertise the following capability identifier:
urn:ietf:params:netconf:capability:resolve-system:1.0
1.5. Updates to RFC 8040
This document extends Sections 4.8 and 9.1.1 of [RFC8040] to add a
new query parameter "resolve-system" and corresponding query
parameter capability URI.
1.5.1. Query Parameter
The "resolve-system" parameter controls whether to allow a server to
copy any referenced system-defined configuration automatically
without the client doing so explicitly. This parameter is only
allowed with no values carried. If this parameter has any unexpected
value, then a "400 Bad Request" status-line is returned.
+----------------+---------+-----------------------------------------+
| Name | Methods | Description |
+----------------+---------+-----------------------------------------+
|resolve-system | POST, | resolve any references not resolved by |
| | PUT | the client and copy referenced |
| | PATCH | system configuration into <running> |
| | | automatically. This parameter can be |
| | | given in any order. |
+----------------+---------+-----------------------------------------+
Figure 1: RESTCONF "resolve-system" Query Parameter
Ma, et al. Expires 24 August 2024 [Page 6]
Internet-Draft System-defined Configuration February 2024
1.5.2. Query Parameter URI
To enable a RESTCONF client to discover if the "resolve-system" query
parameter is supported by the server, the following capability URI is
defined, which is advertised by the server if supported, using the
"ietf-restconf-monitoring" module defined in RFC 8040:
urn:ietf:params:restconf:capability:resolve-system:1.0
2. Kinds of System Configuration
There are three types of system configurations defined in this
document: immediately-active system configuration, conditionally-
active system configuration, and inactive-until-referenced system
configuration.
Active system configuration refers to system configuration that is
currently in use. As per definition of the operational state
datastore in [RFC8342], if system configuration is inactive, it does
not appear in <operational>. However, system configuration is
present in <system> once it is generated, regardless of whether it is
active or not.
2.1. Immediately-Active
Immediately-active refers to system configuration which is generated
in <system> and applied immediately when the device is powered on
(e.g., a loopback interface), irrespective of physical resource
present or not, a special functionality enabled or not.
2.2. Conditionally-Active
System configuration which is generated in <system> and applied based
on specific conditions being met in a system, e.g., if a physical
resource is present (e.g., insert interface card), the system will
automatically detect it and load associated configuration; when the
physical resource is not present (remove interface card), the system
configuration will be automatically cleared. Another example is when
a special functionality is enabled, e.g., when a QoS feature is
enabled, related QoS policies are automatically created by the
system.
Ma, et al. Expires 24 August 2024 [Page 7]
Internet-Draft System-defined Configuration February 2024
2.3. Inactive-Until-Referenced
There are some system configuration predefined (e.g., application
ids, anti-x signatures, trust anchor certs, etc.) as a convenience
for the clients, which must be referenced to be active. The clients
can also define their own configurations for their unique
requirements. Inactive-until-referenced system configuration is
generated in <system> immediately when the device is powered on, but
it is not active until being referenced.
3. The System Configuration Datastore (<system>)
NMDA servers compliant with this document MUST implement a system
configuration datastore, and they SHOULD also implement <intended>.
Following guidelines for defining datastores in the appendix A of
[RFC8342], this document introduces a new datastore resource named
'system' that represents the system configuration.
* Name: "system"
* YANG modules: all
* YANG nodes: all "config true" data nodes up to the root of the
tree, generated by the system
* Management operations: The content of the datastore is set by the
server in an implementation dependent manner. The content can not
be changed by management operations via protocols such as NETCONF,
RESTCONF, but may change itself by license change, device upgrade
and/or system-controlled resources change. The datastore can be
read using the standard network management protocols such as
NETCONF and RESCTCONF.
* Origin: This document does not define any new origin identity when
it interacts with <intended> and flows into <operational>. The
"system" origin Metadata Annotation [RFC7952] is used to indicate
the origin of a data item is system, which is achieved by updating
the definition of "intended" origin metadata annotation in
[RFC8342].
* Protocols: YANG-driven management protocols, such as NETCONF and
RESTCONF.
* Defining YANG module: "ietf-system-datastore".
Ma, et al. Expires 24 August 2024 [Page 8]
Internet-Draft System-defined Configuration February 2024
The datastore's content is defined by the server and read-only to
clients. Upon the content is created or changed, it will be merged
into <intended>. Unlike <factory-default> [RFC8808], it MAY change
dynamically, e.g., depending on factors like license change, device
upgrade or system-controlled resources change (e.g., HW available).
The system configuration datastore doesn't persist across reboots;
<factory-reset> RPC operation defined in [RFC8808] can reset it to
its factory default configuration without including configuration
generated due to the system update or client-enabled functionality.
The system datastore is defined as a conventional configuration
datastore and shares a common datastore schema with other
conventional datastores.
4. Static Characteristics of <system>
4.1. Read-only to Clients
The system datastore is read-only (i.e., edits towards <system>
directly MUST be denied), though the client may be allowed to
override the value of a system-initialized node (see Section 5.4).
4.2. May Change via Software Upgrades or Resource Changes
System configuration may change dynamically, e.g., depending on
factors like license change, device upgrade, or system-controlled
resources (e.g., HW available) change. In some implementations, when
a QoS feature is enabled, QoS-related policies are created by the
system. The updates of system configuration may be obtained through
YANG notifications (e.g., on-change notification)
[RFC6470][RFC8639][RFC8641].
If system configuration changes (e.g., due to device upgrade),
<running> MAY become invalid. The server behaviors of migrating
updated system data into <running> is beyond the scope of this
document. That said, the following gives a list of examples of
server implementations that might be possible:
* Servers migrate system configuration update into <running> with
the clients' awareness to keep <running> valid
* Servers don't migrate any system configuration update into
<running> and clients are responsible to correct the configuration
in <running> if it becomes invalid
* Servers rejects the operation to change system configuration
(e.g., device upgrade fails) and needs the client to correct the
configuration in <running> as a prerequisite to ensure validity
Ma, et al. Expires 24 August 2024 [Page 9]
Internet-Draft System-defined Configuration February 2024
4.3. No Impact to <operational>
This work intends to have no impact to <operational>. System
configuration appears in <operational> with origin value being
reported as "system" if not configured or overridden explicitly in
<running>. This document enables a subset of those system generated
nodes to be defined like configuration, i.e., made visible to clients
in order for being referenced or configurable prior to present in
<operational>. "Config false" nodes are out of scope, hence existing
"config false" nodes are not impacted by this work.
5. Dynamic Behaviors
5.1. Conceptual Model of Datastores
This document introduces a datastore named "system" which is used to
hold all three types of system configurations defined in Section 2.
When the device is powered on, immediately-active system
configuration is generated in <system> and active immediately, but
inactive-until-referenced system configuration only becomes active if
referenced by client-defined configuration. However, conditionally-
active system configuration will only be created and active when
specific conditions on system resources are met.
All above three types of system configurations appear in <system>.
Clients MAY reference nodes defined in <system>, override system-
provided values, and configure descendant nodes of system-defined
configuration, by copying or writing intended configurations into the
target configuration datastore (e.g., <running>).
To ensure the validity of <intended>, configuration in <running> is
merged into <system> to become <intended>, in which process,
configuration appearing in <running> takes precedence over the same
node in <system>; additional nodes to a list entry or new list/leaf-
list entries appearing in <running> extends the list entry or the
whole list/leaf-list defined in <system> if the server allows the
list/leaf-list to be updated. If <running> includes configuration
that requires further transformation (e.g., template expansion,
removal of inactive configuration defined in [RFC8342]) before it can
be applied, configuration transformations MUST be performed before
<running> is merged into <system>. If a server implements
<intended>, <system> MUST be merged into <intended>.
As a result, Figure 2 in Section 5 of RFC 8342 is updated with the
below conceptual model of datastores which incorporates the system
configuration datastore.
Ma, et al. Expires 24 August 2024 [Page 10]
Internet-Draft System-defined Configuration February 2024
+-------------+ +-----------+
| <candidate> | | <startup> |
| (ct, rw) |<---+ +--->| (ct, rw) |
+-------------+ | | +-----------+
| | | |
+-----------+ | +-----------+ |
| <system> | +-------->| <running> |<--------+
| (ct, ro) | | (ct, rw) |
+-----+-----+ +----+------+
| | // configuration transformations,
+--------+ | // e.g., removal of nodes marked
| | // as "inactive", expansion of
|<------------+ // templates
|
V
+------------+
| <intended> | // subject to validation
| (ct, ro) |
+------------+
|
| // changes applied, subject to
| // local factors, e.g., missing
| // resources, delays
dynamic |
configuration | +-------- learned configuration
datastores -----+ | +-------- default configuration
| | |
v v v
+---------------+
| <operational> | <-- system state
| (ct + cf, ro) |
+---------------+
ct = config true; cf = config false
rw = read-write; ro = read-only
boxes denote named datastores
Figure 2: Architectural Model of Datastores
The "intended" identity of origin value defined in RFC 8342 to
represent the origin of configuration provided by <intended>, this
document updates its definition as origin source of configuration
explicitly provided by <running>, and allows a subset of
configuration in <intended> that flows from <system> yet is not
configured or overridden explicitly in <running> to use "system" as
its origin value. Configuration copied from <system> into <running>
has its origin value reported as "intended" when it flows into
<operational>.
Ma, et al. Expires 24 August 2024 [Page 11]
Internet-Draft System-defined Configuration February 2024
Configuration in <system> is non-deletable to clients, even though a
client may delete a copied system node from <running>. If system
initializes a value for a particular leaf which is overridden by the
client with a different value in <running>, the client may delete it
in <running>, in which case system-initialized value defined in
<system> may still be in use and appear in <operational>.
Any deletable system-provided configuration that is populated as part
of <running> by the system at boot up, without being part of the
contents of a <startup> datastore, must be defined in <factory-
default> [RFC8808], which is used to initialize <running> when the
device is first-time powered on or reset to its factory default
condition.
5.2. Explicit Declaration of System Configuration
It is possible for a client to explicitly declare system
configuration nodes in the target datastore (e.g., <running>) with
the same values as in <system>, by configuring a node (list/leaf-list
entry, leaf, etc.) in the target datastore (e.g., <running>) that
matches the same node and value in <system>.
The explicit configuration of system-defined nodes in the target
datastore (e.g., <running>) can be useful, for example, when the
client does not want a "system client" to have a role or not support
the "resolve-system" parameter but needs the datastore to be
referentially complete. The client can explicitly declare (i.e.,
configure in the datastore like <running>) the list entries (with at
least the keys) that are referenced elsewhere in <running>. The
client does not necessarily need to declare all the contents of the
list entry (i.e. the descendant nodes), only the parts that are
required to make the datastore appear valid.
5.3. Servers Auto-configuring Referenced System Configuration
("resolve-system" parameter)
This document defines a new parameter "resolve-system" to the input
for the <edit-config>, <edit-data>, and <copy-config> operations.
Clients that are aware of the "resolve-system" parameter MAY use this
parameter to avoid the requirement to provide a referentially
complete configuration in <running>.
The "resolve-system" parameter is optional and has no value. If it
is present, and the server supports this capability, the server MUST
copy referenced system nodes into the target datastore (e.g.,
<running>) without the client doing the copy/paste explicitly, to
resolve any references not resolved by the client. The server acting
as a "system client" like any other remote clients copies the
Ma, et al. Expires 24 August 2024 [Page 12]
Internet-Draft System-defined Configuration February 2024
referenced system-defined nodes when triggered by the "resolve-
system" parameter. Legacy clients interacting with servers that
support this parameter don't see any changes in <edit- config>/<edit-
data> and <copy-config> behaviors.
The server's copy referenced nodes from <system> to the target
datastore MUST be enforced at the end of the <edit-config>/<edit-
data> or <copy-config> operations during the validation processing,
regardless of which target datastore it is.
The server may automatically configure the list entries (with at
least the keys) in the target datastore (e.g., <running>) that are
referenced elsewhere by the clients. Similarly, not all the contents
of the list entry (i.e., the descendant nodes) are necessarily copied
by the server - only the parts that are required to make
configuration valid.
There is no distinction between the configuration in the target
datastore (e.g., <running>) automatically configured by the server
and the one explicitly declared by the client, e.g., a read back of
the datastore (i.e., <get>, <get-config> or <get-data> operation)
returns automatically configured nodes.
Note that even an auto-configured node is allowed to be deleted from
the target datastore by the client, the system may automatically
configure the deleted node again to make configuration valid, when a
"resolve-system" parameter is carried. It is also possible that the
operation request (e.g., <edit-config>) may not succeed due to
incomplete referential integrity.
Support for the "resolve-system" parameter is OPTIONAL. Servers not
supporting NMDA [RFC8342] MAY also implement this parameter without
implementing the system configuration datastore, which would only
eliminate the ability to expose the system configuration via protocol
operations. If a server implements <system>, referenced system
configuration is copied from <system> into the target datastore
(e.g., <running>) when the "resolve-system" parameter is used;
otherwise it is an implementation decision where to copy referenced
system configuration into the target datastore (e.g., <running>).
If the "resolve-system" parameter is not given by the client, the
server should not modify <running> in any way otherwise not specified
by the client. Not using capitalized "SHOULD NOT" in the previous
sentence is intentional. The intention is to bring awareness to the
general need to not surprise clients with unexpected changes. It is
desirable for clients to always opt into using mechanisms having
server-side changes. This document enables a client to opt into this
behavior using the "resolve-system" parameter. An example of this
Ma, et al. Expires 24 August 2024 [Page 13]
Internet-Draft System-defined Configuration February 2024
type of opt-in behavior can also be found in RFC 7317, which enables
a client to opt into its behavior using a "$0$" prefix (see
ianach:crypt-hash type defined in [RFC7317]).
Implementation specifics are beyond the scope of this document,
however, due to the extra complexity brought by the "resolve-system"
parameter, clients should be aware that it would cost a reasonable
amount of time for the server to resolve reference, retrieve and copy
the referenced system configuration from <system>, which could take
multiple rounds since some errors may depend on the resolution of
previous ones.
5.4. Modifying (Overriding) System Configuration
In some cases, a server may allow some parts of system configuration
to be modified. Modification of system configuration is achieved by
the client writing configuration to <running> that overrides the
system configuration. Configurations defined in <running> take
precedence over system configuration nodes in <system> if the server
allows the nodes to be modified.
For instance, descendant nodes in a system-defined list entry may be
modifiable or not, even if some system configuration has been copied
into <running> earlier. If a system node is non-modifiable, then
writing a different value for that node MUST return an error. The
immutability of system configuration is defined in
[I-D.ma-netmod-immutable-flag].
A server may also allow a client to add data nodes to a list entry in
<system> by writing those additional nodes in <running>. Those
additional data nodes may not exist in <system> (i.e., an *addition*
rather than an override).
5.5. Examples
This section presents some sample data models and corresponding
contents of various datastores with different dynamical behaviors
above. The XML snippets are used only for examples.
5.5.1. Server Configuring of <running> Automatically
In this subsection, the following fictional module is used:
Ma, et al. Expires 24 August 2024 [Page 14]
Internet-Draft System-defined Configuration February 2024
module example-application {
yang-version 1.1;
namespace "urn:example:application";
prefix "app";
import ietf-inet-types {
prefix "inet";
}
container applications {
list application {
key "name";
leaf name {
type string;
}
leaf protocol {
type enumeration {
enum tcp;
enum udp;
}
}
leaf destination-port {
type inet:port-number;
}
}
}
}
The server may predefine some applications as a convenience for the
clients. These predefined configurations are active only after being
referenced by other configurations, which fall into the "inactive-
until-referenced" system configuration as defined in Section 2. The
system-instantiated application entries may be present in <system> as
follows:
Ma, et al. Expires 24 August 2024 [Page 15]
Internet-Draft System-defined Configuration February 2024
<applications xmlns="urn:example:application">
<application>
<name>ftp</name>
<protocol>tcp</protocol>
<destination-port>21</destination-port>
</application>
<application>
<name>tftp</name>
<protocol>udp</protocol>
<destination-port>69</destination-port>
</application>
<application>
<name>smtp</name>
<protocol>tcp</protocol>
<destination-port>25</destination-port>
</application>
</applications>
The client may also define its customized applications. Suppose the
configuration of applications is present in <running> as follows:
<applications xmlns="urn:example:application">
<application>
<name>my-app-1</name>
<protocol>tcp</protocol>
<destination-port>2345</destination-port>
</application>
<application>
<name>my-app-2</name>
<protocol>udp</protocol>
<destination-port>69</destination-port>
</application>
</applications>
A fictional ACL YANG module is used as follows, which defines a
leafref for the leaf-list "application" data node to refer to an
existing application name.
module example-acl {
yang-version 1.1;
namespace "urn:example:acl";
prefix "acl";
import example-application {
prefix "app";
}
import ietf-inet-types {
Ma, et al. Expires 24 August 2024 [Page 16]
Internet-Draft System-defined Configuration February 2024
prefix "inet";
}
container acl {
list acl_rule {
key "name";
leaf name {
type string;
}
container matches {
choice l3 {
container ipv4 {
leaf source_address {
type inet:ipv4-prefix;
}
leaf dest_address {
type inet:ipv4-prefix;
}
}
}
choice applications {
leaf-list application {
type leafref {
path "/app:applications/app:application/app:name";
}
}
}
}
leaf packet_action {
type enumeration {
enum forward;
enum drop;
enum redirect;
}
}
}
}
}
If a client configures an ACL rule referencing system provided
applications which are not present in <running>, take NETCONF
protocol for example, the client may issue an <edit-config> operation
with the parameter "resolve-system" as follows:
Ma, et al. Expires 24 August 2024 [Page 17]
Internet-Draft System-defined Configuration February 2024
<rpc message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<acl xmlns="urn:example:acl">
<acl_rule>
<name>allow_access_to_ftp_tftp</name>
<matches>
<ipv4>
<source_address>198.51.100.0/24</source_address>
<dest_address>192.0.2.0/24</dest_address>
</ipv4>
<application>ftp</application>
<application>tftp</application>
<application>my-app-1</application>
</matches>
<packet_action>forward</packet_action>
</acl_rule>
</acl>
</config>
<resolve-system/>
</edit-config>
</rpc>
The following gives the configuration of applications in <running>
which is returned in the response to a follow-up retrieval operation:
Ma, et al. Expires 24 August 2024 [Page 18]
Internet-Draft System-defined Configuration February 2024
<applications xmlns="urn:example:application">
<application>
<name>my-app-1</name>
<protocol>tcp</protocol>
<destination-port>2345</destination-port>
</application>
<application>
<name>my-app-2</name>
<protocol>udp</protocol>
<destination-port>69</destination-port>
</application>
<application>
<name>ftp</name>
</application>
<application>
<name>tftp</name>
</application>
</applications>
And the configuration of applications is present in <operational> as
follows:
<applications xmlns="urn:example:application"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<application>
<name>my-app-1</name>
<protocol>tcp</protocol>
<destination-port>2345</destination-port>
</application>
<application>
<name>my-app-2</name>
<protocol>udp</protocol>
<destination-port>69</destination-port>
</application>
<application>
<name>ftp</name>
<protocol or:origin="or:system">tcp</protocol>
<destination-port or:origin="or:system">21</destination-port>
</application>
<application>
<name>tftp</name>
<protocol or:origin="or:system">udp</protocol>
<destination-port or:origin="or:system">69</destination-port>
</application>
</applications>
Ma, et al. Expires 24 August 2024 [Page 19]
Internet-Draft System-defined Configuration February 2024
Since the configuration of application "smtp" is not referenced by
the client, and the server treats application "smtp" configuration as
"inactive-until-referenced", it does not appear in <operational> but
only in <system>.
5.5.2. Declaring a System-defined Node in <running> Explicitly
It's also possible for a client to explicitly declare the system-
defined configurations that are referenced instead of using the
"resolve-system" parameter. For instance, in the above example, the
client MAY also explicitly configure the following system defined
applications "ftp" and "tftp" only with the list key "name" before
referencing:
<applications xmlns="urn:example:application">
<application>
<name>ftp</name>
</application>
<application>
<name>tftp</name>
</application>
</applications>
Then the client configures the following ACL rule referencing
applications "ftp" and "tftp" as follows:
<acl xmlns="urn:example:acl">
<acl_rule>
<name>allow_access_to_ftp_tftp</name>
<matches>
<ipv4>
<source_address>198.51.100.0/24</source_address>
<dest_address>192.0.2.0/24</dest_address>
</ipv4>
<application>ftp</application>
<application>tftp</application>
<application>my-app-1</application>
</matches>
<packet_action>forward</packet_action>
</acl_rule>
</acl>
Once the data is written to <running>, it makes no difference whether
it is explicitly declared by the client or automatically copied by
the server. The configuration for applications in <running> and
<operational> would be identical to the ones in Section 5.5.1.
Ma, et al. Expires 24 August 2024 [Page 20]
Internet-Draft System-defined Configuration February 2024
5.5.3. Modifying a System-instantiated Leaf's Value
This subsection uses the following fictional interface YANG module:
module example-interface {
yang-version 1.1;
namespace "urn:example:interface";
prefix "exif";
import ietf-inet-types {
prefix "inet";
}
container interfaces {
list interface {
key name;
leaf name {
type string;
}
leaf description {
type string;
}
leaf mtu {
type uint32;
}
leaf-list ip-address {
type inet:ip-address;
}
}
}
}
Suppose the system provides a loopback interface (named "lo0") with a
MTU value "65536", a default IPv4 address of "127.0.0.1", and a
default IPv6 address of "::1". The configuration of "lo0" interface
is present in <system> as follows:
<interfaces xmlns="urn:example:interface">
<interface>
<name>lo0</name>
<mtu>65536</mtu>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
</interfaces>
Ma, et al. Expires 24 August 2024 [Page 21]
Internet-Draft System-defined Configuration February 2024
A client modifies the value of MTU to 65535 and adds the following
configuration into <running>:
<interfaces xmlns="urn:example:interface">
<interface>
<name>lo0</name>
<mtu>65535</mtu>
</interface>
</interfaces>
Then the configuration of interfaces is present in <operational> as
follows:
<interfaces xmlns="urn:example:interface"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<interface>
<name>lo0</name>
<mtu>65535</mtu>
<ip-address or:origin="or:system">127.0.0.1</ip-address>
<ip-address or:origin="or:system">::1</ip-address>
</interface>
</interfaces>
5.5.4. Configuring Descendant Nodes of a System-defined Node
In the above example, image the client further configures the
description node of a "lo0" interface in <running> as follows:
<interfaces xmlns="urn:example:interface">
<interface>
<name>lo0</name>
<description>loopback</description>
</interface>
</interfaces>
The configuration of interface "lo0" is present in <operational> as
follows:
Ma, et al. Expires 24 August 2024 [Page 22]
Internet-Draft System-defined Configuration February 2024
<interfaces xmlns="urn:example:interface"
xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<interface>
<name>lo0</name>
<description>loopback</description>
<mtu>65535</mtu>
<ip-address or:origin="or:system">127.0.0.1</ip-address>
<ip-address or:origin="or:system">::1</ip-address>
</interface>
</interfaces>
6. The "ietf-system-datastore" Module
6.1. Data Model Overview
This YANG module defines a new YANG identity named "system" that uses
the "ds:datastore" identity defined in [RFC8342]. A client can
discover the system configuration datastore support on the server by
reading the YANG library information from the operational state
datastore. Note that no new origin identity is defined in this
document, the "or:system" origin Metadata Annotation [RFC7952] is
used to indicate the origin of a data item is system. Support for
the "origin" annotation is identified with the feature "origin"
defined in [RFC8526].
The following diagram illustrates the relationship amongst the
"identity" statements defined in the "ietf-system-datastore" and
"ietf-datastores" YANG modules:
Identities:
+--- datastore
| +--- conventional
| | +--- running
| | +--- candidate
| | +--- startup
| | +--- system
| | +--- intended
| +--- dynamic
| +--- operational
The diagram above uses syntax that is similar to but not defined in
[RFC8340].
Ma, et al. Expires 24 August 2024 [Page 23]
Internet-Draft System-defined Configuration February 2024
6.2. Example Usage
This section gives an example of data retrieval from <system>. The
fictional YANG module used following are from Appendix C.2 of
[RFC8342].
container bgp {
leaf local-as {
type uint32;
}
leaf peer-as {
type uint32;
}
list peer {
key name;
leaf name {
type inet:ip-address;
}
leaf local-as {
type uint32;
description
"... Defaults to ../local-as.";
}
leaf peer-as {
type uint32;
description
"... Defaults to ../peer-as.";
}
leaf local-port {
type inet:port;
}
leaf remote-port {
type inet:port;
default 179;
}
leaf state {
config false;
type enumeration {
enum init;
enum established;
enum closing;
}
}
}
}
All the messages are presented in a protocol-independent manner.
JSON is used to not imply a preferred encoding in this document.
Ma, et al. Expires 24 August 2024 [Page 24]
Internet-Draft System-defined Configuration February 2024
Suppose the following BGP peer configuration is added to <running>:
{
"bgp": {
"local-as": "64501",
"peer-as": "64502",
"peer": {
"name": "2001:db8::2:3",
"local-as": "64501",
"peer-as": "64502"
}
}
}
The local port and remote port are used when the BGP peer connection
is established. Since both are not supplied explicitly in <running>
and <intended>, the default value for "bgp/peer/remote-port" is used,
and there is no default statement for "bgp/peer/local-port", the
system will select a value for it. So the contents of <system> are
shown as follows:
{
"bgp": {
"peer": {
"name": "2001:db8::2:3",
"local-port": "60794"
}
}
}
6.3. YANG Module
<CODE BEGINS> file "ietf-system-datastore@2024-02-21.yang"
module ietf-system-datastore {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-system-datastore";
prefix sysds;
import ietf-datastores {
prefix ds;
reference
"RFC 8342: Network Management Datastore Architecture(NMDA)";
}
organization
"IETF NETDOD (Network Modeling) Working Group";
contact
Ma, et al. Expires 24 August 2024 [Page 25]
Internet-Draft System-defined Configuration February 2024
"WG Web: https://datatracker.ietf.org/wg/netmod/
WG List: NETMOD WG list <mailto:netmod@ietf.org>
Author: Qiufang Ma
<mailto:maqiufang1@huawei.com>
Author: Qin Wu
<mailto:bill.wu@huawei.com>
Author: Chong Feng
<mailto:fengchonglly@gmail.com>";
description
"This module defines a new YANG identity that uses the
ds:datastore identity defined in [RFC8342].
Copyright (c) 2024 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Revised
BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC HHHH
(https://www.rfc-editor.org/info/rfcHHHH); see the RFC
itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
are to be interpreted as described in BCP 14 (RFC 2119)
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
revision 2024-02-21 {
description
"Initial version.";
reference
"RFC XXXX: System-defined Configuration";
}
identity system {
base ds:conventional;
description
"This read-only datastore contains the configuration
provided by the system itself.";
}
}
Ma, et al. Expires 24 August 2024 [Page 26]
Internet-Draft System-defined Configuration February 2024
<CODE ENDS>
7. The "ietf-netconf-resolve-system" Module
This YANG module is optional to implement.
7.1. Data Model Overview
This YANG module augments NETCONF <edit-config>, <edit-data> and
<copy-config> operations with a new parameter "resolve-system" in the
input parameters. If the "resolve-system" parameter is present, the
server will copy the referenced system configuration into target
datastore automatically. A NETCONF client can discover the "resolve-
system" parameter support on the server by checking the server's
capabilities included in the <hello> message.
The following tree diagram [RFC8340] illustrates the "ietf-netconf-
resolve-system" module:
module: ietf-netconf-resolve-system
augment /nc:edit-config/nc:input:
+---w resolve-system? empty
augment /nc:copy-config/nc:input:
+---w resolve-system? empty
augment /ncds:edit-data/ncds:input:
+---w resolve-system? empty
The following tree diagram [RFC8340] illustrates "edit-config",
"copy-config" and "edit-data" rpcs defined in "ietf-netconf" and
"ietf-netconf-nmda" respectively, augmented by "ietf-netconf-resolve-
system" YANG module:
rpcs:
+---x edit-config
| +---w input
| +---w target
| | +---w (config-target)
| | +--:(candidate)
| | | +---w candidate? empty {candidate}?
| | +--:(running)
| | +---w running? empty {writable-running}?
| +---w default-operation? enumeration
| +---w test-option? enumeration {validate}?
| +---w error-option? enumeration
| +---w (edit-content)
| | +--:(config)
| | | +---w config? <anyxml>
| | +--:(url)
Ma, et al. Expires 24 August 2024 [Page 27]
Internet-Draft System-defined Configuration February 2024
| | +---w url? inet:uri {url}?
| +---w resolve-system? empty
+---x copy-config
| +---w input
| +---w target
| | +---w (config-target)
| | +--:(candidate)
| | | +---w candidate? empty {candidate}?
| | +--:(running)
| | | +---w running? empty {writable-running}?
| | +--:(startup)
| | | +---w startup? empty {startup}?
| | +--:(url)
| | +---w url? inet:uri {url}?
| +---w source
| | +---w (config-source)
| | +--:(candidate)
| | | +---w candidate? empty {candidate}?
| | +--:(running)
| | | +---w running? empty
| | +--:(startup)
| | | +---w startup? empty {startup}?
| | +--:(url)
| | | +---w url? inet:uri {url}?
| | +--:(config)
| | +---w config? <anyxml>
| +---w resolve-system? empty
+---x edit-data
+---w input
+---w datastore ds:datastore-ref
+---w default-operation? enumeration
+---w (edit-content)
| +--:(config)
| | +---w config? <anydata>
| +--:(url)
| +---w url? inet:uri {nc:url}?
+---w resolve-system? empty
7.2. Example Usage
Please refer to Section 5.5.1 for example usage of the "resolve-
system" parameter.
7.3. YANG Module
<CODE BEGINS> file "ietf-netconf-resolve-system@2024-02-21.yang"
Ma, et al. Expires 24 August 2024 [Page 28]
Internet-Draft System-defined Configuration February 2024
module ietf-netconf-resolve-system {
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system";
prefix ncrs;
import ietf-netconf {
prefix nc;
reference
"RFC 6241: Network Configuration Protocol (NETCONF)";
}
import ietf-netconf-nmda {
prefix ncds;
reference
"RFC 8526: NETCONF Extensions to Support the Network
Management Datastore Architecture";
}
organization
"IETF NETMOD (Network Modeling) Working Group";
contact
"WG Web: <https://datatracker.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
Author: Qiufang Ma
<mailto:maqiufang1@huawei.com>
Author: Qin Wu
<mailto:bill.wu@huawei.com>
Author: Chong Feng
<mailto:fengchonglly@gmail.com>";
description
"This module defines an extension to the NETCONF protocol
that allows the NETCONF client to control whether the server
is allowed to copy referenced system configuration
automatically without the client doing so explicitly.
Copyright (c) 2024 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Revised
BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC HHHH
(https://www.rfc-editor.org/info/rfcHHHH); see the RFC
Ma, et al. Expires 24 August 2024 [Page 29]
Internet-Draft System-defined Configuration February 2024
itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
are to be interpreted as described in BCP 14 (RFC 2119)
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
revision 2024-02-21 {
description
"Initial version.";
reference
"RFC XXXX: System-defined Configuration";
}
grouping resolve-system-grouping {
description
"Define the resolve-system parameter grouping.";
leaf resolve-system {
type empty;
description
"When present, the server is allowed to automatically
configure referenced system configuration into the
target configuration datastore.";
}
}
augment "/nc:edit-config/nc:input" {
description
"Allows the server to automatically configure
referenced system configuration to make configuration
valid.";
uses resolve-system-grouping;
}
augment "/nc:copy-config/nc:input" {
description
"Allows the server to automatically configure
referenced system configuration to make configuration
valid.";
uses resolve-system-grouping;
}
augment "/ncds:edit-data/ncds:input" {
description
"Allows the server to automatically configure
referenced system configuration to make configuration
Ma, et al. Expires 24 August 2024 [Page 30]
Internet-Draft System-defined Configuration February 2024
valid.";
uses resolve-system-grouping;
}
}
<CODE ENDS>
8. IANA Considerations
8.1. The "IETF XML" Registry
This document registers two XML namespace URNs in the 'IETF XML
registry', following the format defined in [RFC3688].
URI: urn:ietf:params:xml:ns:yang:ietf-system-datastore
Registrant Contact: The IESG.
XML: N/A, the requested URIs are XML namespaces.
URI: urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system
Registrant Contact: The IESG.
XML: N/A, the requested URIs are XML namespaces.
8.2. The "YANG Module Names" Registry
This document registers two module names in the 'YANG Module Names'
registry, defined in [RFC6020].
name: ietf-system-datastore
prefix: sys
namespace: urn:ietf:params:xml:ns:yang:ietf-system-datatstore
maintained by IANA: N
RFC: XXXX // RFC Ed.: replace XXXX and remove this comment
name: ietf-netconf-resolve-system
prefix: ncrs
namespace: urn:ietf:params:xml:ns:yang:ietf-netconf-resolve-system
maintained by IANA: N
RFC: XXXX // RFC Ed.: replace XXXX and remove this comment
8.3. NETCONF Capability URN Registry
This document registers the following capability identifier URN in
the 'Network Configuration Protocol (NETCONF) Capability URNs'
registry:
urn:ietf:params:netconf:capability:resolve-system:1.0
Ma, et al. Expires 24 August 2024 [Page 31]
Internet-Draft System-defined Configuration February 2024
8.4. RESTCONF Capability URN Registry
This document registers a capability in the 'RESTCONF Capability
URNs' registry [RFC8040]:
Index Capability Identifier
-----------------------------------------------------------------------
:resolve-system urn:ietf:params:restconf:capability:resolve-system:1.0
9. Security Considerations
9.1. Regarding the "ietf-system-datastore" YANG Module
The YANG module defined in this document extends the base operations
for NETCONF [RFC6241] and RESTCONF [RFC8040]. The lowest NETCONF
layer is the secure transport layer, and the mandatory-to-implement
secure transport is Secure Shell (SSH) [RFC6242]. The lowest
RESTCONF layer is HTTPS, and the mandatory-to-implement secure
transport is TLS [RFC8446].
The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF users to
a preconfigured subset of all available NETCONF protocol operations
and content.
9.2. Regarding the "ietf-netconf-resolve-system" YANG Module
The YANG module defined in this document extends the base operations
for NETCONF [RFC6241] and [RFC8526]. The lowest NETCONF layer is the
secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC8446].
The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF users to
a preconfigured subset of all available NETCONF protocol operations
and content.
The security considerations for the base NETCONF protocol operations
(see Section 9 of [RFC6241] apply to the new extended RPC operations
defined in this document.
10. Contributors
Ma, et al. Expires 24 August 2024 [Page 32]
Internet-Draft System-defined Configuration February 2024
Kent Watsen
Watsen Networks
Email: kent+ietf@watsen.net
Jan Lindblad
Cisco Systems
Email: jlindbla@cisco.com
Chongfeng Xie
China Telecom
Beijing
China
Email: xiechf@chinatelecom.cn
Jason Sterne
Nokia
Email: jason.sterne@nokia.com
Acknowledgements
The authors would like to thank for following for discussions and
providing input to this document (ordered by first name): Alex Clemm,
Andy Bierman, Balazs Lengyel, Juergen Schoenwaelder, Martin
Bjorklund, Mohamed Boucadair, Robert Wilton and Timothy Carey.
References
Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC6470] Bierman, A., "Network Configuration Protocol (NETCONF)
Base Notifications", RFC 6470, DOI 10.17487/RFC6470,
February 2012, <https://www.rfc-editor.org/info/rfc6470>.
Ma, et al. Expires 24 August 2024 [Page 33]
Internet-Draft System-defined Configuration February 2024
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>.
[RFC8526] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "NETCONF Extensions to Support the Network
Management Datastore Architecture", RFC 8526,
DOI 10.17487/RFC8526, March 2019,
<https://www.rfc-editor.org/info/rfc8526>.
[RFC8639] Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard,
E., and A. Tripathy, "Subscription to YANG Notifications",
RFC 8639, DOI 10.17487/RFC8639, September 2019,
<https://www.rfc-editor.org/info/rfc8639>.
[RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications
for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641,
September 2019, <https://www.rfc-editor.org/info/rfc8641>.
Informative References
[I-D.ma-netmod-immutable-flag]
Ma, Q., Wu, Q., Lengyel, B., and H. Li, "YANG Metadata
Annotation for Immutable Flag", Work in Progress,
Internet-Draft, draft-ma-netmod-immutable-flag-09, 22
October 2023, <https://datatracker.ietf.org/doc/html/
draft-ma-netmod-immutable-flag-09>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>.
Ma, et al. Expires 24 August 2024 [Page 34]
Internet-Draft System-defined Configuration February 2024
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for
System Management", RFC 7317, DOI 10.17487/RFC7317, August
2014, <https://www.rfc-editor.org/info/rfc7317>.
[RFC7952] Lhotka, L., "Defining and Using Metadata with YANG",
RFC 7952, DOI 10.17487/RFC7952, August 2016,
<https://www.rfc-editor.org/info/rfc7952>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>.
[RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of
Documents Containing YANG Data Models", BCP 216, RFC 8407,
DOI 10.17487/RFC8407, October 2018,
<https://www.rfc-editor.org/info/rfc8407>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", RFC 8525,
DOI 10.17487/RFC8525, March 2019,
<https://www.rfc-editor.org/info/rfc8525>.
[RFC8808] Wu, Q., Lengyel, B., and Y. Niu, "A YANG Data Model for
Factory Default Settings", RFC 8808, DOI 10.17487/RFC8808,
August 2020, <https://www.rfc-editor.org/info/rfc8808>.
Ma, et al. Expires 24 August 2024 [Page 35]
Internet-Draft System-defined Configuration February 2024
Appendix A. Key Use Cases
Following provides three use cases related to system-defined
configuration lifecycle management. The simple interface data model
defined in Appendix C.3 of [RFC8342] is used. For each use case,
corresponding sample configuration in <running>, <system>, <intended>
and <operational> are shown. The XML snippets are used only for
examples.
A.1. Device Powers On
<running>:
No configuration for interfaces appears in <running>;
<system>:
<interfaces>
<interface>
<name>lo0</name>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
</interfaces>
<intended>:
<interfaces>
<interface>
<name>lo0</name>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
</interfaces>
<operational>:
<interfaces xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:system">
<interface>
<name>lo0</name>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
</interfaces>
Ma, et al. Expires 24 August 2024 [Page 36]
Internet-Draft System-defined Configuration February 2024
A.2. Client Commits Configuration
If a client creates an interface "et-0/0/0" but the interface does
not physically exist at this point:
<running>:
<interfaces>
<interface>
<name>et-0/0/0</name>
<description>Test interface</description>
</interface>
</interfaces>
<system>:
<interfaces>
<interface>
<name>lo0</name>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
</interfaces>
<intended>:
<interfaces>
<interface>
<name>lo0</name>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
<interface>
<name>et-0/0/0</name>
<description>Test interface</description>
</interface>
</interfaces>
<operational>:
<interfaces xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<interface or:origin="or:system">
<name>lo0</name>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
</interfaces>
Ma, et al. Expires 24 August 2024 [Page 37]
Internet-Draft System-defined Configuration February 2024
A.3. Operator Installs Card into a Chassis
<running>:
<interfaces>
<interface>
<name>et-0/0/0</name>
<description>Test interface</description>
</interface>
</interfaces>
<system>:
<interfaces>
<interface>
<name>lo0</name>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
<interface>
<name>et-0/0/0</name>
<mtu>1500</mtu>
</interface>
</interfaces>
<intended>:
<interfaces>
<interface>
<name>lo0</name>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
<interface>
<name>et-0/0/0</name>
<description>Test interface</description>
<mtu>1500</mtu>
</interface>
</interfaces>
<operational>:
Ma, et al. Expires 24 August 2024 [Page 38]
Internet-Draft System-defined Configuration February 2024
<interfaces xmlns:or="urn:ietf:params:xml:ns:yang:ietf-origin"
or:origin="or:intended">
<interface or:origin="or:system">
<name>lo0</name>
<ip-address>127.0.0.1</ip-address>
<ip-address>::1</ip-address>
</interface>
<interface>
<name>et-0/0/0</name>
<description>Test interface</description>
<mtu or:origin="or:system">1500</mtu>
</interface>
</interfaces>
Appendix B. Changes between Revisions
v04 - v05
* Explicitly state that system configuration copied from <system>
into <running> have its origin value being reported as "intended"
and update the examples accordingly to reflect it
* Update the definition of "intended" origin identity in 8342 to
allow a subset of configuration in <intended> to use "system" as
origin value
* State server behaviors of migrating updated system data into
<running> is beyond the scope of this document, and give a couple
of implementation examples
* Remove the related statement which mandates referenced system
configuration must be copied into <running>
* Refine usage examples (e.g., fix validation errors, remove
redundancy)
v03 - v04
* Add some implementation consideration for "resolve-system"
parameter
* Define a NETCONF capability identifier for "resolve-system"
parameter so that the client can discover if it is supported by
the server.
* state servers may upgrade copied system configuration in <running>
as well during device upgrade or licensing change.
Ma, et al. Expires 24 August 2024 [Page 39]
Internet-Draft System-defined Configuration February 2024
v02 - v03
* remove the merge mechanism related comments, as discussed in
https://github.com/netconf-wg/netconf-next/issues/19
* Editorial changes
v01 - v02
* Define referenced system configuration
* better clarify "resolve-system" parameter
* update Figure 2 in NMDA RFC
* Editorial changes
v00 - v01
* Clarify why client's explicit copy is not preferred but cannot be
avoided if resolve-system parameter is not defined
* Clarify active system configuration
* Update the timing when the server's auto copy should be enforced
if a resolve-system parameter is used
* Editorial changes
Authors' Addresses
Qiufang Ma (editor)
Huawei
101 Software Avenue, Yuhua District
Nanjing
Jiangsu, 210012
China
Email: maqiufang1@huawei.com
Qin Wu
Huawei
101 Software Avenue, Yuhua District
Nanjing
Jiangsu, 210012
China
Email: bill.wu@huawei.com
Ma, et al. Expires 24 August 2024 [Page 40]
Internet-Draft System-defined Configuration February 2024
Feng Chong
Email: fengchongllly@gmail.com
Ma, et al. Expires 24 August 2024 [Page 41]