Internet-Draft | Updated YANG Module Revision Handling | June 2024 |
Wilton, et al. | Expires 26 December 2024 | [Page] |
Updated YANG Module Revision Handling
Abstract
This document refines the RFC 7950 module update rules. It specifies a new YANG module update procedure that can document when non-backwards-compatible changes have occurred during the evolution of a YANG module. It extends the YANG import statement with a minimum revision suggestion to help document inter-module dependencies. It provides guidelines for managing the lifecycle of YANG modules and individual schema nodes. This document updates RFC 7950, RFC 6020, RFC 8407 and RFC 8525.¶
Status of This Memo
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 26 December 2024.¶
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
1. Introduction
The current YANG [RFC7950] module update rules require that updates of YANG modules preserve strict backwards compatibility. This causes problems as described in [I-D.ietf-netmod-yang-versioning-reqs]. This document recognizes the need to sometimes allow YANG modules to evolve with non-backwards-compatible changes, which can cause breakage to clients and when importing YANG modules. Accepting that non-backwards-compatible changes do sometimes occur -- e.g., for bugfixes -- it is important to have mechanisms to report when these changes occur, and to manage their effect on clients and the broader YANG ecosystem.¶
Several other documents build on this document with additional capabilities. [I-D.ietf-netmod-yang-schema-comparison] specifies an algorithm that can be used to compare two revisions of a YANG schema and provide granular information to allow module users to determine if they are impacted by changes between the revisions. The [I-D.ietf-netmod-yang-semver] document defines a YANG extension that tags a YANG artifact with a version identifier based on semantic versioning. YANG packages [I-D.ietf-netmod-yang-packages] provides a mechanism to group sets of related YANG modules together in order to manage schema and conformance of YANG modules as a cohesive set instead of individually. Finally, [I-D.ietf-netmod-yang-ver-selection] provides a schema selection mechanism that allows a client to choose which schemas to use when interacting with a server from the available schema that are supported and advertised by the server. These other documents are mentioned here as informative references. Support of the other documents is not required in an implementation in order to take advantage of the mechanisms and functionality offered by this module versioning document.¶
The document comprises four parts:¶
-
Refinements to the YANG 1 and YANG 1.1 module revision update procedure, supported by a new extension statement to indicate when a revision contains non-backwards-compatible changes.¶
-
Updated guidance for revision selection on imports and a YANG extension statement allowing YANG module imports to document a recommended earliest module revision that may satisfy the import dependency.¶
-
Updates and augmentations to ietf-yang-library to report how "deprecated" and "obsolete" nodes are handled by a server.¶
-
Guidelines for how the YANG module update rules defined in this document should be used, along with examples.¶
Note to RFC Editor (To be removed by RFC Editor)¶
Open issues are tracked at https://github.com/netmod-wg/yang-ver-dt/issues.¶
1.1. Updates to YANG RFCs
This document updates [RFC7950] section 11 and [RFC6020] section 10. Section 3 describes modifications to YANG revision handling and update rules, and Section 4.1 describes a YANG extension statement to describe potential YANG import revision dependencies.¶
This document updates [RFC8407] section 4.7. Section 6 provides guidelines on managing the lifecycle of YANG modules that may contain non-backwards-compatible changes and a branched revision history.¶
This document updates [RFC8525] with augmentations to include two boolean leafs to indicate whether status deprecated and status obsolete schema nodes are implemented by the server.¶
2. Terminology and Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document makes use of the following terminology introduced in the YANG 1.1 Data Modeling Language [RFC7950]:¶
-
schema node¶
In addition, this document uses the following terminology:¶
-
YANG module revision: An instance of a YANG module, uniquely identified with a revision date, with no implied ordering or backwards compatibility between different revisions of the same module.¶
-
Backwards-compatible (BC) change: A backwards-compatible change between two YANG module revisions, as defined in Section 3.1.1¶
-
Non-backwards-compatible (NBC) change: A non-backwards-compatible change between two YANG module revisions, as defined in Section 3.1.2¶
3. Refinements to YANG revision handling
[RFC7950] and [RFC6020] assume, but do not explicitly state, that the revision history for a YANG module or submodule is strictly linear, i.e., it is prohibited to have two independent revisions of a YANG module or submodule that are both directly derived from the same parent revision.¶
This document clarifies [RFC7950] and [RFC6020] to explicitly allow non-linear development of YANG module and submodule revisions, so that they MAY have multiple revisions that directly derive from the same parent revision. As per [RFC7950] and [RFC6020], YANG module and submodule revisions continue to be uniquely identified by their revision date, and hence all revisions of a given module or submodule MUST have unique revision dates.¶
However, using revision dates alone to identify revisions of a YANG module versioned with a branched revision history is likely to be confusing because the relationship between module revisions is no longer guaranteed to be chronologically ordered. Instead, for modules that may use a branched revision history, it is RECOMMENDED to use a version identifier, such as the one described in [I-D.ietf-netmod-yang-semver], that better describes the semantic relationship between the revisions.¶
For a given YANG module revision, revision B is defined as being derived from revision A, if revision A is listed in the revision history of revision B, or if revision A would have been listed had it not been removed (see Section 3.3). Although this document allows for a branched revision history, a given YANG module revision history does not contain all revisions in all possible branches, it only lists those from which it was derived, i.e., the module revision's history describes a single path of derived revisions (or a subset of them if one or more have been removed) back to the root of the module's revision history.¶
A corollary to the text above is that the ancestry (derived relationship) between two module or submodule revisions cannot be determined by comparing the module or submodule revision date or version identifier alone - the revision history must be consulted.¶
A module's name and revision date identifies a specific immutable definition of that module within its revision history. Hence, if a module includes submodules then to ensure that the module's content is uniquely defined, the module's "include" statements SHOULD use "revision-date" substatements to specify the exact revision date of each included submodule. When a module does not include its submodules by revision-date, the revision of submodules used cannot be derived from the including module. Mechanisms such as YANG packages [I-D.ietf-netmod-yang-packages], and YANG library [RFC8525], could be used to specify the exact submodule revisions used when the submodule revision date is not constrained by the "include" statement.¶
[RFC7950] section 11 and [RFC6020] section 10 require that all updates to a YANG module are backwards-compatible (BC) to the previous revision of the module. This document introduces a method to indicate that an non-backwards-compatible (NBC) change has occurred between module revisions: this is done by using a new "non-backwards-compatible" YANG extension statement in the module revision history.¶
Two revisions of a module or submodule MAY have identical content except for the revision history. This could occur, for example, if a module or submodule has a branched history and identical changes are applied in multiple branches.¶
3.1. Updating a YANG module with a new revision
This section updates [RFC7950] section 11 and [RFC6020] section 10 to refine the rules for permissible changes when a new YANG module revision is created.¶
New module revisions SHOULD NOT contain NBC changes because they often create problems for clients, however they can be helpful in some scenarios, and hence are discouraged, but allowed. For example:¶
-
Bugfixes, particularly where the likely client impact is low or the module is changed to reflect current server behavior.¶
-
To mark nodes as obsolete (or remove them), after a suitable deprecation period.¶
-
To refine new and unstable modules (or new and unstable nodes within existing, stable modules).¶
-
Restructuring a module to add new functionality where the cost of adding the functionality in a BC manner is disproportionate to the expected benefits of greater client backwards compatibility.¶
A YANG extension, defined in Section 3.2, is used to signal the potential for incompatibility to existing module users and readers.¶
As per [RFC7950] and [RFC6020], all published revisions of a module are given a new unique revision date.¶
3.1.1. Backwards-compatible rules
A change between two module revisions is defined as being "backwards-compatible" if the change conforms to the module update rules specified in [RFC7950] section 11 and [RFC6020] section 10, updated by the following rules:¶
-
A "status" "deprecated" statement MAY be added, or changed from "current" to "deprecated", but adding or changing "status" to "obsolete" is a non-backwards-compatible change.¶
-
YANG schema nodes with a "status" "obsolete" substatement MAY be removed from published modules, and the removal is classified as a backwards-compatible change. In some circumstances it may be helpful to retain the obsolete definitions since their identifiers may still be referenced by other modules and to ensure that their identifiers are not reused with a different meaning.¶
-
A statement that is defined using the YANG "extension" statement MAY be added, removed, or changed, if it does not change the semantics of the module. Extension statement definitions SHOULD specify whether adding, removing, or changing statements defined by that extension are backwards-compatible or non-backwards-compatible.¶
-
Any change made to the "revision-date" or "recommended-min-date" substatements of an "import" statement, including adding new "revision-date" or "recommended-min-date" substatements, changing the argument of any "revision-date" or "recommended-min-date" substatements, or removing any "revision-date" or "recommended-min-date" substatements, is classified as backwards-compatible.¶
-
Any changes (including whitespace or formatting changes) that do not change the semantic meaning of the module are backwards-compatible.¶
3.1.2. Non-backwards-compatible changes
Any changes to YANG modules that are not defined by Section 3.1.1 as being backwards-compatible are classified as "non-backwards-compatible" changes.¶
3.2. non-backwards-compatible extension statement
The "rev:non-backwards-compatible" extension statement is used to indicate YANG module revisions that contain NBC changes.¶
If a revision of a YANG module contains changes, relative to its parent revision, that do not conform to the module update rules defined in Section 3.1.1, then a "rev:non-backwards-compatible" extension statement MUST be added as a substatement to the "revision" statement.¶
Adding, modifying or removing a "rev:non-backwards-compatible" extension statement is considered to be a BC change.¶
3.3. Removing revisions from the revision history
Authors may wish to remove revision statements from a module or submodule. Removal of revision information may be desirable for a number of reasons including reducing the size of a large revision history, or removing a revision that should no longer be used or imported. Removing revision statements is allowed, but can cause issues and SHOULD NOT be done without careful analysis of the potential impact to users of the module or submodule since it may cause loss of visibility of when non-backwards-compatible changes were introduced.¶
An author MAY remove a contiguous sequence of entries from the end (i.e., oldest entries) of the revision history. This is acceptable even if the first remaining (oldest) revision entry in the revision history contains a rev:non-backwards-compatible substatement.¶
An author MAY remove a contiguous sequence of entries in the revision history as long as the presence or absence of any existing rev:non-backwards-compatible substatements on all remaining entries still accurately reflect the compatibility relationship to their preceding entries remaining in the revision history.¶
The author MUST NOT remove the first (i.e., newest) revision entry in the revision history.¶
Example revision history:¶
revision 2020-11-11 { rev:non-backwards-compatible; } revision 2020-08-09 { rev:non-backwards-compatible; } revision 2020-06-07 { } revision 2020-02-10 { rev:non-backwards-compatible; } revision 2019-10-21 { } revision 2019-03-04 { } revision 2019-01-02 { }¶
In the revision history example above (with revision descriptions omitted for clarity), removing the revision history entry for 2020-02-10 would also remove the rev:non-backwards-compatible annotation and hence the resulting revision history would incorrectly indicate that revision 2020-06-07 is backwards-compatible with revisions 2019-01-02 through 2019-10-21 when it is not, and so this change cannot be made. Conversely, removing one or more revisions out of 2019-03-04, 2019-10-21 and 2020-08-09 from the revision history would still retain a consistent revision history, and is acceptable, subject to an awareness of the concerns raised in the first paragraph of this section.¶
3.4. Examples for updating the YANG module revision history
The following diagram, explanation, and module history illustrates how a branched revision history for a YANG module could be represented chronologically. To aid clarity, it makes use of both the "non-backwards-compatible" extension statement, and the "version" extension statement defined in [I-D.ietf-netmod-yang-semver]:¶
Example YANG module with branched revision history using version identifiers defined in [I-D.ietf-netmod-yang-semver].¶
Module revision date Example version identifier 2019-01-01 <- 1.0.0 | 2019-02-01 <- 2.0.0 | \ 2019-03-01 \ <- 3.0.0 | \ | 2019-04-01 <- 2.1.0 | | 2019-05-01 | <- 3.1.0 | 2019-06-01 <- 2.2.0¶
The tree diagram above illustrates how an example module's revision history might evolve over time. For example, the tree might represent the following changes, listed in chronological order from the oldest revision to the newest revision:¶
Example module, revision 2019-05-01:¶
module example-module { namespace "urn:example:module"; prefix "prefix-name"; import ietf-yang-revisions { prefix "rev"; } import ietf-yang-semver { prefix "ys"; } description "to be completed"; revision 2019-05-01 { ys:version 3.1.0; description "Add new functionality."; } revision 2019-03-01 { ys:version 3.0.0; rev:non-backwards-compatible; description "Add new functionality. Remove some deprecated nodes."; } revision 2019-02-01 { ys:version 2.0.0; rev:non-backwards-compatible; description "Apply bugfix to pattern statement"; } revision 2019-01-01 { ys:version 1.0.0; description "Initial revision"; } //YANG module definition starts here }¶
Example module, revision 2019-06-01:¶
module example-module { namespace "urn:example:module"; prefix "prefix-name"; import ietf-yang-revisions { prefix "rev"; } import ietf-yang-semver { prefix "ys"; } description "to be completed"; revision 2019-06-01 { ys:version 2.2.0; description "Backwards-compatible bugfix to enhancement."; } revision 2019-04-01 { ys:version 2.1.0; description "Apply enhancement to older release train."; } revision 2019-02-01 { ys:version 2.0.0; rev:non-backwards-compatible; description "Apply bugfix to pattern statement"; } revision 2019-01-01 { ys:version 1.0.0; description "Initial revision"; } //YANG module definition starts here }¶
4. Guidance for revision selection on imports
[RFC7950] and [RFC6020] allow YANG module "import" statements to optionally require the imported module to have a specific revision date. In practice, importing a module with an exact revision date can be too restrictive because it requires the importing module to be updated whenever any change to the imported module occurs, and hence section Section 6.1 suggests that authors do not restrict YANG module imports to exact revision dates.¶
Instead, for conformance purposes (section 5.6 of [RFC7950]), the recommended approach for defining the relationship between specific YANG module revisions is to specify the relationships outside of the YANG modules, e.g., via YANG library [RFC8525], YANG packages [I-D.ietf-netmod-yang-packages], a filesystem directory containing a set of consistent YANG module revisions, or a revision control system commit label.¶
4.1. Recommending a minimum revision for module imports
Although the previous section indicates that the actual relationship constraints between different revisions of YANG modules should be specified outside of the modules, in some scenarios YANG modules are designed to be loosely coupled, and implementors may wish to select sets of YANG module revisions that are expected to work together. For these cases it can be helpful for a module author to provide guidance on a recommended minimum revision that is expected to satisfy a YANG import. E.g., the module author may know of a dependency on a type or grouping that has been introduced in a particular imported YANG module revision. Although there can be no guarantee that all derived future revisions from the particular imported module will necessarily also be compatible, older revisions of the particular imported module may not be compatible.¶
This module introduces, primarily for modules with a linear revision history that are versioned using revision dates, a new YANG extension statement to provide guidance to module implementors on a recommended minimum module revision of an imported module that is anticipated to be compatible. This statement has been designed to be machine-readable so that tools can parse the minimum revision extension statement and generate warnings if appropriate, but this extension statement does not alter YANG module conformance of valid YANG module versions in any way, and specifically it does not alter the behavior of the YANG module import statement from that specified in [RFC7950].¶
The ietf-revisions module defines the "recommended-min-date" extension statement, a substatement to the YANG "import" statement, to allow for a "minimum recommended date" to be documented:¶
-
The argument to the "recommended-min-date" extension statement is a revision date.¶
-
A particular revision of an imported module adheres to an import's "recommended-min-date" extension statement if the imported module's revision date is equal to or later than the revision date argument of the "recommended-min-date" extension statement in the importing module.¶
-
Zero or one "recommended-min-date" extension statement is allowed for each parent "import" statement.¶
-
Adding, modifying or removing a "recommended-min-date" extension statement is a BC change.¶
4.1.1. Module import examples
Consider the example module "example-module" from Section 3.4 that is hypothetically available in the following revisions: 2019-01-01, 2019-02-01, 2019-03-01, 2019-04-01, 2019-05-01 and 2019-06-01. The relationship between the revisions is as before:¶
Module revision date 2019-01-01 | 2019-02-01 | \ 2019-03-01 \ | \ | 2019-04-01 | | 2019-05-01 | | 2019-06-01¶
4.1.1.1. Example 1
This example recommends module revisions for import whose revision date is or comes after 2019-02-01. E.g., this dependency might be used if there was a new container added in revision 2019-02-01 that is augmented by the importing module. It includes the following revisions: 2019-02-01, 2019-03-01, 2019-04-01, 2019-05-01 and 2019-06-01.¶
import example-module { rev:recommended-min-date 2019-02-01; }¶
4.1.1.2. Example 2
This example recommends module revisions for import whose revision date is or comes after 2019-04-01. It includes the following revisions: 2019-04-01, 2019-05-01 and 2019-06-01, even though revision 2019-05-01 may not contain what is desired from 2019-04-01. This shows that "recommended-min-date" is not well suited for a branched revision history, and is most helpful when a module is restricted to a linear chronological development history.¶
import example-module { rev:recommended-min-date 2019-04-01; }¶
5. New ietf-yang-status-conformance YANG module
This document defines the YANG module, ietf-yang-status-conformance, that augments YANG library [RFC8525] with two leafs to indicate how a server implements deprecated and obsolete schema nodes.¶
The "ietf-yang-status-conformance" YANG module has the following structure (using the notation defined in [RFC8340]):¶
module: ietf-yang-status-conformance augment /yanglib:yang-library/yanglib:schema: +--ro deprecated-nodes-implemented? boolean +--ro obsolete-nodes-absent? boolean¶
5.1. Reporting how deprecated and obsolete nodes are handled
The ietf-yang-status-conformance YANG module augments YANG library with two boolean leafs to allow a server to report how it implements status "deprecated" and status "obsolete" schema nodes. The leafs are:¶
- deprecated-nodes-implemented:
- If set to "true", this leaf indicates that all schema nodes with a status "deprecated" are implemented equivalently as if they had status "current"; otherwise deviations MUST be used by the server to explicitly remove "deprecated" nodes from the schema. If this leaf is set to "false" or absent, then the behavior is unspecified.¶
- obsolete-nodes-absent:
- If set to "true", this leaf indicates that the server does not implement any status "obsolete" schema nodes. If this leaf is set to "false" or absent, then the behaviour is unspecified.¶
Servers SHOULD set both the "deprecated-nodes-implemented" and "obsolete-nodes-absent" leafs to "true", which allows clients to determine the exact schema used by the server.¶
If a server does not set the "deprecated-nodes-implemented" leaf to "true", then clients MUST NOT rely solely on the "rev:non-backwards-compatible" statements to determine whether two module revisions are backwards-compatible, and MUST also consider whether the status of any nodes has changed to "deprecated" and whether those nodes are implemented by the server.¶
6. Guidelines for using the YANG module update rules
The following text updates section 4.7 of [RFC8407] to revise the guidelines for updating YANG modules.¶
6.2. Versioning Considerations for Clients
Guidelines for clients of modules using the new module revision update procedure:¶
-
Clients SHOULD be liberal when processing data received from a server. For example, the server may have increased the range of an operational node causing the client to receive a value which is outside the range of the YANG model revision it was coded against.¶
-
Clients SHOULD monitor changes to published YANG modules through their revision history, and use appropriate tooling to understand the specific changes between module revision. In particular, clients SHOULD NOT migrate to NBC revisions of a module without understanding any potential impact of the specific NBC changes.¶
-
Clients SHOULD plan to make changes to match published status changes. When a node's status changes from "current" to "deprecated", clients SHOULD plan to stop using that node in a timely fashion. When a node's status changes to "obsolete", clients MUST stop using that node.¶
7. Module Versioning Extension YANG Modules
YANG module with extension statements for annotating NBC changes and importing by revision.¶
<CODE BEGINS> file "ietf-yang-revisions@2024-06-04.yang" module ietf-yang-revisions { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-yang-revisions"; prefix rev; organization "IETF NETMOD (Network Modeling) Working Group"; contact "WG Web: <https://datatracker.ietf.org/wg/netmod/> WG List: <mailto:netmod@ietf.org> Author: Joe Clarke <mailto:jclarke@cisco.com> Author: Reshad Rahman <mailto:reshad@yahoo.com> Author: Robert Wilton <mailto:rwilton@cisco.com> Author: Balazs Lengyel <mailto:balazs.lengyel@ericsson.com> Author: Jason Sterne <mailto:jason.sterne@nokia.com>"; description "This YANG 1.1 module contains definitions and extensions to support updated YANG revision handling. Copyright (c) 2024 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here."; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. // RFC Ed.: replace XXXX (inc above) with actual RFC number and // remove this note. revision 2024-06-04 { description "Initial version."; reference "XXXX: Updated YANG Module Revision Handling"; } typedef revision-date { type string { pattern '[0-9]{4}-(1[0-2]|0[1-9])-(0[1-9]|[1-2][0-9]|3[0-1])'; } description "A date associated with a YANG revision. Matches dates formatted as YYYY-MM-DD."; reference "RFC 7950: The YANG 1.1 Data Modeling Language"; } extension non-backwards-compatible { description "This statement is used to indicate YANG module revisions that contain non-backwards-compatible changes. The statement MUST only be a substatement of the 'revision' statement. Zero or one 'non-backwards-compatible' statements per parent statement is allowed. No substatements for this extension have been standardized. If a revision of a YANG module contains changes, relative to the preceding revision in the revision history, that do not conform to the backwards-compatible module update rules defined in RFC-XXX, then the 'non-backwards-compatible' statement MUST be added as a substatement to the revision statement. Conversely, if a revision does not contain a 'non-backwards-compatible' statement then all changes, relative to the preceding revision in the revision history, MUST be backwards-compatible. A new module revision that only contains changes that are backwards-compatible SHOULD NOT include the 'non-backwards-compatible' statement. An example of when an author might add the 'non-backwards-compatible' statement is if they believe a change could negatively impact clients even though the backwards compatibility rules defined in RFC-XXXX classify it as a backwards-compatible change. Add, removing, or changing a 'non-backwards-compatible' statement is a backwards-compatible version change."; reference "XXXX: Updated YANG Module Revision Handling; Section 3.2, non-backwards-compatible extension statement"; } extension recommended-min-date { argument revision-date; description "Recommends the revision of the module that may be imported to one whose revision date matches or is after the specified revision-date. The argument value MUST conform to the 'revision-date' defined type. The statement MUST only be a substatement of the import statement. Zero, one or more 'recommended-min-date' statements per parent statement are allowed. No substatements for this extension have been standardized. Zero or one 'recommended-min-date' extension statement is allowed for each parent 'import' statement. A particular revision of an imported module adheres to an import's 'recommended-min-date' extension statement if the imported module's revision date is equal to or later than the revision date argument of the 'recommended-min-date' extension statement in the importing module. Adding, removing or updating a 'recommended-min-date' statement to an import is a backwards-compatible change."; reference "XXXX: Updated YANG Module Revision Handling; Section 4, Guidance for revision selection on imports"; } } <CODE ENDS>¶
YANG module for status conformance¶
<CODE BEGINS> file "ietf-yang-status-conformance@2024-02-14.yang" module ietf-yang-status-conformance { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-yang-status-conformance"; prefix ys-conf; import ietf-yang-library { prefix "yanglib"; reference "RFC 8525: YANG Library"; } organization "IETF NETMOD (Network Modeling) Working Group"; contact "WG Web: <https://datatracker.ietf.org/wg/netmod/> WG List: <mailto:netmod@ietf.org> Author: Joe Clarke <mailto:jclarke@cisco.com> Author: Reshad Rahman <mailto:reshad@yahoo.com> Author: Robert Wilton <mailto:rwilton@cisco.com> Author: Balazs Lengyel <mailto:balazs.lengyel@ericsson.com> Author: Jason Sterne <mailto:jason.sterne@nokia.com>"; description "This module contains augmentations to YANG Library to provide an indication of how deprecated and obsolete nodes are handled by the server. Copyright (c) 2024 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here."; // RFC Ed.: update the date below with the date of RFC publication // and remove this note. // RFC Ed.: replace XXXX (including in the imports above) with // actual RFC number and remove this note. revision 2024-02-14 { description "Initial revision"; reference "XXXX: Updated YANG Module Revision Handling"; } augment "/yanglib:yang-library/yanglib:schema" { description "Augmentations to the ietf-yang-library module to indicate how deprecated and obsoleted nodes are handled by the server."; leaf deprecated-nodes-implemented { type boolean; description "If set to true, this leaf indicates that all schema nodes with a status 'deprecated' are implemented equivalently as if they had status 'current'; otherwise deviations MUST be used to explicitly remove deprecated nodes from the schema. If this leaf is absent or set to false, then the behavior is unspecified."; reference "XXXX: Updated YANG Module Revision Handling; Section 5.1, Reporting how deprecated and obsolete nodes are handled"; } leaf obsolete-nodes-absent { type boolean; description "If set to true, this leaf indicates that the server does not implement any status 'obsolete' schema nodes. If this leaf is absent or set to false, then the behaviour is unspecified."; reference "XXXX: Updated YANG Module Revision Handling; Section 5.1, Reporting how deprecated and obsolete nodes are handled"; } } } <CODE ENDS>¶
8. Security considerations
8.1. Security considerations for module revisions
As discussed in the introduction of this document, YANG modules occasionally undergo changes that are not backwards compatible. This occurs in both standards and vendor YANG modules despite the prohibitions in RFC 7950. RFC 7950 also allows nodes to change to status 'obsolete' which can change behavior and compatibility for a client.¶
The fact that YANG modules change in a non-backwards-compatible manner may have security implications. Such changes should be carefully considered, including the scenarios described below. The rev:non-backwards-compatible extension statement introduced in this document provides an alert that the module or submodule may contain changes that impact users and need to be examined more closely for both compatibility and potential security implications. Flagging the change reduces the risk of introducing silent exploitable vulnerabilities.¶
When a module undergoes a non-backwards-compatible change, a server may implement different semantics for a given leaf than a client using an older version of the module is expecting. If the particular leaf controls any security functions of the device, or is related to parts of the configuration or state that are sensitive from a security point of view, then the difference in behavior between the old and new revisions needs to be considered carefully. In particular, changes to the default of the leaf should be examined.¶
Implementors and users should also consider impact to data node access control rules (e.g. The Network Configuration Access Control Model (NACM) [RFC8341]) in the face of non-backwards-compatible changes. Access rules may need to be adjusted when a new module revision is introduced that contains a non-backwards-compatible change.¶
If the changes to a module or submodule have security implications, it is recommended to highlight those implications in the description of the revision statement.¶
8.2. Security considerations for the modules defined in this document
The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446].¶
The NETCONF access control model [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.¶
This document does not define any new protocol or data nodes that are writable.¶
This document updates YANG Library [RFC8525] with augmentations to include two boolean leafs that indicate whether status deprecated and status obsolete schema nodes are implemented by the server. These read-only augmentations do not add any new security considerations beyond those already present in [RFC8525].¶
9. IANA Considerations
9.1. YANG Module Registrations
This document requests IANA to registers a URI in the "IETF XML Registry" [RFC3688]. Following the format in RFC 3688, the following registrations are requested.¶
-
URI: urn:ietf:params:xml:ns:yang:ietf-yang-revisions¶
-
Registrant Contact: The IESG.¶
-
XML: N/A, the requested URI is an XML namespace.¶
-
URI: urn:ietf:params:xml:ns:yang:ietf-yang-status-conformance¶
-
Registrant Contact: The IESG.¶
-
XML: N/A, the requested URI is an XML namespace.¶
The following YANG module is requested to be registred in the "IANA Module Names" [RFC6020]. Following the format in RFC 6020, the following registrations are requested:¶
The ietf-yang-revisions module:¶
-
Name: ietf-yang-revisions¶
-
XML Namespace: urn:ietf:params:xml:ns:yang:ietf-yang-revisions¶
-
Prefix: rev¶
-
Reference: [RFCXXXX]¶
The ietf-yang-status-conformance module:¶
9.2. Guidance for versioning in IANA maintained YANG modules
Note for IANA (to be removed by the RFC editor): Please check that the registries and IANA YANG modules are referenced in the appropriate way.¶
IANA is responsible for maintaining and versioning YANG modules that are derived from other IANA registries. For example, "iana-if-type.yang" [IfTypeYang] is derived from the "Interface Types (ifType) IANA registry" [IfTypesReg], and "iana-routing-types.yang" [RoutingTypesYang] is derived from the "Address Family Numbers" [AddrFamilyReg] and "Subsequent Address Family Identifiers (SAFI) Parameters" [SAFIReg] IANA registries.¶
Normally, updates to the registries cause any derived YANG modules to be updated in a backwards-compatible way, but there are some cases where the registry updates can cause non-backward-compatible updates to the derived YANG module. An example of such an update is the 2020-12-31 revision of iana-routing-types.yang [RoutingTypesDecRevision], where the enum name for two SAFI values was changed.¶
In all cases, IANA MUST follow the versioning guidance specified in Section 3.1, and MUST include a "rev:non-backwards-compatible" substatement to the latest revision statement whenever an IANA maintained module is updated in a non-backwards-compatible way, as described in Section 3.2.¶
Note: For published IANA maintained YANG modules that contain non-backwards-compatible changes between revisions, a new revision should be published with the "rev:non-backwards-compatible" substatement retrospectively added to any revisions containing non-backwards-compatible changes.¶
Non-normative examples of updates to enumeration types in IANA maintained modules that would be classified as non-backwards-compatible changes are: Changing the status of an enumeration typedef to obsolete, changing the status of an enum entry to obsolete, removing an enum entry, changing the identifier of an enum entry, or changing the described meaning of an enum entry.¶
Non-normative examples of updates to enumeration types in IANA maintained modules that would be classified as backwards-compatible changes are: Adding a new enum entry to the end of the enumeration, changing the status or an enum entry to deprecated, or improving the description of an enumeration that does not change its defined meaning.¶
Non-normative examples of updates to identity types in IANA maintained modules that would be classified as non-backwards-compatible changes are: Changing the status of an identity to obsolete, removing an identity, renaming an identity, or changing the described meaning of an identity.¶
Non-normative examples of updates to identity types in IANA maintained modules that would be classified as backwards-compatible changes are: Adding a new identity, changing the status or an identity to deprecated, or improving the description of an identity that does not change its defined meaning.¶
10. References
10.1. Normative References
- [RFC2119]
- Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
- [RFC3688]
- Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, , <https://www.rfc-editor.org/info/rfc3688>.
- [RFC6020]
- Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, , <https://www.rfc-editor.org/info/rfc6020>.
- [RFC6241]
- Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, , <https://www.rfc-editor.org/info/rfc6241>.
- [RFC6242]
- Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, , <https://www.rfc-editor.org/info/rfc6242>.
- [RFC7950]
- Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, , <https://www.rfc-editor.org/info/rfc7950>.
- [RFC8040]
- Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, , <https://www.rfc-editor.org/info/rfc8040>.
- [RFC8174]
- Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
- [RFC8341]
- Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, , <https://www.rfc-editor.org/info/rfc8341>.
- [RFC8407]
- Bierman, A., "Guidelines for Authors and Reviewers of Documents Containing YANG Data Models", BCP 216, RFC 8407, DOI 10.17487/RFC8407, , <https://www.rfc-editor.org/info/rfc8407>.
- [RFC8446]
- Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, , <https://www.rfc-editor.org/info/rfc8446>.
- [RFC8525]
- Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., and R. Wilton, "YANG Library", RFC 8525, DOI 10.17487/RFC8525, , <https://www.rfc-editor.org/info/rfc8525>.
10.2. Informative References
- [AddrFamilyReg]
- "Address Family Numbers IANA Registry", <https://www.iana.org/assignments/address-family-numbers/address-family-numbers.xhtml>.
- [I-D.clacla-netmod-yang-model-update]
- Claise, B., Clarke, J., Lengyel, B., and K. D'Souza, "New YANG Module Update Procedure", Work in Progress, Internet-Draft, draft-clacla-netmod-yang-model-update-06, , <https://datatracker.ietf.org/doc/html/draft-clacla-netmod-yang-model-update-06>.
- [I-D.ietf-netmod-yang-packages]
- Wilton, R., Rahman, R., Clarke, J., Sterne, J., and B. Wu, "YANG Packages", Work in Progress, Internet-Draft, draft-ietf-netmod-yang-packages-03, , <https://datatracker.ietf.org/doc/html/draft-ietf-netmod-yang-packages-03>.
- [I-D.ietf-netmod-yang-schema-comparison]
- Andersson, P. and R. Wilton, "YANG Schema Comparison", Work in Progress, Internet-Draft, draft-ietf-netmod-yang-schema-comparison-02, , <https://datatracker.ietf.org/doc/html/draft-ietf-netmod-yang-schema-comparison-02>.
- [I-D.ietf-netmod-yang-semver]
- Clarke, J., Wilton, R., Rahman, R., Lengyel, B., Sterne, J., and B. Claise, "YANG Semantic Versioning", Work in Progress, Internet-Draft, draft-ietf-netmod-yang-semver-15, , <https://datatracker.ietf.org/doc/html/draft-ietf-netmod-yang-semver-15>.
- [I-D.ietf-netmod-yang-ver-selection]
- Wilton, R., Rahman, R., Clarke, J., Sterne, J., and B. Wu, "YANG Schema Selection", Work in Progress, Internet-Draft, draft-ietf-netmod-yang-ver-selection-00, , <https://datatracker.ietf.org/doc/html/draft-ietf-netmod-yang-ver-selection-00>.
- [I-D.ietf-netmod-yang-versioning-reqs]
- Clarke, J., "YANG Module Versioning Requirements", Work in Progress, Internet-Draft, draft-ietf-netmod-yang-versioning-reqs-09, , <https://datatracker.ietf.org/doc/html/draft-ietf-netmod-yang-versioning-reqs-09>.
- [IfTypesReg]
- "Interface Types (ifType) IANA Registry", <https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-5>.
- [IfTypeYang]
- "iana-if-type YANG Module", <https://www.iana.org/assignments/iana-if-type/iana-if-type.xhtml>.
- [RFC8340]
- Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, , <https://www.rfc-editor.org/info/rfc8340>.
- [RoutingTypesDecRevision]
- "2020-12-31 revision of iana-routing-types.yang", <https://www.iana.org/assignments/yang-parameters/iana-routing-types@2020-12-31.yang>.
- [RoutingTypesYang]
- "iana-routing-types YANG Module", <https://www.iana.org/assignments/iana-routing-types/iana-routing-types.xhtml>.
- [SAFIReg]
- "Subsequent Address Family Identifiers (SAFI) Parameters IANA Registry", <https://www.iana.org/assignments/safi-namespace/safi-namespace.xhtml>.
Appendix A. Examples of changes that are NBC
Examples of NBC changes include (this list is for illustrative purposes and not intended to be complete):¶
-
Deleting a data node, or changing it to status obsolete.¶
-
Changing the name, type, or units of a data node.¶
-
Modifying the description in a way that changes the semantic meaning of the data node.¶
-
Any changes that remove any previously allowed values from the allowed value set of the data node, either through changes in the type definition, or the addition or changes to "must" statements, or changes in the description.¶
-
Adding or modifying "when" statements that reduce when the data node is available in the schema.¶
-
Making the statement conditional on if-feature.¶
Appendix B. Examples of applying the NBC change guidelines
The following sections give steps that could be taken for making NBC changes to a YANG module or submodule using the incremental approach described in section Section 6.1.1.¶
The examples are all for "config true" nodes.¶
B.1. Removing a data node
Removing a leaf or container from the data tree, e.g., because support for the corresponding feature is being removed:¶
B.2. Changing the type of a leaf node
Changing the type of a leaf node. e.g., a "vpn-id" node of type integer being changed to a string:¶
-
The status of schema node "vpn-id" is changed to "deprecated" and the node is supported for some period of time (e.g. one year). This is a BC change. The description is updated to indicate that “vpn-name” is replacing this node.¶
-
A new schema node, e.g., "vpn-name", of type string is added to the same location as the existing node "vpn-id". This new node has status "current" and its description explains that it is replacing node "vpn-id".¶
-
During the period of time when both schema nodes are supported, the interactions between the two nodes is outside the scope of this document and will vary on a case by case basis. One possible option is to have the server prevent the new node from being set if the old node is already set (and vice-versa). The new node could have a "when" statement added to it to achieve this. The old node, however, must not have a "when" statement added, or an existing "when" modified to be more restrictive, since this would be an NBC change. In any case, the server could reject the old node from being set if the new node is already set.¶
-
When the schema node "vpn-id" is not supported anymore, its status is changed to "obsolete" and the "description" is updated. This is an NBC change.¶
B.3. Reducing the range of a leaf node
Reducing the range of values of a leaf-node, e.g., consider a "vpn-id" schema node of type uint32 being changed from range 1..5000 to range 1..2000:¶
-
If all values which are being removed were never supported, e.g., if a vpn-id of 2001 or higher was never accepted, this is a BC change for the functionality (no functionality change). Even if it is an NBC change for the YANG model, there should be no impact for clients using that YANG model.¶
-
If one or more values being removed was previously supported, e.g., if a vpn-id of 3333 was accepted previously, this is an NBC change for the YANG model. Clients using the old YANG model will be impacted, so a change of this nature should be done carefully, e.g., by using the steps described in Appendix B.2¶
In both cases above, the "rev:non-backwards-compatible" extension statement is used to indicate that the YANG module contains an NBC change.¶
B.4. Changing the key of a list
Changing the key of a list has a big impact to the client. For example, consider a "sessions" list which has a key "interface" and there is a need to change the key to "dest-address". Such a change can be done in steps:¶
-
The status of list "sessions" is changed to "deprecated" and the list is supported for some period of time (e.g. one year). This is a BC change. The description is updated to indicate the new list that is replacing this list.¶
-
A new list is created in the same location with the same descendant schema nodes but with "dest-address" as key. Finding an appropriate name for the new list can be difficult. In this case the new list is called "sessions-address", has status "current" and its description should explain that it is replacing list "session".¶
-
During the period of time when both lists are supported, the interactions between the two lists is outside the scope of this document and will vary on a case by case basis. One possible option is to have the server prevent entries in the new list from being created if the old list already has entries (and vice-versa).¶
-
When list "sessions" is not available anymore, its status is changed to "obsolete" and the "description" is updated. This is an NBC change.¶
B.5. Renaming a node
A leaf or container schema node may be renamed, either due to a spelling error in the previous name or because of a better name. For example a node "ip-adress" could be renamed to "ip-address":¶
-
The status of the existing node "ip-adress" is changed to "deprecated" and is supported for some period of time (e.g. one year). This is a BC change. The description is updated to indicate the node that is replacing this node.¶
-
The new schema node "ip-address" is added to the same location as the existing node "ip-adress". This new node has status "current" and its description should explain that it is replacing node "ip-adress".¶
-
During the period of time when both nodes are available, the interactions between the two nodes is outside the scope of this document and will vary on a case by case basis. One possible option is to have the server prevent the new node from being set if the old node is already set (and vice-versa). The new node could have a "when" statement added to it to achieve this. The old node, however, must not have a "when" statement added, or an existing "when" modified to be more restrictive, since this would be an NBC change. In any case, the server could reject the old node from being set if the new node is already set.¶
-
When node "ip-adress" is not available anymore, its status is changed to "obsolete" and the "description" is updated. This is an NBC change.¶
Contributors
The following people made substantial contributions to this document:¶
Bo Wu lana.wubo@huawei.com Jan Lindblad jlindbla@cisco.com¶
Acknowledgments
This document grew out of the YANG module versioning design team that started after IETF 101. The authors, contributors and the following individuals are (or have been) members of the design team and have worked on the YANG versioning project:¶
Benoit Claise benoit.claise@huawei.com Ebben Aries exa@juniper.net Juergen Schoenwaelder j.shoenwaelder@jacobs-university.de Mahesh Jethanandani mjethanandani@gmail.com Michael (Wangzitao) wangzitao@huawei.com Per Andersson perander@cisco.com Qin Wu bill.wu@huawei.com¶
The initial revision of this document was refactored and built upon [I-D.clacla-netmod-yang-model-update]. We would like to thank Kevin D'Souza and Benoit Claise for their initial work in this problem space.¶
Discussions on the use of Semver for YANG versioning has been held with authors of the OpenConfig YANG models. We would like to thank both Anees Shaikh and Rob Shakir for their input into this problem space.¶
We would also like to thank Lou Berger, Andy Bierman, Martin Bjorklund, Italo Busi, Tom Hill, Scott Mansfield, and Kent Watsen for their contributions and review comments.¶