draft-ietf-netconf-netconf-client-server-09.txt   draft-ietf-netconf-netconf-client-server-10.txt 
NETCONF Working Group K. Watsen NETCONF Working Group K. Watsen
Internet-Draft Watsen Networks Internet-Draft Watsen Networks
Intended status: Standards Track March 9, 2019 Intended status: Standards Track March 9, 2019
Expires: September 10, 2019 Expires: September 10, 2019
NETCONF Client and Server Models NETCONF Client and Server Models
draft-ietf-netconf-netconf-client-server-09 draft-ietf-netconf-netconf-client-server-10
Abstract Abstract
This document defines two YANG modules, one module to configure a This document defines two YANG modules, one module to configure a
NETCONF client and the other module to configure a NETCONF server. NETCONF client and the other module to configure a NETCONF server.
Both modules support both the SSH and TLS transport protocols, and Both modules support both the SSH and TLS transport protocols, and
support both standard NETCONF and NETCONF Call Home connections. support both standard NETCONF and NETCONF Call Home connections.
Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
skipping to change at page 3, line 17 skipping to change at page 3, line 17
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. The NETCONF Client Model . . . . . . . . . . . . . . . . . . 4 3. The NETCONF Client Model . . . . . . . . . . . . . . . . . . 4
3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4
3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 13 3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 13
3.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 16 3.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 16
4. The NETCONF Server Model . . . . . . . . . . . . . . . . . . 25 4. The NETCONF Server Model . . . . . . . . . . . . . . . . . . 25
4.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 25 4.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 25
4.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 34 4.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 34
4.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 39 4.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 39
5. Design Considerations . . . . . . . . . . . . . . . . . . . . 50 5. Design Considerations . . . . . . . . . . . . . . . . . . . . 49
5.1. Support all NETCONF transports . . . . . . . . . . . . . 50 5.1. Support all NETCONF transports . . . . . . . . . . . . . 50
5.2. Enable each transport to select which keys to use . . . . 50 5.2. Enable each transport to select which keys to use . . . . 50
5.3. Support authenticating NETCONF clients certificates . . . 50 5.3. Support authenticating NETCONF clients certificates . . . 50
5.4. Support mapping authenticated NETCONF client certificates 5.4. Support mapping authenticated NETCONF client certificates
to usernames . . . . . . . . . . . . . . . . . . . . . . 51 to usernames . . . . . . . . . . . . . . . . . . . . . . 50
5.5. Support both listening for connections and call home . . 51 5.5. Support both listening for connections and call home . . 50
5.6. For Call Home connections . . . . . . . . . . . . . . . . 51 5.6. For Call Home connections . . . . . . . . . . . . . . . . 51
5.6.1. Support more than one NETCONF client . . . . . . . . 51 5.6.1. Support more than one NETCONF client . . . . . . . . 51
5.6.2. Support NETCONF clients having more than one endpoint 51 5.6.2. Support NETCONF clients having more than one endpoint 51
5.6.3. Support a reconnection strategy . . . . . . . . . . . 51 5.6.3. Support a reconnection strategy . . . . . . . . . . . 51
5.6.4. Support both persistent and periodic connections . . 52 5.6.4. Support both persistent and periodic connections . . 51
5.6.5. Reconnection strategy for periodic connections . . . 52 5.6.5. Reconnection strategy for periodic connections . . . 51
5.6.6. Keep-alives for persistent connections . . . . . . . 52 5.6.6. Keep-alives for persistent connections . . . . . . . 52
5.6.7. Customizations for periodic connections . . . . . . . 52 5.6.7. Customizations for periodic connections . . . . . . . 52
6. Security Considerations . . . . . . . . . . . . . . . . . . . 52 6. Security Considerations . . . . . . . . . . . . . . . . . . . 52
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 53 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 53
7.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 53 7.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 53
7.2. The YANG Module Names Registry . . . . . . . . . . . . . 54 7.2. The YANG Module Names Registry . . . . . . . . . . . . . 53
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 54 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 54
8.1. Normative References . . . . . . . . . . . . . . . . . . 54 8.1. Normative References . . . . . . . . . . . . . . . . . . 54
8.2. Informative References . . . . . . . . . . . . . . . . . 55 8.2. Informative References . . . . . . . . . . . . . . . . . 55
Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 57 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 56
A.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 57 A.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 56
A.2. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 57 A.2. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 56
A.3. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 57 A.3. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 56
A.4. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 57 A.4. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 56
A.5. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 57 A.5. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 56
A.6. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 58 A.6. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 57
A.7. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 58 A.7. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 57
A.8. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 58 A.8. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 57
Appendix B. 08 to 09 . . . . . . . . . . . . . . . . . . . . . . 58 Appendix B. 08 to 09 . . . . . . . . . . . . . . . . . . . . . . 57
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 58 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 57
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 59 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 58
1. Introduction 1. Introduction
This document defines two YANG [RFC7950] modules, one module to This document defines two YANG [RFC7950] modules, one module to
configure a NETCONF [RFC6241] client and the other module to configure a NETCONF [RFC6241] client and the other module to
configure a NETCONF server. Both modules support both NETCONF over configure a NETCONF server. Both modules support both NETCONF over
SSH [RFC6242] and NETCONF over TLS [RFC7589] and NETCONF Call Home SSH [RFC6242] and NETCONF over TLS [RFC7589] and NETCONF Call Home
connections [RFC8071]. connections [RFC8071].
2. Terminology 2. Terminology
skipping to change at page 16, line 16 skipping to change at page 16, line 16
This YANG module has normative references to [RFC6242], [RFC6991], This YANG module has normative references to [RFC6242], [RFC6991],
[RFC7589], [RFC8071], [I-D.kwatsen-netconf-tcp-client-server], [RFC7589], [RFC8071], [I-D.kwatsen-netconf-tcp-client-server],
[I-D.ietf-netconf-ssh-client-server], and [I-D.ietf-netconf-ssh-client-server], and
[I-D.ietf-netconf-tls-client-server]. [I-D.ietf-netconf-tls-client-server].
<CODE BEGINS> file "ietf-netconf-client@2019-03-09.yang" <CODE BEGINS> file "ietf-netconf-client@2019-03-09.yang"
module ietf-netconf-client { module ietf-netconf-client {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-client"; namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-client";
prefix "ncc"; prefix ncc;
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
reference reference
"RFC 6991: Common YANG Data Types"; "RFC 6991: Common YANG Data Types";
} }
import ietf-tcp-client { import ietf-tcp-client {
prefix tcpc; prefix tcpc;
reference reference
skipping to change at page 16, line 51 skipping to change at page 16, line 50
} }
import ietf-tls-client { import ietf-tls-client {
prefix tlsc; prefix tlsc;
revision-date 2019-03-09; // stable grouping definitions revision-date 2019-03-09; // stable grouping definitions
reference reference
"RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers"; "RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers";
} }
organization organization
"IETF NETCONF (Network Configuration) Working Group"; "IETF NETCONF (Network Configuration) Working Group";
contact contact
"WG Web: <http://datatracker.ietf.org/wg/netconf/> "WG Web: <http://datatracker.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org> WG List: <mailto:netconf@ietf.org>
Author: Kent Watsen <mailto:kent+ietf@watsen.net> Author: Kent Watsen <mailto:kent+ietf@watsen.net>
Author: Gary Wu <mailto:garywu@cisco.com>"; Author: Gary Wu <mailto:garywu@cisco.com>";
description description
"This module contains a collection of YANG definitions for "This module contains a collection of YANG definitions for
configuring NETCONF clients. configuring NETCONF clients.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
are to be interpreted as described in BCP 14 [RFC2119] are to be interpreted as described in BCP 14 [RFC2119]
[RFC8174] when, and only when, they appear in all [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
Copyright (c) 2019 IETF Trust and the persons identified as Copyright (c) 2019 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision "2019-03-09" { revision 2019-03-09 {
description description
"Initial version"; "Initial version";
reference reference
"RFC XXXX: NETCONF Client and Server Models"; "RFC XXXX: NETCONF Client and Server Models";
} }
// Features // Features
feature initiate { feature initiate {
description description
"The 'initiate' feature indicates that the NETCONF client "The 'initiate' feature indicates that the NETCONF client
supports initiating NETCONF connections to NETCONF servers supports initiating NETCONF connections to NETCONF servers
using at least one transport (e.g., SSH, TLS, etc.)."; using at least one transport (e.g., SSH, TLS, etc.).";
} }
feature ssh-initiate { feature ssh-initiate {
description description
"The 'ssh-initiate' feature indicates that the NETCONF client "The 'ssh-initiate' feature indicates that the NETCONF client
supports initiating SSH connections to NETCONF servers."; supports initiating SSH connections to NETCONF servers.";
reference reference
"RFC 6242: "RFC 6242:
Using the NETCONF Protocol over Secure Shell (SSH)"; Using the NETCONF Protocol over Secure Shell (SSH)";
} }
feature tls-initiate { feature tls-initiate {
description description
"The 'tls-initiate' feature indicates that the NETCONF client "The 'tls-initiate' feature indicates that the NETCONF client
supports initiating TLS connections to NETCONF servers."; supports initiating TLS connections to NETCONF servers.";
reference reference
"RFC 7589: Using the NETCONF Protocol over Transport "RFC 7589: Using the NETCONF Protocol over Transport
Layer Security (TLS) with Mutual X.509 Layer Security (TLS) with Mutual X.509 Authentication";
Authentication";
} }
feature listen { feature listen {
description description
"The 'listen' feature indicates that the NETCONF client "The 'listen' feature indicates that the NETCONF client
supports opening a port to accept NETCONF server call supports opening a port to accept NETCONF server call
home connections using at least one transport (e.g., home connections using at least one transport (e.g.,
SSH, TLS, etc.)."; SSH, TLS, etc.).";
} }
feature ssh-listen { feature ssh-listen {
description description
"The 'ssh-listen' feature indicates that the NETCONF client "The 'ssh-listen' feature indicates that the NETCONF client
supports opening a port to listen for incoming NETCONF supports opening a port to listen for incoming NETCONF
server call-home SSH connections."; server call-home SSH connections.";
reference reference
"RFC 8071: NETCONF Call Home and RESTCONF Call Home"; "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
} }
feature tls-listen { feature tls-listen {
description description
"The 'tls-listen' feature indicates that the NETCONF client "The 'tls-listen' feature indicates that the NETCONF client
supports opening a port to listen for incoming NETCONF supports opening a port to listen for incoming NETCONF
server call-home TLS connections."; server call-home TLS connections.";
reference reference
"RFC 8071: NETCONF Call Home and RESTCONF Call Home"; "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
} }
// Groupings // Groupings
grouping netconf-client-grouping { grouping netconf-client-grouping {
description description
"Top-level grouping for NETCONF client configuration."; "Top-level grouping for NETCONF client configuration.";
container initiate { container initiate {
if-feature initiate; if-feature "initiate";
presence "Enables client to initiate TCP connections"; presence "Enables client to initiate TCP connections";
description description
"Configures client initiating underlying TCP connections."; "Configures client initiating underlying TCP connections.";
list netconf-server { list netconf-server {
key name; key "name";
min-elements 1; min-elements 1;
description description
"List of NETCONF servers the NETCONF client is to "List of NETCONF servers the NETCONF client is to
initiate connections to in parallel."; initiate connections to in parallel.";
leaf name { leaf name {
type string; type string;
description description
"An arbitrary name for the NETCONF server."; "An arbitrary name for the NETCONF server.";
} }
container endpoints { container endpoints {
description description
"Container for the list of endpoints."; "Container for the list of endpoints.";
list endpoint { list endpoint {
key name; key "name";
min-elements 1; min-elements 1;
ordered-by user; ordered-by user;
description description
"A user-ordered list of endpoints that the NETCONF "A user-ordered list of endpoints that the NETCONF
client will attempt to connect to in the specified client will attempt to connect to in the specified
sequence. Defining more than one enables sequence. Defining more than one enables
high-availability."; high-availability.";
leaf name { leaf name {
type string; type string;
description description
"An arbitrary name for the endpoint."; "An arbitrary name for the endpoint.";
} }
choice transport { choice transport {
mandatory true; mandatory true;
description description
"Selects between available transports."; "Selects between available transports.";
case ssh { case ssh {
if-feature ssh-initiate; if-feature "ssh-initiate";
container ssh { container ssh {
description description
"Specifies IP and SSH specific configuration "Specifies IP and SSH specific configuration
for the connection."; for the connection.";
uses tcpc:tcp-client-grouping { uses tcpc:tcp-client-grouping {
refine "remote-port" { refine "remote-port" {
default 830; default "830";
description description
"The NETCONF client will attempt to connect "The NETCONF client will attempt to connect
to the IANA-assigned well-known port value to the IANA-assigned well-known port value
for 'netconf-ssh' (443) if no value is for 'netconf-ssh' (443) if no value is
specified."; specified.";
} }
} }
uses sshc:ssh-client-grouping; uses sshc:ssh-client-grouping;
} // container ssh }
} // case ssh }
case tls { case tls {
if-feature tls-initiate; if-feature "tls-initiate";
container tls { container tls {
description description
"Specifies IP and TLS specific configuration "Specifies IP and TLS specific configuration
for the connection."; for the connection.";
uses tcpc:tcp-client-grouping { uses tcpc:tcp-client-grouping {
refine "remote-port" { refine "remote-port" {
default 6513; default "6513";
description description
"The NETCONF client will attempt to connect "The NETCONF client will attempt to connect
to the IANA-assigned well-known port value to the IANA-assigned well-known port value
for 'netconf-tls' (6513) if no value is for 'netconf-tls' (6513) if no value is
specified."; specified.";
} }
} }
uses tlsc:tls-client-grouping { uses tlsc:tls-client-grouping {
refine "tls-client-identity/auth-type" { refine "tls-client-identity/auth-type" {
mandatory true; mandatory true;
description description
"NETCONF/TLS clients MUST pass some "NETCONF/TLS clients MUST pass some
authentication credentials."; authentication credentials.";
} }
} }
}
} // container tls }
} // case tls
} // choice transport } // choice transport
} // list endpoint } // list endpoint
} // container endpoints } // container endpoints
container connection-type { container connection-type {
description description
"Indicates the NETCONF client's preference for how the "Indicates the NETCONF client's preference for how the
NETCONF connection is maintained."; NETCONF connection is maintained.";
choice connection-type { choice connection-type {
mandatory true; mandatory true;
description description
"Selects between available connection types."; "Selects between available connection types.";
case persistent-connection { case persistent-connection {
container persistent { container persistent {
presence presence "Indicates that a persistent connection is
"Indicates that a persistent connection is to be to be maintained.";
maintained.";
description description
"Maintain a persistent connection to the NETCONF "Maintain a persistent connection to the NETCONF
server. If the connection goes down, immediately server. If the connection goes down, immediately
start trying to reconnect to it, using the start trying to reconnect to it, using the
reconnection strategy. reconnection strategy.
This connection type minimizes any NETCONF server This connection type minimizes any NETCONF server
to NETCONF client data-transfer delay, albeit at to NETCONF client data-transfer delay, albeit at
the expense of holding resources longer."; the expense of holding resources longer.";
} }
} }
case periodic-connection { case periodic-connection {
container periodic { container periodic {
presence presence "Indicates that a periodic connection is
"Indicates that a periodic connection is to be to be maintained.";
maintained.";
description description
"Periodically connect to the NETCONF server. The "Periodically connect to the NETCONF server. The
NETCONF server should close the connection upon NETCONF server should close the connection upon
completing planned activities. completing planned activities.
This connection type increases resource This connection type increases resource
utilization, albeit with increased delay in utilization, albeit with increased delay in
NETCONF server to NETCONF client interactions."; NETCONF server to NETCONF client interactions.";
leaf period { leaf period {
type uint16; type uint16;
units "minutes"; units "minutes";
default 60; default "60";
description description
"Duration of time between periodic connections."; "Duration of time between periodic connections.";
} }
leaf anchor-time { leaf anchor-time {
type yang:date-and-time { type yang:date-and-time {
// constrained to minute-level granularity // constrained to minute-level granularity
pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}' pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}'
+ '(Z|[\+\-]\d{2}:\d{2})'; + '(Z|[\+\-]\d{2}:\d{2})';
} }
description description
"Designates a timestamp before or after which a "Designates a timestamp before or after which a
series of periodic connections are determined. series of periodic connections are determined.
The periodic connections occur at a whole The periodic connections occur at a whole
multiple interval from the anchor time. For multiple interval from the anchor time. For
example, for an anchor time is 15 minutes past example, for an anchor time is 15 minutes past
midnight and a period interval of 24 hours, then midnight and a period interval of 24 hours, then
a periodic connection will occur 15 minutes past a periodic connection will occur 15 minutes past
midnight everyday."; midnight everyday.";
skipping to change at page 22, line 28 skipping to change at page 22, line 20
interval longer than this number of seconds. interval longer than this number of seconds.
If set to zero, then the NETCONF client will If set to zero, then the NETCONF client will
never drop a session because it is idle."; never drop a session because it is idle.";
} }
} }
} }
} }
} }
container reconnect-strategy { container reconnect-strategy {
description description
"The reconnection strategy directs how a NETCONF client "The reconnection strategy directs how a NETCONF client
reconnects to a NETCONF server, after discovering its reconnects to a NETCONF server, after discovering its
connection to the server has dropped, even if due to a connection to the server has dropped, even if due to a
reboot. The NETCONF client starts with the specified reboot. The NETCONF client starts with the specified
endpoint and tries to connect to it max-attempts times endpoint and tries to connect to it max-attempts times
before trying the next endpoint in the list (round before trying the next endpoint in the list (round
robin)."; robin).";
leaf start-with { leaf start-with {
type enumeration { type enumeration {
enum first-listed { enum first-listed {
description description
"Indicates that reconnections should start with "Indicates that reconnections should start with
the first endpoint listed."; the first endpoint listed.";
} }
enum last-connected { enum last-connected {
description description
"Indicates that reconnections should start with "Indicates that reconnections should start with
skipping to change at page 23, line 9 skipping to change at page 22, line 49
first endpoint configured is used. NETCONF first endpoint configured is used. NETCONF
clients SHOULD be able to remember the last clients SHOULD be able to remember the last
endpoint connected to across reboots."; endpoint connected to across reboots.";
} }
enum random-selection { enum random-selection {
description description
"Indicates that reconnections should start with "Indicates that reconnections should start with
a random endpoint."; a random endpoint.";
} }
} }
default first-listed; default "first-listed";
description description
"Specifies which of the NETCONF server's endpoints "Specifies which of the NETCONF server's endpoints
the NETCONF client should start with when trying the NETCONF client should start with when trying
to connect to the NETCONF server."; to connect to the NETCONF server.";
} }
leaf max-attempts { leaf max-attempts {
type uint8 { type uint8 {
range "1..max"; range "1..max";
} }
default 3; default "3";
description description
"Specifies the number times the NETCONF client tries "Specifies the number times the NETCONF client tries
to connect to a specific endpoint before moving on to connect to a specific endpoint before moving on
to the next endpoint in the list (round robin)."; to the next endpoint in the list (round robin).";
} }
} }
} // netconf-server } // netconf-server
} // initiate } // initiate
container listen { container listen {
if-feature listen; if-feature "listen";
presence "Enables client to accept call-home connections"; presence "Enables client to accept call-home connections";
description description
"Configures client accepting call-home TCP connections."; "Configures client accepting call-home TCP connections.";
leaf idle-timeout { leaf idle-timeout {
type uint16; type uint16;
units "seconds"; units "seconds";
default 3600; // one hour default "3600"; // one hour
description description
"Specifies the maximum number of seconds that a NETCONF "Specifies the maximum number of seconds that a NETCONF
session may remain idle. A NETCONF session will be session may remain idle. A NETCONF session will be
dropped if it is idle for an interval longer than this dropped if it is idle for an interval longer than this
number of seconds. If set to zero, then the server number of seconds. If set to zero, then the server
will never drop a session because it is idle. Sessions will never drop a session because it is idle. Sessions
that have a notification subscription active are never that have a notification subscription active are never
dropped."; dropped.";
} }
list endpoint { list endpoint {
key name; key "name";
min-elements 1; min-elements 1;
description description
"List of endpoints to listen for NETCONF connections."; "List of endpoints to listen for NETCONF connections.";
leaf name { leaf name {
type string; type string;
description description
"An arbitrary name for the NETCONF listen endpoint."; "An arbitrary name for the NETCONF listen endpoint.";
} }
choice transport { choice transport {
mandatory true; mandatory true;
description description
"Selects between available transports."; "Selects between available transports.";
case ssh { case ssh {
if-feature ssh-listen; if-feature "ssh-listen";
container ssh { container ssh {
description description
"SSH-specific listening configuration for inbound "SSH-specific listening configuration for inbound
connections."; connections.";
uses tcps:tcp-server-grouping { uses tcps:tcp-server-grouping {
refine "local-port" { refine "local-port" {
default 4334; default "4334";
description description
"The NETCONF client will listen on the IANA- "The NETCONF client will listen on the IANA-
assigned well-known port for 'netconf-ch-ssh' assigned well-known port for 'netconf-ch-ssh'
(4334) if no value is specified."; (4334) if no value is specified.";
} }
} }
uses sshc:ssh-client-grouping; uses sshc:ssh-client-grouping;
} }
} }
case tls { case tls {
if-feature tls-listen; if-feature "tls-listen";
container tls { container tls {
description description
"TLS-specific listening configuration for inbound "TLS-specific listening configuration for inbound
connections."; connections.";
uses tcps:tcp-server-grouping { uses tcps:tcp-server-grouping {
refine "local-port" { refine "local-port" {
default 4334; default "4334";
description description
"The NETCONF client will listen on the IANA- "The NETCONF client will listen on the IANA-
assigned well-known port for 'netconf-ch-ssh' assigned well-known port for 'netconf-ch-ssh'
(4334) if no value is specified."; (4334) if no value is specified.";
} }
} }
uses tlsc:tls-client-grouping { uses tlsc:tls-client-grouping {
refine "tls-client-identity/auth-type" { refine "tls-client-identity/auth-type" {
mandatory true; mandatory true;
description description
"NETCONF/TLS clients MUST pass some "NETCONF/TLS clients MUST pass some
authentication credentials."; authentication credentials.";
} }
} }
} }
} }
} // transport } // transport
} // endpoint } // endpoint
} // listen } // listen
} // netconf-client } // netconf-client
// Protocol accessible node, for servers that implement this
// Protocol accessible node, for servers that 'implement' // module.
// this module.
container netconf-client { container netconf-client {
uses netconf-client-grouping; uses netconf-client-grouping;
description description
"Top-level container for NETCONF client configuration."; "Top-level container for NETCONF client configuration.";
} }
} }
<CODE ENDS> <CODE ENDS>
4. The NETCONF Server Model 4. The NETCONF Server Model
skipping to change at page 40, line 5 skipping to change at page 39, line 42
[I-D.ietf-netconf-tls-client-server]. [I-D.ietf-netconf-tls-client-server].
This YANG module imports YANG types from [RFC6991], and YANG This YANG module imports YANG types from [RFC6991], and YANG
groupings from [RFC7407], [I-D.ietf-netconf-ssh-client-server] and groupings from [RFC7407], [I-D.ietf-netconf-ssh-client-server] and
[I-D.ietf-netconf-ssh-client-server]. [I-D.ietf-netconf-ssh-client-server].
<CODE BEGINS> file "ietf-netconf-server@2019-03-09.yang" <CODE BEGINS> file "ietf-netconf-server@2019-03-09.yang"
module ietf-netconf-server { module ietf-netconf-server {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-server"; namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-server";
prefix "ncs"; prefix ncs;
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
reference reference
"RFC 6991: Common YANG Data Types"; "RFC 6991: Common YANG Data Types";
} }
import ietf-x509-cert-to-name { import ietf-x509-cert-to-name {
prefix x509c2n; prefix x509c2n;
reference reference
skipping to change at page 40, line 46 skipping to change at page 40, line 35
} }
import ietf-tls-server { import ietf-tls-server {
prefix tlss; prefix tlss;
revision-date 2019-03-09; // stable grouping definitions revision-date 2019-03-09; // stable grouping definitions
reference reference
"RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers"; "RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers";
} }
organization organization
"IETF NETCONF (Network Configuration) Working Group"; "IETF NETCONF (Network Configuration) Working Group";
contact contact
"WG Web: <http://datatracker.ietf.org/wg/netconf/> "WG Web: <http://datatracker.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org> WG List: <mailto:netconf@ietf.org>
Author: Kent Watsen <mailto:kent+ietf@watsen.net> Author: Kent Watsen <mailto:kent+ietf@watsen.net>
Author: Gary Wu <mailto:garywu@cisco.com> Author: Gary Wu <mailto:garywu@cisco.com>
Author: Juergen Schoenwaelder Author: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>"; <mailto:j.schoenwaelder@jacobs-university.de>";
description description
"This module contains a collection of YANG definitions for "This module contains a collection of YANG definitions for
configuring NETCONF servers. configuring NETCONF servers.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
are to be interpreted as described in BCP 14 [RFC2119] are to be interpreted as described in BCP 14 [RFC2119]
[RFC8174] when, and only when, they appear in all [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
Copyright (c) 2019 IETF Trust and the persons identified as Copyright (c) 2019 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision "2019-03-09" { revision 2019-03-09 {
description description
"Initial version"; "Initial version";
reference reference
"RFC XXXX: NETCONF Client and Server Models"; "RFC XXXX: NETCONF Client and Server Models";
} }
// Features // Features
feature listen { feature listen {
description description
"The 'listen' feature indicates that the NETCONF server "The 'listen' feature indicates that the NETCONF server
supports opening a port to accept NETCONF client connections supports opening a port to accept NETCONF client connections
using at least one transport (e.g., SSH, TLS, etc.)."; using at least one transport (e.g., SSH, TLS, etc.).";
} }
feature ssh-listen { feature ssh-listen {
description description
"The 'ssh-listen' feature indicates that the NETCONF server "The 'ssh-listen' feature indicates that the NETCONF server
supports opening a port to accept NETCONF over SSH supports opening a port to accept NETCONF over SSH
client connections."; client connections.";
reference reference
"RFC 6242: "RFC 6242:
Using the NETCONF Protocol over Secure Shell (SSH)"; Using the NETCONF Protocol over Secure Shell (SSH)";
} }
feature tls-listen { feature tls-listen {
description description
"The 'tls-listen' feature indicates that the NETCONF server "The 'tls-listen' feature indicates that the NETCONF server
supports opening a port to accept NETCONF over TLS supports opening a port to accept NETCONF over TLS
client connections."; client connections.";
reference reference
"RFC 7589: Using the NETCONF Protocol over Transport "RFC 7589: Using the NETCONF Protocol over Transport
Layer Security (TLS) with Mutual X.509 Layer Security (TLS) with Mutual X.509
Authentication"; Authentication";
} }
feature call-home { feature call-home {
description description
"The 'call-home' feature indicates that the NETCONF server "The 'call-home' feature indicates that the NETCONF server
supports initiating NETCONF call home connections to supports initiating NETCONF call home connections to
NETCONF clients using at least one transport (e.g., SSH, NETCONF clients using at least one transport (e.g., SSH,
TLS, etc.)."; TLS, etc.).";
reference reference
"RFC 8071: NETCONF Call Home and RESTCONF Call Home"; "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
} }
feature ssh-call-home { feature ssh-call-home {
description description
"The 'ssh-call-home' feature indicates that the NETCONF "The 'ssh-call-home' feature indicates that the NETCONF
server supports initiating a NETCONF over SSH call server supports initiating a NETCONF over SSH call
home connection to NETCONF clients."; home connection to NETCONF clients.";
reference reference
"RFC 8071: NETCONF Call Home and RESTCONF Call Home"; "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
} }
feature tls-call-home { feature tls-call-home {
description description
"The 'tls-call-home' feature indicates that the NETCONF "The 'tls-call-home' feature indicates that the NETCONF
server supports initiating a NETCONF over TLS call server supports initiating a NETCONF over TLS call
home connection to NETCONF clients."; home connection to NETCONF clients.";
reference reference
"RFC 8071: NETCONF Call Home and RESTCONF Call Home"; "RFC 8071: NETCONF Call Home and RESTCONF Call Home";
} }
// Groupings // Groupings
grouping netconf-server-grouping { grouping netconf-server-grouping {
description description
"Top-level grouping for NETCONF server configuration."; "Top-level grouping for NETCONF server configuration.";
container listen { container listen {
if-feature listen; if-feature "listen";
presence "Enables server to listen for TCP connections"; presence "Enables server to listen for TCP connections";
description "Configures listen behavior"; description
"Configures listen behavior";
leaf idle-timeout { leaf idle-timeout {
type uint16; type uint16;
units "seconds"; units "seconds";
default 3600; // one hour default 3600; // one hour
description description
"Specifies the maximum number of seconds that a NETCONF "Specifies the maximum number of seconds that a NETCONF
session may remain idle. A NETCONF session will be session may remain idle. A NETCONF session will be
dropped if it is idle for an interval longer than this dropped if it is idle for an interval longer than this
number of seconds. If set to zero, then the server number of seconds. If set to zero, then the server
will never drop a session because it is idle. Sessions will never drop a session because it is idle. Sessions
that have a notification subscription active are never that have a notification subscription active are never
dropped."; dropped.";
} }
list endpoint { list endpoint {
key name; key "name";
min-elements 1; min-elements 1;
description description
"List of endpoints to listen for NETCONF connections."; "List of endpoints to listen for NETCONF connections.";
leaf name { leaf name {
type string; type string;
description description
"An arbitrary name for the NETCONF listen endpoint."; "An arbitrary name for the NETCONF listen endpoint.";
} }
choice transport { choice transport {
mandatory true; mandatory true;
description description
"Selects between available transports."; "Selects between available transports.";
case ssh { case ssh {
if-feature ssh-listen; if-feature "ssh-listen";
container ssh { container ssh {
description description
"SSH-specific listening configuration for inbound "SSH-specific listening configuration for inbound
connections."; connections.";
uses tcps:tcp-server-grouping { uses tcps:tcp-server-grouping {
refine "local-port" { refine "local-port" {
default 830; default "830";
description description
"The NETCONF server will listen on the IANA- "The NETCONF server will listen on the IANA-
assigned well-known port value for 'netconf-ssh' assigned well-known port value for 'netconf-ssh'
(830) if no value is specified."; (830) if no value is specified.";
} }
} }
uses sshs:ssh-server-grouping; uses sshs:ssh-server-grouping;
} }
} }
case tls { case tls {
if-feature tls-listen; if-feature "tls-listen";
container tls { container tls {
description description
"TLS-specific listening configuration for inbound "TLS-specific listening configuration for inbound
connections."; connections.";
uses tcps:tcp-server-grouping { uses tcps:tcp-server-grouping {
refine "local-port" { refine "local-port" {
default 6513; default "6513";
description description
"The NETCONF server will listen on the IANA- "The NETCONF server will listen on the IANA-
assigned well-known port value for 'netconf-tls' assigned well-known port value for 'netconf-tls'
(6513) if no value is specified."; (6513) if no value is specified.";
} }
} }
uses tlss:tls-server-grouping { uses tlss:tls-server-grouping {
refine "tls-client-auth" { refine "tls-client-auth" {
must 'pinned-ca-certs or pinned-client-certs'; must 'pinned-ca-certs or pinned-client-certs';
description description
"NETCONF/TLS servers MUST validate client "NETCONF/TLS servers MUST validate client
certiticates."; certiticates.";
} }
augment "tls-client-auth" { augment "tls-client-auth" {
description description
"Augments in the cert-to-name structure."; "Augments in the cert-to-name structure.";
container cert-maps { container cert-maps {
uses x509c2n:cert-to-name; uses x509c2n:cert-to-name;
description description
"The cert-maps container is used by a TLS- "The cert-maps container is used by a TLS-
based NETCONF server to map the NETCONF based NETCONF server to map the NETCONF
client's presented X.509 certificate to a client's presented X.509 certificate to a
NETCONF username. If no matching and valid NETCONF username. If no matching and valid
cert-to-name list entry can be found, then cert-to-name list entry can be found, then
the NETCONF server MUST close the connection, the NETCONF server MUST close the connection,
and MUST NOT accept NETCONF messages over and MUST NOT accept NETCONF messages over
it."; it.";
reference reference
"RFC WWWW: NETCONF over TLS, Section 7"; "RFC WWWW: NETCONF over TLS, Section 7";
} }
} }
} }
} }
} }
} }
} }
} }
container call-home { container call-home {
if-feature call-home; if-feature "call-home";
presence "Enables server to initiate TCP connections"; presence "Enables server to initiate TCP connections";
description "Configures call-home behavior"; description "Configures call-home behavior";
list netconf-client { list netconf-client {
key name; key "name";
min-elements 1; min-elements 1;
description description
"List of NETCONF clients the NETCONF server is to "List of NETCONF clients the NETCONF server is to
initiate call-home connections to in parallel."; initiate call-home connections to in parallel.";
leaf name { leaf name {
type string; type string;
description description
"An arbitrary name for the remote NETCONF client."; "An arbitrary name for the remote NETCONF client.";
} }
container endpoints { container endpoints {
description description
"Container for the list of endpoints."; "Container for the list of endpoints.";
list endpoint { list endpoint {
key name; key "name";
min-elements 1; min-elements 1;
ordered-by user; ordered-by user;
description description
"A non-empty user-ordered list of endpoints for this "A non-empty user-ordered list of endpoints for this
NETCONF server to try to connect to in sequence. NETCONF server to try to connect to in sequence.
Defining more than one enables high-availability."; Defining more than one enables high-availability.";
leaf name { leaf name {
type string; type string;
description description
"An arbitrary name for this endpoint."; "An arbitrary name for this endpoint.";
} }
choice transport { choice transport {
mandatory true; mandatory true;
description description
"Selects between available transports."; "Selects between available transports.";
case ssh { case ssh {
if-feature ssh-call-home; if-feature "ssh-call-home";
container ssh { container ssh {
description description
"Specifies SSH-specific call-home transport "Specifies SSH-specific call-home transport
configuration."; configuration.";
uses tcpc:tcp-client-grouping { uses tcpc:tcp-client-grouping {
refine "remote-port" { refine "remote-port" {
default 4334; default "4334";
description description
"The NETCONF server will attempt to connect "The NETCONF server will attempt to connect
to the IANA-assigned well-known port for to the IANA-assigned well-known port for
'netconf-ch-tls' (4334) if no value is 'netconf-ch-tls' (4334) if no value is
specified."; specified.";
} }
} }
uses sshs:ssh-server-grouping; uses sshs:ssh-server-grouping;
} }
} }
case tls { case tls {
if-feature tls-call-home; if-feature "tls-call-home";
container tls { container tls {
description description
"Specifies TLS-specific call-home transport "Specifies TLS-specific call-home transport
configuration."; configuration.";
uses tcpc:tcp-client-grouping { uses tcpc:tcp-client-grouping {
refine "remote-port" { refine "remote-port" {
default 4335; default "4335";
description description
"The NETCONF server will attempt to connect "The NETCONF server will attempt to connect
to the IANA-assigned well-known port for to the IANA-assigned well-known port for
'netconf-ch-tls' (4335) if no value is 'netconf-ch-tls' (4335) if no value is
specified."; specified.";
} }
} }
uses tlss:tls-server-grouping { uses tlss:tls-server-grouping {
refine "tls-client-auth" { refine "tls-client-auth" {
must 'pinned-ca-certs or pinned-client-certs'; must 'pinned-ca-certs or pinned-client-certs';
description description
"NETCONF/TLS servers MUST validate client "NETCONF/TLS servers MUST validate client
certiticates."; certiticates.";
} }
augment "tls-client-auth" { augment "tls-client-auth" {
description description
"Augments in the cert-to-name structure."; "Augments in the cert-to-name structure.";
container cert-maps { container cert-maps {
uses x509c2n:cert-to-name; uses x509c2n:cert-to-name;
description description
"The cert-maps container is used by a "The cert-maps container is used by a
TLS-based NETCONF server to map the TLS-based NETCONF server to map the
NETCONF client's presented X.509 NETCONF client's presented X.509
certificate to a NETCONF username. If certificate to a NETCONF username. If
no matching and valid cert-to-name list no matching and valid cert-to-name list
entry can be found, then the NETCONF entry can be found, then the NETCONF
server MUST close the connection, and server MUST close the connection, and
MUST NOT accept NETCONF messages over MUST NOT accept NETCONF messages over
it."; it.";
reference reference
"RFC WWWW: NETCONF over TLS, Section 7"; "RFC WWWW: NETCONF over TLS, Section 7";
} }
} }
} }
} }
} // tls } // tls
} // choice } // choice
} // endpoint } // endpoint
} // endpoints } // endpoints
container connection-type { container connection-type {
description description
skipping to change at page 47, line 15 skipping to change at page 46, line 49
} }
} }
} }
} }
} // tls } // tls
} // choice } // choice
} // endpoint } // endpoint
} // endpoints } // endpoints
container connection-type { container connection-type {
description description
"Indicates the NETCONF server's preference for how the "Indicates the NETCONF server's preference for how the
NETCONF connection is maintained."; NETCONF connection is maintained.";
choice connection-type { choice connection-type {
mandatory true; mandatory true;
description description
"Selects between available connection types."; "Selects between available connection types.";
case persistent-connection { case persistent-connection {
container persistent { container persistent {
presence presence "Indicates that a persistent connection is
"Indicates that a persistent connection is to be to be maintained.";
maintained.";
description description
"Maintain a persistent connection to the NETCONF "Maintain a persistent connection to the NETCONF
client. If the connection goes down, immediately client. If the connection goes down, immediately
start trying to reconnect to it, using the start trying to reconnect to it, using the
reconnection strategy. reconnection strategy.
This connection type minimizes any NETCONF client This connection type minimizes any NETCONF client
to NETCONF server data-transfer delay, albeit at to NETCONF server data-transfer delay, albeit at
the expense of holding resources longer."; the expense of holding resources longer.";
} // container persistent } // container persistent
} // case persistent-connection } // case persistent-connection
case periodic-connection { case periodic-connection {
container periodic { container periodic {
presence presence "Indicates that a periodic connection is
"Indicates that a periodic connection is to be to be maintained.";
maintained.";
description description
"Periodically connect to the NETCONF client. The "Periodically connect to the NETCONF client. The
NETCONF client should close the underlying TLS NETCONF client should close the underlying TLS
connection upon completing planned activities. connection upon completing planned activities.
This connection type increases resource This connection type increases resource
utilization, albeit with increased delay in utilization, albeit with increased delay in
NETCONF client to NETCONF client interactions."; NETCONF client to NETCONF client interactions.";
leaf period { leaf period {
type uint16; type uint16;
units "minutes"; units "minutes";
default 60; default "60";
description description
"Duration of time between periodic connections."; "Duration of time between periodic connections.";
} }
leaf anchor-time { leaf anchor-time {
type yang:date-and-time { type yang:date-and-time {
// constrained to minute-level granularity // constrained to minute-level granularity
pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}' pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}'
+ '(Z|[\+\-]\d{2}:\d{2})'; + '(Z|[\+\-]\d{2}:\d{2})';
} }
description description
"Designates a timestamp before or after which a "Designates a timestamp before or after which a
series of periodic connections are determined. series of periodic connections are determined.
The periodic connections occur at a whole The periodic connections occur at a whole
multiple interval from the anchor time. For multiple interval from the anchor time. For
example, for an anchor time is 15 minutes past example, for an anchor time is 15 minutes past
midnight and a period interval of 24 hours, then midnight and a period interval of 24 hours, then
a periodic connection will occur 15 minutes past a periodic connection will occur 15 minutes past
midnight everyday."; midnight everyday.";
skipping to change at page 48, line 43 skipping to change at page 48, line 27
interval longer than this number of seconds. interval longer than this number of seconds.
If set to zero, then the server will never If set to zero, then the server will never
drop a session because it is idle."; drop a session because it is idle.";
} }
} // container periodic } // container periodic
} // case periodic-connection } // case periodic-connection
} // choice connection-type } // choice connection-type
} // container connection-type } // container connection-type
container reconnect-strategy { container reconnect-strategy {
description description
"The reconnection strategy directs how a NETCONF server "The reconnection strategy directs how a NETCONF server
reconnects to a NETCONF client, after discovering its reconnects to a NETCONF client, after discovering its
connection to the client has dropped, even if due to a connection to the client has dropped, even if due to a
reboot. The NETCONF server starts with the specified reboot. The NETCONF server starts with the specified
endpoint and tries to connect to it max-attempts times endpoint and tries to connect to it max-attempts times
before trying the next endpoint in the list (round before trying the next endpoint in the list (round
robin)."; robin).";
leaf start-with { leaf start-with {
type enumeration { type enumeration {
enum first-listed { enum first-listed {
description description
"Indicates that reconnections should start with "Indicates that reconnections should start with
the first endpoint listed."; the first endpoint listed.";
} }
enum last-connected { enum last-connected {
description description
"Indicates that reconnections should start with "Indicates that reconnections should start with
skipping to change at page 49, line 24 skipping to change at page 49, line 8
first endpoint configured is used. NETCONF first endpoint configured is used. NETCONF
servers SHOULD be able to remember the last servers SHOULD be able to remember the last
endpoint connected to across reboots."; endpoint connected to across reboots.";
} }
enum random-selection { enum random-selection {
description description
"Indicates that reconnections should start with "Indicates that reconnections should start with
a random endpoint."; a random endpoint.";
} }
} }
default first-listed; default "first-listed";
description description
"Specifies which of the NETCONF client's endpoints "Specifies which of the NETCONF client's endpoints
the NETCONF server should start with when trying the NETCONF server should start with when trying
to connect to the NETCONF client."; to connect to the NETCONF client.";
} }
leaf max-attempts { leaf max-attempts {
type uint8 { type uint8 {
range "1..max"; range "1..max";
} }
default 3; default "3";
description description
"Specifies the number times the NETCONF server tries "Specifies the number times the NETCONF server tries
to connect to a specific endpoint before moving on to connect to a specific endpoint before moving on
to the next endpoint in the list (round robin)."; to the next endpoint in the list (round robin).";
} }
} // container reconnect-strategy } // container reconnect-strategy
} // list netconf-client } // list netconf-client
} // container call-home } // container call-home
} // grouping netconf-server-grouping } // grouping netconf-server-grouping
// Protocol accessible node, for servers that *implement* // Protocol accessible node, for servers that implement this
// this module. // module.
container netconf-server { container netconf-server {
uses netconf-server-grouping; uses netconf-server-grouping;
description description
"Top-level container for NETCONF server configuration."; "Top-level container for NETCONF server configuration.";
} }
} }
<CODE ENDS> <CODE ENDS>
5. Design Considerations 5. Design Considerations
Editorial: this section is a hold over from before, previously called Editorial: this section is a hold over from before, previously called
"Objectives". It was only written two support the "server" (not the "Objectives". It was only written two support the "server" (not the
"client"). The question is if it's better to add the missing "client"). The question is if it's better to add the missing
"client" parts, or remove this section altogether. "client" parts, or remove this section altogether.
The primary purpose of the YANG modules defined herein is to enable The primary purpose of the YANG modules defined herein is to enable
 End of changes. 127 change blocks. 
290 lines changed or deleted 270 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/