draft-ietf-netconf-nmda-restconf-01.txt   draft-ietf-netconf-nmda-restconf-02.txt 
Network Working Group M. Bjorklund Network Working Group M. Bjorklund
Internet-Draft Tail-f Systems Internet-Draft Tail-f Systems
Updates: 8040 (if approved) J. Schoenwaelder Updates: 8040 (if approved) J. Schoenwaelder
Intended status: Standards Track Jacobs University Intended status: Standards Track Jacobs University
Expires: May 3, 2018 P. Shafer Expires: July 21, 2018 P. Shafer
K. Watsen K. Watsen
Juniper Networks Juniper Networks
R. Wilton R. Wilton
Cisco Systems Cisco Systems
October 30, 2017 January 17, 2018
RESTCONF Update to Support the NMDA RESTCONF Extensions to Support the Network Management Datastore
draft-ietf-netconf-nmda-restconf-01 Architecture
draft-ietf-netconf-nmda-restconf-02
Abstract Abstract
This document updates RESTCONF [RFC8040] in order to support the This document extends the RESTCONF protocol defined in RFC 8040 in
Network Management Datastore Architecture (NMDA) defined in order to support the Network Management Datastore Architecture
[I-D.ietf-netmod-revised-datastores]. defined in I-D.ietf-netmod-revised-datastores.
This document updates RFC 8040 by introducing new datastore
resources, adding a new query parameter, and requiring the usage of
I-D.ietf-netconf-rfc7895bis by RESTCONF servers implementing the
Network Management Datastore Architecture.
REF Editor: please replace "I-D.ietf-netmod-revised-datastores" and
"I-D.ietf-netconf-rfc7895bis" above with their final RFC assignments.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 3, 2018. This Internet-Draft will expire on July 21, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Summary of Updates to RFC 8040 . . . . . . . . . . . . . . . 3 2. Datastore and YANG Library Requirements . . . . . . . . . . . 3
3. Conformance . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. RESTCONF Extensions . . . . . . . . . . . . . . . . . . . . . 3
4. The {+restconf}/ds/<datastore> Resources . . . . . . . . . . 3 3.1. New Datastore Resources . . . . . . . . . . . . . . . . . 3
5. Protocol Operations . . . . . . . . . . . . . . . . . . . . . 4 3.2. Protocol Operations . . . . . . . . . . . . . . . . . . . 4
5.1. The "with-origin" query parameter . . . . . . . . . . . . 4 3.2.1. New "with-origin" Query Parameter . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5
8. Normative References . . . . . . . . . . . . . . . . . . . . 5 6. Normative References . . . . . . . . . . . . . . . . . . . . 6
Appendix A. Example . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
This document updates RESTCONF [RFC8040] in order to support the This document extends the RESTCONF protocol defined in [RFC8040] in
Network Management Datastore Architecture (NMDA) defined in order to support the Network Management Datastore Architecture (NMDA)
[I-D.ietf-netmod-revised-datastores]. defined in [I-D.ietf-netmod-revised-datastores].
This document updates [RFC8040] in order to enable RESTCONF clients
to discover which datastores are supported by the RESTCONF server, as
well as determine which modules are supported in each datastore and,
finally, to interact with all the datastores supported by the NMDA.
Specifically, the update introduces new datastore resources, adds a
new query parameter, and requires the usage of
[I-D.ietf-netconf-rfc7895bis] by RESTCONF servers implementing the
NMDA.
The solution presented in this document is backwards compatible with The solution presented in this document is backwards compatible with
[RFC8040]. This is achieved by it only adding new top-level [RFC8040]. This is achieved by only adding new resources and leaving
resources, and thereby leaving the semantics of all existing the semantics of the existing resources unchanged.
resources alone.
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", This document uses the terminology defined by the NMDA
[I-D.ietf-netmod-revised-datastores].
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14, [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
The following terms are defined in 2. Datastore and YANG Library Requirements
[I-D.ietf-netmod-revised-datastores] and are not redefined here:
o operational state datastore
o running configuration datastore
o intended configuration datastore
2. Summary of Updates to RFC 8040
This document updates [RFC8040] in the following ways:
o Adds new top-level resource "/ds".
o Adds new query parameter "with-origin".
o Section 3.5.4, Paragraph 3 in [RFC8040] doesn't apply when
interacting with any resource under {+restconf}/ds.
o Updates section 10 in [RFC8040] by requiring servers that support
NMDA to implement "ietf-yang-library" as defined in
[I-D.nmdsdt-netconf-rfc7895bis].
3. Conformance
RFC Ed.: Update 201X-XX-XX below with correct date. RFC Ed.: Update 201X-XX-XX below with correct date.
An NMDA-compliant RESTCONF server MUST support the operational state An NMDA-compliant RESTCONF server MUST support the operational state
datastore. Such a server identifies that it supports NMDA both by datastore and it MUST implement at least revision 201X-XX-XX of the
"ietf-yang-library" module defined in [I-D.ietf-netconf-rfc7895bis].
Such a server identifies that it supports the NMDA both by
implementing the {+restconf}/ds/ietf-datastores:operational resource, implementing the {+restconf}/ds/ietf-datastores:operational resource,
and by implementing at least revision 201X-XX-XX of the and by implementing at least revision 201X-XX-XX of the
"ietf-yang-library" module, as specified in "ietf-yang-library" module.
[I-D.nmdsdt-netconf-rfc7895bis].
A RESTCONF client can test if a server supports the NMDA by using A RESTCONF client can test if a server supports the NMDA by using
either the HEAD or GET methods on {+restconf}/ds/ietf- either the HEAD or GET methods on {+restconf}/ds/ietf-
datastores:operational. datastores:operational.
4. The {+restconf}/ds/<datastore> Resources 3. RESTCONF Extensions
This section describes the RESTCONF extensions needed to support the
NMDA.
3.1. New Datastore Resources
This document defines a set of new resources representing datastores This document defines a set of new resources representing datastores
as defined in [I-D.ietf-netmod-revised-datastores]. These resources as defined in [I-D.ietf-netmod-revised-datastores]. These resources
are available using the resource path template: are available using the following resource path template:
{+restconf}/ds/<datastore> {+restconf}/ds/<datastore>
Where <datastore> is encoded as an "identity" according to the JSON The <datastore> path component is encoded as an "identity" according
encoding rules for identities, defined in Section 4 of [RFC7951]. to the JSON encoding rules for identities, defined in Section 4 of
Such an identity MUST be derived from the "datastore" identity in [RFC7951]. Such an identity MUST be derived from the "datastore"
"ietf-datastores" [I-D.ietf-netmod-revised-datastores]. identity defined in the "ietf-datastores" YANG module
[I-D.ietf-netmod-revised-datastores].
Specifically: Specifically:
o The resource {+restconf}/ds/ietf-datastores:operational refers to o The resource {+restconf}/ds/ietf-datastores:operational refers to
the operational state datastore. the operational state datastore.
o The resource {+restconf}/ds/ietf-datastores:running refers to the o The resource {+restconf}/ds/ietf-datastores:running refers to the
running configuration datastore. running configuration datastore.
o The resource {+restconf}/ds/ietf-datastores:intended refers to the o The resource {+restconf}/ds/ietf-datastores:intended refers to the
intended configuration datastore. intended configuration datastore.
An NMDA-compliant server MUST implement {+restconf}/ds/ietf- An NMDA-compliant server MUST implement {+restconf}/ds/ietf-
datastores:operational. Other datastore resources are optional to datastores:operational. Other datastore resources are optional to
implement. implement.
YANG actions can only be invoked in {+restconf}/ds/ietf-
datastores:operational.
If a server implements the example datastore "ds-ephemeral" in the If a server implements the example datastore "ds-ephemeral" in the
module "example-ds-ephemeral", it would implement the resource module "example-ds-ephemeral", it would implement the resource
{+restconf}/ds/example-ds-ephemeral:ds-ephemeral. {+restconf}/ds/example-ds-ephemeral:ds-ephemeral.
5. Protocol Operations 3.2. Protocol Operations
All existing protocol operations defined in [RFC8040] for the The protocol operations available for the new datastore resources
{+restconf}/data resource are available for all of the new datastore (Section 3.1) are the same as the protocol operations defined in
resources with the following exceptions: [RFC8040] for the {+restconf}/data resource with the following
exceptions:
o Dynamic datastores are excluded, as each dynamic datastore o Dynamic configuration datastores are excluded, as each dynamic
definition needs to be reviewed for what protocol operations it configuration datastore definition needs to be reviewed for what
supports. protocol operations it supports.
o Some datastores are read-only by nature (e.g., <intended>), and o Some datastores are read-only by nature (e.g., <intended>), and
hence any attempt to modify these datastores will fail. hence any attempt to modify these datastores will fail. A server
MUST return a response with a "405 Method Not Allowed" status-
line, and error-tag value "operation-not-supported".
o The "with-defaults" query parameter ([RFC8040], Section 4.8.9) o The "with-defaults" query parameter ([RFC8040], Section 4.8.9)
does not apply when interacting with {+restconf}/ds/ietf- does not apply when interacting with {+restconf}/ds/ietf-
datastores:operational. This means that all values are always datastores:operational. This means that all "in use" values, as
returned from the operational state datastore, even if a node defined in [I-D.ietf-netmod-revised-datastores] section 5.3, are
returned for the operational state datastore, even if a node
happens to have a default statement in the YANG module, and this happens to have a default statement in the YANG module, and this
default value is being used by the server. If the "with-defaults" default value is being used by the server. If the "with-defaults"
query parameter is present in a request to this resource, the query parameter is present in a request to this resource, the
server MUST return a response with a "400 Bad Request" status- server MUST return a response with a "400 Bad Request" status-
line. The error-tag value "invalid-value" is used in this case. line. The error-tag value "invalid-value" is used in this case.
o [RFC8040], section 3.5.4, paragraph 3 does not apply when o [RFC8040], Section 3.5.4, paragraph 3 does not apply when
interacting with any resource under {+restconf}/ds. interacting with any resource under {+restconf}/ds.
5.1. The "with-origin" query parameter 3.2.1. New "with-origin" Query Parameter
The GET operation adds a new query parameter named "with-origin", A new query parameter named "with-origin" is added to the GET
which if present, requests that the server includes "origin" metadata operation. If present, it requests that the server includes "origin"
anotations in its response, as detailed in the NMDA. This parameter metadata annotations in its response, as detailed in the NMDA. This
is only valid when querying {+restconf}/ds/ietf- parameter is only valid when querying {+restconf}/ds/ietf-
datastores:operational or any datastores with identities derived from datastores:operational or any datastores with identities derived from
the "operational" identity. Otherwise, if an invalid datastore is the "operational" identity. Otherwise, if an invalid datastore is
specified then the server MUST return a response witha a "400 Bad specified then the server MUST return a response with a "400 Bad
Request" status-line, using an error-tag value of "invalid-value". Request" status-line, using an error-tag value of "invalid-value".
"origin" metadata annotations are not included unless a client "origin" metadata annotations are not included unless a client
explicitly requests them. explicitly requests them.
Data from <operational> can come from multiple sources. The server Data in the operational state datatstore can come from multiple
should return the most accurate value for the "origin" metadata sources. The server should return the most accurate value for the
annotation as possible, indicating the source of the operational "origin" metadata annotation as possible, indicating the source of
value, as specified in section 5.3.4 of the NMDA. the operational value, as specified in Section 5.3.4 of
[I-D.ietf-netmod-revised-datastores].
When encoding the origin metadata annotation for a hierarchy of When encoding the origin metadata annotation for a hierarchy of
returned nodes, the annotation may be omitted for a child node when returned nodes, the annotation can be omitted for a child node when
the value matches that of the parent node (as described in ietf- the value matches that of the parent node, as described in
origin@2017-08-17). [RFC Editor, please check published revision "ietf-origin" YANG module [I-D.ietf-netmod-revised-datastores].
date.]
The "with-origin" query parameter is optional to support. It is The "with-origin" query parameter is optional to support. It is
identified with the URI: identified with the URI:
urn:ietf:params:restconf:capability:with-origin:1.0 urn:ietf:params:restconf:capability:with-origin:1.0
6. Security Considerations 4. IANA Considerations
TBD
7. IANA Considerations
This document defines one capability in the "RESTCONF Capability This document defines one capability in the "RESTCONF Capability
URNs" registry defined in [RFC8040]: URNs" registry defined in [RFC8040]:
Index Capability Identifier Index Capability Identifier
------------------------------------------------------------------ ------------------------------------------------------------------
:with-origin urn:ietf:params:restconf:capability:with-origin:1.0 :with-origin urn:ietf:params:restconf:capability:with-origin:1.0
8. Normative References 5. Security Considerations
This documents extends the RESTCONF protocol by introducing new
datastore resources. The lowest RESTCONF layer is HTTPS, and the
mandatory-to-implement secure transport is TLS [RFC5246]. The
RESTCONF protocol uses the network configuration access control model
[I-D.ietf-netconf-rfc6536bis], which provides the means to restrict
access for particular RESTCONF users to a preconfigured subset of all
available RESTCONF protocol operations and content.
The security constraints for the base RESTCONF protocol (see
Section 12 of [RFC8040] apply to the new RESTCONF datastore resources
defined in this document.
6. Normative References
[I-D.ietf-netconf-rfc6536bis]
Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Module", draft-ietf-netconf-rfc6536bis-09
(work in progress), December 2017.
[I-D.ietf-netconf-rfc7895bis]
Bierman, A., Bjorklund, M., and K. Watsen, "YANG Library",
draft-ietf-netconf-rfc7895bis-02 (work in progress),
October 2017.
[I-D.ietf-netmod-revised-datastores] [I-D.ietf-netmod-revised-datastores]
Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore and R. Wilton, "Network Management Datastore
Architecture", draft-ietf-netmod-revised-datastores-05 Architecture", draft-ietf-netmod-revised-datastores-10
(work in progress), October 2017. (work in progress), January 2018.
[I-D.nmdsdt-netconf-rfc7895bis]
Bierman, A., Bjorklund, M., and K. Watsen, "YANG Library",
draft-nmdsdt-netconf-rfc7895bis-01 (work in progress),
July 2017.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- RFC2119, March 1997, <https://www.rfc-editor.org/info/
editor.org/info/rfc2119>. rfc2119>.
[RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
RFC 7951, DOI 10.17487/RFC7951, August 2016, (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/
<https://www.rfc-editor.org/info/rfc7951>. RFC5246, August 2008, <https://www.rfc-editor.org/info/
rfc5246>.
[RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", RFC
7951, DOI 10.17487/RFC7951, August 2016, <https://www.rfc-
editor.org/info/rfc7951>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>. <https://www.rfc-editor.org/info/rfc8040>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Appendix A. Example
TBD
Authors' Addresses Authors' Addresses
Martin Bjorklund Martin Bjorklund
Tail-f Systems Tail-f Systems
Email: mbj@tail-f.com Email: mbj@tail-f.com
Juergen Schoenwaelder Juergen Schoenwaelder
Jacobs University Jacobs University
 End of changes. 35 change blocks. 
110 lines changed or deleted 137 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/