| draft-ietf-netconf-nmda-restconf-01.txt | draft-ietf-netconf-nmda-restconf-02.txt | |||
|---|---|---|---|---|
| Network Working Group M. Bjorklund | Network Working Group M. Bjorklund | |||
| Internet-Draft Tail-f Systems | Internet-Draft Tail-f Systems | |||
| Updates: 8040 (if approved) J. Schoenwaelder | Updates: 8040 (if approved) J. Schoenwaelder | |||
| Intended status: Standards Track Jacobs University | Intended status: Standards Track Jacobs University | |||
| Expires: May 3, 2018 P. Shafer | Expires: July 21, 2018 P. Shafer | |||
| K. Watsen | K. Watsen | |||
| Juniper Networks | Juniper Networks | |||
| R. Wilton | R. Wilton | |||
| Cisco Systems | Cisco Systems | |||
| October 30, 2017 | January 17, 2018 | |||
| RESTCONF Update to Support the NMDA | RESTCONF Extensions to Support the Network Management Datastore | |||
| draft-ietf-netconf-nmda-restconf-01 | Architecture | |||
| draft-ietf-netconf-nmda-restconf-02 | ||||
| Abstract | Abstract | |||
| This document updates RESTCONF [RFC8040] in order to support the | This document extends the RESTCONF protocol defined in RFC 8040 in | |||
| Network Management Datastore Architecture (NMDA) defined in | order to support the Network Management Datastore Architecture | |||
| [I-D.ietf-netmod-revised-datastores]. | defined in I-D.ietf-netmod-revised-datastores. | |||
| This document updates RFC 8040 by introducing new datastore | ||||
| resources, adding a new query parameter, and requiring the usage of | ||||
| I-D.ietf-netconf-rfc7895bis by RESTCONF servers implementing the | ||||
| Network Management Datastore Architecture. | ||||
| REF Editor: please replace "I-D.ietf-netmod-revised-datastores" and | ||||
| "I-D.ietf-netconf-rfc7895bis" above with their final RFC assignments. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 3, 2018. | This Internet-Draft will expire on July 21, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 | 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Summary of Updates to RFC 8040 . . . . . . . . . . . . . . . 3 | 2. Datastore and YANG Library Requirements . . . . . . . . . . . 3 | |||
| 3. Conformance . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. RESTCONF Extensions . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. The {+restconf}/ds/<datastore> Resources . . . . . . . . . . 3 | 3.1. New Datastore Resources . . . . . . . . . . . . . . . . . 3 | |||
| 5. Protocol Operations . . . . . . . . . . . . . . . . . . . . . 4 | 3.2. Protocol Operations . . . . . . . . . . . . . . . . . . . 4 | |||
| 5.1. The "with-origin" query parameter . . . . . . . . . . . . 4 | 3.2.1. New "with-origin" Query Parameter . . . . . . . . . . 5 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 8. Normative References . . . . . . . . . . . . . . . . . . . . 5 | 6. Normative References . . . . . . . . . . . . . . . . . . . . 6 | |||
| Appendix A. Example . . . . . . . . . . . . . . . . . . . . . . 6 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | ||||
| 1. Introduction | 1. Introduction | |||
| This document updates RESTCONF [RFC8040] in order to support the | This document extends the RESTCONF protocol defined in [RFC8040] in | |||
| Network Management Datastore Architecture (NMDA) defined in | order to support the Network Management Datastore Architecture (NMDA) | |||
| [I-D.ietf-netmod-revised-datastores]. | defined in [I-D.ietf-netmod-revised-datastores]. | |||
| This document updates [RFC8040] in order to enable RESTCONF clients | ||||
| to discover which datastores are supported by the RESTCONF server, as | ||||
| well as determine which modules are supported in each datastore and, | ||||
| finally, to interact with all the datastores supported by the NMDA. | ||||
| Specifically, the update introduces new datastore resources, adds a | ||||
| new query parameter, and requires the usage of | ||||
| [I-D.ietf-netconf-rfc7895bis] by RESTCONF servers implementing the | ||||
| NMDA. | ||||
| The solution presented in this document is backwards compatible with | The solution presented in this document is backwards compatible with | |||
| [RFC8040]. This is achieved by it only adding new top-level | [RFC8040]. This is achieved by only adding new resources and leaving | |||
| resources, and thereby leaving the semantics of all existing | the semantics of the existing resources unchanged. | |||
| resources alone. | ||||
| 1.1. Terminology | 1.1. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | This document uses the terminology defined by the NMDA | |||
| [I-D.ietf-netmod-revised-datastores]. | ||||
| The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14, [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| The following terms are defined in | 2. Datastore and YANG Library Requirements | |||
| [I-D.ietf-netmod-revised-datastores] and are not redefined here: | ||||
| o operational state datastore | ||||
| o running configuration datastore | ||||
| o intended configuration datastore | ||||
| 2. Summary of Updates to RFC 8040 | ||||
| This document updates [RFC8040] in the following ways: | ||||
| o Adds new top-level resource "/ds". | ||||
| o Adds new query parameter "with-origin". | ||||
| o Section 3.5.4, Paragraph 3 in [RFC8040] doesn't apply when | ||||
| interacting with any resource under {+restconf}/ds. | ||||
| o Updates section 10 in [RFC8040] by requiring servers that support | ||||
| NMDA to implement "ietf-yang-library" as defined in | ||||
| [I-D.nmdsdt-netconf-rfc7895bis]. | ||||
| 3. Conformance | ||||
| RFC Ed.: Update 201X-XX-XX below with correct date. | RFC Ed.: Update 201X-XX-XX below with correct date. | |||
| An NMDA-compliant RESTCONF server MUST support the operational state | An NMDA-compliant RESTCONF server MUST support the operational state | |||
| datastore. Such a server identifies that it supports NMDA both by | datastore and it MUST implement at least revision 201X-XX-XX of the | |||
| "ietf-yang-library" module defined in [I-D.ietf-netconf-rfc7895bis]. | ||||
| Such a server identifies that it supports the NMDA both by | ||||
| implementing the {+restconf}/ds/ietf-datastores:operational resource, | implementing the {+restconf}/ds/ietf-datastores:operational resource, | |||
| and by implementing at least revision 201X-XX-XX of the | and by implementing at least revision 201X-XX-XX of the | |||
| "ietf-yang-library" module, as specified in | "ietf-yang-library" module. | |||
| [I-D.nmdsdt-netconf-rfc7895bis]. | ||||
| A RESTCONF client can test if a server supports the NMDA by using | A RESTCONF client can test if a server supports the NMDA by using | |||
| either the HEAD or GET methods on {+restconf}/ds/ietf- | either the HEAD or GET methods on {+restconf}/ds/ietf- | |||
| datastores:operational. | datastores:operational. | |||
| 4. The {+restconf}/ds/<datastore> Resources | 3. RESTCONF Extensions | |||
| This section describes the RESTCONF extensions needed to support the | ||||
| NMDA. | ||||
| 3.1. New Datastore Resources | ||||
| This document defines a set of new resources representing datastores | This document defines a set of new resources representing datastores | |||
| as defined in [I-D.ietf-netmod-revised-datastores]. These resources | as defined in [I-D.ietf-netmod-revised-datastores]. These resources | |||
| are available using the resource path template: | are available using the following resource path template: | |||
| {+restconf}/ds/<datastore> | {+restconf}/ds/<datastore> | |||
| Where <datastore> is encoded as an "identity" according to the JSON | The <datastore> path component is encoded as an "identity" according | |||
| encoding rules for identities, defined in Section 4 of [RFC7951]. | to the JSON encoding rules for identities, defined in Section 4 of | |||
| Such an identity MUST be derived from the "datastore" identity in | [RFC7951]. Such an identity MUST be derived from the "datastore" | |||
| "ietf-datastores" [I-D.ietf-netmod-revised-datastores]. | identity defined in the "ietf-datastores" YANG module | |||
| [I-D.ietf-netmod-revised-datastores]. | ||||
| Specifically: | Specifically: | |||
| o The resource {+restconf}/ds/ietf-datastores:operational refers to | o The resource {+restconf}/ds/ietf-datastores:operational refers to | |||
| the operational state datastore. | the operational state datastore. | |||
| o The resource {+restconf}/ds/ietf-datastores:running refers to the | o The resource {+restconf}/ds/ietf-datastores:running refers to the | |||
| running configuration datastore. | running configuration datastore. | |||
| o The resource {+restconf}/ds/ietf-datastores:intended refers to the | o The resource {+restconf}/ds/ietf-datastores:intended refers to the | |||
| intended configuration datastore. | intended configuration datastore. | |||
| An NMDA-compliant server MUST implement {+restconf}/ds/ietf- | An NMDA-compliant server MUST implement {+restconf}/ds/ietf- | |||
| datastores:operational. Other datastore resources are optional to | datastores:operational. Other datastore resources are optional to | |||
| implement. | implement. | |||
| YANG actions can only be invoked in {+restconf}/ds/ietf- | ||||
| datastores:operational. | ||||
| If a server implements the example datastore "ds-ephemeral" in the | If a server implements the example datastore "ds-ephemeral" in the | |||
| module "example-ds-ephemeral", it would implement the resource | module "example-ds-ephemeral", it would implement the resource | |||
| {+restconf}/ds/example-ds-ephemeral:ds-ephemeral. | {+restconf}/ds/example-ds-ephemeral:ds-ephemeral. | |||
| 5. Protocol Operations | 3.2. Protocol Operations | |||
| All existing protocol operations defined in [RFC8040] for the | The protocol operations available for the new datastore resources | |||
| {+restconf}/data resource are available for all of the new datastore | (Section 3.1) are the same as the protocol operations defined in | |||
| resources with the following exceptions: | [RFC8040] for the {+restconf}/data resource with the following | |||
| exceptions: | ||||
| o Dynamic datastores are excluded, as each dynamic datastore | o Dynamic configuration datastores are excluded, as each dynamic | |||
| definition needs to be reviewed for what protocol operations it | configuration datastore definition needs to be reviewed for what | |||
| supports. | protocol operations it supports. | |||
| o Some datastores are read-only by nature (e.g., <intended>), and | o Some datastores are read-only by nature (e.g., <intended>), and | |||
| hence any attempt to modify these datastores will fail. | hence any attempt to modify these datastores will fail. A server | |||
| MUST return a response with a "405 Method Not Allowed" status- | ||||
| line, and error-tag value "operation-not-supported". | ||||
| o The "with-defaults" query parameter ([RFC8040], Section 4.8.9) | o The "with-defaults" query parameter ([RFC8040], Section 4.8.9) | |||
| does not apply when interacting with {+restconf}/ds/ietf- | does not apply when interacting with {+restconf}/ds/ietf- | |||
| datastores:operational. This means that all values are always | datastores:operational. This means that all "in use" values, as | |||
| returned from the operational state datastore, even if a node | defined in [I-D.ietf-netmod-revised-datastores] section 5.3, are | |||
| returned for the operational state datastore, even if a node | ||||
| happens to have a default statement in the YANG module, and this | happens to have a default statement in the YANG module, and this | |||
| default value is being used by the server. If the "with-defaults" | default value is being used by the server. If the "with-defaults" | |||
| query parameter is present in a request to this resource, the | query parameter is present in a request to this resource, the | |||
| server MUST return a response with a "400 Bad Request" status- | server MUST return a response with a "400 Bad Request" status- | |||
| line. The error-tag value "invalid-value" is used in this case. | line. The error-tag value "invalid-value" is used in this case. | |||
| o [RFC8040], section 3.5.4, paragraph 3 does not apply when | o [RFC8040], Section 3.5.4, paragraph 3 does not apply when | |||
| interacting with any resource under {+restconf}/ds. | interacting with any resource under {+restconf}/ds. | |||
| 5.1. The "with-origin" query parameter | 3.2.1. New "with-origin" Query Parameter | |||
| The GET operation adds a new query parameter named "with-origin", | A new query parameter named "with-origin" is added to the GET | |||
| which if present, requests that the server includes "origin" metadata | operation. If present, it requests that the server includes "origin" | |||
| anotations in its response, as detailed in the NMDA. This parameter | metadata annotations in its response, as detailed in the NMDA. This | |||
| is only valid when querying {+restconf}/ds/ietf- | parameter is only valid when querying {+restconf}/ds/ietf- | |||
| datastores:operational or any datastores with identities derived from | datastores:operational or any datastores with identities derived from | |||
| the "operational" identity. Otherwise, if an invalid datastore is | the "operational" identity. Otherwise, if an invalid datastore is | |||
| specified then the server MUST return a response witha a "400 Bad | specified then the server MUST return a response with a "400 Bad | |||
| Request" status-line, using an error-tag value of "invalid-value". | Request" status-line, using an error-tag value of "invalid-value". | |||
| "origin" metadata annotations are not included unless a client | "origin" metadata annotations are not included unless a client | |||
| explicitly requests them. | explicitly requests them. | |||
| Data from <operational> can come from multiple sources. The server | Data in the operational state datatstore can come from multiple | |||
| should return the most accurate value for the "origin" metadata | sources. The server should return the most accurate value for the | |||
| annotation as possible, indicating the source of the operational | "origin" metadata annotation as possible, indicating the source of | |||
| value, as specified in section 5.3.4 of the NMDA. | the operational value, as specified in Section 5.3.4 of | |||
| [I-D.ietf-netmod-revised-datastores]. | ||||
| When encoding the origin metadata annotation for a hierarchy of | When encoding the origin metadata annotation for a hierarchy of | |||
| returned nodes, the annotation may be omitted for a child node when | returned nodes, the annotation can be omitted for a child node when | |||
| the value matches that of the parent node (as described in ietf- | the value matches that of the parent node, as described in | |||
| origin@2017-08-17). [RFC Editor, please check published revision | "ietf-origin" YANG module [I-D.ietf-netmod-revised-datastores]. | |||
| date.] | ||||
| The "with-origin" query parameter is optional to support. It is | The "with-origin" query parameter is optional to support. It is | |||
| identified with the URI: | identified with the URI: | |||
| urn:ietf:params:restconf:capability:with-origin:1.0 | urn:ietf:params:restconf:capability:with-origin:1.0 | |||
| 6. Security Considerations | 4. IANA Considerations | |||
| TBD | ||||
| 7. IANA Considerations | ||||
| This document defines one capability in the "RESTCONF Capability | This document defines one capability in the "RESTCONF Capability | |||
| URNs" registry defined in [RFC8040]: | URNs" registry defined in [RFC8040]: | |||
| Index Capability Identifier | Index Capability Identifier | |||
| ------------------------------------------------------------------ | ------------------------------------------------------------------ | |||
| :with-origin urn:ietf:params:restconf:capability:with-origin:1.0 | :with-origin urn:ietf:params:restconf:capability:with-origin:1.0 | |||
| 8. Normative References | 5. Security Considerations | |||
| This documents extends the RESTCONF protocol by introducing new | ||||
| datastore resources. The lowest RESTCONF layer is HTTPS, and the | ||||
| mandatory-to-implement secure transport is TLS [RFC5246]. The | ||||
| RESTCONF protocol uses the network configuration access control model | ||||
| [I-D.ietf-netconf-rfc6536bis], which provides the means to restrict | ||||
| access for particular RESTCONF users to a preconfigured subset of all | ||||
| available RESTCONF protocol operations and content. | ||||
| The security constraints for the base RESTCONF protocol (see | ||||
| Section 12 of [RFC8040] apply to the new RESTCONF datastore resources | ||||
| defined in this document. | ||||
| 6. Normative References | ||||
| [I-D.ietf-netconf-rfc6536bis] | ||||
| Bierman, A. and M. Bjorklund, "Network Configuration | ||||
| Access Control Module", draft-ietf-netconf-rfc6536bis-09 | ||||
| (work in progress), December 2017. | ||||
| [I-D.ietf-netconf-rfc7895bis] | ||||
| Bierman, A., Bjorklund, M., and K. Watsen, "YANG Library", | ||||
| draft-ietf-netconf-rfc7895bis-02 (work in progress), | ||||
| October 2017. | ||||
| [I-D.ietf-netmod-revised-datastores] | [I-D.ietf-netmod-revised-datastores] | |||
| Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | |||
| and R. Wilton, "Network Management Datastore | and R. Wilton, "Network Management Datastore | |||
| Architecture", draft-ietf-netmod-revised-datastores-05 | Architecture", draft-ietf-netmod-revised-datastores-10 | |||
| (work in progress), October 2017. | (work in progress), January 2018. | |||
| [I-D.nmdsdt-netconf-rfc7895bis] | ||||
| Bierman, A., Bjorklund, M., and K. Watsen, "YANG Library", | ||||
| draft-nmdsdt-netconf-rfc7895bis-01 (work in progress), | ||||
| July 2017. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ | |||
| DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | RFC2119, March 1997, <https://www.rfc-editor.org/info/ | |||
| editor.org/info/rfc2119>. | rfc2119>. | |||
| [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| RFC 7951, DOI 10.17487/RFC7951, August 2016, | (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/ | |||
| <https://www.rfc-editor.org/info/rfc7951>. | RFC5246, August 2008, <https://www.rfc-editor.org/info/ | |||
| rfc5246>. | ||||
| [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", RFC | ||||
| 7951, DOI 10.17487/RFC7951, August 2016, <https://www.rfc- | ||||
| editor.org/info/rfc7951>. | ||||
| [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | |||
| Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | |||
| <https://www.rfc-editor.org/info/rfc8040>. | <https://www.rfc-editor.org/info/rfc8040>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| Appendix A. Example | ||||
| TBD | ||||
| Authors' Addresses | Authors' Addresses | |||
| Martin Bjorklund | Martin Bjorklund | |||
| Tail-f Systems | Tail-f Systems | |||
| Email: mbj@tail-f.com | Email: mbj@tail-f.com | |||
| Juergen Schoenwaelder | Juergen Schoenwaelder | |||
| Jacobs University | Jacobs University | |||
| End of changes. 35 change blocks. | ||||
| 110 lines changed or deleted | 137 lines changed or added | |||
This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||