draft-ietf-netconf-nmda-restconf-03.txt   draft-ietf-netconf-nmda-restconf-04.txt 
Network Working Group M. Bjorklund Network Working Group M. Bjorklund
Internet-Draft Tail-f Systems Internet-Draft Tail-f Systems
Updates: 8040 (if approved) J. Schoenwaelder Updates: 8040 (if approved) J. Schoenwaelder
Intended status: Standards Track Jacobs University Intended status: Standards Track Jacobs University
Expires: September 2, 2018 P. Shafer Expires: October 22, 2018 P. Shafer
K. Watsen K. Watsen
Juniper Networks Juniper Networks
R. Wilton R. Wilton
Cisco Systems Cisco Systems
March 1, 2018 April 20, 2018
RESTCONF Extensions to Support the Network Management Datastore RESTCONF Extensions to Support the Network Management Datastore
Architecture Architecture
draft-ietf-netconf-nmda-restconf-03 draft-ietf-netconf-nmda-restconf-04
Abstract Abstract
This document extends the RESTCONF protocol defined in RFC 8040 in This document extends the RESTCONF protocol defined in RFC 8040 in
order to support the Network Management Datastore Architecture order to support the Network Management Datastore Architecture
defined in I-D.ietf-netmod-revised-datastores. defined in RFC 8342.
This document updates RFC 8040 by introducing new datastore This document updates RFC 8040 by introducing new datastore
resources, adding a new query parameter, and requiring the usage of resources, adding a new query parameter, and requiring the usage of
I-D.ietf-netconf-rfc7895bis by RESTCONF servers implementing the I-D.ietf-netconf-rfc7895bis by RESTCONF servers implementing the
Network Management Datastore Architecture. Network Management Datastore Architecture.
REF Editor: please replace "I-D.ietf-netmod-revised-datastores" and RFC Ed.: Please replace "I-D.ietf-netconf-rfc7895bis" above with its
"I-D.ietf-netconf-rfc7895bis" above with their final RFC assignments. final RFC assignment and remove this note.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 2, 2018. This Internet-Draft will expire on October 22, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 40 skipping to change at page 2, line 40
3.2.2. New "with-origin" Query Parameter . . . . . . . . . . 5 3.2.2. New "with-origin" Query Parameter . . . . . . . . . . 5
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6
6. Normative References . . . . . . . . . . . . . . . . . . . . 7 6. Normative References . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
This document extends the RESTCONF protocol defined in [RFC8040] in This document extends the RESTCONF protocol defined in [RFC8040] in
order to support the Network Management Datastore Architecture (NMDA) order to support the Network Management Datastore Architecture (NMDA)
defined in [I-D.ietf-netmod-revised-datastores]. defined in [RFC8342].
This document updates [RFC8040] in order to enable RESTCONF clients This document updates [RFC8040] in order to enable RESTCONF clients
to discover which datastores are supported by the RESTCONF server, as to discover which datastores are supported by the RESTCONF server,
well as determine which modules are supported in each datastore and, determine which modules are supported in each datastore, and to
finally, to interact with all the datastores supported by the NMDA. interact with all the datastores supported by the NMDA.
Specifically, the update introduces new datastore resources, adds a Specifically, the update introduces new datastore resources, adds a
new query parameter, and requires the usage of new query parameter, and requires the usage of
[I-D.ietf-netconf-rfc7895bis] by RESTCONF servers implementing the [I-D.ietf-netconf-rfc7895bis] by RESTCONF servers implementing the
NMDA. NMDA.
The solution presented in this document is backwards compatible with The solution presented in this document is backwards compatible with
[RFC8040]. This is achieved by only adding new resources and leaving [RFC8040]. This is achieved by only adding new resources and leaving
the semantics of the existing resources unchanged. the semantics of the existing resources unchanged.
1.1. Terminology 1.1. Terminology
This document uses the terminology defined by the NMDA This document uses the terminology defined by the NMDA [RFC8342].
[I-D.ietf-netmod-revised-datastores].
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14, [RFC2119] [RFC8174] when, and only when, they appear in all 14, [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
2. Datastore and YANG Library Requirements 2. Datastore and YANG Library Requirements
RFC Ed.: Update 201X-XX-XX below with correct date. RFC Ed.: Please update 201X-XX-XX below with correct date and remove
this note.
An NMDA-compliant RESTCONF server MUST support the operational state An NMDA-compliant RESTCONF server MUST support the operational state
datastore and it MUST implement at least revision 201X-XX-XX of the datastore and it MUST implement at least revision 201X-XX-XX of the
"ietf-yang-library" module defined in [I-D.ietf-netconf-rfc7895bis]. "ietf-yang-library" module defined in [I-D.ietf-netconf-rfc7895bis].
Such a server identifies that it supports the NMDA both by Such a server identifies that it supports the NMDA both by
implementing the {+restconf}/ds/ietf-datastores:operational resource, implementing the {+restconf}/ds/ietf-datastores:operational resource,
and by implementing at least revision 201X-XX-XX of the and by implementing at least revision 201X-XX-XX of the
"ietf-yang-library" module. "ietf-yang-library" module.
A RESTCONF client can test if a server supports the NMDA by using A RESTCONF client can test if a server supports the NMDA by using
either the HEAD or GET methods on {+restconf}/ds/ietf- either the HEAD or GET methods on {+restconf}/ds/ietf-
datastores:operational. datastores:operational.
A RESTCONF client can discover which datastores and YANG modules the
server supports by reading the YANG library information from the
operational state datastore.
3. RESTCONF Extensions 3. RESTCONF Extensions
This section describes the RESTCONF extensions needed to support the This section describes the RESTCONF extensions needed to support the
NMDA. NMDA.
3.1. New Datastore Resources 3.1. New Datastore Resources
This document defines a set of new resources representing datastores This document defines a set of new resources representing datastores
as defined in [I-D.ietf-netmod-revised-datastores]. These resources as defined in [RFC8342]. These resources are available using the
are available using the following resource path template: following resource path template:
{+restconf}/ds/<datastore> {+restconf}/ds/<datastore>
The <datastore> path component is encoded as an "identity" according The <datastore> path component is encoded as an "identity" according
to the JSON encoding rules for identities, defined in Section 4 of to the JSON encoding rules for identities, defined in Section 4 of
[RFC7951]. Such an identity MUST be derived from the "datastore" [RFC7951]. Such an identity MUST be derived from the "datastore"
identity defined in the "ietf-datastores" YANG module identity defined in the "ietf-datastores" YANG module [RFC8342].
[I-D.ietf-netmod-revised-datastores].
Specifically: Specifically:
o The resource {+restconf}/ds/ietf-datastores:operational refers to o The resource {+restconf}/ds/ietf-datastores:operational refers to
the operational state datastore. the operational state datastore.
o The resource {+restconf}/ds/ietf-datastores:running refers to the o The resource {+restconf}/ds/ietf-datastores:running refers to the
running configuration datastore. running configuration datastore.
o The resource {+restconf}/ds/ietf-datastores:intended refers to the o The resource {+restconf}/ds/ietf-datastores:intended refers to the
skipping to change at page 4, line 42 skipping to change at page 4, line 45
(Section 3.1) are the same as the protocol operations defined in (Section 3.1) are the same as the protocol operations defined in
[RFC8040] for the {+restconf}/data resource with the following [RFC8040] for the {+restconf}/data resource with the following
exceptions: exceptions:
o Dynamic configuration datastores are excluded, as each dynamic o Dynamic configuration datastores are excluded, as each dynamic
configuration datastore definition needs to be reviewed for what configuration datastore definition needs to be reviewed for what
protocol operations it supports. protocol operations it supports.
o Some datastores are read-only by nature (e.g., <intended>), and o Some datastores are read-only by nature (e.g., <intended>), and
hence any attempt to modify these datastores will fail. A server hence any attempt to modify these datastores will fail. A server
MUST return a response with a "405 Method Not Allowed" status- MUST return a response with a "405 Method Not Allowed" status-line
line, and error-tag value "operation-not-supported". and error-tag value "operation-not-supported".
o The semantics of the "with-defaults" query parameter ([RFC8040], o The semantics of the "with-defaults" query parameter ([RFC8040],
Section 4.8.9) differs when interacting with the operational state Section 4.8.9) differs when interacting with the operational state
datastore. The semantics are described below, in Section 3.2.1. datastore. The semantics are described below, in Section 3.2.1.
o [RFC8040], Section 3.5.4, paragraph 3 does not apply when o [RFC8040], Section 3.5.4, paragraph 3 does not apply when
interacting with any resource under {+restconf}/ds. interacting with any resource under {+restconf}/ds.
3.2.1. With-defaults query parameter on the operational state datastore 3.2.1. With-defaults query parameter on the operational state datastore
skipping to change at page 5, line 20 skipping to change at page 5, line 23
server's support is identified with the URI: server's support is identified with the URI:
urn:ietf:params:restconf:capability:with-operational-defaults:1.0 urn:ietf:params:restconf:capability:with-operational-defaults:1.0
For servers that support it, the behavior of the "with-defaults" For servers that support it, the behavior of the "with-defaults"
query parameter on the operational state datastore is defined as query parameter on the operational state datastore is defined as
follows: follows:
o If no "with-defaults" query parameter is specified, or if it is o If no "with-defaults" query parameter is specified, or if it is
set to "explicit", "report-all", or "report-all-tagged", then the set to "explicit", "report-all", or "report-all-tagged", then the
"in use" values, as defined in "in use" values, as defined in [RFC8342] section 5.3, are returned
[I-D.ietf-netmod-revised-datastores] section 5.3, are returned
from the operational state datastore, even if a node happens to from the operational state datastore, even if a node happens to
have a default statement in the YANG module, and this default have a default statement in the YANG module and this default value
value is being used by the server. If the "with-defaults" is being used by the server. If the "with-defaults" parameter is
parameter is set to "report-all-tagged", any values that match the set to "report-all-tagged", any values that match the schema
schema default are tagged with additional metadata, as described default are tagged with additional metadata, as described in
in [RFC8040], Section 4.8.9. [RFC8040], Section 4.8.9.
o If the "with-defaults" query parameter is set to "trim", all "in o If the "with-defaults" query parameter is set to "trim", all "in
use" values are returned, except that the output is filtered to use" values are returned, except that the output is filtered to
exclude any values that match the default defined in the YANG exclude any values that match the default defined in the YANG
schema. schema.
Servers are not required to support all values in the "with-defaults" Servers are not required to support all values in the "with-defaults"
query parameter on the operational state datastore. If a request is query parameter on the operational state datastore. If a request is
made using a value that is not supported, then the error handling made using a value that is not supported, then the error handling
behavior is as described in ([RFC8040], Section 4.8.9). behavior is as described in ([RFC8040], Section 4.8.9).
skipping to change at page 6, line 8 skipping to change at page 6, line 8
datastores:operational or any datastores with identities derived from datastores:operational or any datastores with identities derived from
the "operational" identity. Otherwise, if an invalid datastore is the "operational" identity. Otherwise, if an invalid datastore is
specified then the server MUST return a response with a "400 Bad specified then the server MUST return a response with a "400 Bad
Request" status-line, using an error-tag value of "invalid-value". Request" status-line, using an error-tag value of "invalid-value".
"origin" metadata annotations are not included unless a client "origin" metadata annotations are not included unless a client
explicitly requests them. explicitly requests them.
Data in the operational state datatstore can come from multiple Data in the operational state datatstore can come from multiple
sources. The server should return the most accurate value for the sources. The server should return the most accurate value for the
"origin" metadata annotation as possible, indicating the source of "origin" metadata annotation as possible, indicating the source of
the operational value, as specified in Section 5.3.4 of the operational value, as specified in Section 5.3.4 of [RFC8342].
[I-D.ietf-netmod-revised-datastores].
When encoding the origin metadata annotation for a hierarchy of When encoding the origin metadata annotation for a hierarchy of
returned nodes, the annotation can be omitted for a child node when returned nodes, the annotation can be omitted for a child node when
the value matches that of the parent node, as described in the value matches that of the parent node, as described in
"ietf-origin" YANG module [I-D.ietf-netmod-revised-datastores]. "ietf-origin" YANG module [RFC8342].
The "with-origin" query parameter is optional to support. It is The "with-origin" query parameter is optional to support. It is
identified with the URI: identified with the URI:
urn:ietf:params:restconf:capability:with-origin:1.0 urn:ietf:params:restconf:capability:with-origin:1.0
4. IANA Considerations 4. IANA Considerations
This document defines two capability identifier URNs in the "RESTCONF This document defines two capability identifier URNs in the "RESTCONF
Capability URNs" registry defined in [RFC8040]: Capability URNs" registry defined in [RFC8040]:
skipping to change at page 6, line 42 skipping to change at page 6, line 41
:with-operational-defaults :with-operational-defaults
urn:ietf:params:restconf:capability:with-operational-defaults:1.0 urn:ietf:params:restconf:capability:with-operational-defaults:1.0
5. Security Considerations 5. Security Considerations
This documents extends the RESTCONF protocol by introducing new This documents extends the RESTCONF protocol by introducing new
datastore resources. The lowest RESTCONF layer is HTTPS, and the datastore resources. The lowest RESTCONF layer is HTTPS, and the
mandatory-to-implement secure transport is TLS [RFC5246]. The mandatory-to-implement secure transport is TLS [RFC5246]. The
RESTCONF protocol uses the network configuration access control model RESTCONF protocol uses the network configuration access control model
[I-D.ietf-netconf-rfc6536bis], which provides the means to restrict [RFC8341], which provides the means to restrict access for particular
access for particular RESTCONF users to a preconfigured subset of all RESTCONF users to a preconfigured subset of all available RESTCONF
available RESTCONF protocol operations and content. protocol operations and content.
The security constraints for the base RESTCONF protocol (see The security constraints for the base RESTCONF protocol (see
Section 12 of [RFC8040] apply to the new RESTCONF datastore resources Section 12 of [RFC8040] apply to the new RESTCONF datastore resources
defined in this document. defined in this document.
6. Normative References 6. Normative References
[I-D.ietf-netconf-rfc6536bis]
Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Module", draft-ietf-netconf-rfc6536bis-09
(work in progress), December 2017.
[I-D.ietf-netconf-rfc7895bis] [I-D.ietf-netconf-rfc7895bis]
Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", draft-ietf-netconf- and R. Wilton, "YANG Library", draft-ietf-netconf-
rfc7895bis-05 (work in progress), February 2018. rfc7895bis-06 (work in progress), April 2018.
[I-D.ietf-netmod-revised-datastores]
Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore
Architecture", draft-ietf-netmod-revised-datastores-10
(work in progress), January 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997, <https://www.rfc-editor.org/info/ RFC2119, March 1997, <https://www.rfc-editor.org/info/
rfc2119>. rfc2119>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/ (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/
RFC5246, August 2008, <https://www.rfc-editor.org/info/ RFC5246, August 2008, <https://www.rfc-editor.org/info/
rfc5246>. rfc5246>.
skipping to change at page 7, line 45 skipping to change at page 7, line 34
editor.org/info/rfc7951>. editor.org/info/rfc7951>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>. <https://www.rfc-editor.org/info/rfc8040>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341, DOI 10.17487/
RFC8341, March 2018, <https://www.rfc-editor.org/info/
rfc8341>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>.
Authors' Addresses Authors' Addresses
Martin Bjorklund Martin Bjorklund
Tail-f Systems Tail-f Systems
Email: mbj@tail-f.com Email: mbj@tail-f.com
Juergen Schoenwaelder Juergen Schoenwaelder
Jacobs University Jacobs University
Email: j.schoenwaelder@jacobs-university.de Email: j.schoenwaelder@jacobs-university.de
 End of changes. 22 change blocks. 
45 lines changed or deleted 45 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/